diff options
Diffstat (limited to 'input')
| -rw-r--r-- | input/Makefile.am | 9 | ||||
| -rw-r--r-- | input/flow/Makefile.am | 14 | ||||
| -rw-r--r-- | input/packet/Makefile.am | 24 | ||||
| -rw-r--r-- | input/packet/ulogd_inppkt_NFLOG.c | 82 | ||||
| -rw-r--r-- | input/packet/ulogd_inppkt_UNIXSOCK.c | 57 | ||||
| -rw-r--r-- | input/sum/Makefile.am | 9 |
6 files changed, 134 insertions, 61 deletions
diff --git a/input/Makefile.am b/input/Makefile.am index 5ffef1b..668fc2b 100644 --- a/input/Makefile.am +++ b/input/Makefile.am @@ -1,2 +1,9 @@ +if BUILD_NFCT + OPT_SUBDIR_FLOW = flow +endif -SUBDIRS = packet flow sum +if BUILD_NFACCT + OPT_SUBDIR_SUM = sum +endif + +SUBDIRS = packet $(OPT_SUBDIR_FLOW) $(OPT_SUBDIR_SUM) diff --git a/input/flow/Makefile.am b/input/flow/Makefile.am index 0e07a7d..a556b4e 100644 --- a/input/flow/Makefile.am +++ b/input/flow/Makefile.am @@ -1,13 +1,9 @@ +include $(top_srcdir)/Make_global.am -AM_CPPFLAGS = -I$(top_srcdir)/include ${LIBNETFILTER_CONNTRACK_CFLAGS} -AM_CFLAGS = ${regular_CFLAGS} +AM_CPPFLAGS += ${LIBNETFILTER_CONNTRACK_CFLAGS} -if BUILD_NFCT -pkglib_LTLIBRARIES = ulogd_inpflow_NFCT.la # ulogd_inpflow_IPFIX.la +pkglib_LTLIBRARIES = ulogd_inpflow_NFCT.la ulogd_inpflow_NFCT_la_SOURCES = ulogd_inpflow_NFCT.c -ulogd_inpflow_NFCT_la_LDFLAGS = -avoid-version -module $(LIBNETFILTER_CONNTRACK_LIBS) -endif - -#ulogd_inpflow_IPFIX_la_SOURCES = ulogd_inpflow_IPFIX.c -#ulogd_inpflow_IPFIX_la_LDFLAGS = -avoid-version -module +ulogd_inpflow_NFCT_la_LDFLAGS = -avoid-version -module +ulogd_inpflow_NFCT_la_LIBADD = $(LIBNETFILTER_CONNTRACK_LIBS) diff --git a/input/packet/Makefile.am b/input/packet/Makefile.am index 1c3151d..851c608 100644 --- a/input/packet/Makefile.am +++ b/input/packet/Makefile.am @@ -1,23 +1,25 @@ +include $(top_srcdir)/Make_global.am -AM_CPPFLAGS = -I$(top_srcdir)/include ${LIBNETFILTER_LOG_CFLAGS} -AM_CFLAGS = ${regular_CFLAGS} +AM_CPPFLAGS += ${LIBNETFILTER_LOG_CFLAGS} ${LIBNETFILTER_CONNTRACK_CFLAGS} pkglib_LTLIBRARIES = ulogd_inppkt_UNIXSOCK.la +ulogd_inppkt_UNIXSOCK_la_SOURCES = ulogd_inppkt_UNIXSOCK.c +ulogd_inppkt_UNIXSOCK_la_LDFLAGS = -avoid-version -module + if BUILD_ULOG pkglib_LTLIBRARIES += ulogd_inppkt_ULOG.la + +ulogd_inppkt_ULOG_la_SOURCES = ulogd_inppkt_ULOG.c +ulogd_inppkt_ULOG_la_LDFLAGS = -avoid-version -module +ulogd_inppkt_ULOG_la_LIBADD = ../../libipulog/libipulog.la endif if BUILD_NFLOG pkglib_LTLIBRARIES += ulogd_inppkt_NFLOG.la -endif ulogd_inppkt_NFLOG_la_SOURCES = ulogd_inppkt_NFLOG.c -ulogd_inppkt_NFLOG_la_LDFLAGS = -avoid-version -module $(LIBNETFILTER_LOG_LIBS) - -ulogd_inppkt_ULOG_la_SOURCES = ulogd_inppkt_ULOG.c -ulogd_inppkt_ULOG_la_LDFLAGS = -avoid-version -module -ulogd_inppkt_ULOG_la_LIBADD = ../../libipulog/libipulog.la - -ulogd_inppkt_UNIXSOCK_la_SOURCES = ulogd_inppkt_UNIXSOCK.c -ulogd_inppkt_UNIXSOCK_la_LDFLAGS = -avoid-version -module +ulogd_inppkt_NFLOG_la_LDFLAGS = -avoid-version -module +ulogd_inppkt_NFLOG_la_LIBADD = $(LIBNETFILTER_LOG_LIBS) \ + $(LIBNETFILTER_CONNTRACK_LIBS) +endif diff --git a/input/packet/ulogd_inppkt_NFLOG.c b/input/packet/ulogd_inppkt_NFLOG.c index a367959..4fdeb12 100644 --- a/input/packet/ulogd_inppkt_NFLOG.c +++ b/input/packet/ulogd_inppkt_NFLOG.c @@ -12,6 +12,13 @@ #include <ulogd/ulogd.h> #include <libnfnetlink/libnfnetlink.h> #include <libnetfilter_log/libnetfilter_log.h> +#ifdef BUILD_NFCT +#include <libmnl/libmnl.h> +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> +#else +struct nf_conntrack; +#endif + #ifndef NFLOG_GROUP_DEFAULT #define NFLOG_GROUP_DEFAULT 0 @@ -33,7 +40,7 @@ struct nflog_input { /* configuration entries */ static struct config_keyset libulog_kset = { - .num_ces = 11, + .num_ces = 12, .ces = { { .key = "bufsize", @@ -102,6 +109,12 @@ static struct config_keyset libulog_kset = { .options = CONFIG_OPT_NONE, .u.value = 0, }, + { + .key = "attach_conntrack", + .type = CONFIG_TYPE_INT, + .options = CONFIG_OPT_NONE, + .u.value = 0, + }, } }; @@ -116,6 +129,7 @@ static struct config_keyset libulog_kset = { #define nlsockbufmaxsize_ce(x) (x->ces[8]) #define nlthreshold_ce(x) (x->ces[9]) #define nltimeout_ce(x) (x->ces[10]) +#define attach_conntrack_ce(x) (x->ces[11]) enum nflog_keys { NFLOG_KEY_RAW_MAC = 0, @@ -141,6 +155,7 @@ enum nflog_keys { NFLOG_KEY_RAW_MAC_SADDR, NFLOG_KEY_RAW_MAC_ADDRLEN, NFLOG_KEY_RAW, + NFLOG_KEY_RAW_CT, }; static struct ulogd_key output_keys[] = { @@ -312,11 +327,52 @@ static struct ulogd_key output_keys[] = { .flags = ULOGD_RETF_NONE, .name = "raw", }, + [NFLOG_KEY_RAW_CT] = { + .type = ULOGD_RET_RAW, + .flags = ULOGD_RETF_NONE, + .name = "ct", + }, }; +struct nf_conntrack *build_ct(struct nfgenmsg *nfmsg) +{ +#ifdef BUILD_NFCT + struct nlmsghdr *nlh = + (struct nlmsghdr *)((void *)nfmsg - sizeof(*nlh)); + struct nlattr *attr, *ctattr = NULL; + struct nf_conntrack *ct; + + mnl_attr_for_each(attr, nlh, sizeof(struct nfgenmsg)) { + if (mnl_attr_get_type(attr) == NFULA_CT) { + ctattr = attr; + break; + } + } + if (!ctattr) + return NULL; + + ct = nfct_new(); + if (!ct) { + ulogd_log(ULOGD_ERROR, "failed to allocate nfct\n"); + return NULL; + } + if (nfct_payload_parse(mnl_attr_get_payload(ctattr), + mnl_attr_get_payload_len(ctattr), + nfmsg->nfgen_family, ct) < 0) { + ulogd_log(ULOGD_ERROR, "failed to parse nfct payload\n"); + nfct_destroy(ct); + return NULL; + } + + return ct; +#else + return NULL; +#endif +} + static inline int interp_packet(struct ulogd_pluginstance *upi, uint8_t pf_family, - struct nflog_data *ldata) + struct nflog_data *ldata, struct nf_conntrack *ct) { struct ulogd_key *ret = upi->output.keys; @@ -397,6 +453,9 @@ interp_packet(struct ulogd_pluginstance *upi, uint8_t pf_family, okey_set_ptr(&ret[NFLOG_KEY_RAW], ldata); + if (ct != NULL) + okey_set_ptr(&ret[NFLOG_KEY_RAW_CT], ct); + ulogd_propagate_results(upi); return 0; } @@ -471,16 +530,25 @@ static int msg_cb(struct nflog_g_handle *gh, struct nfgenmsg *nfmsg, { struct ulogd_pluginstance *upi = data; struct ulogd_pluginstance *npi = NULL; + void *ct = build_ct(nfmsg); int ret = 0; /* since we support the re-use of one instance in several * different stacks, we duplicate the message to let them know */ llist_for_each_entry(npi, &upi->plist, plist) { - ret = interp_packet(npi, nfmsg->nfgen_family, nfa); + ret = interp_packet(npi, nfmsg->nfgen_family, nfa, ct); if (ret != 0) - return ret; + goto release_ct; } - return interp_packet(upi, nfmsg->nfgen_family, nfa); + ret = interp_packet(upi, nfmsg->nfgen_family, nfa, ct); + +release_ct: +#ifdef BUILD_NFCT + if (ct != NULL) + nfct_destroy(ct); +#endif + + return ret; } static int configure(struct ulogd_pluginstance *upi, @@ -595,8 +663,10 @@ static int start(struct ulogd_pluginstance *upi) flags = 0; if (seq_ce(upi->config_kset).u.value != 0) flags = NFULNL_CFG_F_SEQ; - if (seq_ce(upi->config_kset).u.value != 0) + if (seq_global_ce(upi->config_kset).u.value != 0) flags |= NFULNL_CFG_F_SEQ_GLOBAL; + if (attach_conntrack_ce(upi->config_kset).u.value != 0) + flags |= NFULNL_CFG_F_CONNTRACK; if (flags) { if (nflog_set_flags(ui->nful_gh, flags) < 0) ulogd_log(ULOGD_ERROR, "unable to set flags 0x%x\n", diff --git a/input/packet/ulogd_inppkt_UNIXSOCK.c b/input/packet/ulogd_inppkt_UNIXSOCK.c index 39944bf..f1d1534 100644 --- a/input/packet/ulogd_inppkt_UNIXSOCK.c +++ b/input/packet/ulogd_inppkt_UNIXSOCK.c @@ -18,6 +18,7 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include <inttypes.h> #include <unistd.h> #include <stdlib.h> #include <netinet/ether.h> @@ -370,7 +371,7 @@ struct ulogd_unixsock_option_t { static int handle_packet(struct ulogd_pluginstance *upi, struct ulogd_unixsock_packet_t *pkt, uint16_t total_len) { char *data = NULL; - struct iphdr *ip; + unsigned int ip_version = pkt->payload.version; struct ulogd_key *ret = upi->output.keys; uint8_t oob_family; uint16_t payload_len; @@ -386,22 +387,22 @@ static int handle_packet(struct ulogd_pluginstance *upi, struct ulogd_unixsock_p payload_len = ntohs(pkt->payload_length); - ip = &pkt->payload; - if (ip->version == 4) + if (ip_version == 4) oob_family = AF_INET; - else if (ip->version == 6) + else if (ip_version == 6) oob_family = AF_INET6; - else oob_family = 0; + else + oob_family = 0; okey_set_u8(&ret[UNIXSOCK_KEY_OOB_FAMILY], oob_family); - okey_set_ptr(&ret[UNIXSOCK_KEY_RAW_PCKT], ip); + okey_set_ptr(&ret[UNIXSOCK_KEY_RAW_PCKT], &pkt->payload); okey_set_u32(&ret[UNIXSOCK_KEY_RAW_PCKTLEN], payload_len); /* options */ if (total_len > payload_len + sizeof(uint16_t)) { /* option starts at the next aligned address after the payload */ new_offset = USOCK_ALIGN(payload_len); - options_start = (void*)ip + new_offset; + options_start = (void*)&pkt->payload + new_offset; data = options_start; total_len -= (options_start - (char*)pkt); @@ -459,7 +460,7 @@ static int handle_packet(struct ulogd_pluginstance *upi, struct ulogd_unixsock_p "ulogd2: unknown option %d\n", option_number); break; - }; + } } } @@ -473,35 +474,31 @@ static int handle_packet(struct ulogd_pluginstance *upi, struct ulogd_unixsock_p static int _create_unix_socket(const char *unix_path) { + struct sockaddr_un server_sock = { .sun_family = AF_UNIX }; int ret = -1; - struct sockaddr_un server_sock; int s; - struct stat st_dummy; - s = socket(AF_UNIX, SOCK_STREAM, 0); - if (s < 0) { + if (strlen(unix_path) >= sizeof(server_sock.sun_path)) { ulogd_log(ULOGD_ERROR, - "ulogd2: could not create unix socket\n"); + "ulogd2: unix socket path '%s' too long\n", + unix_path); return -1; } - server_sock.sun_family = AF_UNIX; - strncpy(server_sock.sun_path, unix_path, sizeof(server_sock.sun_path)); - server_sock.sun_path[sizeof(server_sock.sun_path)-1] = '\0'; + strcpy(server_sock.sun_path, unix_path); - if (stat(unix_path, &st_dummy) == 0 && st_dummy.st_size > 0) { + s = socket(AF_UNIX, SOCK_STREAM, 0); + if (s < 0) { ulogd_log(ULOGD_ERROR, - "ulogd2: unix socket \'%s\' already exists\n", - unix_path); - close(s); + "ulogd2: could not create unix socket\n"); return -1; } ret = bind(s, (struct sockaddr *)&server_sock, sizeof(server_sock)); if (ret < 0) { ulogd_log(ULOGD_ERROR, - "ulogd2: could not bind to unix socket \'%s\'\n", - server_sock.sun_path); + "ulogd2: could not bind to unix socket '%s'\n", + server_sock.sun_path); close(s); return -1; } @@ -509,8 +506,8 @@ static int _create_unix_socket(const char *unix_path) ret = listen(s, 10); if (ret < 0) { ulogd_log(ULOGD_ERROR, - "ulogd2: could not bind to unix socket \'%s\'\n", - server_sock.sun_path); + "ulogd2: could not listen to unix socket '%s'\n", + server_sock.sun_path); close(s); return -1; } @@ -632,9 +629,9 @@ static int unixsock_instance_read_cb(int fd, unsigned int what, void *param) packet_sig = ntohl(unixsock_packet->marker); if (packet_sig != ULOGD_SOCKET_MARK) { ulogd_log(ULOGD_ERROR, - "ulogd2: invalid packet marked received " - "(read %lx, expected %lx), closing socket.\n", - packet_sig, ULOGD_SOCKET_MARK); + "ulogd2: invalid packet marked received " + "(read %" PRIx32 ", expected %" PRIx32 "), closing socket.\n", + packet_sig, ULOGD_SOCKET_MARK); _disconnect_client(ui); return -1; @@ -663,13 +660,13 @@ static int unixsock_instance_read_cb(int fd, unsigned int what, void *param) } } else { - ulogd_log(ULOGD_DEBUG, " We have %d bytes, but need %d. Requesting more\n", - ui->unixsock_buf_avail, needed_len + sizeof(uint32_t)); + ulogd_log(ULOGD_DEBUG, " We have %u bytes, but need %zu. Requesting more\n", + ui->unixsock_buf_avail, needed_len + sizeof(uint32_t)); return 0; } /* handle_packet has shifted data in buffer */ - }; + } return 0; } diff --git a/input/sum/Makefile.am b/input/sum/Makefile.am index b6ddb4d..b24af7b 100644 --- a/input/sum/Makefile.am +++ b/input/sum/Makefile.am @@ -1,8 +1,9 @@ -AM_CPPFLAGS = -I$(top_srcdir)/include $(LIBNETFILTER_ACCT_CFLAGS) $(LIBMNL_CFLAGS) -AM_CFLAGS = ${regular_CFLAGS} -if BUILD_NFACCT +include $(top_srcdir)/Make_global.am + +AM_CPPFLAGS += $(LIBNETFILTER_ACCT_CFLAGS) $(LIBMNL_CFLAGS) + pkglib_LTLIBRARIES = ulogd_inpflow_NFACCT.la + ulogd_inpflow_NFACCT_la_SOURCES = ulogd_inpflow_NFACCT.c ulogd_inpflow_NFACCT_la_LDFLAGS = -avoid-version -module ulogd_inpflow_NFACCT_la_LIBADD = $(LIBMNL_LIBS) $(LIBNETFILTER_ACCT_LIBS) -endif |