summaryrefslogtreecommitdiffstats
path: root/filter
diff options
context:
space:
mode:
author/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2008-02-19 00:46:15 +0000
committer/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2008-02-19 00:46:15 +0000
commitf63653c647b11fe064f71e6961779a6942cee324 (patch)
treea114422cf9524188cfdc40ceadf8ea527057ad03 /filter
parent04ec2f12fabc7cb6ea010b6c20b4a9fb9a8c4b83 (diff)
Adds AF_BRIDGE and ARP header interpreter to BASE plugin
This patch adds an AF_BRIDGE interpreter to ulogd_raw2packet_BASE plugin, which allows to log packets coming from ebtables. It also adds an ARP header decoder. Signed-off-by: Peter Warasin <peter@endian.com>
Diffstat (limited to 'filter')
-rw-r--r--filter/raw2packet/ulogd_raw2packet_BASE.c132
1 files changed, 130 insertions, 2 deletions
diff --git a/filter/raw2packet/ulogd_raw2packet_BASE.c b/filter/raw2packet/ulogd_raw2packet_BASE.c
index b0a3157..b1f4113 100644
--- a/filter/raw2packet/ulogd_raw2packet_BASE.c
+++ b/filter/raw2packet/ulogd_raw2packet_BASE.c
@@ -10,6 +10,7 @@
* o UDP header
* o ICMP header
* o AH/ESP header
+ * o ARP header
*
* (C) 2000-2005 by Harald Welte <laforge@gnumonks.org>
*
@@ -42,11 +43,14 @@
#include <netinet/udp.h>
#include <ulogd/ulogd.h>
#include <ulogd/ipfix_protocol.h>
+#include <netinet/if_ether.h>
+#include <string.h>
enum input_keys {
INKEY_RAW_PCKT,
INKEY_RAW_PCKTLEN,
INKEY_OOB_FAMILY,
+ INKEY_OOB_PROTOCOL,
};
enum output_keys {
@@ -101,6 +105,14 @@ enum output_keys {
KEY_ICMPV6_ECHOSEQ,
KEY_ICMPV6_CSUM,
KEY_AHESP_SPI,
+ KEY_OOB_PROTOCOL,
+ KEY_ARP_HTYPE,
+ KEY_ARP_PTYPE,
+ KEY_ARP_OPCODE,
+ KEY_ARP_SHA,
+ KEY_ARP_SPA,
+ KEY_ARP_THA,
+ KEY_ARP_TPA,
};
static struct ulogd_key iphdr_rets[] = {
@@ -455,7 +467,46 @@ static struct ulogd_key iphdr_rets[] = {
.flags = ULOGD_RETF_NONE,
.name = "ahesp.spi",
},
-
+ [KEY_OOB_PROTOCOL] = {
+ .type = ULOGD_RET_UINT16,
+ .flags = ULOGD_RETF_NONE,
+ .name = "oob.protocol",
+ },
+ [KEY_ARP_HTYPE] = {
+ .type = ULOGD_RET_UINT16,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.hwtype",
+ },
+ [KEY_ARP_PTYPE] = {
+ .type = ULOGD_RET_UINT16,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.protocoltype",
+ },
+ [KEY_ARP_OPCODE] = {
+ .type = ULOGD_RET_UINT16,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.operation",
+ },
+ [KEY_ARP_SHA] = {
+ .type = ULOGD_RET_RAW,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.shwaddr",
+ },
+ [KEY_ARP_SPA] = {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.saddr",
+ },
+ [KEY_ARP_THA] = {
+ .type = ULOGD_RET_RAW,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.dhwaddr",
+ },
+ [KEY_ARP_TPA] = {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.daddr",
+ },
};
/***********************************************************************
@@ -825,16 +876,88 @@ out:
return 0;
}
+/***********************************************************************
+ * ARP HEADER
+ ***********************************************************************/
+static int _interp_arp(struct ulogd_pluginstance *pi, u_int32_t len)
+{
+ struct ulogd_key *ret = pi->output.keys;
+ const struct ether_arp *arph =
+ GET_VALUE(pi->input.keys, INKEY_RAW_PCKT).ptr;
+
+ if (len < sizeof(struct ether_arp))
+ return 0;
+
+ ret[KEY_ARP_HTYPE].u.value.ui16 = ntohs(arph->arp_hrd);
+ SET_VALID(ret[KEY_ARP_HTYPE]);
+ ret[KEY_ARP_PTYPE].u.value.ui16 = ntohs(arph->arp_pro);
+ SET_VALID(ret[KEY_ARP_PTYPE]);
+ ret[KEY_ARP_OPCODE].u.value.ui16 = ntohs(arph->arp_op);
+ SET_VALID(ret[KEY_ARP_OPCODE]);
+
+ ret[KEY_ARP_SHA].u.value.ptr = &arph->arp_sha;
+ SET_VALID(ret[KEY_ARP_SHA]);
+
+ memcpy(&ret[KEY_ARP_SPA].u.value.ui32, &arph->arp_spa,
+ sizeof(u_int32_t));
+ SET_VALID(ret[KEY_ARP_SPA]);
+
+ ret[KEY_ARP_THA].u.value.ptr = &arph->arp_tha;
+ SET_VALID(ret[KEY_ARP_THA]);
+
+ memcpy(&ret[KEY_ARP_TPA].u.value.ui32, &arph->arp_tpa,
+ sizeof(u_int32_t));
+ SET_VALID(ret[KEY_ARP_TPA]);
+
+ return 0;
+}
+
+/***********************************************************************
+ * ETHER HEADER
+ ***********************************************************************/
+
+static int _interp_bridge(struct ulogd_pluginstance *pi, u_int32_t len)
+{
+ struct ulogd_key *ret = pi->output.keys;
+ const struct sk_buff *skb =
+ GET_VALUE(pi->input.keys, INKEY_RAW_PCKT).ptr;
+ const u_int16_t proto =
+ GET_VALUE(pi->input.keys, INKEY_OOB_PROTOCOL).ui16;
+
+ switch (proto) {
+ case ETH_P_IP:
+ _interp_iphdr(pi, len);
+ break;
+ case ETH_P_IPV6:
+ _interp_ipv6hdr(pi, len);
+ break;
+ case ETH_P_ARP:
+ _interp_arp(pi, len);
+ break;
+ /* ETH_P_8021Q ?? others? */
+ };
+
+ return 0;
+}
+
+
static int _interp_pkt(struct ulogd_pluginstance *pi)
{
u_int32_t len = GET_VALUE(pi->input.keys, INKEY_RAW_PCKTLEN).ui32;
u_int8_t family = GET_VALUE(pi->input.keys, INKEY_OOB_FAMILY).ui8;
+ struct ulogd_key *ret = pi->output.keys;
+
+ ret[KEY_OOB_PROTOCOL].u.value.ui16 =
+ GET_VALUE(pi->input.keys, INKEY_OOB_PROTOCOL).ui16;
+ SET_VALID(ret[KEY_OOB_PROTOCOL]);
switch (family) {
case AF_INET:
return _interp_iphdr(pi, len);
case AF_INET6:
return _interp_ipv6hdr(pi, len);
+ case AF_BRIDGE:
+ return _interp_bridge(pi, len);
}
return 0;
}
@@ -859,7 +982,12 @@ static struct ulogd_key base_inp[] = {
{
.type = ULOGD_RET_UINT8,
.name = "oob.family",
- }
+ },
+ {
+ .type = ULOGD_RET_UINT16,
+ .name = "oob.protocol",
+ },
+
};
static struct ulogd_plugin base_plugin = {