diff options
authorlaforge <laforge>2005-10-15 18:19:08 +0000
committerlaforge <laforge>2005-10-15 18:19:08 +0000
commitbd214d4b5e4a88b39a798bc5efd63a8462779e58 (patch)
parent64738c89a10db4beaf6d950fe68089ce2b38452c (diff)
update readme and todo
2 files changed, 21 insertions, 39 deletions
diff --git a/README b/README
index 545e7f7..31549a4 100644
--- a/README
+++ b/README
@@ -1,4 +1,5 @@
-Userspace logging facility for iptables / linux 2.4
+Userspace logging daemon for netfilter/iptables
Project Homepage:
@@ -9,7 +10,16 @@ in the doc/ subdirectory.
===> IDEA
-This packages is intended for passing packets from the kernel to userspace
+This packages is intended for doing all netfilter related logging inside a
+userspace process. This includes
+ - logging of ruleset violations via ipt_ULOG (kernel 2.4.18+)
+ - logging of ruleset violations via nfnetlink_log (kernel 2.6.14+)
+ - logging of connection startup/teardown (kernel 2.6.14+)
+ - connection-based accounting (kernel 2.6.14+)
+The to-be-logged information
+from passing packets from the kernel to userspace
to do some logging there. It should work like that:
- Register a target called ULOG with iptables
@@ -31,10 +41,11 @@ write userspace logging daemons. The functions provided are described
in the source code, a small demo program (ulog_test) is also included.
= ulogd daemon (ulogd)
-A sophisticated logging daemon which uses libipulog. The daemon provides
-an easy to use plugin interface to write additional packet interpreters and
-output targets. Example plugins (interpreter: ip, tcp, icmp output: simple
-logging to a file) are included.
+A sophisticated logging daemon core which uses a plugin for about anything. The
+daemon provides a plugin API for
+ - input plugins
+ - filter plugins
+ - output plugins
= documentation (doc)
A quite verbose documentation of this package and it's configuration exists,
@@ -88,10 +99,10 @@ Setting --ulog-cprange to 0 does always copy the whole packet. Default is 0
-The code is (C) 2000-2004 by Harald Welte <>
+The code and documentation is (C) 2000-2005 by Harald Welte <>
-Thanks also to the valuable Contributions of Daniel Stone, Alexander
-Janssen and Michael Stolovitzsky.
+Thanks also to the valuable contributions of Daniel Stone, Alexander Janssen,
+Michael Stolovitzsky and Jozsef Kadlecsik.
Credits to Rusty Russell, James Morris, Marc Boucher and all the other
netfilter hackers.
diff --git a/TODO b/TODO
index 3ab6194..1a92f6a 100644
--- a/TODO
+++ b/TODO
@@ -1,37 +1,8 @@
-X handle multi-part nlmsgs
-- Error checking at netlink socket
-- forward port my timeout enabled read-function from libipq to libipulog
-- man pages
-X queue the logging in the kernel and send multiple packets in one
- multipart nlmsg
-X add timer to flush queue in user-defineable time intervals
-- IPv6 ULOG target
-X MYSQL output plugin
-X syslog compatibility output plugin
-- autoconf-detection of ipt_ULOG.h
-X _fini() support for plugin destructors (needed for clean shutdown and
- SIGHUP configfile reload
-X commandline option for "to fork or not to fork"
-X various command line options (we don't even have --version)
+- autoconf/automake detection of libulog, mysql, pgsql, sqlite3, pcap
- add support for capabilities to run as non-root
-X big endian fixes
-X man pages
- IPv6 support (core and extensions)
-X pcap output plugin (to use ethereal/tcpdump/... for the logs)
- enable user to specify directory where to look for kernel include files
- support for static linking
-- make core maintain a list of keyid's that all the output plugins are
- interested. The interpreters would be called with their respective
- section of that list, and only compute those values that are actually
- used by any of the running output plugins
- issues with ulogd_BASE and partially copied packets (--ulog-cprange)
- problem wrt. ulogd_BASE and fragments
-- implement extension SIGHUP handlers (including config re-parse)
-- rewrite parser. This stuff is a real mess. Anybody interested?