From 34b4af44bd931b7fa46804faf1f60b53dafa1b73 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Fri, 22 Jun 2012 16:55:41 +0200 Subject: output: XML: support for NFACCT input plugin This patch extends XML plugin to support NFACCT. You can use the following line in ulogd.conf to test it: stack=acct1:NFACCT,xml1:XML Signed-off-by: Pablo Neira Ayuso --- input/sum/ulogd_inpflow_NFACCT.c | 13 ++++++++++--- output/Makefile.am | 3 ++- output/ulogd_output_XML.c | 30 +++++++++++++++++++++++++++++- ulogd.conf.in | 3 +++ 4 files changed, 44 insertions(+), 5 deletions(-) diff --git a/input/sum/ulogd_inpflow_NFACCT.c b/input/sum/ulogd_inpflow_NFACCT.c index 751c567..f3b936f 100644 --- a/input/sum/ulogd_inpflow_NFACCT.c +++ b/input/sum/ulogd_inpflow_NFACCT.c @@ -49,6 +49,7 @@ enum ulogd_nfacct_keys { ULOGD_NFACCT_NAME, ULOGD_NFACCT_PKTS, ULOGD_NFACCT_BYTES, + ULOGD_NFACCT_RAW, }; static struct ulogd_key nfacct_okeys[] = { @@ -67,6 +68,11 @@ static struct ulogd_key nfacct_okeys[] = { .flags = ULOGD_RETF_NONE, .name = "sum.bytes", }, + [ULOGD_NFACCT_RAW] = { + .type = ULOGD_RET_RAW, + .flags = ULOGD_RETF_NONE, + .name = "sum", + }, }; static void @@ -80,6 +86,7 @@ propagate_nfacct(struct ulogd_pluginstance *upi, struct nfacct *nfacct) nfacct_attr_get_u64(nfacct, NFACCT_ATTR_PKTS)); okey_set_u64(&ret[ULOGD_NFACCT_BYTES], nfacct_attr_get_u64(nfacct, NFACCT_ATTR_BYTES)); + okey_set_ptr(&ret[ULOGD_NFACCT_RAW], nfacct); ulogd_propagate_results(upi); } @@ -93,6 +100,8 @@ do_propagate_nfacct(struct ulogd_pluginstance *upi, struct nfacct *nfacct) propagate_nfacct(npi, nfacct); propagate_nfacct(upi, nfacct); + + nfacct_free(nfacct); } static int nfacct_cb(const struct nlmsghdr *nlh, void *data) @@ -108,13 +117,11 @@ static int nfacct_cb(const struct nlmsghdr *nlh, void *data) if (nfacct_nlmsg_parse_payload(nlh, nfacct) < 0) { ulogd_log(ULOGD_ERROR, "Error parsing nfacct message"); - goto err_free; + goto err; } do_propagate_nfacct(upi, nfacct); -err_free: - nfacct_free(nfacct); err: return MNL_CB_OK; } diff --git a/output/Makefile.am b/output/Makefile.am index db05d0b..630aee6 100644 --- a/output/Makefile.am +++ b/output/Makefile.am @@ -25,5 +25,6 @@ ulogd_output_NACCT_la_LDFLAGS = -avoid-version -module ulogd_output_XML_la_SOURCES = ulogd_output_XML.c ulogd_output_XML_la_LIBADD = ${LIBNETFILTER_LOG_LIBS} \ - ${LIBNETFILTER_CONNTRACK_LIBS} + ${LIBNETFILTER_CONNTRACK_LIBS} \ + ${LIBNETFILTER_ACCT_LIBS} ulogd_output_XML_la_LDFLAGS = -avoid-version -module diff --git a/output/ulogd_output_XML.c b/output/ulogd_output_XML.c index 1ec9d8c..5215e28 100644 --- a/output/ulogd_output_XML.c +++ b/output/ulogd_output_XML.c @@ -20,6 +20,7 @@ #include #include +#include #include #include #include @@ -32,6 +33,7 @@ enum { KEY_CT, KEY_PCKT, + KEY_SUM, }; static struct ulogd_key xml_inp[] = { @@ -45,6 +47,11 @@ static struct ulogd_key xml_inp[] = { .flags = ULOGD_RETF_NONE | ULOGD_KEYF_OPTIONAL, .name = "raw", }, + [KEY_SUM] = { + .type = ULOGD_RET_RAW, + .flags = ULOGD_RETF_NONE | ULOGD_KEYF_OPTIONAL, + .name = "sum", + }, }; enum { @@ -108,6 +115,19 @@ xml_output_packet(struct ulogd_key *inp, char *buf, ssize_t size) return 0; } +static int +xml_output_sum(struct ulogd_key *inp, char *buf, ssize_t size) +{ + struct nfacct *nfacct = ikey_get_ptr(&inp[KEY_SUM]); + int tmp; + + tmp = nfacct_snprintf(buf, size, nfacct, NFACCT_SNPRINTF_T_XML, 0); + if (tmp < 0 || tmp >= size) + return -1; + + return 0; +} + static int xml_output(struct ulogd_pluginstance *upi) { struct ulogd_key *inp = upi->input.keys; @@ -119,6 +139,8 @@ static int xml_output(struct ulogd_pluginstance *upi) ret = xml_output_flow(inp, buf, sizeof(buf)); else if (pp_is_valid(inp, KEY_PCKT)) ret = xml_output_packet(inp, buf, sizeof(buf)); + else if (pp_is_valid(inp, KEY_SUM)) + ret = xml_output_sum(inp, buf, sizeof(buf)); if (ret < 0) return ULOGD_IRET_ERR; @@ -155,6 +177,8 @@ static int xml_fini(struct ulogd_pluginstance *pi) fprintf(op->of, "\n"); else if (input_plugin->plugin->output.type & ULOGD_DTYPE_RAW) fprintf(op->of, "\n"); + else if (input_plugin->plugin->output.type & ULOGD_DTYPE_SUM) + fprintf(op->of, "\n"); if (op->of != stdout) fclose(op->of); @@ -179,6 +203,8 @@ static int xml_open_file(struct ulogd_pluginstance *upi) strcpy(file_infix, "flow"); else if (input_plugin->plugin->output.type & ULOGD_DTYPE_RAW) strcpy(file_infix, "pkt"); + else if (input_plugin->plugin->output.type & ULOGD_DTYPE_SUM) + strcpy(file_infix, "sum"); now = time(NULL); tm = localtime(&now); @@ -218,6 +244,8 @@ static void xml_print_header(struct ulogd_pluginstance *upi) fprintf(op->of, "\n"); else if (input_plugin->plugin->output.type & ULOGD_DTYPE_RAW) fprintf(op->of, "\n"); + else if (input_plugin->plugin->output.type & ULOGD_DTYPE_SUM) + fprintf(op->of, "\n"); if (upi->config_kset->ces[CFG_XML_SYNC].u.value != 0) fflush(op->of); @@ -264,7 +292,7 @@ static struct ulogd_plugin xml_plugin = { .input = { .keys = xml_inp, .num_keys = ARRAY_SIZE(xml_inp), - .type = ULOGD_DTYPE_FLOW, + .type = ULOGD_DTYPE_FLOW | ULOGD_DTYPE_SUM, }, .output = { .type = ULOGD_DTYPE_SINK, diff --git a/ulogd.conf.in b/ulogd.conf.in index e3d4022..5f19cae 100644 --- a/ulogd.conf.in +++ b/ulogd.conf.in @@ -77,6 +77,9 @@ plugin="@pkglibdir@/ulogd_inpflow_NFACCT.so" # this is a stack for logging in XML #stack=log1:NFLOG,xml1:XML +# this is a stack for accounting-based logging via XML +#stack=acct1:NFACCT,xml1:XML + # this is a stack for NFLOG packet-based logging to PCAP #stack=log2:NFLOG,base1:BASE,pcap1:PCAP -- cgit v1.2.3