This patch enables to let conntrack information including XML output.
---
Hi,
I think there are two issues. First, it deals with obsolete libnfnetlink
internal data. The other is that the family of nfgenmsg is not available, so the
ethernet hw protocol type is used. Are these acceptable?
About ethernet type, should I use IP version from payload?
----
include/libnetfilter_log/libnetfilter_log.h | 4 +++
src/Makefile.am | 5 +++
src/libnetfilter_log.c | 35 +++++++++++++++++++++
3 files changed, 44 insertions(+)
diff --git a/include/libnetfilter_log/libnetfilter_log.h b/include/libnetfilter_log/libnetfilter_log.h
index 6192fa3..a98a39e 100644
--- a/include/libnetfilter_log/libnetfilter_log.h
+++ b/include/libnetfilter_log/libnetfilter_log.h
@@ -82,6 +82,10 @@ enum {
NFLOG_XML_PHYSDEV = (1 << 4),
NFLOG_XML_PAYLOAD = (1 << 5),
NFLOG_XML_TIME = (1 << 6),
+#ifdef BUILD_NFCT
+ NFLOG_XML_CT = (1 << 7),
+ NFLOG_XML_CT_TIMESTAMP = (1 << 8),
+#endif
NFLOG_XML_ALL = ~0U,
};
diff --git a/src/Makefile.am b/src/Makefile.am
index 335c393..bc8da41 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -37,3 +37,8 @@ libnetfilter_log_libipulog_la_LDFLAGS = -Wc,-nostartfiles \
libnetfilter_log_libipulog_la_LIBADD = libnetfilter_log.la ${LIBNFNETLINK_LIBS}
libnetfilter_log_libipulog_la_SOURCES = libipulog_compat.c
endif
+
+if BUILD_NFCT
+libnetfilter_log_la_LDFLAGS += $(LIBNETFILTER_CONNTRACK_LIBS)
+libnetfilter_log_la_CPPFLAGS = ${AM_CPPFLAGS} ${LIBNETFILTER_CONNTRACK_CFLAGS} -DBUILD_NFCT
+endif
diff --git a/src/libnetfilter_log.c b/src/libnetfilter_log.c
index 567049c..aa97b51 100644
--- a/src/libnetfilter_log.c
+++ b/src/libnetfilter_log.c
@@ -33,6 +33,11 @@
#include <libnfnetlink/libnfnetlink.h>
#include <libnetfilter_log/libnetfilter_log.h>
+#ifdef BUILD_NFCT
+#include <libmnl/libmnl.h>
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#endif
+
/**
* \mainpage
*
@@ -907,6 +912,8 @@ do { \
* - NFLOG_XML_PHYSDEV: include the physical device information
* - NFLOG_XML_PAYLOAD: include the payload (in hexadecimal)
* - NFLOG_XML_TIME: include the timestamp
+ * - NFLOG_XML_CT: include conntrack entry
+ * - NFLOG_XML_CT_TIMESTAMP: include conntrack timestamp
* - NFLOG_XML_ALL: include all the logging information (all flags set)
*
* You can combine this flags with an binary OR.
@@ -1056,6 +1063,34 @@ int nflog_snprintf_xml(char *buf, size_t rem, struct nflog_data *tb, int flags)
SNPRINTF_FAILURE(size, rem, offset, len);
}
+#ifdef BUILD_NFCT
+ if (flags & NFLOG_XML_CT) {
+ struct nlattr *ctattr = (struct nlattr *)tb->nfa[NFULA_CT - 1];
+ struct nf_conntrack *ct = nfct_new();
+ unsigned int ct_flags = 0;
+ uint8_t family = 0;
+ uint16_t hw_proto = ntohs(ph->hw_protocol);
+
+ if (!ctattr) goto close_tag;
+ if (hw_proto == 0x0800)
+ family = AF_INET;
+ else if (hw_proto == 0x86dd)
+ family = AF_INET6;
+ else
+ goto close_tag;
+
+ if (nfct_payload_parse(mnl_attr_get_payload(ctattr),
+ mnl_attr_get_payload_len(ctattr),
+ family, ct) < 0)
+ goto close_tag;
+ if (flags & NFLOG_XML_CT_TIMESTAMP)
+ ct_flags |= NFCT_OF_TIMESTAMP;
+ size = nfct_snprintf(buf + offset, rem, ct, 0, NFCT_O_XML,
+ ct_flags);
+ SNPRINTF_FAILURE(size, rem, offset, len);
+ }
+close_tag:
+#endif
size = snprintf(buf + offset, rem, "</log>");
SNPRINTF_FAILURE(size, rem, offset, len);
--
2.30.2
