This patch contains two linked modifications in NFCT input plugin:
- event mask is now configurable though the event_mask configuration variable
- event type is now stored in the ct.event output key. This can be used to
display the information or to use it to implement some tracking algorithm in
userspace.
Signed-off-by: Eric Leblond <eric@xxxxxx>
---
input/flow/ulogd_inpflow_NFCT.c | 55 ++++++++++++++++++++++++++++----------
1 files changed, 40 insertions(+), 15 deletions(-)
diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c
index 1843acb..b64e85f 100644
--- a/input/flow/ulogd_inpflow_NFCT.c
+++ b/input/flow/ulogd_inpflow_NFCT.c
@@ -66,9 +66,10 @@ struct nfct_pluginstance {
#define HTABLE_SIZE (8192)
#define MAX_ENTRIES (4 * HTABLE_SIZE)
+#define EVENT_MASK NF_NETLINK_CONNTRACK_NEW | NF_NETLINK_CONNTRACK_DESTROY
static struct config_keyset nfct_kset = {
- .num_ces = 5,
+ .num_ces = 6,
.ces = {
{
.key = "pollinterval",
@@ -100,6 +101,13 @@ static struct config_keyset nfct_kset = {
.options = CONFIG_OPT_NONE,
.u.value = MAX_ENTRIES,
},
+ {
+ .key = "event_mask",
+ .type = CONFIG_TYPE_INT,
+ .options = CONFIG_OPT_NONE,
+ .u.value = EVENT_MASK,
+ },
+
},
};
#define pollint_ce(x) (x->ces[0])
@@ -107,6 +115,7 @@ static struct config_keyset nfct_kset = {
#define prealloc_ce(x) (x->ces[2])
#define buckets_ce(x) (x->ces[3])
#define maxentries_ce(x) (x->ces[4])
+#define eventmask_ce(x) (x->ces[5])
enum nfct_keys {
NFCT_ORIG_IP_SADDR = 0,
@@ -127,6 +136,7 @@ enum nfct_keys {
NFCT_ICMP_TYPE,
NFCT_CT_MARK,
NFCT_CT_ID,
+ NFCT_CT_EVENT,
NFCT_FLOW_START_SEC,
NFCT_FLOW_START_USEC,
NFCT_FLOW_END_SEC,
@@ -301,6 +311,12 @@ static struct ulogd_key nfct_okeys[] = {
},
},
{
+ .type = ULOGD_RET_UINT32,
+ .flags = ULOGD_RETF_NONE,
+ .name = "ct.event",
+ },
+
+ {
.type = ULOGD_RET_UINT32,
.flags = ULOGD_RETF_NONE,
.name = "flow.start.sec",
@@ -559,28 +575,38 @@ static int event_handler(void *arg, unsigned int flags, int type,
{
struct nfct_conntrack *ct = arg;
struct ulogd_pluginstance *upi = data;
- struct ulogd_pluginstance *npi = NULL;
+ struct ulogd_key *kret = upi->output.keys;
struct nfct_pluginstance *cpi =
(struct nfct_pluginstance *) upi->private;
+ struct ct_timestamp *ts = NULL;
+ struct ulogd_pluginstance *npi = NULL;
int ret = 0;
+
if (type == NFCT_MSG_NEW) {
- if (usehash_ce(upi->config_kset).u.value != 0)
+ if (usehash_ce(upi->config_kset).u.value != 0) {
ct_hash_add(cpi->ct_active, ct->id);
+ return 0;
+ }
} else if (type == NFCT_MSG_DESTROY) {
- struct ct_timestamp *ts = NULL;
-
if (usehash_ce(upi->config_kset).u.value != 0)
ts = ct_hash_get(cpi->ct_active, ct->id);
+ }
- llist_for_each_entry(npi, &upi->plist, plist) {
- ret = propagate_ct(npi, ct, flags, ts);
- if (ret != 0)
- return ret;
- }
- return propagate_ct(upi, ct, flags, ts);
+ llist_for_each_entry(npi, &upi->plist, plist) {
+ kret = npi->output.keys;
+ kret[NFCT_CT_EVENT].u.value.ui32 = type;
+ kret[NFCT_CT_EVENT].flags |= ULOGD_RETF_VALID;
+
+ ret = propagate_ct(npi, ct, flags, ts);
+ if (ret != 0)
+ return ret;
}
- return 0;
+
+ kret[NFCT_CT_EVENT].u.value.ui32 = type;
+ kret[NFCT_CT_EVENT].flags |= ULOGD_RETF_VALID;
+
+ return propagate_ct(upi, ct, flags, ts);
}
static int read_cb_nfct(int fd, unsigned int what, void *param)
@@ -638,9 +664,8 @@ static int constructor_nfct(struct ulogd_pluginstance *upi)
(struct nfct_pluginstance *)upi->private;
int prealloc;
- /* FIXME: make eventmask configurable */
- cpi->cth = nfct_open(NFNL_SUBSYS_CTNETLINK, NF_NETLINK_CONNTRACK_NEW|
- NF_NETLINK_CONNTRACK_DESTROY);
+ cpi->cth = nfct_open(NFNL_SUBSYS_CTNETLINK,
+ eventmask_ce(upi->config_kset).u.value);
if (!cpi->cth) {
ulogd_log(ULOGD_FATAL, "error opening ctnetlink\n");
return -1;
--
1.5.4.3
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
