diff options
-rw-r--r-- | include/ulogd/printflow.h | 2 | ||||
-rw-r--r-- | util/printflow.c | 20 |
2 files changed, 21 insertions, 1 deletions
diff --git a/include/ulogd/printflow.h b/include/ulogd/printflow.h index 979f673..b793426 100644 --- a/include/ulogd/printflow.h +++ b/include/ulogd/printflow.h @@ -1,7 +1,7 @@ #ifndef _PRINTFLOW_H #define _PRINTFLOW_H -#define FLOW_IDS 16 +#define FLOW_IDS 17 extern struct ulogd_key printflow_keys[FLOW_IDS]; int printflow_print(struct ulogd_key *res, char *buf); diff --git a/util/printflow.c b/util/printflow.c index 92c4f0f..6c2ffd5 100644 --- a/util/printflow.c +++ b/util/printflow.c @@ -45,6 +45,7 @@ enum printflow_fields { PRINTFLOW_REPLY_RAW_PKTCOUNT, PRINTFLOW_ICMP_CODE, PRINTFLOW_ICMP_TYPE, + PRINTFLOW_EVENT_TYPE, }; struct ulogd_key printflow_keys[FLOW_IDS] = { @@ -128,6 +129,11 @@ struct ulogd_key printflow_keys[FLOW_IDS] = { .flags = ULOGD_RETF_NONE, .name = "icmp.type", }, + { + .type = ULOGD_RET_UINT32, + .flags = ULOGD_RETF_NONE, + .name = "ct.event", + }, }; int printflow_keys_num = sizeof(printflow_keys)/sizeof(*printflow_keys); @@ -139,6 +145,20 @@ int printflow_print(struct ulogd_key *res, char *buf) { char *buf_cur = buf; + if (pp_is_valid(res, PRINTFLOW_EVENT_TYPE)) { + switch (GET_VALUE(res, PRINTFLOW_EVENT_TYPE).ui32) { + case 1: + buf_cur += sprintf(buf_cur, "[NEW] "); + break; + case 2: + buf_cur += sprintf(buf_cur, "[UPDATE] "); + break; + case 3: + buf_cur += sprintf(buf_cur, "[DESTROY] "); + break; + } + } + buf_cur += sprintf(buf_cur, "ORIG: "); if (pp_is_valid(res, PRINTFLOW_ORIG_IP_SADDR)) |