This patch adds a new function which insert or update connection tracking entries depending on the event type parameter. Signed-off-by: Eric Leblond <eric@xxxxxx> --- doc/pgsql-ulogd2.sql | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 61 insertions(+), 0 deletions(-) diff --git a/doc/pgsql-ulogd2.sql b/doc/pgsql-ulogd2.sql index d174d49..20f5014 100644 --- a/doc/pgsql-ulogd2.sql +++ b/doc/pgsql-ulogd2.sql @@ -559,6 +559,67 @@ RETURNS bigint AS $$ SELECT currval('ulog2_ct__ct_id_seq'); $$ LANGUAGE SQL SECURITY INVOKER; +CREATE OR REPLACE FUNCTION INSERT_OR_REPLACE_CT( + IN _oob_family integer, + IN _orig_ip_saddr inet, + IN _orig_ip_daddr inet, + IN _orig_ip_protocol integer, + IN _orig_l4_sport integer, + IN _orig_l4_dport integer, + IN _orig_raw_pktlen bigint, + IN _orig_raw_pktcount bigint, + IN _reply_ip_saddr inet, + IN _reply_ip_daddr inet, + IN _reply_ip_protocol integer, + IN _reply_l4_sport integer, + IN _reply_l4_dport integer, + IN _reply_raw_pktlen bigint, + IN _reply_raw_pktcount bigint, + IN _icmp_code integer, + IN _icmp_type integer, + IN _ct_mark bigint, + IN _flow_start_sec bigint, + IN _flow_start_usec bigint, + IN _flow_end_sec bigint, + IN _flow_end_usec bigint, + IN _ct_event integer + ) +RETURNS bigint AS $$ +DECLARE + _id bigint; +BEGIN + IF (_ct_event = 4) THEN + if (_orig_ip_protocol = 1) THEN + UPDATE ulog2_ct SET (orig_raw_pktlen, orig_raw_pktcount, + reply_raw_pktlen, reply_raw_pktcount, + ct_mark, flow_end_sec, flow_end_usec, ct_event) + = ($7,$8,$14,$15,$18,$21,$22,$23) + WHERE oob_family=$1 AND orig_ip_saddr_str = $2 + AND orig_ip_daddr_str = $3 AND orig_ip_protocol = $4 + AND reply_ip_saddr_str = $9 AND reply_ip_daddr_str = $10 + AND reply_ip_protocol = $11 + AND icmp_code = $16 AND icmp_type = $17 + AND ct_event < 4; + ELSE + UPDATE ulog2_ct SET (orig_raw_pktlen, orig_raw_pktcount, + reply_raw_pktlen, reply_raw_pktcount, + ct_mark, flow_end_sec, flow_end_usec, ct_event) + = ($7,$8,$14,$15,$18,$21,$22,$23) + WHERE oob_family=$1 AND orig_ip_saddr_str = $2 + AND orig_ip_daddr_str = $3 AND orig_ip_protocol = $4 + AND orig_l4_sport = $5 AND orig_l4_dport = $6 + AND reply_ip_saddr_str = $9 AND reply_ip_daddr_str = $10 + AND reply_ip_protocol = $11 AND reply_l4_sport = $12 + AND reply_l4_dport = $13 + AND ct_event < 4; + END IF; + ELSE + _id := INSERT_CT($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17,$18,$19,$20,$21,$22,$23); + END IF; + RETURN _id; +END +$$ LANGUAGE plpgsql SECURITY INVOKER; + -- 1.5.4.3 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html