From c84fbe77c762945e9965f90bfeb35e51d41b412e Mon Sep 17 00:00:00 2001 From: laforge Date: Fri, 24 Jun 2005 16:28:15 +0000 Subject: add half-finished ctnetlink flow import --- input/flow/ulogd_inpflow_CTNL.c | 142 ++++++++++++++++++++++++++++++++-------- 1 file changed, 115 insertions(+), 27 deletions(-) (limited to 'input/flow/ulogd_inpflow_CTNL.c') diff --git a/input/flow/ulogd_inpflow_CTNL.c b/input/flow/ulogd_inpflow_CTNL.c index f241bab..3f602ff 100644 --- a/input/flow/ulogd_inpflow_CTNL.c +++ b/input/flow/ulogd_inpflow_CTNL.c @@ -10,14 +10,43 @@ */ #include -#include "libnfnetlink.h" -#include "libctnetlink.h" +#include +#include -struct ulogd_ctnl_pluginstance { +static struct ulogd_ctnl_pluginstance { struct ulogd_pluginstance upi; struct ctnl_handle cth; }; +static int ctnl_parser(struct ulogd_pluginstance *pi, + struct nfattr *attr, struct nlmsghdr *nlh) +{ + struct nfattr *attr = NFM_NFA(NLMSG_DATA(nlh)); + unsigned int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len); + struct ip_conntrack_tuple *orig; + struct cta_countrs *ctr; + + /* FIXME: what about reply direction ? */ + while (NFA_OK(attr, attrlen)) { + switch (attr->nfa_type) { + case CTA_ORIG: + orig = NFA_DATA(attr); + pi->output.keys[0].u.ui32 = orig->src.ip; + pi->output.keys[1].u.ui32 = orig->dst.ip; + pi->output.keys[2].u.value.ui8 = orig->dst.protonum; + /* FIXME: l4 port numbers */ + break; + case CTA_COUNTERS: + ctr = NFA_DATA(attr); + pi->output.keys[5].u.value.ui32 = ctr->orig.bytes; + pi->output.keys[6].u.value.ui32 = ctr->prog.packets; + break; + } + attr = NFA_NEXT(attr, attrlen); + } + return 0; +} + static int event_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg) { @@ -41,35 +70,15 @@ static int event_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, return 0; } -struct ctnl_msg_handler new_h = { +static struct ctnl_msg_handler new_h = { .type = IPCTNL_MSG_CT_NEW, .handler = event_handler, }; -struct ctnl_msg_Handler destroy_h = { +static struct ctnl_msg_Handler destroy_h = { .type = IPCTNL_MSG_CT_DELETE, .handler = event_handler, }; -static struct ulogd_plugin ctnl_plugin = { - .name = "CTNL", - .input = { - .keys =, - .num_keys = 1, - .type = ULOGD_DTYPE_NULL, - }, - .output = { - .keys =, - .num_keys = 1, - .type = ULOGD_DTYPE_FLOW, - }, - .interp = , - .constructor = , - .descructor = , - .config_kset = , -}; - - - static struct ulogd_pluginstance *constructor_ctnl(struct ulogd_plugin *pl) { struct ulogd_ctnl_pluginstance *cpi = malloc(sizeof *cpi); @@ -81,7 +90,7 @@ static struct ulogd_pluginstance *constructor_ctnl(struct ulogd_plugin *pl) cpi->plugin = pl; cpi->input = FIXME; - cpi->>output = FIXME; + cpi->output = FIXME; if (ctnl_open(&cpi->cth, NFGRP_IPV4_CT_TCP|NFGRP_IPV4_CT_UDP) < 0) { print("error\n"); @@ -107,4 +116,83 @@ static int destructor_ctnl(struct ulogd_pluginstance *pi) return 0; } - + +static struct ulogd_key ctnl_okeys[] = { + { + .type = ULOGD_RET_IPADDR, + .flags = ULOGD_RETF_NONE, + .key = "ip.saddr", + .ipfix = { }, + }, + { + .type = ULOGD_RET_IPADDR, + .flags = ULOGD_RETF_NONE, + .key = "ip.daddr", + .ipfix = { }, + }, + { + .type = ULOGD_RET_UINT8, + .flags = ULOGD_RETF_NONE, + .key = "ip.protocol", + .ipfix = { }, + }, + { + .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "tcp.sport", + .ipfix = { + .vendor = IPFIX_VENDOR_IETF, + .field_id = 7, + }, + }, + { + .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "tcp.dport", + .ipfix = { + .vendor = IPFIX_VENDOR_IETF, + .field_id = 11, + }, + }, + { + .type = ULOGD_RET_UINT32, + .flags = ULOGD_RETF_NONE, + .name = "raw.pktlen", + .ipfix = { + .vendor = IPFIX_VENDOR_IETF, + .field_id = 1, + }, + }, + { + .type = ULOGD_RET_UINT32, + .flags = ULOGD_RETF_NONE, + .name = "raw.pktcount", + .ipfix = { + .vendor = IPFIX_VENDOR_IETF, + .field_id = 2, + }, + }, + +}; + +static struct ulogd_plugin ctnl_plugin = { + .name = "CTNL", + .input = { + .keys = NULL, + .num_keys = 0, + .type = ULOGD_DTYPE_NULL, + }, + .output = { + .keys = &ctnl_okeys, + .num_keys = sizeof(ctnl_okeys)/sizeof(struct ulogd_key), + .type = ULOGD_DTYPE_FLOW, + }, + .interp = , + .constructor = &constructor_ctnl, + .descructor = &destructor_ctnl, + .config_kset = , +}; + + + + -- cgit v1.2.3