From e8bd616b1989dc33ec6b30466cfd9f6b95a7c679 Mon Sep 17 00:00:00 2001 From: laforge Date: Fri, 4 Nov 2005 13:52:04 +0000 Subject: further bits of the per-flow input plugin --- input/flow/ulogd_inpflow_CTNL.c | 237 ++++++++++++++++++++-------------------- 1 file changed, 119 insertions(+), 118 deletions(-) diff --git a/input/flow/ulogd_inpflow_CTNL.c b/input/flow/ulogd_inpflow_CTNL.c index 6bbd282..a31548e 100644 --- a/input/flow/ulogd_inpflow_CTNL.c +++ b/input/flow/ulogd_inpflow_CTNL.c @@ -15,126 +15,10 @@ #include struct ctnl_pluginstance { - struct ctnl_handle *cth; - struct ulogd_fd ctnl_fd; + struct nfct_handle *cth; + struct ulogd_fd nfct_fd; }; -#if 0 -static int ctnl_parser(struct ulogd_pluginstance *pi, - struct nfattr *_attr, struct nlmsghdr *nlh) -{ - struct nfattr *attr = NFM_NFA(NLMSG_DATA(nlh)); - struct ip_conntrack_tuple *orig; - struct cta_countrs *ctr; - - /* FIXME: what about reply direction ? */ - while (NFA_OK(attr, attrlen)) { - switch (attr->nfa_type) { - case CTA_ORIG: - orig = NFA_DATA(attr); - pi->output.keys[0].u.ui32 = orig->src.ip; - pi->output.keys[1].u.ui32 = orig->dst.ip; - pi->output.keys[2].u.value.ui8 = orig->dst.protonum; - /* FIXME: l4 port numbers */ - break; - case CTA_COUNTERS: - ctr = NFA_DATA(attr); - pi->output.keys[5].u.value.ui32 = ctr->orig.bytes; - pi->output.keys[6].u.value.ui32 = ctr->prog.packets; - break; - } - attr = NFA_NEXT(attr, attrlen); - } - return 0; -} -#endif - -static int event_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, - void *arg) -{ - struct nfgenmsg *nfmsg; - struct nfattr *nfa; - int min_len = 0; - int type = NFNL_MSG_TYPE(nlh->nlmsg_type); - - nfmsg = NLMSG_DATA(nlh); - - min_len = sizeof(struct nfgenmsg); - if (nlh->nlmsg_len < min_len) - return -EINVAL; - -#if 0 - if (type == IPCTNL_MSG_CT_NEW && flags & NLM_F_CREATE) { - /* FIXME: build hash table with timestamp of start of - * connection */ - } else if (type == IPCTNL_MSG_CT_DELETE) { - /* We have the final count of bytes for this connection */ - } -#endif - return 0; -} - -static struct ctnl_msg_handler new_h = { - .type = IPCTNL_MSG_CT_NEW, - .handler = event_handler, -}; - -static struct ctnl_msg_handler destroy_h = { - .type = IPCTNL_MSG_CT_DELETE, - .handler = event_handler, -}; - -static int read_cb_ctnl(int fd, unsigned int what, void *param) -{ - struct ctnl_pluginstance *cpi = - (struct ulogd_ctnl_pluginstance *) param; - - if (!(what & ULOGD_FD_READ)) - return 0; - - /* FIXME: implement this */ - ctnl_event_conntrack(&cpi->cth, AF_INET); -} - -static int constructor_ctnl(struct ulogd_pluginstance *upi) -{ - struct ctnl_pluginstance *cpi = - (struct ctnl_pluginstance *)upi->private; - - memset(cpi, NULL, sizeof(*cpi)); - - /* FIXME: make eventmask configurable */ - cpi->cth = ctnl_open(NFNL_SUBSYS_CTNETLINK, NF_NETLINK_CONNTRACK_NEW| - NF_NETLINK_CONNTRACK_DESTROY); - if (!cph->cth) { - print("error opening ctnetlink\n"); - return -1; - } - - ctnl_register_handler(cpi->cth, &new_h); - ctnl_register_handler(cpi->cth, &destroy_h); - - cpi->ctnl_fd.fd = ctnl_fd(cpi->cth); - cpi->ctnl_fd.cb = &read_cb_ctnl; - cpi->ctnl_fd.data = cpi; - - ulogd_register_fd(&cpi->ctnl_fd); - - return &cpi->upi; -} - - -static int destructor_ctnl(struct ulogd_pluginstance *pi) -{ - struct ctnl_pluginstance *cpi = (void *) pi; - - if (ctnl_close(&cpi->cth) < 0) { - print("error2\n"); - return -1; - } - - return 0; -} static struct ulogd_key ctnl_okeys[] = { { @@ -194,6 +78,123 @@ static struct ulogd_key ctnl_okeys[] = { }; +static int propagate_ct_flow(struct ulogd_pluginstance *upi, + struct nfct_conntrack *ct, + int dir) +{ + struct ulogd_key *ret = upi->output; + + ret[0].u.value.ui32 = ct->tuple[dir].src.v4; + ret[0].flags |= ULOGD_RETF_VALID; + + ret[1].u.value.ui32 = ct->tuple[dir].dst.v4; + ret[1].flags |= ULOGD_RETF_VALID; + + ret[2].u.value.ui8 = ct->tuple[dir].protonum; + ret[2].flags |= ULOGD_RETF_VALID; + + switch (ct->tuple[1].protonum) { + case IPPROTO_TCP: + ret[3].u.value.ui16 = ct->tuple[dir].l4src.tcp.port; + ret[3].flags |= ULOGD_RETF_VALID; + ret[4].u.value.ui16 = ct->tuple[dir].l4dst.tcp.port; + ret[4].flags |= ULOGD_RETF_VALID; + break; + case IPPROTO_UDP: + break; + case IPPROTO_SCTP: + break; + } + + if (dir == NF_CT_DIR_ORIG && flags & NFCT_COUNTERS_ORIG || + dir == NF_CT_DIR_REPLY && flags & NFCT_COUNTERS_REPLY) { + ret[5].u.value.ui64 = ct->counters[dir].bytes; + ret[5].flags |= ULOGD_RETF_VALID; + + ret[6].u.value.ui64 = ct->counters[dir].packets; + ret[6].flags |= ULOGD_RETF_VALID; + } + + return ulogd_propagate_results(upi); +} + +static int propagate_ct(struct ulogd_pluginstance *upi, + struct nfct_conntrack *ct) +{ + int rc; + + rc = propagate_ct_flow(upi, ct, NF_CT_DIR_ORIGINAL); + if (rc < 0) + return rc; + return propagate_ct_flow(upi, ct, NF_CT_DIR_REPLY); +} + +static int event_handler(void *arg, unsigned int flags, int type) +{ + struct nfct_conntrack *ct = foo; + + if (type == NFCT_MSG_NEW) + /* FIXME: build hash table with timestamp of start of + * connection */ + } else if (type == NFCT_MSG_DESTROY) + /* We have the final count of bytes for this connection */ + } + + return 0; +} + +static int read_cb_ctnl(int fd, unsigned int what, void *param) +{ + struct ctnl_pluginstance *cpi = + (struct ulogd_ctnl_pluginstance *) param; + + if (!(what & ULOGD_FD_READ)) + return 0; + + /* FIXME: implement this */ + ctnl_event_conntrack(&cpi->cth, AF_INET); +} + +static int constructor_ctnl(struct ulogd_pluginstance *upi) +{ + struct ctnl_pluginstance *cpi = + (struct ctnl_pluginstance *)upi->private; + + memset(cpi, NULL, sizeof(*cpi)); + + /* FIXME: make eventmask configurable */ + cpi->cth = nfct_open(NFNL_SUBSYS_CTNETLINK, NF_NETLINK_CONNTRACK_NEW| + NF_NETLINK_CONNTRACK_DESTROY); + if (!cph->cth) { + print("error opening ctnetlink\n"); + return -1; + } + + ctnl_register_callback(cpi->cth, &event_handler); + + cpi->nfct_fd.fd = nfct_fd(cpi->cth); + cpi->nfct_fd.cb = &read_cb_ctnl; + cpi->nfct_fd.data = cpi; + cpi->nfct_fd.when = ULOGD_FD_READ; + + ulogd_register_fd(&cpi->nfct_fd); + + return &cpi->upi; +} + + +static int destructor_ctnl(struct ulogd_pluginstance *pi) +{ + struct ctnl_pluginstance *cpi = (void *) pi; + int rc; + + rc = nfct_close(cpi->cth); + if (rc < 0) + return rc; + + return 0; +} + static struct ulogd_plugin ctnl_plugin = { .name = "CTNL", .input = { -- cgit v1.2.3