From 835110044bd970518e10b28348ce6619818ce363 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Sun, 18 May 2008 18:35:35 +0200 Subject: Remove obsolete patches and files and move ulogd to repository top-level directory --- README | 70 +++++++++++++++++++++++++++++++++++++++--------------------------- 1 file changed, 41 insertions(+), 29 deletions(-) (limited to 'README') diff --git a/README b/README index 04f8f71..3510007 100644 --- a/README +++ b/README @@ -1,12 +1,18 @@ -Userspace logging facility for netfilter / linux 2.4 -$Id: README,v 1.2 2000/09/22 06:57:16 laforge Exp $ +Userspace logging facility for iptables / linux 2.4 +$Id: README,v 1.7 2002/04/16 12:44:41 laforge Exp $ + +Project Homepage: http://www.gnumonks.org/projects/ulogd +Mailinglist: http://lists.gnumonks.org/mailman/listinfo/ulogd/ + +This is just a short README, pleaes see the more extensive documentation +in the doc/ subdirectory. ===> IDEA This packages is intended for passing packets from the kernel to userspace to do some logging there. It should work like that: -- Register a target called ULOG with netfilter +- Register a target called ULOG with iptables - if the target is hit: - send the packet out using netlink multicast facility - return NF_CONTINUE immediately @@ -19,42 +25,45 @@ More than one logging daemon may listen to the netlink multicast address. ===> CONTENTS -The package is consisting out of three parts: - -NOTE: -ipt_ULOG and libipt_ULOG are NOW INCLUDED IN NETFILTER patch-o-matic. -I strongly recommend using the latest package or even CVS from -http://netfilter.samba.org - -1. Netfilter target ipt_ULOG -This is the kernel module which does the kernel part of packet passing to -the userspace. This module is inserted on demand through the netfilter -subsystem as soon as You add a rule with the target ULOG to any chain. - -2. iptables plugin (libipt_ULOG.so) -This is a plugin for the netfilter configuration tool iptables. Just put -it to /usr/local/lib/iptables and it is loaded on demand from iptables. - -3. Ulog library (libipulog.a) += Ulog library (libipulog.a) Just a little library like libipq.a which provides a convenient way to write userspace logging daemons. The functions provided are described in the source code, a small demo program (ulog_test) is also included. -4. ulogd daemon (ulogd) += ulogd daemon (ulogd) A sophisticated logging daemon which uses libipulog. The daemon provides an easy to use plugin interface to write additional packet interpreters and output targets. Example plugins (interpreter: ip, tcp, icmp output: simple logging to a file) are included. += documentation (doc) +A quite verbose documentation of this package and it's configuration exists, +please actually make use of it and read it :) + ===> USAGE -Just apply the kernel patch and enable the kernel config option -CONFIG_IP_NF_TARGET_ULOG in the netfilter subsection of the network options. -Then recompile the kernel or just recompile the netfilter modules using -'make modules SUBDIRS=net/ipv4/netfilter'. -Next step is installing the module using 'make modules_install' +The kernel part of the userspace logging facility (ipt_ULOG.o) is included +in kernels >= 2.4.18-pre8. If you are running older kernel versions, you MUST +install the ulog-patch from netfilter patch-o-matic FIRST !! + +Please go to the netfilter homepage (http://www.netfilter.org/) +and download the latest iptables package. There is a system called +patch-o-matic, which manages recent netfilter development, which has +not been included in the stock kernel yet. + +Just apply the ulog-patch from patch-o-matic (there is some documentation +included in the iptables package how to use patch-o-matic). -To use the iptables plugin, copy libipt_ULOG.so to /usr/local/lib/iptables +Next you have to enable the kernel config option CONFIG_IP_NF_TARGET_ULOG in +the netfilter subsection of the network options. + +Then recompile the kernel or just recompile the netfilter modules using 'make +modules SUBDIRS=net/ipv4/netfilter'. Next step is installing the module using +'make modules_install' + +It is also a good idea to recompile and re-install the iptables package, +if you don't already have libipt_ULOG.so in /usr/local/lib/iptables or +/usr/lib/iptables Now You are ready to go. You may now insert logging rules to every chain. To see the full syntax, type 'iptables -j ULOG -h' @@ -72,14 +81,17 @@ group 32. All packets get tagged with the ulog prefix "inp" iptables -A INPUT -j ULOG -p tcp --dport 80 --ulog-nlgroup 32 --ulog-prefix inp -In the latest Version (0.2) I added another parameter (--ulog-cprange). +Since version 0.2, I added another parameter (--ulog-cprange). Using this parameter You are able to specify how much octets of the packet should be copied from the kernel to userspace. Setting --ulog-cprange to 0 does always copy the whole packet. Default is 0 ===> COPYRIGHT + CREDITS -The code is (C) 2000 by Harald Welte +The code is (C) 2000-2003 by Harald Welte + +Thanks also to the valuable Contributions of Daniel Stone, Alexander +Janssen and Michael Stolovitzsky. Credits to Rusty Russel, James Morris, Marc Boucher and all the other netfilter hackers. -- cgit v1.2.3