[netfilter-cvslog] r7373 - in branches/ulog/ulogd2: include/ulogd util

Tue Feb 19 02:02:27 CET 2008

Author: pablo at netfilter.org
Date: 2008-02-19 02:02:26 +0100 (Tue, 19 Feb 2008)
New Revision: 7373

Modified:
   branches/ulog/ulogd2/include/ulogd/printpkt.h
   branches/ulog/ulogd2/util/printpkt.c
Log:
This patch adds support for AF_BRIDGE to the PRINTPKT plugin, which allows to form log lines for packets coming from ebtables. Currently it supports IPv4, IPv6 and ARP.

Signed-off-by: Peter Warasin <peter at endian.com>


Modified: branches/ulog/ulogd2/include/ulogd/printpkt.h
===================================================================

--- branches/ulog/ulogd2/include/ulogd/printpkt.h	2008-02-19 00:46:15 UTC (rev 7372)
+++ branches/ulog/ulogd2/include/ulogd/printpkt.h	2008-02-19 01:02:26 UTC (rev 7373)
@@ -51,6 +51,14 @@
 	KEY_ICMPV6_ECHOID,
 	KEY_ICMPV6_ECHOSEQ,
 	KEY_AHESP_SPI,
+	KEY_OOB_PROTOCOL,
+	KEY_ARP_HTYPE,
+	KEY_ARP_PTYPE,
+	KEY_ARP_OPCODE,
+	KEY_ARP_SHA,
+	KEY_ARP_SPA,
+	KEY_ARP_THA,
+	KEY_ARP_TPA,
 	__PRINTPKT_KEYS
 };
 #define PRINTPKT_KEYS (__PRINTPKT_KEYS)

Modified: branches/ulog/ulogd2/util/printpkt.c
===================================================================
--- branches/ulog/ulogd2/util/printpkt.c	2008-02-19 00:46:15 UTC (rev 7372)
+++ branches/ulog/ulogd2/util/printpkt.c	2008-02-19 01:02:26 UTC (rev 7373)
@@ -36,9 +36,11 @@
 #include <ulogd/ulogd.h>
 #include <ulogd/conffile.h>
 #include <ulogd/printpkt.h>
+#include <netinet/if_ether.h>
 
 struct ulogd_key printpkt_keys[] = {
 	[KEY_OOB_FAMILY]	= { .name = "oob.family", },
+	[KEY_OOB_PROTOCOL]	= { .name = "oob.protocol", },
 	[KEY_OOB_TIME_SEC]	= { .name = "oob.time.sec", },
 	[KEY_OOB_PREFIX]	= { .name = "oob.prefix", },
 	[KEY_OOB_IN]		= { .name = "oob.in", },
@@ -90,6 +92,14 @@
 	[KEY_ICMPV6_ECHOID]	= { .name = "icmpv6.echoid", },
 	[KEY_ICMPV6_ECHOSEQ]	= { .name = "icmpv6.echoseq", },
 	[KEY_AHESP_SPI]		= { .name = "ahesp.spi", },
+	[KEY_ARP_HTYPE]         = { .name = "arp.hwtype", },
+	[KEY_ARP_PTYPE]         = { .name = "arp.protocoltype", },
+	[KEY_ARP_OPCODE]        = { .name = "arp.operation", },
+	[KEY_ARP_SHA]           = { .name = "arp.shwaddr", },
+	[KEY_ARP_SPA]           = { .name = "arp.saddr.str", },
+	[KEY_ARP_THA]           = { .name = "arp.dhwaddr", },
+	[KEY_ARP_TPA]           = { .name = "arp.daddr.str", },
+
 };
 
 static int printpkt_proto(struct ulogd_key *res, char *buf, int protocol)
@@ -334,6 +344,74 @@
 	return buf_cur - buf;
 }
 
+int printpkt_arp(struct ulogd_key *res, char *buf)
+{
+	char *buf_cur = buf;
+	u_int16_t code = 0;
+	u_int8_t *mac;
+	char tmp[INET_ADDRSTRLEN];
+
+	if (pp_is_valid(res, KEY_ARP_SPA))
+		buf_cur += sprintf(buf_cur, "SRC=%s ",
+				   GET_VALUE(res, KEY_ARP_SPA).ptr);
+
+	if (pp_is_valid(res, KEY_ARP_TPA))
+		buf_cur += sprintf(buf_cur, "DST=%s ",
+				   GET_VALUE(res, KEY_ARP_TPA).ptr);
+
+	buf_cur += sprintf(buf_cur, "PROTO=ARP ");
+
+	if (pp_is_valid(res, KEY_ARP_OPCODE)) {
+		code = GET_VALUE(res, KEY_ARP_OPCODE).ui16;
+		switch (code) {
+		case ARPOP_REQUEST:
+			buf_cur += sprintf(buf_cur, "REQUEST ");
+			break;
+		case ARPOP_REPLY:
+			buf_cur += sprintf(buf_cur, "REPLY ");
+			break;
+		case ARPOP_NAK:
+			buf_cur += sprintf(buf_cur, "NAK ");
+			break;
+		default:
+			buf_cur += sprintf(buf_cur, "CODE=%u ", code);
+		}
+
+		if (pp_is_valid(res, KEY_ARP_SHA) && (code == ARPOP_REPLY)) {
+			mac = GET_VALUE(res, KEY_ARP_SHA).ptr;
+			buf_cur += sprintf(buf_cur, "REPLY_MAC="
+					   "%02x:%02x:%02x:%02x:%02x:%02x ",
+					   mac[0], mac[1], mac[2],
+					   mac[3], mac[4], mac[5]);
+		}
+	}
+
+	return buf_cur - buf;
+}
+
+
+int printpkt_bridge(struct ulogd_key *res, char *buf)
+{
+	char *buf_cur = buf;
+
+	switch (GET_VALUE(res, KEY_OOB_PROTOCOL).ui16) {
+	case ETH_P_IP:
+		buf_cur += printpkt_ipv4(res, buf_cur);
+		break;
+	case ETH_P_IPV6:
+		buf_cur += printpkt_ipv6(res, buf_cur);
+		break;
+	case ETH_P_ARP:
+		buf_cur += printpkt_arp(res, buf_cur);
+		break;
+	default:
+		buf_cur += sprintf(buf_cur, "PROTO=%u ",
+			   GET_VALUE(res, KEY_OOB_PROTOCOL).ui16);
+	}
+
+	return buf_cur - buf;
+}
+
 int printpkt_print(struct ulogd_key *res, char *buf)
 {
 	char *buf_cur = buf;
@@ -366,6 +444,9 @@
 	case AF_INET6:
 		buf_cur += printpkt_ipv6(res, buf_cur);
 		break;
+	case AF_BRIDGE:
+		buf_cur += printpkt_bridge(res, buf_cur);
+		break;
 	}
 
 	if (pp_is_valid(res, KEY_OOB_UID))


