This patch enables to add conntrack ID as `ctid' element to XML output. Users could identify conntrack entries by this ID from another conntrack output. Signed-off-by: Ken-ichirou MATSUZAWA <chamas@xxxxxxxxxxxxx> --- include/libnetfilter_log/libnetfilter_log.h | 1 + src/libnetfilter_log.c | 44 ++++++++++++++++++++- 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/include/libnetfilter_log/libnetfilter_log.h b/include/libnetfilter_log/libnetfilter_log.h index 16c4748..3b52f01 100644 --- a/include/libnetfilter_log/libnetfilter_log.h +++ b/include/libnetfilter_log/libnetfilter_log.h @@ -82,6 +82,7 @@ enum { NFLOG_XML_PHYSDEV = (1 << 4), NFLOG_XML_PAYLOAD = (1 << 5), NFLOG_XML_TIME = (1 << 6), + NFLOG_XML_CTID = (1 << 7), NFLOG_XML_ALL = ~0U, }; diff --git a/src/libnetfilter_log.c b/src/libnetfilter_log.c index 27a6a2d..f2311ae 100644 --- a/src/libnetfilter_log.c +++ b/src/libnetfilter_log.c @@ -33,6 +33,9 @@ #include <libnfnetlink/libnfnetlink.h> #include <libnetfilter_log/libnetfilter_log.h> +#include <libmnl/libmnl.h> +#include <linux/netfilter/nfnetlink_conntrack.h> + /** * \mainpage * @@ -652,6 +655,7 @@ int nflog_set_nlbufsiz(struct nflog_g_handle *gh, uint32_t nlbufsiz) * * - NFULNL_CFG_F_SEQ: This enables local nflog sequence numbering. * - NFULNL_CFG_F_SEQ_GLOBAL: This enables global nflog sequence numbering. + * - NFULNL_CFG_F_CONNTRACK: This enables to acquire related conntrack. * * \return 0 on success, -1 on failure with \b errno set. * \par Errors @@ -974,6 +978,36 @@ int nflog_get_seq_global(struct nflog_data *nfad, uint32_t *seq) return 0; } +/** + * nflog_get_ct_id - get the conntrack id + * \param nfad Netlink packet data handle passed to callback function + * \param id conntrack id, if the function returns zero + * + * You must enable this via nflog_set_flags(). + * + * \return 0 on success or -1 if conntrack itself or its id was unavailable + */ +int nflog_get_ctid(struct nflog_data *nfad, uint32_t *id) +{ + struct nlattr *cta = (struct nlattr *)nfad->nfa[NFULA_CT - 1]; + struct nlattr *attr, *ida = NULL; + + if (cta == NULL) return -1; + + mnl_attr_for_each_nested(attr, cta) { + if (mnl_attr_get_type(attr) == CTA_ID) { + ida = attr; + break; + } + } + + if (ida == NULL || mnl_attr_validate(ida, MNL_TYPE_U32) < 0) + return -1; + + *id = ntohl(mnl_attr_get_u32(ida)); + return 0; +} + /** * @} */ @@ -1016,6 +1050,7 @@ do { \ * - NFLOG_XML_PHYSDEV: include the physical device information * - NFLOG_XML_PAYLOAD: include the payload (in hexadecimal) * - NFLOG_XML_TIME: include the timestamp + * - NFLOG_XML_CTID: include conntrack id * - NFLOG_XML_ALL: include all the logging information (all flags set) * * You can combine these flags with a bitwise OR. @@ -1030,7 +1065,7 @@ int nflog_snprintf_xml(char *buf, size_t rem, struct nflog_data *tb, int flags) { struct nfulnl_msg_packet_hdr *ph; struct nfulnl_msg_packet_hw *hwph; - uint32_t mark, ifi; + uint32_t mark, ifi, ctid; int size, offset = 0, len = 0, ret; char *data; @@ -1150,6 +1185,13 @@ int nflog_snprintf_xml(char *buf, size_t rem, struct nflog_data *tb, int flags) SNPRINTF_FAILURE(size, rem, offset, len); } + ret = nflog_get_ctid(tb, &ctid); + if (ret >= 0 && (flags & NFLOG_XML_CTID)) { + size = snprintf(buf + offset, rem, + "<ctid>%u</ctid>", ctid); + SNPRINTF_FAILURE(size, rem, offset, len); + } + ret = nflog_get_payload(tb, &data); if (ret >= 0 && (flags & NFLOG_XML_PAYLOAD)) { int i; -- 2.30.2