diff options
author | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2008-03-26 09:42:20 +0000 |
---|---|---|
committer | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2008-03-26 09:42:20 +0000 |
commit | 627afbf16b96d23dc0eb7b8e87575c3b9b54e72b (patch) | |
tree | 59e88aa1f399adc6cef0c72f68cd13f318178154 /util | |
parent | aaa536a95a83ac4a95d22bad0d75b92848716b9a (diff) |
This patch adds support of event type display in printflow filter. This is used
to display event type in textual output modules. Here's an output example:
[DESTROY] ORIG: SRC=192.168.1.2 DST=192.168.1.255 PROTO=UDP SPT=631 DPT=631 \\
PKTS=1 BYTES=197 , REPLY: SRC=192.168.1.255 DST=192.168.1.2 \\
PROTO=UDP SPT=631 DPT=631 PKTS=0 BYTES=0
Signed-off-by: Eric Leblond <eric@inl.fr>
Diffstat (limited to 'util')
-rw-r--r-- | util/printflow.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/util/printflow.c b/util/printflow.c index 92c4f0f..6c2ffd5 100644 --- a/util/printflow.c +++ b/util/printflow.c @@ -45,6 +45,7 @@ enum printflow_fields { PRINTFLOW_REPLY_RAW_PKTCOUNT, PRINTFLOW_ICMP_CODE, PRINTFLOW_ICMP_TYPE, + PRINTFLOW_EVENT_TYPE, }; struct ulogd_key printflow_keys[FLOW_IDS] = { @@ -128,6 +129,11 @@ struct ulogd_key printflow_keys[FLOW_IDS] = { .flags = ULOGD_RETF_NONE, .name = "icmp.type", }, + { + .type = ULOGD_RET_UINT32, + .flags = ULOGD_RETF_NONE, + .name = "ct.event", + }, }; int printflow_keys_num = sizeof(printflow_keys)/sizeof(*printflow_keys); @@ -139,6 +145,20 @@ int printflow_print(struct ulogd_key *res, char *buf) { char *buf_cur = buf; + if (pp_is_valid(res, PRINTFLOW_EVENT_TYPE)) { + switch (GET_VALUE(res, PRINTFLOW_EVENT_TYPE).ui32) { + case 1: + buf_cur += sprintf(buf_cur, "[NEW] "); + break; + case 2: + buf_cur += sprintf(buf_cur, "[UPDATE] "); + break; + case 3: + buf_cur += sprintf(buf_cur, "[DESTROY] "); + break; + } + } + buf_cur += sprintf(buf_cur, "ORIG: "); if (pp_is_valid(res, PRINTFLOW_ORIG_IP_SADDR)) |