[netfilter-cvslog] r7423 - in branches/ulog/ulogd2: include/ulogd util
pablo at netfilter.org
pablo at netfilter.org
Wed Mar 26 10:42:20 CET 2008
Author: pablo at netfilter.org
Date: 2008-03-26 10:42:20 +0100 (Wed, 26 Mar 2008)
New Revision: 7423
Modified:
branches/ulog/ulogd2/include/ulogd/printflow.h
branches/ulog/ulogd2/util/printflow.c
Log:
This patch adds support of event type display in printflow filter. This is used
to display event type in textual output modules. Here's an output example:
[DESTROY] ORIG: SRC=192.168.1.2 DST=192.168.1.255 PROTO=UDP SPT=631 DPT=631 \\
PKTS=1 BYTES=197 , REPLY: SRC=192.168.1.255 DST=192.168.1.2 \\
PROTO=UDP SPT=631 DPT=631 PKTS=0 BYTES=0
Signed-off-by: Eric Leblond <eric at inl.fr>
Modified: branches/ulog/ulogd2/include/ulogd/printflow.h
===================================================================
--- branches/ulog/ulogd2/include/ulogd/printflow.h 2008-03-26 09:40:05 UTC (rev 7422)
+++ branches/ulog/ulogd2/include/ulogd/printflow.h 2008-03-26 09:42:20 UTC (rev 7423)
@@ -1,7 +1,7 @@
#ifndef _PRINTFLOW_H
#define _PRINTFLOW_H
-#define FLOW_IDS 16
+#define FLOW_IDS 17
extern struct ulogd_key printflow_keys[FLOW_IDS];
int printflow_print(struct ulogd_key *res, char *buf);
Modified: branches/ulog/ulogd2/util/printflow.c
===================================================================
--- branches/ulog/ulogd2/util/printflow.c 2008-03-26 09:40:05 UTC (rev 7422)
+++ branches/ulog/ulogd2/util/printflow.c 2008-03-26 09:42:20 UTC (rev 7423)
@@ -45,6 +45,7 @@
PRINTFLOW_REPLY_RAW_PKTCOUNT,
PRINTFLOW_ICMP_CODE,
PRINTFLOW_ICMP_TYPE,
+ PRINTFLOW_EVENT_TYPE,
};
struct ulogd_key printflow_keys[FLOW_IDS] = {
@@ -128,6 +129,11 @@
.flags = ULOGD_RETF_NONE,
.name = "icmp.type",
},
+ {
+ .type = ULOGD_RET_UINT32,
+ .flags = ULOGD_RETF_NONE,
+ .name = "ct.event",
+ },
};
int printflow_keys_num = sizeof(printflow_keys)/sizeof(*printflow_keys);
@@ -139,6 +145,20 @@
{
char *buf_cur = buf;
+ if (pp_is_valid(res, PRINTFLOW_EVENT_TYPE)) {
+ switch (GET_VALUE(res, PRINTFLOW_EVENT_TYPE).ui32) {
+ case 1:
+ buf_cur += sprintf(buf_cur, "[NEW] ");
+ break;
+ case 2:
+ buf_cur += sprintf(buf_cur, "[UPDATE] ");
+ break;
+ case 3:
+ buf_cur += sprintf(buf_cur, "[DESTROY] ");
+ break;
+ }
+ }
+
buf_cur += sprintf(buf_cur, "ORIG: ");
if (pp_is_valid(res, PRINTFLOW_ORIG_IP_SADDR))
More information about the netfilter-cvslog
mailing list