From f6a615587a10e6b124b4d9a31fca54bb06da0ae7 Mon Sep 17 00:00:00 2001 From: Ken-ichirou MATSUZAWA Date: Thu, 18 Nov 2021 20:09:19 +0900 Subject: NFLOG: attach struct nf_conntrack put nf_conntrack in ct outputkey when "attach_conntrack" is specified. But there is no way to show both nflog "raw" and "ct" now. Signed-off-by: Ken-ichirou MATSUZAWA Signed-off-by: Pablo Neira Ayuso --- input/packet/Makefile.am | 5 +-- input/packet/ulogd_inppkt_NFLOG.c | 69 ++++++++++++++++++++++++++++++++++++--- 2 files changed, 68 insertions(+), 6 deletions(-) diff --git a/input/packet/Makefile.am b/input/packet/Makefile.am index 3aa0111..851c608 100644 --- a/input/packet/Makefile.am +++ b/input/packet/Makefile.am @@ -1,6 +1,6 @@ include $(top_srcdir)/Make_global.am -AM_CPPFLAGS += ${LIBNETFILTER_LOG_CFLAGS} +AM_CPPFLAGS += ${LIBNETFILTER_LOG_CFLAGS} ${LIBNETFILTER_CONNTRACK_CFLAGS} pkglib_LTLIBRARIES = ulogd_inppkt_UNIXSOCK.la @@ -20,5 +20,6 @@ pkglib_LTLIBRARIES += ulogd_inppkt_NFLOG.la ulogd_inppkt_NFLOG_la_SOURCES = ulogd_inppkt_NFLOG.c ulogd_inppkt_NFLOG_la_LDFLAGS = -avoid-version -module -ulogd_inppkt_NFLOG_la_LIBADD = $(LIBNETFILTER_LOG_LIBS) +ulogd_inppkt_NFLOG_la_LIBADD = $(LIBNETFILTER_LOG_LIBS) \ + $(LIBNETFILTER_CONNTRACK_LIBS) endif diff --git a/input/packet/ulogd_inppkt_NFLOG.c b/input/packet/ulogd_inppkt_NFLOG.c index 449c0c6..4fdeb12 100644 --- a/input/packet/ulogd_inppkt_NFLOG.c +++ b/input/packet/ulogd_inppkt_NFLOG.c @@ -12,6 +12,13 @@ #include #include #include +#ifdef BUILD_NFCT +#include +#include +#else +struct nf_conntrack; +#endif + #ifndef NFLOG_GROUP_DEFAULT #define NFLOG_GROUP_DEFAULT 0 @@ -148,6 +155,7 @@ enum nflog_keys { NFLOG_KEY_RAW_MAC_SADDR, NFLOG_KEY_RAW_MAC_ADDRLEN, NFLOG_KEY_RAW, + NFLOG_KEY_RAW_CT, }; static struct ulogd_key output_keys[] = { @@ -319,11 +327,52 @@ static struct ulogd_key output_keys[] = { .flags = ULOGD_RETF_NONE, .name = "raw", }, + [NFLOG_KEY_RAW_CT] = { + .type = ULOGD_RET_RAW, + .flags = ULOGD_RETF_NONE, + .name = "ct", + }, }; +struct nf_conntrack *build_ct(struct nfgenmsg *nfmsg) +{ +#ifdef BUILD_NFCT + struct nlmsghdr *nlh = + (struct nlmsghdr *)((void *)nfmsg - sizeof(*nlh)); + struct nlattr *attr, *ctattr = NULL; + struct nf_conntrack *ct; + + mnl_attr_for_each(attr, nlh, sizeof(struct nfgenmsg)) { + if (mnl_attr_get_type(attr) == NFULA_CT) { + ctattr = attr; + break; + } + } + if (!ctattr) + return NULL; + + ct = nfct_new(); + if (!ct) { + ulogd_log(ULOGD_ERROR, "failed to allocate nfct\n"); + return NULL; + } + if (nfct_payload_parse(mnl_attr_get_payload(ctattr), + mnl_attr_get_payload_len(ctattr), + nfmsg->nfgen_family, ct) < 0) { + ulogd_log(ULOGD_ERROR, "failed to parse nfct payload\n"); + nfct_destroy(ct); + return NULL; + } + + return ct; +#else + return NULL; +#endif +} + static inline int interp_packet(struct ulogd_pluginstance *upi, uint8_t pf_family, - struct nflog_data *ldata) + struct nflog_data *ldata, struct nf_conntrack *ct) { struct ulogd_key *ret = upi->output.keys; @@ -404,6 +453,9 @@ interp_packet(struct ulogd_pluginstance *upi, uint8_t pf_family, okey_set_ptr(&ret[NFLOG_KEY_RAW], ldata); + if (ct != NULL) + okey_set_ptr(&ret[NFLOG_KEY_RAW_CT], ct); + ulogd_propagate_results(upi); return 0; } @@ -478,16 +530,25 @@ static int msg_cb(struct nflog_g_handle *gh, struct nfgenmsg *nfmsg, { struct ulogd_pluginstance *upi = data; struct ulogd_pluginstance *npi = NULL; + void *ct = build_ct(nfmsg); int ret = 0; /* since we support the re-use of one instance in several * different stacks, we duplicate the message to let them know */ llist_for_each_entry(npi, &upi->plist, plist) { - ret = interp_packet(npi, nfmsg->nfgen_family, nfa); + ret = interp_packet(npi, nfmsg->nfgen_family, nfa, ct); if (ret != 0) - return ret; + goto release_ct; } - return interp_packet(upi, nfmsg->nfgen_family, nfa); + ret = interp_packet(upi, nfmsg->nfgen_family, nfa, ct); + +release_ct: +#ifdef BUILD_NFCT + if (ct != NULL) + nfct_destroy(ct); +#endif + + return ret; } static int configure(struct ulogd_pluginstance *upi, -- cgit v1.2.3