Hithero, ulogd has only fully supported handling ARP headers that are present in
`NFPROTO_BRIDGE` packets.
Add support for handling ARP packets in their own right.
Reported-by: Slavko <linux@xxxxxxxxxx>
Signed-off-by: Jeremy Sowden <jeremy@xxxxxxxxxx>
---
filter/raw2packet/ulogd_raw2packet_BASE.c | 2 ++
filter/ulogd_filter_IP2BIN.c | 24 +++++++++++++++++++++--
filter/ulogd_filter_IP2HBIN.c | 23 +++++++++++++++++++++-
filter/ulogd_filter_IP2STR.c | 1 +
util/printpkt.c | 3 +++
5 files changed, 50 insertions(+), 3 deletions(-)
diff --git a/filter/raw2packet/ulogd_raw2packet_BASE.c b/filter/raw2packet/ulogd_raw2packet_BASE.c
index 4b6096421b71..2c0d16449cf1 100644
--- a/filter/raw2packet/ulogd_raw2packet_BASE.c
+++ b/filter/raw2packet/ulogd_raw2packet_BASE.c
@@ -960,6 +960,8 @@ static int _interp_pkt(struct ulogd_pluginstance *pi)
return _interp_ipv6hdr(pi, len);
case NFPROTO_BRIDGE:
return _interp_bridge(pi, len);
+ case NFPROTO_ARP:
+ return _interp_arp(pi, len);
}
return ULOGD_IRET_OK;
}
diff --git a/filter/ulogd_filter_IP2BIN.c b/filter/ulogd_filter_IP2BIN.c
index 9bbeebbb711e..9e6f3a929058 100644
--- a/filter/ulogd_filter_IP2BIN.c
+++ b/filter/ulogd_filter_IP2BIN.c
@@ -39,7 +39,9 @@ enum input_keys {
KEY_ORIG_IP_DADDR,
KEY_REPLY_IP_SADDR,
KEY_REPLY_IP_DADDR,
- MAX_KEY = KEY_REPLY_IP_DADDR,
+ KEY_ARP_SPA,
+ KEY_ARP_TPA,
+ MAX_KEY = KEY_ARP_TPA,
};
static struct ulogd_key ip2bin_inp[] = {
@@ -83,6 +85,16 @@ static struct ulogd_key ip2bin_inp[] = {
.flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL,
.name = "reply.ip.daddr",
},
+ [KEY_ARP_SPA] = {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL,
+ .name = "arp.saddr",
+ },
+ [KEY_ARP_TPA] = {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL,
+ .name = "arp.daddr",
+ },
};
static struct ulogd_key ip2bin_keys[] = {
@@ -110,7 +122,14 @@ static struct ulogd_key ip2bin_keys[] = {
.type = ULOGD_RET_RAWSTR,
.name = "reply.ip.daddr.bin",
},
-
+ {
+ .type = ULOGD_RET_RAWSTR,
+ .name = "arp.saddr.bin",
+ },
+ {
+ .type = ULOGD_RET_RAWSTR,
+ .name = "arp.daddr.bin",
+ },
};
static char ipbin_array[MAX_KEY - START_KEY + 1][FORMAT_IPV6_BUFSZ];
@@ -150,6 +169,7 @@ static int interp_ip2bin(struct ulogd_pluginstance *pi)
addr_family = AF_INET6;
break;
case NFPROTO_IPV4:
+ case NFPROTO_ARP:
addr_family = AF_INET;
break;
case NFPROTO_BRIDGE:
diff --git a/filter/ulogd_filter_IP2HBIN.c b/filter/ulogd_filter_IP2HBIN.c
index 081b757a6f1a..38306e8406a2 100644
--- a/filter/ulogd_filter_IP2HBIN.c
+++ b/filter/ulogd_filter_IP2HBIN.c
@@ -40,7 +40,9 @@ enum input_keys {
KEY_ORIG_IP_DADDR,
KEY_REPLY_IP_SADDR,
KEY_REPLY_IP_DADDR,
- MAX_KEY = KEY_REPLY_IP_DADDR,
+ KEY_ARP_SPA,
+ KEY_ARP_TPA,
+ MAX_KEY = KEY_ARP_TPA,
};
static struct ulogd_key ip2hbin_inp[] = {
@@ -84,6 +86,16 @@ static struct ulogd_key ip2hbin_inp[] = {
.flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL,
.name = "reply.ip.daddr",
},
+ [KEY_ARP_SPA] = {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL,
+ .name = "arp.saddr",
+ },
+ [KEY_ARP_TPA] = {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL,
+ .name = "arp.daddr",
+ },
};
static struct ulogd_key ip2hbin_keys[] = {
@@ -111,6 +123,14 @@ static struct ulogd_key ip2hbin_keys[] = {
.type = ULOGD_RET_IPADDR,
.name = "reply.ip.hdaddr",
},
+ {
+ .type = ULOGD_RET_IPADDR,
+ .name = "arp.hsaddr",
+ },
+ {
+ .type = ULOGD_RET_IPADDR,
+ .name = "arp.hdaddr",
+ },
};
static void ip2hbin(struct ulogd_key *inp, int i, struct ulogd_key *outp, int o,
@@ -140,6 +160,7 @@ static int interp_ip2hbin(struct ulogd_pluginstance *pi)
addr_family = AF_INET6;
break;
case NFPROTO_IPV4:
+ case NFPROTO_ARP:
addr_family = AF_INET;
break;
case NFPROTO_BRIDGE:
diff --git a/filter/ulogd_filter_IP2STR.c b/filter/ulogd_filter_IP2STR.c
index 3d4d6e9dc897..12a376efafe4 100644
--- a/filter/ulogd_filter_IP2STR.c
+++ b/filter/ulogd_filter_IP2STR.c
@@ -175,6 +175,7 @@ static int interp_ip2str(struct ulogd_pluginstance *pi)
addr_family = AF_INET6;
break;
case NFPROTO_IPV4:
+ case NFPROTO_ARP:
addr_family = AF_INET;
break;
case NFPROTO_BRIDGE:
diff --git a/util/printpkt.c b/util/printpkt.c
index 2fecd50e233c..93fe4722d63c 100644
--- a/util/printpkt.c
+++ b/util/printpkt.c
@@ -467,6 +467,9 @@ int printpkt_print(struct ulogd_key *res, char *buf)
case NFPROTO_BRIDGE:
buf_cur += printpkt_bridge(res, buf_cur);
break;
+ case NFPROTO_ARP:
+ buf_cur += printpkt_arp(res, buf_cur);
+ break;
}
if (pp_is_valid(res, KEY_OOB_UID))
--
2.47.2
