summaryrefslogtreecommitdiffstats
path: root/input
diff options
context:
space:
mode:
authorlaforge <laforge>2005-06-24 16:28:15 +0000
committerlaforge <laforge>2005-06-24 16:28:15 +0000
commitc84fbe77c762945e9965f90bfeb35e51d41b412e (patch)
tree4f2e11aaa09db0f613400950f8ad403a3ac38296 /input
parent0ca1408c2a7eb30d0e395431f0c1e3e5dff0fe53 (diff)
add half-finished ctnetlink flow import
Diffstat (limited to 'input')
-rw-r--r--input/flow/ulogd_inpflow_CTNL.c142
1 files changed, 115 insertions, 27 deletions
diff --git a/input/flow/ulogd_inpflow_CTNL.c b/input/flow/ulogd_inpflow_CTNL.c
index f241bab..3f602ff 100644
--- a/input/flow/ulogd_inpflow_CTNL.c
+++ b/input/flow/ulogd_inpflow_CTNL.c
@@ -10,14 +10,43 @@
*/
#include <ulogd/ulogd.h>
-#include "libnfnetlink.h"
-#include "libctnetlink.h"
+#include <libnfnetlink.h>
+#include <libctnetlink.h>
-struct ulogd_ctnl_pluginstance {
+static struct ulogd_ctnl_pluginstance {
struct ulogd_pluginstance upi;
struct ctnl_handle cth;
};
+static int ctnl_parser(struct ulogd_pluginstance *pi,
+ struct nfattr *attr, struct nlmsghdr *nlh)
+{
+ struct nfattr *attr = NFM_NFA(NLMSG_DATA(nlh));
+ unsigned int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len);
+ struct ip_conntrack_tuple *orig;
+ struct cta_countrs *ctr;
+
+ /* FIXME: what about reply direction ? */
+ while (NFA_OK(attr, attrlen)) {
+ switch (attr->nfa_type) {
+ case CTA_ORIG:
+ orig = NFA_DATA(attr);
+ pi->output.keys[0].u.ui32 = orig->src.ip;
+ pi->output.keys[1].u.ui32 = orig->dst.ip;
+ pi->output.keys[2].u.value.ui8 = orig->dst.protonum;
+ /* FIXME: l4 port numbers */
+ break;
+ case CTA_COUNTERS:
+ ctr = NFA_DATA(attr);
+ pi->output.keys[5].u.value.ui32 = ctr->orig.bytes;
+ pi->output.keys[6].u.value.ui32 = ctr->prog.packets;
+ break;
+ }
+ attr = NFA_NEXT(attr, attrlen);
+ }
+ return 0;
+}
+
static int event_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh,
void *arg)
{
@@ -41,35 +70,15 @@ static int event_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh,
return 0;
}
-struct ctnl_msg_handler new_h = {
+static struct ctnl_msg_handler new_h = {
.type = IPCTNL_MSG_CT_NEW,
.handler = event_handler,
};
-struct ctnl_msg_Handler destroy_h = {
+static struct ctnl_msg_Handler destroy_h = {
.type = IPCTNL_MSG_CT_DELETE,
.handler = event_handler,
};
-static struct ulogd_plugin ctnl_plugin = {
- .name = "CTNL",
- .input = {
- .keys =,
- .num_keys = 1,
- .type = ULOGD_DTYPE_NULL,
- },
- .output = {
- .keys =,
- .num_keys = 1,
- .type = ULOGD_DTYPE_FLOW,
- },
- .interp = ,
- .constructor = ,
- .descructor = ,
- .config_kset = ,
-};
-
-
-
static struct ulogd_pluginstance *constructor_ctnl(struct ulogd_plugin *pl)
{
struct ulogd_ctnl_pluginstance *cpi = malloc(sizeof *cpi);
@@ -81,7 +90,7 @@ static struct ulogd_pluginstance *constructor_ctnl(struct ulogd_plugin *pl)
cpi->plugin = pl;
cpi->input = FIXME;
- cpi->>output = FIXME;
+ cpi->output = FIXME;
if (ctnl_open(&cpi->cth, NFGRP_IPV4_CT_TCP|NFGRP_IPV4_CT_UDP) < 0) {
print("error\n");
@@ -107,4 +116,83 @@ static int destructor_ctnl(struct ulogd_pluginstance *pi)
return 0;
}
-
+
+static struct ulogd_key ctnl_okeys[] = {
+ {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE,
+ .key = "ip.saddr",
+ .ipfix = { },
+ },
+ {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE,
+ .key = "ip.daddr",
+ .ipfix = { },
+ },
+ {
+ .type = ULOGD_RET_UINT8,
+ .flags = ULOGD_RETF_NONE,
+ .key = "ip.protocol",
+ .ipfix = { },
+ },
+ {
+ .type = ULOGD_RET_UINT16,
+ .flags = ULOGD_RETF_NONE,
+ .key = "tcp.sport",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = 7,
+ },
+ },
+ {
+ .type = ULOGD_RET_UINT16,
+ .flags = ULOGD_RETF_NONE,
+ .key = "tcp.dport",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = 11,
+ },
+ },
+ {
+ .type = ULOGD_RET_UINT32,
+ .flags = ULOGD_RETF_NONE,
+ .name = "raw.pktlen",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = 1,
+ },
+ },
+ {
+ .type = ULOGD_RET_UINT32,
+ .flags = ULOGD_RETF_NONE,
+ .name = "raw.pktcount",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = 2,
+ },
+ },
+
+};
+
+static struct ulogd_plugin ctnl_plugin = {
+ .name = "CTNL",
+ .input = {
+ .keys = NULL,
+ .num_keys = 0,
+ .type = ULOGD_DTYPE_NULL,
+ },
+ .output = {
+ .keys = &ctnl_okeys,
+ .num_keys = sizeof(ctnl_okeys)/sizeof(struct ulogd_key),
+ .type = ULOGD_DTYPE_FLOW,
+ },
+ .interp = ,
+ .constructor = &constructor_ctnl,
+ .descructor = &destructor_ctnl,
+ .config_kset = ,
+};
+
+
+
+