Move the printpkt functionality out of SYSLOG and LOGEMU, and into

a separate PRINTPKT plugin.  This reduces code duplication, and also
makes the SYSLOG and LOGEMU plugins more general. (Philip Craig)

8 files changed, 139 insertions, 70 deletions

diff --git a/filter/Makefile.am b/filter/Makefile.am
index 55d14c0..8c2a37d 100644
--- a/filter/Makefile.am
+++ b/filter/Makefile.am
@@ -4,10 +4,14 @@ INCLUDES = $(all_includes) -I$(top_srcdir)/include
 
 noinst_HEADERS = rtnl.h iftable.h
 
-pkglib_LTLIBRARIES = ulogd_filter_IFINDEX.la ulogd_filter_PWSNIFF.la
+pkglib_LTLIBRARIES = ulogd_filter_IFINDEX.la ulogd_filter_PWSNIFF.la \
+		     ulogd_filter_PRINTPKT.la
 
 ulogd_filter_IFINDEX_la_SOURCES = ulogd_filter_IFINDEX.c rtnl.c iftable.c
 ulogd_filter_IFINDEX_la_LDFLAGS = -module
 
 ulogd_filter_PWSNIFF_la_SOURCES = ulogd_filter_PWSNIFF.c
 ulogd_filter_PWSNIFF_la_LDFLAGS = -module
+
+ulogd_filter_PRINTPKT_la_SOURCES = ulogd_filter_PRINTPKT.c ../util/printpkt.c
+ulogd_filter_PRINTPKT_la_LDFLAGS = -module
diff --git a/filter/ulogd_filter_PRINTPKT.c b/filter/ulogd_filter_PRINTPKT.c
new file mode 100644
index 0000000..09f0fdf
--- /dev/null
+++ b/filter/ulogd_filter_PRINTPKT.c
@@ -0,0 +1,66 @@
+/* ulogd_filter_PRINTPKT.c, Version $Revision: 1.1 $
+ *
+ * This target produces entries identical to the LOG target.
+ *
+ * (C) 2006 by Philip Craig <philipc@snapgear.com>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ */
+
+#include <ulogd/ulogd.h>
+#include <ulogd/printpkt.h>
+
+static struct ulogd_key printpkt_outp[] = {
+	{
+		.type = ULOGD_RET_STRING,
+		.flags = ULOGD_RETF_NONE,
+		.name = "print",
+	},
+};
+
+static int printpkt_interp(struct ulogd_pluginstance *upi)
+{
+	struct ulogd_key *inp = upi->input.keys;
+	struct ulogd_key *ret = upi->output.keys;
+	static char buf[4096];
+
+	printpkt_print(inp, buf);
+	ret[0].u.value.ptr = buf;
+	ret[0].flags |= ULOGD_RETF_VALID;
+	return 0;
+}
+
+static struct ulogd_plugin printpkt_plugin = {
+	.name = "PRINTPKT",
+	.input = {
+		.keys = printpkt_keys,
+		.num_keys = ARRAY_SIZE(printpkt_keys),
+		.type = ULOGD_DTYPE_PACKET,
+	},
+	.output = {
+		.keys = printpkt_outp,
+		.num_keys = ARRAY_SIZE(printpkt_outp),
+		.type = ULOGD_DTYPE_PACKET,
+	},
+	.interp = &printpkt_interp,
+	.version = ULOGD_VERSION,
+};
+
+void __attribute__ ((constructor)) init(void);
+
+void init(void)
+{
+	ulogd_register_plugin(&printpkt_plugin);
+}
diff --git a/include/ulogd/printpkt.h b/include/ulogd/printpkt.h
index 90ff134..bdaeaa4 100644
--- a/include/ulogd/printpkt.h
+++ b/include/ulogd/printpkt.h
@@ -4,7 +4,6 @@
 #define INTR_IDS 	35
 extern struct ulogd_key printpkt_keys[INTR_IDS];
 
-int printpkt_print(struct ulogd_key *res, char *buf, int prefix);
-int printpkt_init(void);
+int printpkt_print(struct ulogd_key *res, char *buf);
 
 #endif
diff --git a/output/Makefile.am b/output/Makefile.am
index 88e353e..9a966d2 100644
--- a/output/Makefile.am
+++ b/output/Makefile.am
@@ -6,10 +6,10 @@ SUBDIRS= pcap mysql pgsql sqlite3
 pkglib_LTLIBRARIES = ulogd_output_LOGEMU.la ulogd_output_SYSLOG.la \
 		     ulogd_output_OPRINT.la ulogd_output_IPFIX.la
 
-ulogd_output_LOGEMU_la_SOURCES = ulogd_output_LOGEMU.c ../util/printpkt.c
+ulogd_output_LOGEMU_la_SOURCES = ulogd_output_LOGEMU.c
 ulogd_output_LOGEMU_la_LDFLAGS = -module
 
-ulogd_output_SYSLOG_la_SOURCES = ulogd_output_SYSLOG.c ../util/printpkt.c
+ulogd_output_SYSLOG_la_SOURCES = ulogd_output_SYSLOG.c
 ulogd_output_SYSLOG_la_LDFLAGS = -module
 
 ulogd_output_OPRINT_la_SOURCES = ulogd_output_OPRINT.c
diff --git a/output/ulogd_output_LOGEMU.c b/output/ulogd_output_LOGEMU.c
index f18da61..a224d7b 100644
--- a/output/ulogd_output_LOGEMU.c
+++ b/output/ulogd_output_LOGEMU.c
@@ -29,9 +29,14 @@
 #include <unistd.h>
 #include <string.h>
 #include <errno.h>
+#include <time.h>
 #include <ulogd/ulogd.h>
 #include <ulogd/conffile.h>
-#include <ulogd/printpkt.h>
+
+#ifndef HOST_NAME_MAX
+#warning this libc does not define HOST_NAME_MAX
+#define HOST_NAME_MAX	(255+1)
+#endif
 
 #ifndef ULOGD_LOGEMU_DEFAULT
 #define ULOGD_LOGEMU_DEFAULT	"/var/log/ulogd.syslogemu"
@@ -41,6 +46,19 @@
 #define ULOGD_LOGEMU_SYNC_DEFAULT	0
 #endif
 
+static char hostname[HOST_NAME_MAX+1];
+
+static struct ulogd_key logemu_inp[] = {
+	{
+		.type = ULOGD_RET_STRING,
+		.name = "print",
+	},
+	{
+		.type = ULOGD_RET_UINT32,
+		.name = "oob.time.sec",
+	},
+};
+
 static struct config_keyset logemu_kset = {
 	.num_ces = 2,
 	.ces = {
@@ -67,14 +85,27 @@ static int _output_logemu(struct ulogd_pluginstance *upi)
 {
 	struct logemu_instance *li = (struct logemu_instance *) &upi->private;
 	struct ulogd_key *res = upi->input.keys;
-	static char buf[4096];
 
-	printpkt_print(res, buf, 1);
+	if (res[0].u.source->flags & ULOGD_RETF_VALID) {
+		char *timestr;
+		char *tmp;
+		time_t now;
 
-	fprintf(li->of, "%s", buf);
+		if (res[1].u.source->flags & ULOGD_RETF_VALID)
+			now = (time_t) res[1].u.source->u.value.ui32;
+		else
+			now = time(NULL);
 
-	if (upi->config_kset->ces[1].u.value) 
-		fflush(li->of);
+		timestr = ctime(&now) + 4;
+		if ((tmp = strchr(timestr, '\n')))
+			*tmp = '\0';
+
+		fprintf(li->of, "%.15s %s %s", timestr, hostname,
+				res[0].u.source->u.value.ptr);
+
+		if (upi->config_kset->ces[1].u.value)
+			fflush(li->of);
+	}
 
 	return 0;
 }
@@ -102,6 +133,7 @@ static void signal_handler_logemu(struct ulogd_pluginstance *pi, int signal)
 static int start_logemu(struct ulogd_pluginstance *pi)
 {
 	struct logemu_instance *li = (struct logemu_instance *) &pi->private;
+	char *tmp;
 
 	ulogd_log(ULOGD_DEBUG, "starting logemu\n");
 
@@ -117,11 +149,17 @@ static int start_logemu(struct ulogd_pluginstance *pi)
 		return errno;
 	}		
 #endif
-	if (printpkt_init()) {
-		ulogd_log(ULOGD_ERROR, "can't resolve all keyhash id's\n");
+
+	if (gethostname(hostname, sizeof(hostname)) < 0) {
+		ulogd_log(ULOGD_FATAL, "can't gethostname(): %s\n",
+			  strerror(errno));
 		return -EINVAL;
 	}
 
+	/* truncate hostname */
+	if ((tmp = strchr(hostname, '.')))
+		*tmp = '\0';
+
 	return 0;
 }
 
@@ -147,8 +185,8 @@ static int configure_logemu(struct ulogd_pluginstance *pi,
 static struct ulogd_plugin logemu_plugin = { 
 	.name = "LOGEMU",
 	.input = {
-		.keys = printpkt_keys,
-		.num_keys = ARRAY_SIZE(printpkt_keys),
+		.keys = logemu_inp,
+		.num_keys = ARRAY_SIZE(logemu_inp),
 		.type = ULOGD_DTYPE_PACKET,
 	},
 	.output = {
diff --git a/output/ulogd_output_SYSLOG.c b/output/ulogd_output_SYSLOG.c
index 3d08f74..8b89295 100644
--- a/output/ulogd_output_SYSLOG.c
+++ b/output/ulogd_output_SYSLOG.c
@@ -31,7 +31,6 @@
 #include <errno.h>
 #include <ulogd/ulogd.h>
 #include <ulogd/conffile.h>
-#include <ulogd/printpkt.h>
 
 #ifndef SYSLOG_FACILITY_DEFAULT
 #define SYSLOG_FACILITY_DEFAULT	"LOG_KERN"
@@ -41,6 +40,13 @@
 #define SYSLOG_LEVEL_DEFAULT "LOG_NOTICE"
 #endif
 
+static struct ulogd_key syslog_inp[] = {
+	{
+		.type = ULOGD_RET_STRING,
+		.name = "print",
+	},
+};
+
 static struct config_keyset syslog_kset = { 
 	.num_ces = 2,
 	.ces = {
@@ -68,11 +74,10 @@ static int _output_syslog(struct ulogd_pluginstance *upi)
 {
 	struct syslog_instance *li = (struct syslog_instance *) &upi->private;
 	struct ulogd_key *res = upi->input.keys;
-	static char buf[4096];
-	
-	printpkt_print(res, buf, 0);
 
-	syslog(li->syslog_level | li->syslog_facility, buf);
+	if (res[0].u.source->flags & ULOGD_RETF_VALID)
+		syslog(li->syslog_level | li->syslog_facility, "%s",
+				res[0].u.source->u.value.ptr);
 
 	return 0;
 }
@@ -156,8 +161,8 @@ static int syslog_start(struct ulogd_pluginstance *pi)
 static struct ulogd_plugin syslog_plugin = {
 	.name = "SYSLOG",
 	.input = {
-		.keys = printpkt_keys,
-		.num_keys = ARRAY_SIZE(printpkt_keys),
+		.keys = syslog_inp,
+		.num_keys = ARRAY_SIZE(syslog_inp),
 		.type = ULOGD_DTYPE_PACKET,
 	},
 	.output = {
diff --git a/ulogd.conf.in b/ulogd.conf.in
index c8d3560..6bd61e4 100644
--- a/ulogd.conf.in
+++ b/ulogd.conf.in
@@ -35,12 +35,13 @@ bufsize=150000
 plugin="@libdir@/ulogd/ulogd_inppkt_NFLOG.so"
 plugin="@libdir@/ulogd/ulogd_inpflow_NFCT.so"
 plugin="@libdir@/ulogd/ulogd_filter_IFINDEX.so"
+plugin="@libdir@/ulogd/ulogd_filter_PRINTPKT.so"
 plugin="@libdir@/ulogd/ulogd_output_LOGEMU.so"
 plugin="@libdir@/ulogd/ulogd_output_OPRINT.so"
 plugin="@libdir@/ulogd/ulogd_raw2packet_BASE.so"
 
 # this is a stack for packet-based logging via LOGEMU
-#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,emu1:LOGEMU
+#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,print1:PRINTPKT,emu1:LOGEMU
 
 # this is a stack for flow-based logging via OPRINT
 #stack=ct1:NFCT,op1:OPRINT
diff --git a/util/printpkt.c b/util/printpkt.c
index 63be1f4..ec6cd02 100644
--- a/util/printpkt.c
+++ b/util/printpkt.c
@@ -25,9 +25,7 @@
 #include <stdlib.h>
 #include <unistd.h>
 #include <string.h>
-#include <time.h>
 #include <errno.h>
-#include <sys/time.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <arpa/inet.h>
@@ -37,19 +35,12 @@
 #include <ulogd/conffile.h>
 #include <ulogd/printpkt.h>
 
-#ifndef HOST_NAME_MAX
-#warning this libc does not define HOST_NAME_MAX
-#define HOST_NAME_MAX	(255+1)
-#endif
-
 #define NIPQUAD(addr) \
 	((unsigned char *)&addr)[0], \
 	((unsigned char *)&addr)[1], \
         ((unsigned char *)&addr)[2], \
         ((unsigned char *)&addr)[3]
 
-static char hostname[HOST_NAME_MAX+1];
-
 struct ulogd_key printpkt_keys[INTR_IDS] = {
 	{ .name = "oob.time.sec", },
 	{ .name = "oob.prefix", },
@@ -92,39 +83,15 @@ struct ulogd_key printpkt_keys[INTR_IDS] = {
 #define GET_FLAGS(res, x)	(res[x].u.source->flags)
 #define pp_is_valid(res, x)	(GET_FLAGS(res, x) & ULOGD_RETF_VALID)
 
-int printpkt_print(struct ulogd_key *res, char *buf, int prefix)
+int printpkt_print(struct ulogd_key *res, char *buf)
 {
-	char *timestr;
-	char *tmp;
-	time_t now;
-
 	char *buf_cur = buf;
 
-	if (prefix) {
-		if (pp_is_valid(res, 0))
-			now = (time_t) GET_VALUE(res, 0).ui32;
-		else
-			now = (time_t) 0;
-
-		timestr = ctime(&now) + 4;
-
-		/* truncate time */
-		if ((tmp = strchr(timestr, '\n')))
-			*tmp = '\0';
-
-		/* truncate hostname */
-		if ((tmp = strchr(hostname, '.')))
-			*tmp = '\0';
-
-		/* print time and hostname */
-		buf_cur += sprintf(buf_cur, "%.15s %s", timestr, hostname);
-	}
-
 	if (pp_is_valid(res, 1))
-		buf_cur += sprintf(buf_cur, " %s", (char *) GET_VALUE(res, 1).ptr);
+		buf_cur += sprintf(buf_cur, "%s ", (char *) GET_VALUE(res, 1).ptr);
 
 	if (pp_is_valid(res, 2) && pp_is_valid(res, 3)) {
-		buf_cur += sprintf(buf_cur," IN=%s OUT=%s ", 
+		buf_cur += sprintf(buf_cur, "IN=%s OUT=%s ", 
 				   (char *) GET_VALUE(res, 2).ptr, 
 				   (char *) GET_VALUE(res, 3).ptr);
 	}
@@ -250,14 +217,3 @@ int printpkt_print(struct ulogd_key *res, char *buf, int prefix)
 
 	return 0;
 }
-
-int printpkt_init(void)
-{
-	if (gethostname(hostname, sizeof(hostname)) < 0) {
-		ulogd_log(ULOGD_FATAL, "can't gethostname(): %s\n",
-			  strerror(errno));
-		return -EINVAL;
-	}
-
-	return 0;
-}