summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--filter/raw2packet/ulogd_raw2packet_BASE.c2
-rw-r--r--filter/ulogd_filter_IP2BIN.c24
-rw-r--r--filter/ulogd_filter_IP2HBIN.c23
-rw-r--r--filter/ulogd_filter_IP2STR.c1
-rw-r--r--util/printpkt.c3
5 files changed, 50 insertions, 3 deletions
diff --git a/filter/raw2packet/ulogd_raw2packet_BASE.c b/filter/raw2packet/ulogd_raw2packet_BASE.c
index 4b60964..2c0d164 100644
--- a/filter/raw2packet/ulogd_raw2packet_BASE.c
+++ b/filter/raw2packet/ulogd_raw2packet_BASE.c
@@ -960,6 +960,8 @@ static int _interp_pkt(struct ulogd_pluginstance *pi)
return _interp_ipv6hdr(pi, len);
case NFPROTO_BRIDGE:
return _interp_bridge(pi, len);
+ case NFPROTO_ARP:
+ return _interp_arp(pi, len);
}
return ULOGD_IRET_OK;
}
diff --git a/filter/ulogd_filter_IP2BIN.c b/filter/ulogd_filter_IP2BIN.c
index 9bbeebb..9e6f3a9 100644
--- a/filter/ulogd_filter_IP2BIN.c
+++ b/filter/ulogd_filter_IP2BIN.c
@@ -39,7 +39,9 @@ enum input_keys {
KEY_ORIG_IP_DADDR,
KEY_REPLY_IP_SADDR,
KEY_REPLY_IP_DADDR,
- MAX_KEY = KEY_REPLY_IP_DADDR,
+ KEY_ARP_SPA,
+ KEY_ARP_TPA,
+ MAX_KEY = KEY_ARP_TPA,
};
static struct ulogd_key ip2bin_inp[] = {
@@ -83,6 +85,16 @@ static struct ulogd_key ip2bin_inp[] = {
.flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL,
.name = "reply.ip.daddr",
},
+ [KEY_ARP_SPA] = {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL,
+ .name = "arp.saddr",
+ },
+ [KEY_ARP_TPA] = {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL,
+ .name = "arp.daddr",
+ },
};
static struct ulogd_key ip2bin_keys[] = {
@@ -110,7 +122,14 @@ static struct ulogd_key ip2bin_keys[] = {
.type = ULOGD_RET_RAWSTR,
.name = "reply.ip.daddr.bin",
},
-
+ {
+ .type = ULOGD_RET_RAWSTR,
+ .name = "arp.saddr.bin",
+ },
+ {
+ .type = ULOGD_RET_RAWSTR,
+ .name = "arp.daddr.bin",
+ },
};
static char ipbin_array[MAX_KEY - START_KEY + 1][FORMAT_IPV6_BUFSZ];
@@ -150,6 +169,7 @@ static int interp_ip2bin(struct ulogd_pluginstance *pi)
addr_family = AF_INET6;
break;
case NFPROTO_IPV4:
+ case NFPROTO_ARP:
addr_family = AF_INET;
break;
case NFPROTO_BRIDGE:
diff --git a/filter/ulogd_filter_IP2HBIN.c b/filter/ulogd_filter_IP2HBIN.c
index 081b757..38306e8 100644
--- a/filter/ulogd_filter_IP2HBIN.c
+++ b/filter/ulogd_filter_IP2HBIN.c
@@ -40,7 +40,9 @@ enum input_keys {
KEY_ORIG_IP_DADDR,
KEY_REPLY_IP_SADDR,
KEY_REPLY_IP_DADDR,
- MAX_KEY = KEY_REPLY_IP_DADDR,
+ KEY_ARP_SPA,
+ KEY_ARP_TPA,
+ MAX_KEY = KEY_ARP_TPA,
};
static struct ulogd_key ip2hbin_inp[] = {
@@ -84,6 +86,16 @@ static struct ulogd_key ip2hbin_inp[] = {
.flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL,
.name = "reply.ip.daddr",
},
+ [KEY_ARP_SPA] = {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL,
+ .name = "arp.saddr",
+ },
+ [KEY_ARP_TPA] = {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL,
+ .name = "arp.daddr",
+ },
};
static struct ulogd_key ip2hbin_keys[] = {
@@ -111,6 +123,14 @@ static struct ulogd_key ip2hbin_keys[] = {
.type = ULOGD_RET_IPADDR,
.name = "reply.ip.hdaddr",
},
+ {
+ .type = ULOGD_RET_IPADDR,
+ .name = "arp.hsaddr",
+ },
+ {
+ .type = ULOGD_RET_IPADDR,
+ .name = "arp.hdaddr",
+ },
};
static void ip2hbin(struct ulogd_key *inp, int i, struct ulogd_key *outp, int o,
@@ -140,6 +160,7 @@ static int interp_ip2hbin(struct ulogd_pluginstance *pi)
addr_family = AF_INET6;
break;
case NFPROTO_IPV4:
+ case NFPROTO_ARP:
addr_family = AF_INET;
break;
case NFPROTO_BRIDGE:
diff --git a/filter/ulogd_filter_IP2STR.c b/filter/ulogd_filter_IP2STR.c
index 3d4d6e9..12a376e 100644
--- a/filter/ulogd_filter_IP2STR.c
+++ b/filter/ulogd_filter_IP2STR.c
@@ -175,6 +175,7 @@ static int interp_ip2str(struct ulogd_pluginstance *pi)
addr_family = AF_INET6;
break;
case NFPROTO_IPV4:
+ case NFPROTO_ARP:
addr_family = AF_INET;
break;
case NFPROTO_BRIDGE:
diff --git a/util/printpkt.c b/util/printpkt.c
index 2fecd50..93fe472 100644
--- a/util/printpkt.c
+++ b/util/printpkt.c
@@ -467,6 +467,9 @@ int printpkt_print(struct ulogd_key *res, char *buf)
case NFPROTO_BRIDGE:
buf_cur += printpkt_bridge(res, buf_cur);
break;
+ case NFPROTO_ARP:
+ buf_cur += printpkt_arp(res, buf_cur);
+ break;
}
if (pp_is_valid(res, KEY_OOB_UID))