[netfilter-cvslog] r7423 - in branches/ulog/ulogd2: include/ulogd util

pablo at netfilter.org pablo at netfilter.org
Wed Mar 26 10:42:20 CET 2008


Author: pablo at netfilter.org
Date: 2008-03-26 10:42:20 +0100 (Wed, 26 Mar 2008)
New Revision: 7423

Modified:
   branches/ulog/ulogd2/include/ulogd/printflow.h
   branches/ulog/ulogd2/util/printflow.c
Log:
This patch adds support of event type display in printflow filter. This is used
to display event type in textual output modules. Here's an output example:

[DESTROY] ORIG: SRC=192.168.1.2 DST=192.168.1.255 PROTO=UDP SPT=631 DPT=631 \\
	PKTS=1 BYTES=197 , REPLY: SRC=192.168.1.255 DST=192.168.1.2 \\
	PROTO=UDP SPT=631 DPT=631 PKTS=0 BYTES=0

Signed-off-by: Eric Leblond <eric at inl.fr>


Modified: branches/ulog/ulogd2/include/ulogd/printflow.h
===================================================================
--- branches/ulog/ulogd2/include/ulogd/printflow.h	2008-03-26 09:40:05 UTC (rev 7422)
+++ branches/ulog/ulogd2/include/ulogd/printflow.h	2008-03-26 09:42:20 UTC (rev 7423)
@@ -1,7 +1,7 @@
 #ifndef _PRINTFLOW_H
 #define _PRINTFLOW_H
 
-#define FLOW_IDS 16
+#define FLOW_IDS 17
 extern struct ulogd_key printflow_keys[FLOW_IDS];
 
 int printflow_print(struct ulogd_key *res, char *buf);

Modified: branches/ulog/ulogd2/util/printflow.c
===================================================================
--- branches/ulog/ulogd2/util/printflow.c	2008-03-26 09:40:05 UTC (rev 7422)
+++ branches/ulog/ulogd2/util/printflow.c	2008-03-26 09:42:20 UTC (rev 7423)
@@ -45,6 +45,7 @@
 	PRINTFLOW_REPLY_RAW_PKTCOUNT,
 	PRINTFLOW_ICMP_CODE,
 	PRINTFLOW_ICMP_TYPE,
+	PRINTFLOW_EVENT_TYPE,
 };
 
 struct ulogd_key printflow_keys[FLOW_IDS] = {
@@ -128,6 +129,11 @@
 		.flags = ULOGD_RETF_NONE,
 		.name = "icmp.type",
 	},
+	{
+		.type = ULOGD_RET_UINT32,
+		.flags = ULOGD_RETF_NONE,
+		.name = "ct.event",
+	},
 };
 int printflow_keys_num = sizeof(printflow_keys)/sizeof(*printflow_keys);
 
@@ -139,6 +145,20 @@
 {
 	char *buf_cur = buf;
 
+	if (pp_is_valid(res, PRINTFLOW_EVENT_TYPE)) {
+		switch (GET_VALUE(res, PRINTFLOW_EVENT_TYPE).ui32) {
+			case 1:
+				buf_cur += sprintf(buf_cur, "[NEW] ");
+				break;
+			case 2:
+				buf_cur += sprintf(buf_cur, "[UPDATE] ");
+				break;
+			case 3:
+				buf_cur += sprintf(buf_cur, "[DESTROY] ");
+				break;
+		}
+	}
+
 	buf_cur += sprintf(buf_cur, "ORIG: ");
 
 	if (pp_is_valid(res, PRINTFLOW_ORIG_IP_SADDR))




More information about the netfilter-cvslog mailing list