This patch adds support of event type display in printflow filter. This is used

to display event type in textual output modules. Here's an output example:

[DESTROY] ORIG: SRC=192.168.1.2 DST=192.168.1.255 PROTO=UDP SPT=631 DPT=631 \\
	PKTS=1 BYTES=197 , REPLY: SRC=192.168.1.255 DST=192.168.1.2 \\
	PROTO=UDP SPT=631 DPT=631 PKTS=0 BYTES=0

Signed-off-by: Eric Leblond <eric@inl.fr>

1 files changed, 20 insertions, 0 deletions

diff --git a/util/printflow.c b/util/printflow.c
index 92c4f0f..6c2ffd5 100644
--- a/util/printflow.c
+++ b/util/printflow.c
@@ -45,6 +45,7 @@ enum printflow_fields {
 	PRINTFLOW_REPLY_RAW_PKTCOUNT,
 	PRINTFLOW_ICMP_CODE,
 	PRINTFLOW_ICMP_TYPE,
+	PRINTFLOW_EVENT_TYPE,
 };
 
 struct ulogd_key printflow_keys[FLOW_IDS] = {
@@ -128,6 +129,11 @@ struct ulogd_key printflow_keys[FLOW_IDS] = {
 		.flags = ULOGD_RETF_NONE,
 		.name = "icmp.type",
 	},
+	{
+		.type = ULOGD_RET_UINT32,
+		.flags = ULOGD_RETF_NONE,
+		.name = "ct.event",
+	},
 };
 int printflow_keys_num = sizeof(printflow_keys)/sizeof(*printflow_keys);
 
@@ -139,6 +145,20 @@ int printflow_print(struct ulogd_key *res, char *buf)
 {
 	char *buf_cur = buf;
 
+	if (pp_is_valid(res, PRINTFLOW_EVENT_TYPE)) {
+		switch (GET_VALUE(res, PRINTFLOW_EVENT_TYPE).ui32) {
+			case 1:
+				buf_cur += sprintf(buf_cur, "[NEW] ");
+				break;
+			case 2:
+				buf_cur += sprintf(buf_cur, "[UPDATE] ");
+				break;
+			case 3:
+				buf_cur += sprintf(buf_cur, "[DESTROY] ");
+				break;
+		}
+	}
+
 	buf_cur += sprintf(buf_cur, "ORIG: ");
 
 	if (pp_is_valid(res, PRINTFLOW_ORIG_IP_SADDR))