Pinkbyte/pinkbyte-overlay
1
Fork 0
Code Releases Activity

ebuild for ipt_NETFLOW(fixed version of ebuild from barzog-overlay)

Browse Source
This commit is contained in:
Sergey Popov 2011-10-28 15:46:10 +04:00
parent d8287f642a
commit 02d2a047e3
4 changed files with 522 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
net-analyzer/ipt_netflow/Manifest Normal file
View File

@ -0,0 +1,4 @@
AUX ipt_netflow-arguments-r1.patch 13323 RMD160 f7f90dbe123b1aa9303a66e198358ef6ae37b417 SHA1 3fcd94ff92e83653a43c2ac0271c0294bb713c39 SHA256 6afd4bc4f2e2ca07c8f8e6249ddcea39e210dfe3aebe629f7f48c42560b29634
DIST ipt_netflow-1.7.1.tgz 21263 RMD160 ae53cd9374d2419482efa789186dc7c631c6cfd3 SHA1 f244b2595aa39fb5a4100a3df6473b41832cdecb SHA256 d208dec7401404c21950c3d5db286649e17fbf7414d720d9dab7d9a6a88aba4a
EBUILD ipt_netflow-1.7.1.ebuild 1611 RMD160 493137f65ab2cb1e62474e0198d3be3273909d20 SHA1 a89a60af00d66283445d0ceaea6f811c5e105028 SHA256 30eec78388d6293154b982e42341a81600303505c80d0479ea98913cdd6de98a
EBUILD ipt_netflow-9999.ebuild 1631 RMD160 03135f702ecbcb582442beb5eb1a17ffd8ad894b SHA1 e6096bb71413f48a96ad720f2181510fd5f1f6aa SHA256 fe416ddadbd692f224b555bc19cef17d8a5a397a38d17b7149bc6adb1fa066be

389
net-analyzer/ipt_netflow/files/ipt_netflow-arguments-r1.patch Normal file
View File

@ -0,0 +1,389 @@
--- ipt_NETFLOW.c.orig 2011-05-14 14:53:49.000000000 +0300
+++ ipt_NETFLOW.c 2011-05-14 14:59:51.000000000 +0300
@@ -27,6 +27,7 @@
#include <linux/version.h>
#include <asm/unaligned.h>
#include "ipt_NETFLOW.h"
+#include "libipt_NETFLOW.h"
#ifdef CONFIG_BRIDGE_NETFILTER
#include <linux/netfilter_bridge.h>
#endif
@@ -962,6 +963,20 @@
pdu_traf = 0;
}
+__u32 __netflow_get_as(const enum ipt_netflow_flags f,const struct ipt_netflow *nf)
+{
+ __u32 ret=0;
+ switch(f){
+ case NETFLOW_CLASS: ret=nf->priority;break;
+ case NETFLOW_FWMARK: ret=nf->fwmark;break;
+#ifdef CONFIG_NETWORK_SECMARK
+ case NETFLOW_SECMARK: ret=nf->secmark;break;
+#endif
+ default: ret=~0;break;
+ }
+ return ret;
+}
+
static void netflow_export_flow(struct ipt_netflow *nf)
{
struct netflow5_record *rec;
@@ -991,10 +1006,29 @@
rec->tcp_flags = nf->tcp_flags;
rec->protocol = nf->tuple.protocol;
rec->tos = nf->tuple.tos;
- //rec->s_as = 0;
- //rec->d_as = 0;
rec->s_mask = nf->s_mask;
rec->d_mask = nf->d_mask;
+
+ if (nf->info){
+ const struct ipt_netflow_info* nfi= (const struct ipt_netflow_info* ) nf->info;
+ __u16 as_src=0;
+ __u16 as_dst=0;
+ if (nfi->flags & NETFLOW_AS_SRC)
+ as_src = nfi->as_src;
+ else
+ as_src = __netflow_get_as(nfi->as_src,nf)>>16;
+
+ if (nfi->flags & NETFLOW_AS_DST)
+ as_dst = nfi->as_dst;
+ else
+ as_dst = __netflow_get_as(nfi->as_dst,nf);
+ rec->s_as = htons(as_src);
+ rec->d_as = htons(as_dst);
+ }else{
+ rec->s_as = 0;
+ rec->d_as = 0;
+ }
+
//rec->padding = 0;
ipt_netflow_free(nf);
@@ -1119,6 +1153,31 @@
mod_timer(&rate_timer, jiffies + (HZ * SAMPLERATE));
}
+/*
+static int netflow_check(const struct xt_tgchk_param *target)
+{
+}
+*/
+
+static void netflow_destroy(const struct xt_tgdtor_param *target)
+{
+ __u8 found=0;
+ spin_lock_bh(&ipt_netflow_lock);
+ while (!list_empty(&ipt_netflow_list)) {
+ struct ipt_netflow *nf;
+
+ nf = list_entry(ipt_netflow_list.prev, struct ipt_netflow, list);
+ if (nf->info != target->targinfo) continue;
+ if (nf->info->flags)
+ found++;
+ else
+ nf->info=NULL;
+ }
+ spin_unlock_bh(&ipt_netflow_lock);
+ if (found)
+ netflow_scan_inactive_timeout(0);
+}
+
/* packet receiver */
static unsigned int netflow_target(
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
@@ -1285,6 +1344,9 @@
nf->s_mask = s_mask;
nf->d_mask = d_mask;
+ /// @BRIEF save our internal pointer
+ nf->info = (const struct ipt_netflow_info*) par->targinfo;
+
if (debug > 2)
printk(KERN_INFO "ipt_netflow: new (%u) %hd:%hd SRC=%u.%u.%u.%u:%u DST=%u.%u.%u.%u:%u\n",
atomic_read(&ipt_netflow_count),
@@ -1303,6 +1365,12 @@
nf->ts_last = jiffies;
nf->tcp_flags |= tcp_flags;
+ nf->priority = skb->priority;
+ nf->fwmark = skb->mark;
+#ifdef CONFIG_NETWORK_SECMARK
+ nf->secmark = skb->secmark;
+#endif
+
NETFLOW_STAT_INC(pkt_total);
NETFLOW_STAT_ADD(traf_total, ntohs(iph->tot_len));
@@ -1326,6 +1394,9 @@
static struct ipt_target ipt_netflow_reg = {
.name = "NETFLOW",
.target = netflow_target,
+// .checkentry = netflow_check,
+ .destroy = netflow_destroy,
+ .targetsize = sizeof(struct ipt_netflow_info),
.family = AF_INET,
#ifndef RAW_PROMISC_HACK
.table = "filter",
--- ipt_NETFLOW.h.orig 2011-05-14 15:00:40.000000000 +0300
+++ ipt_NETFLOW.h 2011-05-14 15:01:40.000000000 +0300
@@ -83,6 +83,13 @@
unsigned long ts_first;
unsigned long ts_last;
__u8 tcp_flags; /* `OR' of all tcp flags */
+
+#ifdef CONFIG_NETWORK_SECMARK
+ __u32 secmark;
+#endif
+ __u32 fwmark;
+ __u32 priority;
+ const struct ipt_netflow_info *info;
};
static inline int ipt_netflow_tuple_equal(const struct ipt_netflow_tuple *t1,
--- libipt_NETFLOW.c.orig 2011-05-14 15:01:57.000000000 +0300
+++ libipt_NETFLOW.c 2011-05-14 15:09:11.000000000 +0300
@@ -17,6 +17,8 @@
#include <iptables.h>
#endif
+#include "libipt_NETFLOW.h"
+
#ifdef XTABLES_VERSION_CODE // since 1.4.1
#define MOD140
#define iptables_target xtables_target
@@ -39,40 +41,177 @@
#define _IPT_IP struct ipt_ip
#endif
-static struct option opts[] = {
- {0}
+static struct option NETFLOW_opts[] = {
+ {"netflow-collector", 1, NULL, NETFLOW_COLLECTOR},
+ {"netflow-class", 1, NULL, NETFLOW_CLASS},
+ {"netflow-fwmark", 1, NULL, NETFLOW_FWMARK},
+ {"netflow-secmark", 1, NULL, NETFLOW_SECMARK},
+ {"netflow-src-as", 1, NULL, NETFLOW_AS_SRC},
+ {"netflow-dst-as", 1, NULL, NETFLOW_AS_DST},
+ {0}
};
-static void help(void)
+static void NETFLOW_help(void)
+{
+ printf( "NETFLOW target:\n"
+ "--netflow-collector \"ip:port[,ip:port....]\" where to send theese netflows...\n"
+ "--netflow-class src | dst | full AS source and/or destination is QDISC/CLASS\n"
+ "--netflow-fwmark src | dst | full AS source and/or destination is FWMARK\n"
+ "--netflow-secmark src | dst | full AS source and/or destination is SECMARK\n"
+ "--netflow-src-as ID16 AS source will be filled with this ID\n"
+ "--netflow-dst-as ID16 AS destination will be filled with this ID\n"
+ "\n"
+ );
+}
+
+static void NETFLOW_init(struct ipt_entry_target *t)
{
- printf( "NETFLOW target\n");
+ struct ipt_netflow_info *nf= (struct ipt_netflow_info*) t->data;
+ nf->flags = 0;
+ nf->as_src = 0;
+ nf->as_dst = 0;
}
//static int parse(int c, char **argv, int invert, unsigned int *flags,
// const _IPT_ENTRY *entry,
// struct ipt_entry_target **target)
-static int parse(int c, char **argv, int invert, unsigned int *flags,
+static int NETFLOW_parse(int c, char **argv, int invert, unsigned int *flags,
const _IPT_ENTRY *entry,
struct ipt_entry_target **targetinfo)
+{
+ struct ipt_netflow_info *nf= (struct ipt_netflow_info*) (*targetinfo)->data;
+ const char *opt=argv[optind];
+
+ xtables_param_act(XTF_ONLY_ONCE, "NETFLOW", opt, *flags & c);
+ xtables_param_act(XTF_NO_INVERT, "NETFLOW", opt, invert);
+ opt=optarg;
+
+ switch(c) {
+ case NETFLOW_COLLECTOR: break;
+ case NETFLOW_CLASS:
+ case NETFLOW_FWMARK:
+ case NETFLOW_SECMARK:
+ if ( !opt || strlen(opt) == 0 )
+ xtables_error(PARAMETER_PROBLEM,"Where do I store this?");
+ if ( strcmp(opt,"full")==0 ){
+ if (nf->as_src | nf->as_dst)
+ xtables_error(PARAMETER_PROBLEM, "One of fields is already used");
+ nf->as_src |= c;
+ nf->as_dst |= c;
+ }else if( strcmp(opt,"src")==0){
+ if (nf->as_src)
+ xtables_error(PARAMETER_PROBLEM, "AS_SRC field already used");
+ nf->as_src |= c;
+ }else if( strcmp(opt,"dst")==0){
+ if (nf->as_dst)
+ xtables_error(PARAMETER_PROBLEM, "AS_DST field already used");
+ nf->as_dst |= c;
+ }else
+ xtables_error(PARAMETER_PROBLEM, "Unsupported mode %s (valid ones: src, dst, full)",opt);
+ break;
+ case NETFLOW_AS_SRC:
+ case NETFLOW_AS_DST:
+ if ( !opt || strlen(opt)==0)
+ xtables_error(PARAMETER_PROBLEM, "No AS number provided");
+ __u16 *as=NULL;
+ if (c==NETFLOW_AS_SRC)
+ as=&nf->as_src;
+ else
+ as=&nf->as_dst;
+ if (*as)
+ xtables_error(PARAMETER_PROBLEM, "AS field already in use");
+
+ if (! (*as=atoi(optarg)))
+ xtables_error(PARAMETER_PROBLEM, "AS not number or zero");
+ break;
+ default: return 0;
+ break;
+ }
+ nf->flags |= c;
+ *flags |= c;
+ return 1;
+}
+
+static void NETFLOW_check(unsigned int flags)
{
+ if (flags & NETFLOW_COLLECTOR)
+ xtables_error(PARAMETER_PROBLEM, "Collector address for now is unsupported");
+}
- return 1;
+void check_field(short mode,const struct ipt_netflow_info *nf, const enum ipt_netflow_flags f)
+{
+ if (mode == 3 && nf->as_src & f && nf->as_dst & f)
+ printf("full ");
+ else if (mode & 1 && nf->as_src & f)
+ printf("src ");
+ else if (mode & 2 && nf->as_dst & f)
+ printf("dst ");
+ else
+ printf("ERROR ");
}
-static void final_check(unsigned int flags)
+static void NETFLOW_save(const _IPT_IP *ip, const struct ipt_entry_target *target)
{
+ const struct ipt_netflow_info *nf = (const struct ipt_netflow_info*) target->data;
+
+ __u8 mode=3;
+ if (nf->flags & NETFLOW_AS_SRC){
+ printf("--netflow-src-as %u ", nf->as_src);
+ mode &= ~1;
+ }
+ if (nf->flags & NETFLOW_AS_DST){
+ printf("--netflow-dst-as %u ", nf->as_dst);
+ mode &= ~2;
+ }
+ if (nf->flags & NETFLOW_CLASS){
+ printf("--netflow-class ");
+ check_field(mode,nf,NETFLOW_CLASS);
+ }
+ if (nf->flags & NETFLOW_FWMARK){
+ printf("--netflow-fwmark ");
+ check_field(mode,nf,NETFLOW_FWMARK);
+ }
+ if (nf->flags & NETFLOW_SECMARK){
+ printf("--netflow-secmark ");
+ check_field(mode,nf,NETFLOW_SECMARK);
+ }
}
-static void save(const _IPT_IP *ip, const struct ipt_entry_target *match)
+void check_print(const enum ipt_netflow_flags f)
{
+ switch(f){
+ case 0: printf("UNUSED ");break;
+ case NETFLOW_CLASS: printf("class ");break;
+ case NETFLOW_FWMARK: printf("fwmark ");break;
+ case NETFLOW_SECMARK: printf("secmark ");break;
+ default: printf("unknown(%0x) ",f);break;
+ }
}
-static void print(const _IPT_IP *ip,
+static void NETFLOW_print(const _IPT_IP *ip,
const struct ipt_entry_target *target,
int numeric)
{
+ const struct ipt_netflow_info *nf = (const struct ipt_netflow_info*) target->data;
printf("NETFLOW ");
+ if (! nf->flags)
+ return;
+ printf("AS: ");
+ if (nf->flags & NETFLOW_AS_SRC && nf->flags & NETFLOW_AS_DST)
+ printf("AS%u ",(__u32) (nf->as_src<<16)+nf->as_dst);
+ else if (nf->flags & NETFLOW_AS_SRC){
+ printf("AS%u ",nf->as_src);
+ check_print(nf->as_dst);
+ }else if(nf->flags & NETFLOW_AS_DST){
+ check_print(nf->as_src);
+ printf("AS%u ",nf->as_dst);
+ }else if(nf->as_src==nf->as_dst)
+ check_print(nf->flags);
+ else{
+ check_print(nf->as_src);
+ check_print(nf->as_dst);
+ }
}
static struct iptables_target netflow = {
@@ -86,14 +225,15 @@
#else
.version = IPTABLES_VERSION,
#endif
- .size = IPT_ALIGN(0),
- .userspacesize = IPT_ALIGN(0),
- .help = &help,
- .parse = &parse,
- .final_check = &final_check,
- .print = &print,
- .save = &save,
- .extra_opts = opts
+ .size = IPT_ALIGN(sizeof(struct ipt_netflow_info)),
+ .userspacesize = IPT_ALIGN(sizeof(struct ipt_netflow_info)),
+ .help = NETFLOW_help,
+ .init = NETFLOW_init,
+ .parse = NETFLOW_parse,
+ .final_check = NETFLOW_check,
+ .print = NETFLOW_print,
+ .save = NETFLOW_save,
+ .extra_opts = NETFLOW_opts
};
#ifndef _init
--- libipt_NETFLOW.h.orig 1970-01-01 03:00:00.000000000 +0300
+++ libipt_NETFLOW.h 2011-05-14 15:10:12.000000000 +0300
@@ -0,0 +1,20 @@
+#ifndef _LIBIP_NETFLOW_H
+#define _LIBIP_NETFLOW_H
+
+enum ipt_netflow_flags {
+ NETFLOW_COLLECTOR = 0x01,
+ NETFLOW_FWMARK = 0x02,
+ NETFLOW_SECMARK = 0x04,
+ NETFLOW_CLASS = 0x08,
+ NETFLOW_AS_SRC = 0x10,
+ NETFLOW_AS_DST = 0x20,
+};
+
+struct ipt_netflow_info {
+ __u8 flags;
+ __u16 as_src;
+ __u16 as_dst;
+};
+
+#endif
+/* vim: set sw=8: */

65
net-analyzer/ipt_netflow/ipt_netflow-1.7.1.ebuild Normal file
View File

@ -0,0 +1,65 @@
# Copyright 1999-2010 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-emulation/kvm-kmod/kvm-kmod-88-r1.ebuild,v 1.1 2009/07/27 13:57:06 dang Exp $
EAPI="2"
inherit eutils linux-mod multilib
DESCRIPTION="Netflow iptables module"
HOMEPAGE="http://sourceforge.net/projects/ipt-netflow"
MY_PN=${PN/_/-}
SRC_URI="mirror://sourceforge/${MY_PN}/${P}.tgz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~x86 ~amd64 ~ppc ~ia64"
IUSE=""
RDEPEND="net-firewall/iptables"
DEPEND="${RDEPEND}
virtual/linux-sources"
#S=${WORKDIR}/${PN}
BUILD_TARGETS="all"
ARCH=$(tc-arch-kernel)
MODULE_NAMES="ipt_NETFLOW(ipt_netflow:${S})"
pkg_setup() {
linux-info_pkg_setup
CONFIG_CHECK="IP_NF_IPTABLES"
linux-mod_pkg_setup
}
src_prepare() {
# OK, let's deal with this mess...
sed -i 's:-I$(KDIR)/include::' Makefile.in || die "sed failed"
sed -i 's:gcc -O2:$(CC) $(LDFLAGS) $(CFLAGS):' Makefile.in || die "sed failed!"
sed -i 's:gcc:$(CC) $(LDFLAGS) $(CFLAGS):' Makefile.in || die "sed failed!"
cp "${S}"/Makefile{.in,}
epatch ${FILESDIR}/ipt_netflow-arguments-r1.patch
}
src_configure() {
cd ${S}
./configure
}
src_compile() {
local IPT_VERSION=`pkg-config --modversion xtables`
local IPT_LIB=/usr/$(get_libdir)/xtables
MAKEOPTS="-j1"
emake KDIR="${KV_DIR}" KVERSION="${KV_FULL}" IPTABLES_VERSION="${IPT_VERSION}" \
IPTABLES_MODULES="${IPT_LIB}" IPTSRC="" all || die "emake failed"
}
src_install() {
linux-mod_src_install
exeinto /usr/$(get_libdir)/xtables
doexe libipt_NETFLOW.so
insinto /usr/include
doins ipt_NETFLOW.h
dodoc README
}

64
net-analyzer/ipt_netflow/ipt_netflow-9999.ebuild Normal file
View File

@ -0,0 +1,64 @@
# Copyright 1999-2010 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-emulation/kvm-kmod/kvm-kmod-88-r1.ebuild,v 1.1 2009/07/27 13:57:06 dang Exp $
EAPI="2"
inherit git eutils linux-mod multilib
EGIT_PROJECT="ipt_netflow"
EGIT_REPO_URI="git://ipt-netflow.git.sourceforge.net/gitroot/ipt-netflow/ipt-netflow"
DESCRIPTION="Netflow iptables module"
HOMEPAGE="http://sourceforge.net/projects/ipt-netflow"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS=""
IUSE=""
RDEPEND="net-firewall/iptables"
DEPEND="${RDEPEND}
virtual/linux-sources"
S=${WORKDIR}/${PN}
BUILD_TARGETS="all"
ARCH=$(tc-arch-kernel)
MODULE_NAMES="ipt_NETFLOW(ipt_netflow:${S})"
pkg_setup() {
linux-info_pkg_setup
CONFIG_CHECK="IP_NF_IPTABLES"
linux-mod_pkg_setup
}
src_prepare() {
# OK, let's deal with this mess...
sed -i 's:-I$(KDIR)/include::' Makefile.in || die "sed failed"
sed -i 's:gcc -O2:$(CC) $(LDFLAGS) $(CFLAGS):' Makefile.in || die "sed failed!"
sed -i 's:gcc:$(CC) $(LDFLAGS) $(CFLAGS):' Makefile.in || die "sed failed!"
cp "${S}"/Makefile{.in,}
epatch ${FILESDIR}/ipt_netflow-arguments-r1.patch
}
src_configure() {
cd ${S}
./configure
}
src_compile() {
local IPT_VERSION=`pkg-config --modversion xtables`
local IPT_LIB=/$(get_libdir)/xtables
MAKEOPTS="-j1"
emake KDIR="${KV_DIR}" KVERSION="${KV_FULL}" IPTABLES_VERSION="${IPT_VERSION}" \
IPTABLES_MODULES="${IPT_LIB}" IPTSRC="" all || die "emake failed"
}
src_install() {
linux-mod_src_install
exeinto /$(get_libdir)/xtables
doexe libipt_NETFLOW.so
insinto /usr/include
doins ipt_NETFLOW.h
dodoc README
}