This patch adds support for poll-based logging. Basically, ulogd polls from the kernel periodically to log entries. You can use the `pollinterval' option in the configuration file to set the polling period. This patch changes the current behaviour of `pollinterval' that allowed to mix both the event-driven logging with polling periodically from the kernel. I have tried to look for anyone in google (and asking Eric Leblond) using this feature but I found noone. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- input/flow/ulogd_inpflow_NFCT.c | 128 +++++++++++++++++++++++++++++++++++++-- ulogd.conf.in | 1 2 files changed, 121 insertions(+), 8 deletions(-) diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c index 9ef4eae..d76649e 100644 --- a/input/flow/ulogd_inpflow_NFCT.c +++ b/input/flow/ulogd_inpflow_NFCT.c @@ -567,7 +567,6 @@ do_propagate_ct(struct ulogd_pluginstance *upi, propagate_ct(upi, ct, type, ts); } -/* XXX: pollinterval needs a different handler */ static int event_handler(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data) @@ -646,6 +645,40 @@ static int event_handler(enum nf_conntrack_msg_type type, return NFCT_CB_CONTINUE; } +static int +polling_handler(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, void *data) +{ + struct ulogd_pluginstance *upi = data; + struct nfct_pluginstance *cpi = + (struct nfct_pluginstance *) upi->private; + struct ct_timestamp *ts = NULL; + struct ct_timestamp tmp = { + .ct = ct, + }; + + switch(type) { + case NFCT_T_UPDATE: + ts = hashtable_get(cpi->ct_active, &tmp); + if (ts) + nfct_copy(ts->ct, ct, NFCT_CP_META); + else { + ts = hashtable_add(cpi->ct_active, &tmp); + if (ts == NULL) + return NFCT_CB_CONTINUE; + + gettimeofday(&ts->time[START], NULL); + return NFCT_CB_STOLEN; + } + break; + default: + ulogd_log(ULOGD_NOTICE, "unknown netlink message type\n"); + break; + } + + return NFCT_CB_CONTINUE; +} + static int setnlbufsiz(struct ulogd_pluginstance *upi, int size) { struct nfct_pluginstance *cpi = @@ -804,13 +837,15 @@ static int get_ctr_zero(struct ulogd_pluginstance *upi) return nfct_query(cpi->cth, NFCT_Q_DUMP_RESET, &family); } -static void getctr_timer_cb(struct ulogd_timer *t, void *data) +static void polling_timer_cb(struct ulogd_timer *t, void *data) { struct ulogd_pluginstance *upi = data; struct nfct_pluginstance *cpi = (struct nfct_pluginstance *)upi->private; + int family = AF_UNSPEC; - get_ctr_zero(upi); + nfct_query(cpi->pgh, NFCT_Q_DUMP, &family); + hashtable_iterate(cpi->ct_active, upi, do_purge); ulogd_add_timer(&cpi->timer, pollint_ce(upi->config_kset).u.value); } @@ -825,7 +860,7 @@ static int configure_nfct(struct ulogd_pluginstance *upi, if (ret < 0) return ret; - ulogd_init_timer(&cpi->timer, upi, getctr_timer_cb); + ulogd_init_timer(&cpi->timer, upi, polling_timer_cb); if (pollint_ce(upi->config_kset).u.value != 0) ulogd_add_timer(&cpi->timer, pollint_ce(upi->config_kset).u.value); @@ -843,7 +878,7 @@ static void overrun_timeout(struct ulogd_timer *a, void *data) nfct_send(cpi->ovh, NFCT_Q_DUMP, &family); } -static int constructor_nfct(struct ulogd_pluginstance *upi) +static int constructor_nfct_events(struct ulogd_pluginstance *upi) { struct nfct_pluginstance *cpi = (struct nfct_pluginstance *)upi->private; @@ -916,6 +951,7 @@ static int constructor_nfct(struct ulogd_pluginstance *upi) } } + ulogd_log(ULOGD_NOTICE, "NFCT plugin working in event mode\n"); return 0; err_pgh: @@ -930,9 +966,61 @@ err_cth: return -1; } -static int destructor_nfct(struct ulogd_pluginstance *pi) +static int constructor_nfct_polling(struct ulogd_pluginstance *upi) { - struct nfct_pluginstance *cpi = (void *) pi->private; + struct nfct_pluginstance *cpi = + (struct nfct_pluginstance *)upi->private; + + if (usehash_ce(upi->config_kset).u.value == 0) { + ulogd_log(ULOGD_FATAL, "NFCT polling mode requires " + "the hashtable\n"); + goto err; + } + + cpi->pgh = nfct_open(NFNL_SUBSYS_CTNETLINK, 0); + if (!cpi->pgh) { + ulogd_log(ULOGD_FATAL, "error opening ctnetlink\n"); + goto err; + } + nfct_callback_register(cpi->pgh, NFCT_T_ALL, &polling_handler, upi); + + cpi->ct_active = + hashtable_create(buckets_ce(upi->config_kset).u.value, + maxentries_ce(upi->config_kset).u.value, + sizeof(struct ct_timestamp), + hash, + compare); + if (!cpi->ct_active) { + ulogd_log(ULOGD_FATAL, "error allocating hash\n"); + goto err_hashtable; + } + + ulogd_log(ULOGD_NOTICE, "NFCT working in polling mode\n"); + return 0; + +err_hashtable: + nfct_close(cpi->pgh); +err: + return -1; +} + +static int constructor_nfct(struct ulogd_pluginstance *upi) +{ + if (pollint_ce(upi->config_kset).u.value == 0) { + /* listen to ctnetlink events. */ + return constructor_nfct_events(upi); + } else { + /* poll from ctnetlink periodically. */ + return constructor_nfct_polling(upi); + } + /* should not ever happen. */ + ulogd_log(ULOGD_FATAL, "invalid NFCT configuration\n"); + return -1; +} + +static int destructor_nfct_events(struct ulogd_pluginstance *upi) +{ + struct nfct_pluginstance *cpi = (void *) upi->private; int rc; ulogd_unregister_fd(&cpi->nfct_fd); @@ -942,7 +1030,7 @@ static int destructor_nfct(struct ulogd_pluginstance *pi) return rc; - if (usehash_ce(pi->config_kset).u.value != 0) { + if (usehash_ce(upi->config_kset).u.value != 0) { ulogd_del_timer(&cpi->ov_timer); ulogd_unregister_fd(&cpi->nfct_ov); @@ -960,6 +1048,30 @@ static int destructor_nfct(struct ulogd_pluginstance *pi) return 0; } +static int destructor_nfct_polling(struct ulogd_pluginstance *upi) +{ + int rc; + struct nfct_pluginstance *cpi = (void *)upi->private; + + rc = nfct_close(cpi->pgh); + if (rc < 0) + return rc; + + return 0; +} + +static int destructor_nfct(struct ulogd_pluginstance *upi) +{ + if (pollint_ce(upi->config_kset).u.value == 0) { + return destructor_nfct_events(upi); + } else { + return destructor_nfct_polling(upi); + } + /* should not ever happen. */ + ulogd_log(ULOGD_FATAL, "invalid NFCT configuration\n"); + return -1; +} + static void signal_nfct(struct ulogd_pluginstance *pi, int signal) { switch (signal) { diff --git a/ulogd.conf.in b/ulogd.conf.in index 4542fc4..b77d726 100644 --- a/ulogd.conf.in +++ b/ulogd.conf.in @@ -92,6 +92,7 @@ plugin="@libdir@/ulogd/ulogd_raw2packet_BASE.so" #netlink_socket_buffer_size=217088 #netlink_socket_buffer_maxsize=1085440 #netlink_resync_timeout=60 # seconds to wait to perform resynchronization +#pollinterval=10 # use poll-based logging instead of event-driven [ct2] #netlink_socket_buffer_size=217088 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html