From: Pierre Chifflier <p.chifflier@xxxxxx>
Add insert functions for the PostgreSQL version (read instructions).
Signed-off-by: Pierre Chifflier <p.chifflier@xxxxxx>
Signed-off-by: Eric leblond <eric@xxxxxx>
---
:100644 100644 cbec234... ccbb8e8... M doc/mysql-ulogd2.sql
:100644 100644 61356b3... 016abc8... M doc/pgsql-ulogd2.sql
doc/mysql-ulogd2.sql | 18 ---
doc/pgsql-ulogd2.sql | 282 +++++++++++++++++++++++++++++++++++++------------
2 files changed, 213 insertions(+), 87 deletions(-)
diff --git a/doc/mysql-ulogd2.sql b/doc/mysql-ulogd2.sql
index cbec234..ccbb8e8 100644
--- a/doc/mysql-ulogd2.sql
+++ b/doc/mysql-ulogd2.sql
@@ -658,24 +658,6 @@ $$
delimiter ;
-- suppressing tuples
-DROP PROCEDURE IF EXISTS DELETE_CT_TUPLE;
-delimiter $$
-CREATE PROCEDURE DELETE_CT_TUPLE(
- IN _packet_id bigint unsigned
- )
-SQL SECURITY INVOKER
-COMMENT 'Delete a tuple from conntrack'
-BEGIN
- -- remember : table with most constraints first
- DELETE FROM ct_icmp WHERE ct_icmp._icmp_id = _packet_id;
- DELETE FROM ct_l4 WHERE ct_l4._l4_id = _packet_id;
- DELETE FROM ct_tuple WHERE ct_tuple._tuple_id = _packet_id;
-END
-$$
-
-delimiter ;
-
-
DROP PROCEDURE IF EXISTS DELETE_CT_FLOW;
delimiter $$
CREATE PROCEDURE DELETE_CT_FLOW(
diff --git a/doc/pgsql-ulogd2.sql b/doc/pgsql-ulogd2.sql
index 61356b3..016abc8 100644
--- a/doc/pgsql-ulogd2.sql
+++ b/doc/pgsql-ulogd2.sql
@@ -7,14 +7,13 @@
-- - ON UPDATE is not supported ?
-- - type 'integer' is used (we have to check for overflows ..)
-- - type 'datetime' has been replaced by 'timestamp'
--- - deleting from table ulog2_ct will delete entries from ct_tuple
DROP TABLE IF EXISTS _format;
CREATE TABLE _format (
version integer
) WITH (OIDS=FALSE);
-INSERT INTO _format (version) VALUES (3);
+INSERT INTO _format (version) VALUES (4);
-- this table could be used to know which user-defined tables are linked
-- to ulog
@@ -32,9 +31,6 @@ DROP TABLE IF EXISTS udp CASCADE;
DROP TABLE IF EXISTS icmp CASCADE;
DROP TABLE IF EXISTS nufw CASCADE;
DROP TABLE IF EXISTS ulog2_ct CASCADE;
-DROP TABLE IF EXISTS ct_tuple CASCADE;
-DROP TABLE IF EXISTS ct_l4 CASCADE;
-DROP TABLE IF EXISTS ct_icmp CASCADE;
DROP TABLE IF EXISTS ulog2 CASCADE;
@@ -133,6 +129,11 @@ CREATE OR REPLACE VIEW view_udp AS
CREATE OR REPLACE VIEW view_icmp AS
SELECT * FROM ulog2 INNER JOIN icmp ON ulog2._id = icmp._icmp_id;
+-- complete view
+CREATE OR REPLACE VIEW ulog AS
+ SELECT * FROM ulog2 INNER JOIN tcp ON ulog2._id = tcp._tcp_id INNER JOIN udp ON ulog2._id = udp._udp_id
+ INNER JOIN icmp ON ulog2._id = icmp._icmp_id INNER JOIN mac ON ulog2._id = mac._mac_id;
+
-- shortcuts
CREATE OR REPLACE VIEW view_tcp_quad AS
SELECT ulog2._id,ulog2.ip_saddr,tcp.tcp_sport,ulog2.ip_daddr,tcp.tcp_dport FROM ulog2 INNER JOIN tcp ON ulog2._id = tcp._tcp_id;
@@ -143,47 +144,48 @@ CREATE OR REPLACE VIEW view_udp_quad AS
--
-- conntrack
--
--- orig_id is linked to ulog2.id and is the packet before conntrack (and NAT, for ex)
--- reply_id is linked to ulog2.id and is the packet after conntrack (and NAT, for ex)
+DROP SEQUENCE IF EXISTS ulog2_ct__ct_id_seq;
+CREATE SEQUENCE ulog2_ct__ct_id_seq;
CREATE TABLE ulog2_ct (
- _ct_id serial PRIMARY KEY UNIQUE NOT NULL,
- orig_id integer default NULL,
- reply_id integer default NULL,
- state smallint default NULL,
- start_timestamp timestamp default NULL,
- end_timestamp timestamp default NULL
-) WITH (OIDS=FALSE);
-
-CREATE TABLE ct_tuple (
- _tuple_id bigint PRIMARY KEY UNIQUE NOT NULL,
- ip_saddr inet default NULL,
- ip_daddr inet default NULL,
- ip_protocol smallint default NULL,
- packets bigint default 0,
- bytes bigint default 0
-) WITH (OIDS=FALSE);
-
-CREATE INDEX ct_tuple_ip_saddr ON ct_tuple(ip_saddr);
-CREATE INDEX ct_tuple_ip_daddr ON ct_tuple(ip_daddr);
-
-CREATE TABLE ct_l4 (
- _l4_id bigint PRIMARY KEY UNIQUE NOT NULL,
- l4_sport integer default NULL,
- l4_dport integer default NULL
-) WITH (OIDS=FALSE);
-
-CREATE INDEX ct_l4_l4_sport ON ct_l4(l4_sport);
-CREATE INDEX ct_l4_l4_dport ON ct_l4(l4_dport);
-
-CREATE TABLE ct_icmp (
- _icmp_id bigint PRIMARY KEY UNIQUE NOT NULL,
+ _ct_id bigint PRIMARY KEY UNIQUE NOT NULL DEFAULT nextval('ulog2_ct__ct_id_seq'),
+ orig_ip_saddr inet default NULL,
+ orig_ip_daddr inet default NULL,
+ orig_ip_protocol smallint default NULL,
+ orig_l4_sport integer default NULL,
+ orig_l4_dport integer default NULL,
+ orig_bytes bigint default 0,
+ orig_packets bigint default 0,
+ reply_ip_saddr inet default NULL,
+ reply_ip_daddr inet default NULL,
+ reply_ip_protocol smallint default NULL,
+ reply_l4_sport integer default NULL,
+ reply_l4_dport integer default NULL,
+ reply_bytes bigint default 0,
+ reply_packets bigint default 0,
+ icmp_code smallint default NULL,
icmp_type smallint default NULL,
- icmp_code smallint default NULL
+ ct_mark bigint default 0,
+ flow_start_sec integer default 0,
+ flow_start_usec integer default 0,
+ flow_end_sec integer default 0,
+ flow_end_usec integer default 0,
+ state smallint default 0
) WITH (OIDS=FALSE);
-
-ALTER TABLE ulog2_ct ADD CONSTRAINT ulog2_orig_id_fk FOREIGN KEY (orig_id) REFERENCES ct_tuple(_tuple_id) ON DELETE CASCADE;
-ALTER TABLE ulog2_ct ADD CONSTRAINT ulog2_reply_id_fk FOREIGN KEY (reply_id) REFERENCES ct_tuple(_tuple_id) ON DELETE CASCADE;
+CREATE INDEX ulog2_ct_orig_ip_saddr ON ulog2_ct(orig_ip_saddr);
+CREATE INDEX ulog2_ct_orig_ip_daddr ON ulog2_ct(orig_ip_daddr);
+CREATE INDEX ulog2_ct_reply_ip_saddr ON ulog2_ct(reply_ip_saddr);
+CREATE INDEX ulog2_ct_reply_ip_daddr ON ulog2_ct(reply_ip_daddr);
+CREATE INDEX ulog2_ct_orig_l4_sport ON ulog2_ct(orig_l4_sport);
+CREATE INDEX ulog2_ct_orig_l4_dport ON ulog2_ct(orig_l4_dport);
+CREATE INDEX ulog2_ct_reply_l4_sport ON ulog2_ct(reply_l4_sport);
+CREATE INDEX ulog2_ct_reply_l4_dport ON ulog2_ct(reply_l4_dport);
+CREATE INDEX ulog2_ct_state ON ulog2_ct(state);
+
+ALTER TABLE ulog2_ct ADD CONSTRAINT orig_l4_sport CHECK(orig_l4_sport >= 0 AND orig_l4_sport <= 65536);
+ALTER TABLE ulog2_ct ADD CONSTRAINT orig_l4_dport CHECK(orig_l4_dport >= 0 AND orig_l4_dport <= 65536);
+ALTER TABLE ulog2_ct ADD CONSTRAINT reply_l4_sport CHECK(reply_l4_sport >= 0 AND reply_l4_sport <= 65536);
+ALTER TABLE ulog2_ct ADD CONSTRAINT reply_l4_dport CHECK(reply_l4_dport >= 0 AND reply_l4_dport <= 65536);
--
-- Helper table
@@ -254,6 +256,172 @@ RETURNS void AS $$
$$ LANGUAGE SQL SECURITY INVOKER;
+CREATE OR REPLACE FUNCTION INSERT_IP_PACKET(
+ IN oob_time_sec integer,
+ IN oob_time_usec integer,
+ IN oob_prefix varchar(32),
+ IN oob_mark integer,
+ IN oob_in varchar(32),
+ IN oob_out varchar(32),
+ IN ip_saddr inet,
+ IN ip_daddr inet,
+ IN ip_protocol smallint
+ )
+RETURNS bigint AS $$
+ INSERT INTO ulog2 (oob_time_sec,oob_time_usec,oob_prefix,oob_mark,
+ oob_in,oob_out,ip_saddr,ip_daddr,ip_protocol)
+ VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9);
+ SELECT currval('ulog2__id_seq');
+$$ LANGUAGE SQL SECURITY INVOKER;
+
+
+CREATE OR REPLACE FUNCTION INSERT_IP_PACKET_FULL(
+ IN oob_time_sec integer,
+ IN oob_time_usec integer,
+ IN oob_prefix varchar(32),
+ IN oob_mark integer,
+ IN oob_in varchar(32),
+ IN oob_out varchar(32),
+ IN ip_saddr inet,
+ IN ip_daddr inet,
+ IN ip_protocol smallint,
+ IN ip_tos smallint,
+ IN ip_ttl smallint,
+ IN ip_totlen smallint,
+ IN ip_ihl smallint,
+ IN ip_csum smallint,
+ IN ip_id smallint,
+ IN ip_fragoff smallint
+ )
+RETURNS bigint AS $$
+ INSERT INTO ulog2 (oob_time_sec,oob_time_usec,oob_prefix,oob_mark,
+ oob_in,oob_out,ip_saddr,ip_daddr,ip_protocol,
+ ip_tos,ip_ttl,ip_totlen,ip_ihl,ip_csum,ip_id,ip_fragoff)
+ VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16);
+ SELECT currval('ulog2__id_seq');
+$$ LANGUAGE SQL SECURITY INVOKER;
+
+CREATE OR REPLACE FUNCTION INSERT_TCP_FULL(
+ IN tcp_id bigint,
+ IN tcp_sport integer,
+ IN tcp_dport integer,
+ IN tcp_seq integer,
+ IN tcp_ackseq integer,
+ IN tcp_window smallint,
+ IN tcp_urg smallint,
+ IN tcp_urgp smallint ,
+ IN tcp_ack smallint,
+ IN tcp_psh smallint,
+ IN tcp_rst smallint,
+ IN tcp_syn smallint,
+ IN tcp_fin smallint
+ )
+RETURNS bigint AS $$
+ INSERT INTO tcp (_tcp_id,tcp_sport,tcp_dport,tcp_seq,tcp_ackseq,tcp_window,tcp_urg,
+ tcp_urgp,tcp_ack,tcp_psh,tcp_rst,tcp_syn,tcp_fin)
+ VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13);
+ SELECT currval('ulog2__id_seq');
+$$ LANGUAGE SQL SECURITY INVOKER;
+
+CREATE OR REPLACE FUNCTION INSERT_UDP(
+ IN tcp_id bigint,
+ IN tcp_sport integer,
+ IN tcp_dport integer,
+ IN tcp_len smallint
+ )
+RETURNS bigint AS $$
+ INSERT INTO udp (_udp_id,udp_sport,udp_dport,udp_len)
+ VALUES ($1,$2,$3,$4);
+ SELECT currval('ulog2__id_seq');
+$$ LANGUAGE SQL SECURITY INVOKER;
+
+CREATE OR REPLACE FUNCTION INSERT_ICMP(
+ IN icmp_id bigint,
+ IN icmp_type smallint,
+ IN icmp_code smallint,
+ IN icmp_echoid smallint,
+ IN icmp_echoseq smallint,
+ IN icmp_gateway integer,
+ IN icmp_fragmtu smallint
+ )
+RETURNS bigint AS $$
+ INSERT INTO icmp (_icmp_id,icmp_type,icmp_code,icmp_echoid,icmp_echoseq,icmp_gateway,icmp_fragmtu)
+ VALUES ($1,$2,$3,$4,$5,$6,$7);
+ SELECT currval('ulog2__id_seq');
+$$ LANGUAGE SQL SECURITY INVOKER;
+
+CREATE OR REPLACE FUNCTION INSERT_MAC(
+ IN tcp_id bigint,
+ IN udp_sport integer,
+ IN udp_dport integer,
+ IN udp_len smallint
+ )
+RETURNS bigint AS $$
+ INSERT INTO udp (_udp_id,udp_sport,udp_dport,udp_len)
+ VALUES ($1,$2,$3,$4);
+ SELECT currval('ulog2__id_seq');
+$$ LANGUAGE SQL SECURITY INVOKER;
+
+-- this function requires plpgsql
+-- su -c "createlang plpgsql ulog2" postgres
+CREATE OR REPLACE FUNCTION INSERT_PACKET_FULL(
+ IN oob_time_sec integer,
+ IN oob_time_usec integer,
+ IN oob_prefix varchar(32),
+ IN oob_mark integer,
+ IN oob_in varchar(32),
+ IN oob_out varchar(32),
+ IN ip_saddr inet,
+ IN ip_daddr inet,
+ IN ip_protocol smallint,
+ IN ip_tos smallint,
+ IN ip_ttl smallint,
+ IN ip_totlen smallint,
+ IN ip_ihl smallint,
+ IN ip_csum smallint,
+ IN ip_id smallint,
+ IN ip_fragoff smallint,
+ IN tcp_sport integer,
+ IN tcp_dport integer,
+ IN tcp_seq integer,
+ IN tcp_ackseq integer,
+ IN tcp_window smallint,
+ IN tcp_urg smallint,
+ IN tcp_urgp smallint ,
+ IN tcp_ack smallint,
+ IN tcp_psh smallint,
+ IN tcp_rst smallint,
+ IN tcp_syn smallint,
+ IN tcp_fin smallint,
+ IN udp_sport integer,
+ IN udp_dport integer,
+ IN udp_len smallint,
+ IN icmp_type smallint,
+ IN icmp_code smallint,
+ IN icmp_echoid smallint,
+ IN icmp_echoseq smallint,
+ IN icmp_gateway integer,
+ IN icmp_fragmtu smallint
+ )
+RETURNS bigint AS $$
+DECLARE
+ _id bigint;
+BEGIN
+ _id := INSERT_IP_PACKET_FULL($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16) ;
+ IF (ip_protocol = 6) THEN
+ SELECT INSERT_TCP_FULL(_id,$17,$18,$19,$20,$21,$22,$23,$24,$25,$26,$27,$28);
+ ELSIF (ip_protocol = 17) THEN
+ SELECT INSERT_UDP(_id,$29,$30,$31,$32);
+ ELSIF (ip_protocol = 1) THEN
+ SELECT INSERT_ICMP(_id,$33,$34,$35,$36,$37,$38);
+ END IF;
+ RETURN _id;
+END
+$$ LANGUAGE plpgsql SECURITY INVOKER;
+
+
+
+
CREATE OR REPLACE FUNCTION DELETE_PACKET(
IN _packet_id bigint
)
@@ -283,14 +451,12 @@ $$ LANGUAGE SQL SECURITY INVOKER;
-- END
-- $$ LANGUAGE plpgsql SECURITY INVOKER;
-CREATE OR REPLACE FUNCTION DELETE_CT_TUPLE(
- IN _packet_id bigint
+CREATE OR REPLACE FUNCTION DELETE_CT_FLOW(
+ IN _ct_packet_id bigint
)
RETURNS void AS $$
-- remember : table with most constraints first
- DELETE FROM ct_icmp WHERE ct_icmp._icmp_id = $1;
- DELETE FROM ct_l4 WHERE ct_l4._l4_id = $1;
- DELETE FROM ct_tuple WHERE ct_tuple._tuple_id = $1;
+ DELETE FROM ulog2_ct WHERE ulog2_ct._ct_id = $1;
$$ LANGUAGE SQL SECURITY INVOKER;
@@ -332,26 +498,4 @@ $$ LANGUAGE SQL SECURITY INVOKER;
-- Add foreign keys to tables
SELECT ULOG2_ADD_FOREIGN_KEYS();
---
--- Test section
---
-
--- pas besoin de faire une transaction, LAST_INSERT_ID est par connexion (donc pas de race condition, mais par contre il faut pas
--- faire d'insertions multiples)
-BEGIN;
-INSERT INTO ulog2 (ip_saddr,ip_daddr,ip_protocol) VALUES ('127.0.0.1','127.0.0.1',6);
-INSERT INTO tcp (_tcp_id,tcp_sport,tcp_dport) VALUES (currval('ulog2__id_seq'),46546,80);
-COMMIT;
-
-BEGIN;
-INSERT INTO ulog2 (ip_saddr,ip_daddr,ip_protocol) VALUES ('127.0.0.2','127.0.0.2',2);
-INSERT INTO icmp (_icmp_id) VALUES (currval('ulog2__id_seq'));
-COMMIT;
-
--- INSERT INTO ulog2_ct (orig_id,reply_id) VALUES (@tcp_packet1,@tcp_packet2);
-
-INSERT INTO ulog2 (ip_saddr,ip_daddr,ip_protocol) VALUES ('127.0.0.1','127.0.0.1',0);
-INSERT INTO nufw (_nufw_id,user_id,username) VALUES (currval('ulog2__id_seq'),1000,'toto');
-
-INSERT INTO ulog2 (ip_saddr,ip_daddr,ip_protocol) VALUES ('127.0.0.1','127.0.0.1',0);
--
1.5.2.5
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
