From 62defdbdb365c325795b83845f266410cf7c1076 Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org" Date: Tue, 23 May 2006 08:57:18 +0000 Subject: Move the printpkt functionality out of SYSLOG and LOGEMU, and into a separate PRINTPKT plugin. This reduces code duplication, and also makes the SYSLOG and LOGEMU plugins more general. (Philip Craig) --- filter/Makefile.am | 6 +++- filter/ulogd_filter_PRINTPKT.c | 66 ++++++++++++++++++++++++++++++++++++++++++ include/ulogd/printpkt.h | 3 +- output/Makefile.am | 4 +-- output/ulogd_output_LOGEMU.c | 58 ++++++++++++++++++++++++++++++------- output/ulogd_output_SYSLOG.c | 19 +++++++----- ulogd.conf.in | 3 +- util/printpkt.c | 50 ++------------------------------ 8 files changed, 139 insertions(+), 70 deletions(-) create mode 100644 filter/ulogd_filter_PRINTPKT.c diff --git a/filter/Makefile.am b/filter/Makefile.am index 55d14c0..8c2a37d 100644 --- a/filter/Makefile.am +++ b/filter/Makefile.am @@ -4,10 +4,14 @@ INCLUDES = $(all_includes) -I$(top_srcdir)/include noinst_HEADERS = rtnl.h iftable.h -pkglib_LTLIBRARIES = ulogd_filter_IFINDEX.la ulogd_filter_PWSNIFF.la +pkglib_LTLIBRARIES = ulogd_filter_IFINDEX.la ulogd_filter_PWSNIFF.la \ + ulogd_filter_PRINTPKT.la ulogd_filter_IFINDEX_la_SOURCES = ulogd_filter_IFINDEX.c rtnl.c iftable.c ulogd_filter_IFINDEX_la_LDFLAGS = -module ulogd_filter_PWSNIFF_la_SOURCES = ulogd_filter_PWSNIFF.c ulogd_filter_PWSNIFF_la_LDFLAGS = -module + +ulogd_filter_PRINTPKT_la_SOURCES = ulogd_filter_PRINTPKT.c ../util/printpkt.c +ulogd_filter_PRINTPKT_la_LDFLAGS = -module diff --git a/filter/ulogd_filter_PRINTPKT.c b/filter/ulogd_filter_PRINTPKT.c new file mode 100644 index 0000000..09f0fdf --- /dev/null +++ b/filter/ulogd_filter_PRINTPKT.c @@ -0,0 +1,66 @@ +/* ulogd_filter_PRINTPKT.c, Version $Revision: 1.1 $ + * + * This target produces entries identical to the LOG target. + * + * (C) 2006 by Philip Craig + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + */ + +#include +#include + +static struct ulogd_key printpkt_outp[] = { + { + .type = ULOGD_RET_STRING, + .flags = ULOGD_RETF_NONE, + .name = "print", + }, +}; + +static int printpkt_interp(struct ulogd_pluginstance *upi) +{ + struct ulogd_key *inp = upi->input.keys; + struct ulogd_key *ret = upi->output.keys; + static char buf[4096]; + + printpkt_print(inp, buf); + ret[0].u.value.ptr = buf; + ret[0].flags |= ULOGD_RETF_VALID; + return 0; +} + +static struct ulogd_plugin printpkt_plugin = { + .name = "PRINTPKT", + .input = { + .keys = printpkt_keys, + .num_keys = ARRAY_SIZE(printpkt_keys), + .type = ULOGD_DTYPE_PACKET, + }, + .output = { + .keys = printpkt_outp, + .num_keys = ARRAY_SIZE(printpkt_outp), + .type = ULOGD_DTYPE_PACKET, + }, + .interp = &printpkt_interp, + .version = ULOGD_VERSION, +}; + +void __attribute__ ((constructor)) init(void); + +void init(void) +{ + ulogd_register_plugin(&printpkt_plugin); +} diff --git a/include/ulogd/printpkt.h b/include/ulogd/printpkt.h index 90ff134..bdaeaa4 100644 --- a/include/ulogd/printpkt.h +++ b/include/ulogd/printpkt.h @@ -4,7 +4,6 @@ #define INTR_IDS 35 extern struct ulogd_key printpkt_keys[INTR_IDS]; -int printpkt_print(struct ulogd_key *res, char *buf, int prefix); -int printpkt_init(void); +int printpkt_print(struct ulogd_key *res, char *buf); #endif diff --git a/output/Makefile.am b/output/Makefile.am index 88e353e..9a966d2 100644 --- a/output/Makefile.am +++ b/output/Makefile.am @@ -6,10 +6,10 @@ SUBDIRS= pcap mysql pgsql sqlite3 pkglib_LTLIBRARIES = ulogd_output_LOGEMU.la ulogd_output_SYSLOG.la \ ulogd_output_OPRINT.la ulogd_output_IPFIX.la -ulogd_output_LOGEMU_la_SOURCES = ulogd_output_LOGEMU.c ../util/printpkt.c +ulogd_output_LOGEMU_la_SOURCES = ulogd_output_LOGEMU.c ulogd_output_LOGEMU_la_LDFLAGS = -module -ulogd_output_SYSLOG_la_SOURCES = ulogd_output_SYSLOG.c ../util/printpkt.c +ulogd_output_SYSLOG_la_SOURCES = ulogd_output_SYSLOG.c ulogd_output_SYSLOG_la_LDFLAGS = -module ulogd_output_OPRINT_la_SOURCES = ulogd_output_OPRINT.c diff --git a/output/ulogd_output_LOGEMU.c b/output/ulogd_output_LOGEMU.c index f18da61..a224d7b 100644 --- a/output/ulogd_output_LOGEMU.c +++ b/output/ulogd_output_LOGEMU.c @@ -29,9 +29,14 @@ #include #include #include +#include #include #include -#include + +#ifndef HOST_NAME_MAX +#warning this libc does not define HOST_NAME_MAX +#define HOST_NAME_MAX (255+1) +#endif #ifndef ULOGD_LOGEMU_DEFAULT #define ULOGD_LOGEMU_DEFAULT "/var/log/ulogd.syslogemu" @@ -41,6 +46,19 @@ #define ULOGD_LOGEMU_SYNC_DEFAULT 0 #endif +static char hostname[HOST_NAME_MAX+1]; + +static struct ulogd_key logemu_inp[] = { + { + .type = ULOGD_RET_STRING, + .name = "print", + }, + { + .type = ULOGD_RET_UINT32, + .name = "oob.time.sec", + }, +}; + static struct config_keyset logemu_kset = { .num_ces = 2, .ces = { @@ -67,14 +85,27 @@ static int _output_logemu(struct ulogd_pluginstance *upi) { struct logemu_instance *li = (struct logemu_instance *) &upi->private; struct ulogd_key *res = upi->input.keys; - static char buf[4096]; - printpkt_print(res, buf, 1); + if (res[0].u.source->flags & ULOGD_RETF_VALID) { + char *timestr; + char *tmp; + time_t now; - fprintf(li->of, "%s", buf); + if (res[1].u.source->flags & ULOGD_RETF_VALID) + now = (time_t) res[1].u.source->u.value.ui32; + else + now = time(NULL); - if (upi->config_kset->ces[1].u.value) - fflush(li->of); + timestr = ctime(&now) + 4; + if ((tmp = strchr(timestr, '\n'))) + *tmp = '\0'; + + fprintf(li->of, "%.15s %s %s", timestr, hostname, + res[0].u.source->u.value.ptr); + + if (upi->config_kset->ces[1].u.value) + fflush(li->of); + } return 0; } @@ -102,6 +133,7 @@ static void signal_handler_logemu(struct ulogd_pluginstance *pi, int signal) static int start_logemu(struct ulogd_pluginstance *pi) { struct logemu_instance *li = (struct logemu_instance *) &pi->private; + char *tmp; ulogd_log(ULOGD_DEBUG, "starting logemu\n"); @@ -117,11 +149,17 @@ static int start_logemu(struct ulogd_pluginstance *pi) return errno; } #endif - if (printpkt_init()) { - ulogd_log(ULOGD_ERROR, "can't resolve all keyhash id's\n"); + + if (gethostname(hostname, sizeof(hostname)) < 0) { + ulogd_log(ULOGD_FATAL, "can't gethostname(): %s\n", + strerror(errno)); return -EINVAL; } + /* truncate hostname */ + if ((tmp = strchr(hostname, '.'))) + *tmp = '\0'; + return 0; } @@ -147,8 +185,8 @@ static int configure_logemu(struct ulogd_pluginstance *pi, static struct ulogd_plugin logemu_plugin = { .name = "LOGEMU", .input = { - .keys = printpkt_keys, - .num_keys = ARRAY_SIZE(printpkt_keys), + .keys = logemu_inp, + .num_keys = ARRAY_SIZE(logemu_inp), .type = ULOGD_DTYPE_PACKET, }, .output = { diff --git a/output/ulogd_output_SYSLOG.c b/output/ulogd_output_SYSLOG.c index 3d08f74..8b89295 100644 --- a/output/ulogd_output_SYSLOG.c +++ b/output/ulogd_output_SYSLOG.c @@ -31,7 +31,6 @@ #include #include #include -#include #ifndef SYSLOG_FACILITY_DEFAULT #define SYSLOG_FACILITY_DEFAULT "LOG_KERN" @@ -41,6 +40,13 @@ #define SYSLOG_LEVEL_DEFAULT "LOG_NOTICE" #endif +static struct ulogd_key syslog_inp[] = { + { + .type = ULOGD_RET_STRING, + .name = "print", + }, +}; + static struct config_keyset syslog_kset = { .num_ces = 2, .ces = { @@ -68,11 +74,10 @@ static int _output_syslog(struct ulogd_pluginstance *upi) { struct syslog_instance *li = (struct syslog_instance *) &upi->private; struct ulogd_key *res = upi->input.keys; - static char buf[4096]; - - printpkt_print(res, buf, 0); - syslog(li->syslog_level | li->syslog_facility, buf); + if (res[0].u.source->flags & ULOGD_RETF_VALID) + syslog(li->syslog_level | li->syslog_facility, "%s", + res[0].u.source->u.value.ptr); return 0; } @@ -156,8 +161,8 @@ static int syslog_start(struct ulogd_pluginstance *pi) static struct ulogd_plugin syslog_plugin = { .name = "SYSLOG", .input = { - .keys = printpkt_keys, - .num_keys = ARRAY_SIZE(printpkt_keys), + .keys = syslog_inp, + .num_keys = ARRAY_SIZE(syslog_inp), .type = ULOGD_DTYPE_PACKET, }, .output = { diff --git a/ulogd.conf.in b/ulogd.conf.in index c8d3560..6bd61e4 100644 --- a/ulogd.conf.in +++ b/ulogd.conf.in @@ -35,12 +35,13 @@ bufsize=150000 plugin="@libdir@/ulogd/ulogd_inppkt_NFLOG.so" plugin="@libdir@/ulogd/ulogd_inpflow_NFCT.so" plugin="@libdir@/ulogd/ulogd_filter_IFINDEX.so" +plugin="@libdir@/ulogd/ulogd_filter_PRINTPKT.so" plugin="@libdir@/ulogd/ulogd_output_LOGEMU.so" plugin="@libdir@/ulogd/ulogd_output_OPRINT.so" plugin="@libdir@/ulogd/ulogd_raw2packet_BASE.so" # this is a stack for packet-based logging via LOGEMU -#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,emu1:LOGEMU +#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,print1:PRINTPKT,emu1:LOGEMU # this is a stack for flow-based logging via OPRINT #stack=ct1:NFCT,op1:OPRINT diff --git a/util/printpkt.c b/util/printpkt.c index 63be1f4..ec6cd02 100644 --- a/util/printpkt.c +++ b/util/printpkt.c @@ -25,9 +25,7 @@ #include #include #include -#include #include -#include #include #include #include @@ -37,19 +35,12 @@ #include #include -#ifndef HOST_NAME_MAX -#warning this libc does not define HOST_NAME_MAX -#define HOST_NAME_MAX (255+1) -#endif - #define NIPQUAD(addr) \ ((unsigned char *)&addr)[0], \ ((unsigned char *)&addr)[1], \ ((unsigned char *)&addr)[2], \ ((unsigned char *)&addr)[3] -static char hostname[HOST_NAME_MAX+1]; - struct ulogd_key printpkt_keys[INTR_IDS] = { { .name = "oob.time.sec", }, { .name = "oob.prefix", }, @@ -92,39 +83,15 @@ struct ulogd_key printpkt_keys[INTR_IDS] = { #define GET_FLAGS(res, x) (res[x].u.source->flags) #define pp_is_valid(res, x) (GET_FLAGS(res, x) & ULOGD_RETF_VALID) -int printpkt_print(struct ulogd_key *res, char *buf, int prefix) +int printpkt_print(struct ulogd_key *res, char *buf) { - char *timestr; - char *tmp; - time_t now; - char *buf_cur = buf; - if (prefix) { - if (pp_is_valid(res, 0)) - now = (time_t) GET_VALUE(res, 0).ui32; - else - now = (time_t) 0; - - timestr = ctime(&now) + 4; - - /* truncate time */ - if ((tmp = strchr(timestr, '\n'))) - *tmp = '\0'; - - /* truncate hostname */ - if ((tmp = strchr(hostname, '.'))) - *tmp = '\0'; - - /* print time and hostname */ - buf_cur += sprintf(buf_cur, "%.15s %s", timestr, hostname); - } - if (pp_is_valid(res, 1)) - buf_cur += sprintf(buf_cur, " %s", (char *) GET_VALUE(res, 1).ptr); + buf_cur += sprintf(buf_cur, "%s ", (char *) GET_VALUE(res, 1).ptr); if (pp_is_valid(res, 2) && pp_is_valid(res, 3)) { - buf_cur += sprintf(buf_cur," IN=%s OUT=%s ", + buf_cur += sprintf(buf_cur, "IN=%s OUT=%s ", (char *) GET_VALUE(res, 2).ptr, (char *) GET_VALUE(res, 3).ptr); } @@ -250,14 +217,3 @@ int printpkt_print(struct ulogd_key *res, char *buf, int prefix) return 0; } - -int printpkt_init(void) -{ - if (gethostname(hostname, sizeof(hostname)) < 0) { - ulogd_log(ULOGD_FATAL, "can't gethostname(): %s\n", - strerror(errno)); - return -EINVAL; - } - - return 0; -} -- cgit v1.2.3