diff options
-rw-r--r-- | filter/raw2packet/ulogd_raw2packet_BASE.c | 2 | ||||
-rw-r--r-- | filter/ulogd_filter_IP2BIN.c | 24 | ||||
-rw-r--r-- | filter/ulogd_filter_IP2HBIN.c | 23 | ||||
-rw-r--r-- | filter/ulogd_filter_IP2STR.c | 1 | ||||
-rw-r--r-- | util/printpkt.c | 3 |
5 files changed, 50 insertions, 3 deletions
diff --git a/filter/raw2packet/ulogd_raw2packet_BASE.c b/filter/raw2packet/ulogd_raw2packet_BASE.c index 4b60964..2c0d164 100644 --- a/filter/raw2packet/ulogd_raw2packet_BASE.c +++ b/filter/raw2packet/ulogd_raw2packet_BASE.c @@ -960,6 +960,8 @@ static int _interp_pkt(struct ulogd_pluginstance *pi) return _interp_ipv6hdr(pi, len); case NFPROTO_BRIDGE: return _interp_bridge(pi, len); + case NFPROTO_ARP: + return _interp_arp(pi, len); } return ULOGD_IRET_OK; } diff --git a/filter/ulogd_filter_IP2BIN.c b/filter/ulogd_filter_IP2BIN.c index 9bbeebb..9e6f3a9 100644 --- a/filter/ulogd_filter_IP2BIN.c +++ b/filter/ulogd_filter_IP2BIN.c @@ -39,7 +39,9 @@ enum input_keys { KEY_ORIG_IP_DADDR, KEY_REPLY_IP_SADDR, KEY_REPLY_IP_DADDR, - MAX_KEY = KEY_REPLY_IP_DADDR, + KEY_ARP_SPA, + KEY_ARP_TPA, + MAX_KEY = KEY_ARP_TPA, }; static struct ulogd_key ip2bin_inp[] = { @@ -83,6 +85,16 @@ static struct ulogd_key ip2bin_inp[] = { .flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL, .name = "reply.ip.daddr", }, + [KEY_ARP_SPA] = { + .type = ULOGD_RET_IPADDR, + .flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL, + .name = "arp.saddr", + }, + [KEY_ARP_TPA] = { + .type = ULOGD_RET_IPADDR, + .flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL, + .name = "arp.daddr", + }, }; static struct ulogd_key ip2bin_keys[] = { @@ -110,7 +122,14 @@ static struct ulogd_key ip2bin_keys[] = { .type = ULOGD_RET_RAWSTR, .name = "reply.ip.daddr.bin", }, - + { + .type = ULOGD_RET_RAWSTR, + .name = "arp.saddr.bin", + }, + { + .type = ULOGD_RET_RAWSTR, + .name = "arp.daddr.bin", + }, }; static char ipbin_array[MAX_KEY - START_KEY + 1][FORMAT_IPV6_BUFSZ]; @@ -150,6 +169,7 @@ static int interp_ip2bin(struct ulogd_pluginstance *pi) addr_family = AF_INET6; break; case NFPROTO_IPV4: + case NFPROTO_ARP: addr_family = AF_INET; break; case NFPROTO_BRIDGE: diff --git a/filter/ulogd_filter_IP2HBIN.c b/filter/ulogd_filter_IP2HBIN.c index 081b757..38306e8 100644 --- a/filter/ulogd_filter_IP2HBIN.c +++ b/filter/ulogd_filter_IP2HBIN.c @@ -40,7 +40,9 @@ enum input_keys { KEY_ORIG_IP_DADDR, KEY_REPLY_IP_SADDR, KEY_REPLY_IP_DADDR, - MAX_KEY = KEY_REPLY_IP_DADDR, + KEY_ARP_SPA, + KEY_ARP_TPA, + MAX_KEY = KEY_ARP_TPA, }; static struct ulogd_key ip2hbin_inp[] = { @@ -84,6 +86,16 @@ static struct ulogd_key ip2hbin_inp[] = { .flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL, .name = "reply.ip.daddr", }, + [KEY_ARP_SPA] = { + .type = ULOGD_RET_IPADDR, + .flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL, + .name = "arp.saddr", + }, + [KEY_ARP_TPA] = { + .type = ULOGD_RET_IPADDR, + .flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL, + .name = "arp.daddr", + }, }; static struct ulogd_key ip2hbin_keys[] = { @@ -111,6 +123,14 @@ static struct ulogd_key ip2hbin_keys[] = { .type = ULOGD_RET_IPADDR, .name = "reply.ip.hdaddr", }, + { + .type = ULOGD_RET_IPADDR, + .name = "arp.hsaddr", + }, + { + .type = ULOGD_RET_IPADDR, + .name = "arp.hdaddr", + }, }; static void ip2hbin(struct ulogd_key *inp, int i, struct ulogd_key *outp, int o, @@ -140,6 +160,7 @@ static int interp_ip2hbin(struct ulogd_pluginstance *pi) addr_family = AF_INET6; break; case NFPROTO_IPV4: + case NFPROTO_ARP: addr_family = AF_INET; break; case NFPROTO_BRIDGE: diff --git a/filter/ulogd_filter_IP2STR.c b/filter/ulogd_filter_IP2STR.c index 3d4d6e9..12a376e 100644 --- a/filter/ulogd_filter_IP2STR.c +++ b/filter/ulogd_filter_IP2STR.c @@ -175,6 +175,7 @@ static int interp_ip2str(struct ulogd_pluginstance *pi) addr_family = AF_INET6; break; case NFPROTO_IPV4: + case NFPROTO_ARP: addr_family = AF_INET; break; case NFPROTO_BRIDGE: diff --git a/util/printpkt.c b/util/printpkt.c index 2fecd50..93fe472 100644 --- a/util/printpkt.c +++ b/util/printpkt.c @@ -467,6 +467,9 @@ int printpkt_print(struct ulogd_key *res, char *buf) case NFPROTO_BRIDGE: buf_cur += printpkt_bridge(res, buf_cur); break; + case NFPROTO_ARP: + buf_cur += printpkt_arp(res, buf_cur); + break; } if (pp_is_valid(res, KEY_OOB_UID)) |