* [RFC PATCH libnetfilter_log] src: support conntrack XML output
@ 2021-09-17 22:02 Ken-ichirou MATSUZAWA
2021-10-11 23:36 ` Pablo Neira Ayuso
0 siblings, 1 reply; 4+ messages in thread
From: Ken-ichirou MATSUZAWA @ 2021-09-17 22:02 UTC (permalink / raw)
To: netfilter-devel; +Cc: Ken-ichirou MATSUZAWA
This patch enables to let conntrack information including XML output.
---
Hi,
I think there are two issues. First, it deals with obsolete libnfnetlink
internal data. The other is that the family of nfgenmsg is not available, so the
ethernet hw protocol type is used. Are these acceptable?
About ethernet type, should I use IP version from payload?
----
include/libnetfilter_log/libnetfilter_log.h | 4 +++
src/Makefile.am | 5 +++
src/libnetfilter_log.c | 35 +++++++++++++++++++++
3 files changed, 44 insertions(+)
diff --git a/include/libnetfilter_log/libnetfilter_log.h b/include/libnetfilter_log/libnetfilter_log.h
index 6192fa3..a98a39e 100644
--- a/include/libnetfilter_log/libnetfilter_log.h
+++ b/include/libnetfilter_log/libnetfilter_log.h
@@ -82,6 +82,10 @@ enum {
NFLOG_XML_PHYSDEV = (1 << 4),
NFLOG_XML_PAYLOAD = (1 << 5),
NFLOG_XML_TIME = (1 << 6),
+#ifdef BUILD_NFCT
+ NFLOG_XML_CT = (1 << 7),
+ NFLOG_XML_CT_TIMESTAMP = (1 << 8),
+#endif
NFLOG_XML_ALL = ~0U,
};
diff --git a/src/Makefile.am b/src/Makefile.am
index 335c393..bc8da41 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -37,3 +37,8 @@ libnetfilter_log_libipulog_la_LDFLAGS = -Wc,-nostartfiles \
libnetfilter_log_libipulog_la_LIBADD = libnetfilter_log.la ${LIBNFNETLINK_LIBS}
libnetfilter_log_libipulog_la_SOURCES = libipulog_compat.c
endif
+
+if BUILD_NFCT
+libnetfilter_log_la_LDFLAGS += $(LIBNETFILTER_CONNTRACK_LIBS)
+libnetfilter_log_la_CPPFLAGS = ${AM_CPPFLAGS} ${LIBNETFILTER_CONNTRACK_CFLAGS} -DBUILD_NFCT
+endif
diff --git a/src/libnetfilter_log.c b/src/libnetfilter_log.c
index 567049c..aa97b51 100644
--- a/src/libnetfilter_log.c
+++ b/src/libnetfilter_log.c
@@ -33,6 +33,11 @@
#include <libnfnetlink/libnfnetlink.h>
#include <libnetfilter_log/libnetfilter_log.h>
+#ifdef BUILD_NFCT
+#include <libmnl/libmnl.h>
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#endif
+
/**
* \mainpage
*
@@ -907,6 +912,8 @@ do { \
* - NFLOG_XML_PHYSDEV: include the physical device information
* - NFLOG_XML_PAYLOAD: include the payload (in hexadecimal)
* - NFLOG_XML_TIME: include the timestamp
+ * - NFLOG_XML_CT: include conntrack entry
+ * - NFLOG_XML_CT_TIMESTAMP: include conntrack timestamp
* - NFLOG_XML_ALL: include all the logging information (all flags set)
*
* You can combine this flags with an binary OR.
@@ -1056,6 +1063,34 @@ int nflog_snprintf_xml(char *buf, size_t rem, struct nflog_data *tb, int flags)
SNPRINTF_FAILURE(size, rem, offset, len);
}
+#ifdef BUILD_NFCT
+ if (flags & NFLOG_XML_CT) {
+ struct nlattr *ctattr = (struct nlattr *)tb->nfa[NFULA_CT - 1];
+ struct nf_conntrack *ct = nfct_new();
+ unsigned int ct_flags = 0;
+ uint8_t family = 0;
+ uint16_t hw_proto = ntohs(ph->hw_protocol);
+
+ if (!ctattr) goto close_tag;
+ if (hw_proto == 0x0800)
+ family = AF_INET;
+ else if (hw_proto == 0x86dd)
+ family = AF_INET6;
+ else
+ goto close_tag;
+
+ if (nfct_payload_parse(mnl_attr_get_payload(ctattr),
+ mnl_attr_get_payload_len(ctattr),
+ family, ct) < 0)
+ goto close_tag;
+ if (flags & NFLOG_XML_CT_TIMESTAMP)
+ ct_flags |= NFCT_OF_TIMESTAMP;
+ size = nfct_snprintf(buf + offset, rem, ct, 0, NFCT_O_XML,
+ ct_flags);
+ SNPRINTF_FAILURE(size, rem, offset, len);
+ }
+close_tag:
+#endif
size = snprintf(buf + offset, rem, "</log>");
SNPRINTF_FAILURE(size, rem, offset, len);
--
2.30.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [RFC PATCH libnetfilter_log] src: support conntrack XML output
2021-09-17 22:02 [RFC PATCH libnetfilter_log] src: support conntrack XML output Ken-ichirou MATSUZAWA
@ 2021-10-11 23:36 ` Pablo Neira Ayuso
2021-10-12 4:39 ` [PATCH libnf-log] src: add conntrack ID to " Ken-ichirou MATSUZAWA
0 siblings, 1 reply; 4+ messages in thread
From: Pablo Neira Ayuso @ 2021-10-11 23:36 UTC (permalink / raw)
To: Ken-ichirou MATSUZAWA; +Cc: netfilter-devel
Hi,
On Sat, Sep 18, 2021 at 07:02:33AM +0900, Ken-ichirou MATSUZAWA wrote:
> This patch enables to let conntrack information including XML output.
> ---
> Hi,
>
> I think there are two issues. First, it deals with obsolete libnfnetlink
> internal data. The other is that the family of nfgenmsg is not available, so the
> ethernet hw protocol type is used. Are these acceptable?
> About ethernet type, should I use IP version from payload?
This is also creating an interdependency between the two libraries.
I'd suggest you expose the conntrack ID through the XML output of the
packet, this would require minimal parsing of the CT netlink attribute.
Then, print the conntrack object in XML including this ID too so
userspace can relate them?
> ----
>
> include/libnetfilter_log/libnetfilter_log.h | 4 +++
> src/Makefile.am | 5 +++
> src/libnetfilter_log.c | 35 +++++++++++++++++++++
> 3 files changed, 44 insertions(+)
>
> diff --git a/include/libnetfilter_log/libnetfilter_log.h b/include/libnetfilter_log/libnetfilter_log.h
> index 6192fa3..a98a39e 100644
> --- a/include/libnetfilter_log/libnetfilter_log.h
> +++ b/include/libnetfilter_log/libnetfilter_log.h
> @@ -82,6 +82,10 @@ enum {
> NFLOG_XML_PHYSDEV = (1 << 4),
> NFLOG_XML_PAYLOAD = (1 << 5),
> NFLOG_XML_TIME = (1 << 6),
> +#ifdef BUILD_NFCT
> + NFLOG_XML_CT = (1 << 7),
> + NFLOG_XML_CT_TIMESTAMP = (1 << 8),
> +#endif
> NFLOG_XML_ALL = ~0U,
> };
>
> diff --git a/src/Makefile.am b/src/Makefile.am
> index 335c393..bc8da41 100644
> --- a/src/Makefile.am
> +++ b/src/Makefile.am
> @@ -37,3 +37,8 @@ libnetfilter_log_libipulog_la_LDFLAGS = -Wc,-nostartfiles \
> libnetfilter_log_libipulog_la_LIBADD = libnetfilter_log.la ${LIBNFNETLINK_LIBS}
> libnetfilter_log_libipulog_la_SOURCES = libipulog_compat.c
> endif
> +
> +if BUILD_NFCT
> +libnetfilter_log_la_LDFLAGS += $(LIBNETFILTER_CONNTRACK_LIBS)
> +libnetfilter_log_la_CPPFLAGS = ${AM_CPPFLAGS} ${LIBNETFILTER_CONNTRACK_CFLAGS} -DBUILD_NFCT
> +endif
> diff --git a/src/libnetfilter_log.c b/src/libnetfilter_log.c
> index 567049c..aa97b51 100644
> --- a/src/libnetfilter_log.c
> +++ b/src/libnetfilter_log.c
> @@ -33,6 +33,11 @@
> #include <libnfnetlink/libnfnetlink.h>
> #include <libnetfilter_log/libnetfilter_log.h>
>
> +#ifdef BUILD_NFCT
> +#include <libmnl/libmnl.h>
> +#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
> +#endif
> +
> /**
> * \mainpage
> *
> @@ -907,6 +912,8 @@ do { \
> * - NFLOG_XML_PHYSDEV: include the physical device information
> * - NFLOG_XML_PAYLOAD: include the payload (in hexadecimal)
> * - NFLOG_XML_TIME: include the timestamp
> + * - NFLOG_XML_CT: include conntrack entry
> + * - NFLOG_XML_CT_TIMESTAMP: include conntrack timestamp
> * - NFLOG_XML_ALL: include all the logging information (all flags set)
> *
> * You can combine this flags with an binary OR.
> @@ -1056,6 +1063,34 @@ int nflog_snprintf_xml(char *buf, size_t rem, struct nflog_data *tb, int flags)
> SNPRINTF_FAILURE(size, rem, offset, len);
> }
>
> +#ifdef BUILD_NFCT
> + if (flags & NFLOG_XML_CT) {
> + struct nlattr *ctattr = (struct nlattr *)tb->nfa[NFULA_CT - 1];
> + struct nf_conntrack *ct = nfct_new();
> + unsigned int ct_flags = 0;
> + uint8_t family = 0;
> + uint16_t hw_proto = ntohs(ph->hw_protocol);
> +
> + if (!ctattr) goto close_tag;
> + if (hw_proto == 0x0800)
> + family = AF_INET;
> + else if (hw_proto == 0x86dd)
> + family = AF_INET6;
> + else
> + goto close_tag;
> +
> + if (nfct_payload_parse(mnl_attr_get_payload(ctattr),
> + mnl_attr_get_payload_len(ctattr),
> + family, ct) < 0)
> + goto close_tag;
> + if (flags & NFLOG_XML_CT_TIMESTAMP)
> + ct_flags |= NFCT_OF_TIMESTAMP;
> + size = nfct_snprintf(buf + offset, rem, ct, 0, NFCT_O_XML,
> + ct_flags);
> + SNPRINTF_FAILURE(size, rem, offset, len);
> + }
> +close_tag:
> +#endif
> size = snprintf(buf + offset, rem, "</log>");
> SNPRINTF_FAILURE(size, rem, offset, len);
>
> --
> 2.30.2
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH libnf-log] src: add conntrack ID to XML output
2021-10-11 23:36 ` Pablo Neira Ayuso
@ 2021-10-12 4:39 ` Ken-ichirou MATSUZAWA
2021-11-08 11:45 ` Pablo Neira Ayuso
0 siblings, 1 reply; 4+ messages in thread
From: Ken-ichirou MATSUZAWA @ 2021-10-12 4:39 UTC (permalink / raw)
To: netfilter-devel; +Cc: Ken-ichirou MATSUZAWA
This patch enables to add conntrack ID as `ctid' element to XML output. Users
could identify conntrack entries by this ID from another conntrack output.
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
---
include/libnetfilter_log/libnetfilter_log.h | 1 +
src/libnetfilter_log.c | 44 ++++++++++++++++++++-
2 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/include/libnetfilter_log/libnetfilter_log.h b/include/libnetfilter_log/libnetfilter_log.h
index 16c4748..3b52f01 100644
--- a/include/libnetfilter_log/libnetfilter_log.h
+++ b/include/libnetfilter_log/libnetfilter_log.h
@@ -82,6 +82,7 @@ enum {
NFLOG_XML_PHYSDEV = (1 << 4),
NFLOG_XML_PAYLOAD = (1 << 5),
NFLOG_XML_TIME = (1 << 6),
+ NFLOG_XML_CTID = (1 << 7),
NFLOG_XML_ALL = ~0U,
};
diff --git a/src/libnetfilter_log.c b/src/libnetfilter_log.c
index 27a6a2d..f2311ae 100644
--- a/src/libnetfilter_log.c
+++ b/src/libnetfilter_log.c
@@ -33,6 +33,9 @@
#include <libnfnetlink/libnfnetlink.h>
#include <libnetfilter_log/libnetfilter_log.h>
+#include <libmnl/libmnl.h>
+#include <linux/netfilter/nfnetlink_conntrack.h>
+
/**
* \mainpage
*
@@ -652,6 +655,7 @@ int nflog_set_nlbufsiz(struct nflog_g_handle *gh, uint32_t nlbufsiz)
*
* - NFULNL_CFG_F_SEQ: This enables local nflog sequence numbering.
* - NFULNL_CFG_F_SEQ_GLOBAL: This enables global nflog sequence numbering.
+ * - NFULNL_CFG_F_CONNTRACK: This enables to acquire related conntrack.
*
* \return 0 on success, -1 on failure with \b errno set.
* \par Errors
@@ -974,6 +978,36 @@ int nflog_get_seq_global(struct nflog_data *nfad, uint32_t *seq)
return 0;
}
+/**
+ * nflog_get_ct_id - get the conntrack id
+ * \param nfad Netlink packet data handle passed to callback function
+ * \param id conntrack id, if the function returns zero
+ *
+ * You must enable this via nflog_set_flags().
+ *
+ * \return 0 on success or -1 if conntrack itself or its id was unavailable
+ */
+int nflog_get_ctid(struct nflog_data *nfad, uint32_t *id)
+{
+ struct nlattr *cta = (struct nlattr *)nfad->nfa[NFULA_CT - 1];
+ struct nlattr *attr, *ida = NULL;
+
+ if (cta == NULL) return -1;
+
+ mnl_attr_for_each_nested(attr, cta) {
+ if (mnl_attr_get_type(attr) == CTA_ID) {
+ ida = attr;
+ break;
+ }
+ }
+
+ if (ida == NULL || mnl_attr_validate(ida, MNL_TYPE_U32) < 0)
+ return -1;
+
+ *id = ntohl(mnl_attr_get_u32(ida));
+ return 0;
+}
+
/**
* @}
*/
@@ -1016,6 +1050,7 @@ do { \
* - NFLOG_XML_PHYSDEV: include the physical device information
* - NFLOG_XML_PAYLOAD: include the payload (in hexadecimal)
* - NFLOG_XML_TIME: include the timestamp
+ * - NFLOG_XML_CTID: include conntrack id
* - NFLOG_XML_ALL: include all the logging information (all flags set)
*
* You can combine these flags with a bitwise OR.
@@ -1030,7 +1065,7 @@ int nflog_snprintf_xml(char *buf, size_t rem, struct nflog_data *tb, int flags)
{
struct nfulnl_msg_packet_hdr *ph;
struct nfulnl_msg_packet_hw *hwph;
- uint32_t mark, ifi;
+ uint32_t mark, ifi, ctid;
int size, offset = 0, len = 0, ret;
char *data;
@@ -1150,6 +1185,13 @@ int nflog_snprintf_xml(char *buf, size_t rem, struct nflog_data *tb, int flags)
SNPRINTF_FAILURE(size, rem, offset, len);
}
+ ret = nflog_get_ctid(tb, &ctid);
+ if (ret >= 0 && (flags & NFLOG_XML_CTID)) {
+ size = snprintf(buf + offset, rem,
+ "<ctid>%u</ctid>", ctid);
+ SNPRINTF_FAILURE(size, rem, offset, len);
+ }
+
ret = nflog_get_payload(tb, &data);
if (ret >= 0 && (flags & NFLOG_XML_PAYLOAD)) {
int i;
--
2.30.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH libnf-log] src: add conntrack ID to XML output
2021-10-12 4:39 ` [PATCH libnf-log] src: add conntrack ID to " Ken-ichirou MATSUZAWA
@ 2021-11-08 11:45 ` Pablo Neira Ayuso
0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2021-11-08 11:45 UTC (permalink / raw)
To: Ken-ichirou MATSUZAWA; +Cc: netfilter-devel
On Tue, Oct 12, 2021 at 01:39:14PM +0900, Ken-ichirou MATSUZAWA wrote:
> This patch enables to add conntrack ID as `ctid' element to XML output. Users
> could identify conntrack entries by this ID from another conntrack output.
Applied, thanks.
Please follow up to address comments from Jeremy regarding your ulogd2
patches.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-11-08 11:45 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-17 22:02 [RFC PATCH libnetfilter_log] src: support conntrack XML output Ken-ichirou MATSUZAWA
2021-10-11 23:36 ` Pablo Neira Ayuso
2021-10-12 4:39 ` [PATCH libnf-log] src: add conntrack ID to " Ken-ichirou MATSUZAWA
2021-11-08 11:45 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.