[PATCH libnf-log] src: add conntrack ID to XML output

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This patch enables to add conntrack ID as `ctid' element to XML output. Users
could identify conntrack entries by this ID from another conntrack output.

Signed-off-by: Ken-ichirou MATSUZAWA <chamas@xxxxxxxxxxxxx>
---
 include/libnetfilter_log/libnetfilter_log.h |  1 +
 src/libnetfilter_log.c                      | 44 ++++++++++++++++++++-
 2 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/include/libnetfilter_log/libnetfilter_log.h b/include/libnetfilter_log/libnetfilter_log.h
index 16c4748..3b52f01 100644
--- a/include/libnetfilter_log/libnetfilter_log.h
+++ b/include/libnetfilter_log/libnetfilter_log.h
@@ -82,6 +82,7 @@ enum {
 	NFLOG_XML_PHYSDEV	= (1 << 4),
 	NFLOG_XML_PAYLOAD	= (1 << 5),
 	NFLOG_XML_TIME		= (1 << 6),
+        NFLOG_XML_CTID		= (1 << 7),
 	NFLOG_XML_ALL		= ~0U,
 };
 
diff --git a/src/libnetfilter_log.c b/src/libnetfilter_log.c
index 27a6a2d..f2311ae 100644
--- a/src/libnetfilter_log.c
+++ b/src/libnetfilter_log.c
@@ -33,6 +33,9 @@
 #include <libnfnetlink/libnfnetlink.h>
 #include <libnetfilter_log/libnetfilter_log.h>
 
+#include <libmnl/libmnl.h>
+#include <linux/netfilter/nfnetlink_conntrack.h>
+
 /**
  * \mainpage
  *
@@ -652,6 +655,7 @@ int nflog_set_nlbufsiz(struct nflog_g_handle *gh, uint32_t nlbufsiz)
  *
  *	- NFULNL_CFG_F_SEQ: This enables local nflog sequence numbering.
  *	- NFULNL_CFG_F_SEQ_GLOBAL: This enables global nflog sequence numbering.
+ *	- NFULNL_CFG_F_CONNTRACK: This enables to acquire related conntrack.
  *
  * \return 0 on success, -1 on failure with \b errno set.
  * \par Errors
@@ -974,6 +978,36 @@ int nflog_get_seq_global(struct nflog_data *nfad, uint32_t *seq)
 	return 0;
 }
 
+/**
+ * nflog_get_ct_id - get the conntrack id
+ * \param nfad Netlink packet data handle passed to callback function
+ * \param id conntrack id, if the function returns zero
+ *
+ * You must enable this via nflog_set_flags().
+ *
+ * \return 0 on success or -1 if conntrack itself or its id was unavailable
+ */
+int nflog_get_ctid(struct nflog_data *nfad, uint32_t *id)
+{
+        struct nlattr *cta = (struct nlattr *)nfad->nfa[NFULA_CT - 1];
+        struct nlattr *attr, *ida = NULL;
+
+        if (cta == NULL) return -1;
+
+        mnl_attr_for_each_nested(attr, cta) {
+                if (mnl_attr_get_type(attr) == CTA_ID) {
+                        ida = attr;
+                        break;
+                }
+        }
+
+        if (ida == NULL || mnl_attr_validate(ida, MNL_TYPE_U32) < 0)
+                return -1;
+
+        *id = ntohl(mnl_attr_get_u32(ida));
+        return 0;
+}
+
 /**
  * @}
  */
@@ -1016,6 +1050,7 @@ do {								\
  *	- NFLOG_XML_PHYSDEV: include the physical device information
  *	- NFLOG_XML_PAYLOAD: include the payload (in hexadecimal)
  *	- NFLOG_XML_TIME: include the timestamp
+ *	- NFLOG_XML_CTID: include conntrack id
  *	- NFLOG_XML_ALL: include all the logging information (all flags set)
  *
  * You can combine these flags with a bitwise OR.
@@ -1030,7 +1065,7 @@ int nflog_snprintf_xml(char *buf, size_t rem, struct nflog_data *tb, int flags)
 {
 	struct nfulnl_msg_packet_hdr *ph;
 	struct nfulnl_msg_packet_hw *hwph;
-	uint32_t mark, ifi;
+	uint32_t mark, ifi, ctid;
 	int size, offset = 0, len = 0, ret;
 	char *data;
 
@@ -1150,6 +1185,13 @@ int nflog_snprintf_xml(char *buf, size_t rem, struct nflog_data *tb, int flags)
 		SNPRINTF_FAILURE(size, rem, offset, len);
 	}
 
+	ret = nflog_get_ctid(tb, &ctid);
+	if (ret >= 0 && (flags & NFLOG_XML_CTID)) {
+		size = snprintf(buf + offset, rem,
+				"<ctid>%u</ctid>", ctid);
+		SNPRINTF_FAILURE(size, rem, offset, len);
+	}
+
 	ret = nflog_get_payload(tb, &data);
 	if (ret >= 0 && (flags & NFLOG_XML_PAYLOAD)) {
 		int i;
-- 
2.30.2




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux