From 77f8b710a53dd1ffc3d3178da4461565bfe8764c Mon Sep 17 00:00:00 2001
From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org"
 </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>
Date: Sun, 3 Feb 2008 11:27:14 +0000
Subject: From: Eric leblond <eric@inl.fr> This patch update the printflow
 output module to be able to print a whole conntrack entry on a single line.

---
 include/ulogd/printflow.h |   2 +-
 util/printflow.c          | 161 +++++++++++++++++++++++++++++++++++-----------
 2 files changed, 123 insertions(+), 40 deletions(-)

diff --git a/include/ulogd/printflow.h b/include/ulogd/printflow.h
index 7343a23..979f673 100644
--- a/include/ulogd/printflow.h
+++ b/include/ulogd/printflow.h
@@ -1,7 +1,7 @@
 #ifndef _PRINTFLOW_H
 #define _PRINTFLOW_H
 
-#define FLOW_IDS 	10
+#define FLOW_IDS 16
 extern struct ulogd_key printflow_keys[FLOW_IDS];
 
 int printflow_print(struct ulogd_key *res, char *buf);
diff --git a/util/printflow.c b/util/printflow.c
index 1d0b9e9..d803633 100644
--- a/util/printflow.c
+++ b/util/printflow.c
@@ -29,68 +29,104 @@
 #include <ulogd/printflow.h>
 
 enum printflow_fields {
-	PRINTFLOW_IP_SADDR = 0,
-	PRINTFLOW_IP_DADDR,
-	PRINTFLOW_IP_PROTOCOL,
-	PRINTFLOW_L4_SPORT,
-	PRINTFLOW_L4_DPORT,
-	PRINTFLOW_RAW_PKTLEN,
-	PRINTFLOW_RAW_PKTCOUNT,
+	PRINTFLOW_ORIG_IP_SADDR = 0,
+	PRINTFLOW_ORIG_IP_DADDR,
+	PRINTFLOW_ORIG_IP_PROTOCOL,
+	PRINTFLOW_ORIG_L4_SPORT,
+	PRINTFLOW_ORIG_L4_DPORT,
+	PRINTFLOW_ORIG_RAW_PKTLEN,
+	PRINTFLOW_ORIG_RAW_PKTCOUNT,
+	PRINTFLOW_REPLY_IP_SADDR,
+	PRINTFLOW_REPLY_IP_DADDR,
+	PRINTFLOW_REPLY_IP_PROTOCOL,
+	PRINTFLOW_REPLY_L4_SPORT,
+	PRINTFLOW_REPLY_L4_DPORT,
+	PRINTFLOW_REPLY_RAW_PKTLEN,
+	PRINTFLOW_REPLY_RAW_PKTCOUNT,
 	PRINTFLOW_ICMP_CODE,
 	PRINTFLOW_ICMP_TYPE,
-	PRINTFLOW_DIR,
 };
 
-struct ulogd_key printflow_keys[] = {
+struct ulogd_key printflow_keys[FLOW_IDS] = {
 	{
 		.type = ULOGD_RET_IPADDR,
 		.flags = ULOGD_RETF_NONE,
-		.name = "ip.saddr",
+		.name = "orig.ip.saddr",
 	},
 	{
 		.type = ULOGD_RET_IPADDR,
 		.flags = ULOGD_RETF_NONE,
-		.name = "ip.daddr",
+		.name = "orig.ip.daddr",
 	},
 	{
 		.type = ULOGD_RET_UINT8,
 		.flags = ULOGD_RETF_NONE,
-		.name = "ip.protocol",
+		.name = "orig.ip.protocol",
 	},
 	{
 		.type = ULOGD_RET_UINT16,
 		.flags = ULOGD_RETF_NONE,
-		.name = "l4.sport",
+		.name = "orig.l4.sport",
 	},
 	{
 		.type = ULOGD_RET_UINT16,
 		.flags = ULOGD_RETF_NONE,
-		.name = "l4.dport",
+		.name = "orig.l4.dport",
 	},
 	{
 		.type = ULOGD_RET_UINT32,
 		.flags = ULOGD_RETF_NONE,
-		.name = "raw.pktlen",
+		.name = "orig.raw.pktlen",
 	},
 	{
 		.type = ULOGD_RET_UINT32,
 		.flags = ULOGD_RETF_NONE,
-		.name = "raw.pktcount",
+		.name = "orig.raw.pktcount",
+	},
+	{
+		.type = ULOGD_RET_IPADDR,
+		.flags = ULOGD_RETF_NONE,
+		.name = "reply.ip.saddr",
+	},
+	{
+		.type = ULOGD_RET_IPADDR,
+		.flags = ULOGD_RETF_NONE,
+		.name = "reply.ip.daddr",
 	},
 	{
 		.type = ULOGD_RET_UINT8,
 		.flags = ULOGD_RETF_NONE,
-		.name = "icmp.code",
+		.name = "reply.ip.protocol",
+	},
+	{
+		.type = ULOGD_RET_UINT16,
+		.flags = ULOGD_RETF_NONE,
+		.name = "reply.l4.sport",
+	},
+	{
+		.type = ULOGD_RET_UINT16,
+		.flags = ULOGD_RETF_NONE,
+		.name = "reply.l4.dport",
+	},
+	{
+		.type = ULOGD_RET_UINT32,
+		.flags = ULOGD_RETF_NONE,
+		.name = "reply.raw.pktlen",
+	},
+	{
+		.type = ULOGD_RET_UINT32,
+		.flags = ULOGD_RETF_NONE,
+		.name = "reply.raw.pktcount",
 	},
 	{
 		.type = ULOGD_RET_UINT8,
 		.flags = ULOGD_RETF_NONE,
-		.name = "icmp.type",
+		.name = "icmp.code",
 	},
 	{
-		.type = ULOGD_RET_BOOL,
+		.type = ULOGD_RET_UINT8,
 		.flags = ULOGD_RETF_NONE,
-		.name = "dir",
+		.name = "icmp.type",
 	},
 };
 int printflow_keys_num = sizeof(printflow_keys)/sizeof(*printflow_keys);
@@ -107,32 +143,30 @@ int printflow_print(struct ulogd_key *res, char *buf)
 {
 	char *buf_cur = buf;
 
-	if (pp_is_valid(res, PRINTFLOW_DIR))
-		buf_cur += sprintf(buf_cur, "DIR=%s ",
-				GET_VALUE(res, PRINTFLOW_DIR).b ? "REPLY" : "ORIG ");
+	buf_cur += sprintf(buf_cur, "ORIG: ");
 
-	if (pp_is_valid(res, PRINTFLOW_IP_SADDR))
+	if (pp_is_valid(res, PRINTFLOW_ORIG_IP_SADDR))
 		buf_cur += sprintf(buf_cur, "SRC=%s ", inet_ntoa(
-				(struct in_addr) {htonl(GET_VALUE(res, 0).ui32)}));
+				(struct in_addr) {htonl(GET_VALUE(res, PRINTFLOW_ORIG_IP_SADDR).ui32)}));
 
-	if (pp_is_valid(res, PRINTFLOW_IP_DADDR))
+	if (pp_is_valid(res, PRINTFLOW_ORIG_IP_DADDR))
 		buf_cur += sprintf(buf_cur, "DST=%s ", inet_ntoa(
-				(struct in_addr) {htonl(GET_VALUE(res, 1).ui32)}));
+				(struct in_addr) {htonl(GET_VALUE(res, PRINTFLOW_ORIG_IP_DADDR).ui32)}));
 
-	if (!pp_is_valid(res, PRINTFLOW_IP_PROTOCOL))
-		goto out;
+	if (!pp_is_valid(res, PRINTFLOW_ORIG_IP_PROTOCOL))
+		goto orig_out;
 
-	switch (GET_VALUE(res, PRINTFLOW_IP_PROTOCOL).ui8) {
+	switch (GET_VALUE(res, PRINTFLOW_ORIG_IP_PROTOCOL).ui8) {
 	case IPPROTO_TCP:
 		buf_cur += sprintf(buf_cur, "PROTO=TCP ");
-		pp_print(buf_cur, "SPT", res, PRINTFLOW_L4_SPORT, ui16);
-		pp_print(buf_cur, "DPT", res, PRINTFLOW_L4_DPORT, ui16);
+		pp_print(buf_cur, "SPT", res, PRINTFLOW_ORIG_L4_SPORT, ui16);
+		pp_print(buf_cur, "DPT", res, PRINTFLOW_ORIG_L4_DPORT, ui16);
 		break;
 
 	case IPPROTO_UDP:
 		buf_cur += sprintf(buf_cur, "PROTO=UDP ");
-		pp_print(buf_cur, "SPT", res, PRINTFLOW_L4_SPORT, ui16);
-		pp_print(buf_cur, "DPT", res, PRINTFLOW_L4_DPORT, ui16);
+		pp_print(buf_cur, "SPT", res, PRINTFLOW_ORIG_L4_SPORT, ui16);
+		pp_print(buf_cur, "DPT", res, PRINTFLOW_ORIG_L4_DPORT, ui16);
 		break;
 
 	case IPPROTO_ICMP:
@@ -150,14 +184,63 @@ int printflow_print(struct ulogd_key *res, char *buf)
 		break;
 
 	default:
-		pp_print(buf_cur, "PROTO", res, PRINTFLOW_IP_PROTOCOL, ui8);
+		pp_print(buf_cur, "PROTO", res, PRINTFLOW_ORIG_IP_PROTOCOL, ui8);
 		break;
 	}
 
-out:
-	pp_print(buf_cur, "PKTS", res, PRINTFLOW_RAW_PKTCOUNT, ui32);
-	pp_print(buf_cur, "BYTES", res, PRINTFLOW_RAW_PKTLEN, ui32);
-	strcat(buf_cur, "\n");
+orig_out:
+	pp_print(buf_cur, "PKTS", res, PRINTFLOW_ORIG_RAW_PKTCOUNT, ui32);
+	pp_print(buf_cur, "BYTES", res, PRINTFLOW_ORIG_RAW_PKTLEN, ui32);
+
+	buf_cur += sprintf(buf_cur, ", REPLY: ");
+
+	if (pp_is_valid(res, PRINTFLOW_REPLY_IP_SADDR))
+		buf_cur += sprintf(buf_cur, "SRC=%s ", inet_ntoa(
+				(struct in_addr) {htonl(GET_VALUE(res, PRINTFLOW_REPLY_IP_SADDR).ui32)}));
+
+	if (pp_is_valid(res, PRINTFLOW_REPLY_IP_DADDR))
+		buf_cur += sprintf(buf_cur, "DST=%s ", inet_ntoa(
+				(struct in_addr) {htonl(GET_VALUE(res, PRINTFLOW_REPLY_IP_DADDR).ui32)}));
+
+	if (!pp_is_valid(res, PRINTFLOW_REPLY_IP_PROTOCOL))
+		goto reply_out;
+
+	switch (GET_VALUE(res, PRINTFLOW_REPLY_IP_PROTOCOL).ui8) {
+	case IPPROTO_TCP:
+		buf_cur += sprintf(buf_cur, "PROTO=TCP ");
+		pp_print(buf_cur, "SPT", res, PRINTFLOW_REPLY_L4_SPORT, ui16);
+		pp_print(buf_cur, "DPT", res, PRINTFLOW_REPLY_L4_DPORT, ui16);
+		break;
+
+	case IPPROTO_UDP:
+		buf_cur += sprintf(buf_cur, "PROTO=UDP ");
+		pp_print(buf_cur, "SPT", res, PRINTFLOW_REPLY_L4_SPORT, ui16);
+		pp_print(buf_cur, "DPT", res, PRINTFLOW_REPLY_L4_DPORT, ui16);
+		break;
+
+	case IPPROTO_ICMP:
+		buf_cur += sprintf(buf_cur, "PROTO=ICMP ");
+		pp_print(buf_cur, "TYPE", res, PRINTFLOW_ICMP_CODE, ui8);
+		pp_print(buf_cur, "CODE", res, PRINTFLOW_ICMP_TYPE, ui8);
+		break;
+
+	case IPPROTO_ESP:
+		buf_cur += sprintf(buf_cur, "PROTO=ESP ");
+		break;
+
+	case IPPROTO_AH:
+		buf_cur += sprintf(buf_cur, "PROTO=AH ");
+		break;
+
+	default:
+		pp_print(buf_cur, "PROTO", res, PRINTFLOW_REPLY_IP_PROTOCOL, ui8);
+		break;
+	}
 
+reply_out:
+	pp_print(buf_cur, "PKTS", res, PRINTFLOW_REPLY_RAW_PKTCOUNT, ui32);
+	pp_print(buf_cur, "BYTES", res, PRINTFLOW_REPLY_RAW_PKTLEN, ui32);
+
+	strcat(buf_cur, "\n");
 	return 0;
 }
-- 
cgit v1.2.3