put nf_conntrack in ct outputkey when "attach_conntrack" is specified.
But there is no way to show both nflog "raw" and "ct" now.
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@xxxxxxxxxxxxx>
---
input/packet/Makefile.am | 5 ++-
input/packet/ulogd_inppkt_NFLOG.c | 68 +++++++++++++++++++++++++++++--
2 files changed, 67 insertions(+), 6 deletions(-)
diff --git a/input/packet/Makefile.am b/input/packet/Makefile.am
index 1c3151d..0f9c316 100644
--- a/input/packet/Makefile.am
+++ b/input/packet/Makefile.am
@@ -1,5 +1,5 @@
-AM_CPPFLAGS = -I$(top_srcdir)/include ${LIBNETFILTER_LOG_CFLAGS}
+AM_CPPFLAGS = -I$(top_srcdir)/include ${LIBNETFILTER_LOG_CFLAGS} ${LIBNETFILTER_CONNTRACK_CFLAGS}
AM_CFLAGS = ${regular_CFLAGS}
pkglib_LTLIBRARIES = ulogd_inppkt_UNIXSOCK.la
@@ -13,7 +13,8 @@ pkglib_LTLIBRARIES += ulogd_inppkt_NFLOG.la
endif
ulogd_inppkt_NFLOG_la_SOURCES = ulogd_inppkt_NFLOG.c
-ulogd_inppkt_NFLOG_la_LDFLAGS = -avoid-version -module $(LIBNETFILTER_LOG_LIBS)
+ulogd_inppkt_NFLOG_la_LDFLAGS = -avoid-version -module $(LIBNETFILTER_LOG_LIBS) \
+ $(LIBNETFILTER_CONNTRACK_LIBS)
ulogd_inppkt_ULOG_la_SOURCES = ulogd_inppkt_ULOG.c
ulogd_inppkt_ULOG_la_LDFLAGS = -avoid-version -module
diff --git a/input/packet/ulogd_inppkt_NFLOG.c b/input/packet/ulogd_inppkt_NFLOG.c
index 449c0c6..34f7fe3 100644
--- a/input/packet/ulogd_inppkt_NFLOG.c
+++ b/input/packet/ulogd_inppkt_NFLOG.c
@@ -12,6 +12,13 @@
#include <ulogd/ulogd.h>
#include <libnfnetlink/libnfnetlink.h>
#include <libnetfilter_log/libnetfilter_log.h>
+#ifdef BUILD_NFCT
+#include <libmnl/libmnl.h>
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#else
+struct nf_conntrack;
+#endif
+
#ifndef NFLOG_GROUP_DEFAULT
#define NFLOG_GROUP_DEFAULT 0
@@ -148,6 +155,7 @@ enum nflog_keys {
NFLOG_KEY_RAW_MAC_SADDR,
NFLOG_KEY_RAW_MAC_ADDRLEN,
NFLOG_KEY_RAW,
+ NFLOG_KEY_RAW_CT,
};
static struct ulogd_key output_keys[] = {
@@ -319,11 +327,51 @@ static struct ulogd_key output_keys[] = {
.flags = ULOGD_RETF_NONE,
.name = "raw",
},
+ [NFLOG_KEY_RAW_CT] = {
+ .type = ULOGD_RET_RAW,
+ .flags = ULOGD_RETF_NONE,
+ .name = "ct",
+ },
};
+struct nf_conntrack *build_ct(struct nfgenmsg *nfmsg) {
+#ifdef BUILD_NFCT
+ struct nlattr *attr, *ctattr = NULL;
+ struct nf_conntrack *ct = NULL;
+ struct nlmsghdr *nlh
+ = (struct nlmsghdr *)((void *)nfmsg - sizeof(*nlh));
+
+ mnl_attr_for_each(attr, nlh, sizeof(struct nfgenmsg)) {
+ if (mnl_attr_get_type(attr) == NFULA_CT) {
+ ctattr = attr;
+ break;
+ }
+ }
+ if (ctattr == NULL)
+ return NULL;
+
+ ct = nfct_new();
+ if (ct == NULL) {
+ ulogd_log(ULOGD_ERROR, "failed to allocate nfct\n");
+ return NULL;
+ }
+ if (nfct_payload_parse(mnl_attr_get_payload(ctattr),
+ mnl_attr_get_payload_len(ctattr),
+ nfmsg->nfgen_family, ct) < 0) {
+ ulogd_log(ULOGD_ERROR, "failed to parse nfct payload\n");
+ nfct_destroy(ct);
+ return NULL;
+ }
+
+ return ct;
+#else
+ return NULL;
+#endif
+}
+
static inline int
interp_packet(struct ulogd_pluginstance *upi, uint8_t pf_family,
- struct nflog_data *ldata)
+ struct nflog_data *ldata, struct nf_conntrack *ct)
{
struct ulogd_key *ret = upi->output.keys;
@@ -404,6 +452,9 @@ interp_packet(struct ulogd_pluginstance *upi, uint8_t pf_family,
okey_set_ptr(&ret[NFLOG_KEY_RAW], ldata);
+ if (ct != NULL)
+ okey_set_ptr(&ret[NFLOG_KEY_RAW_CT], ct);
+
ulogd_propagate_results(upi);
return 0;
}
@@ -479,15 +530,24 @@ static int msg_cb(struct nflog_g_handle *gh, struct nfgenmsg *nfmsg,
struct ulogd_pluginstance *upi = data;
struct ulogd_pluginstance *npi = NULL;
int ret = 0;
+ void *ct = build_ct(nfmsg);
/* since we support the re-use of one instance in several
* different stacks, we duplicate the message to let them know */
llist_for_each_entry(npi, &upi->plist, plist) {
- ret = interp_packet(npi, nfmsg->nfgen_family, nfa);
+ ret = interp_packet(npi, nfmsg->nfgen_family, nfa, ct);
if (ret != 0)
- return ret;
+ goto release_ct;
}
- return interp_packet(upi, nfmsg->nfgen_family, nfa);
+ ret = interp_packet(upi, nfmsg->nfgen_family, nfa, ct);
+
+release_ct:
+#ifdef BUILD_NFCT
+ if (ct != NULL)
+ nfct_destroy(ct);
+#endif
+
+ return ret;
}
static int configure(struct ulogd_pluginstance *upi,
--
2.30.2
