summaryrefslogtreecommitdiffstats
path: root/README
diff options
context:
space:
mode:
Diffstat (limited to 'README')
-rw-r--r--README85
1 files changed, 85 insertions, 0 deletions
diff --git a/README b/README
new file mode 100644
index 0000000..d6d2017
--- /dev/null
+++ b/README
@@ -0,0 +1,85 @@
+Userspace logging facility for netfilter / linux 2.4
+$Id: README,v 1.3 2001/01/30 09:29:42 laforge Exp $
+
+===> IDEA
+
+This packages is intended for passing packets from the kernel to userspace
+to do some logging there. It should work like that:
+
+- Register a target called ULOG with netfilter
+- if the target is hit:
+ - send the packet out using netlink multicast facility
+ - return NF_CONTINUE immediately
+
+New with ipt_ULOG 0.8 we can accumulate packets in userspace and send
+them in small batches (1-50) to userspace. This reduces the amount of
+expensive context switches.
+
+More than one logging daemon may listen to the netlink multicast address.
+
+===> CONTENTS
+
+= Ulog library (libipulog.a)
+Just a little library like libipq.a which provides a convenient way to
+write userspace logging daemons. The functions provided are described
+in the source code, a small demo program (ulog_test) is also included.
+
+= ulogd daemon (ulogd)
+A sophisticated logging daemon which uses libipulog. The daemon provides
+an easy to use plugin interface to write additional packet interpreters and
+output targets. Example plugins (interpreter: ip, tcp, icmp output: simple
+logging to a file) are included.
+
+===> USAGE
+
+YOU MUST INSTALL THE ulog-patch from netfilter patch-o-matic FIRST !!
+
+Please go to the netfilter homepage (http://netfilter.gnumonks.org/)
+and download the latest iptables package. There is a system called
+patch-o-matic, which manages recent netfilter development, which has
+not been included in the stock kernel yet.
+
+Just apply the ulog-patch from patch-o-matic (there is some documentation
+included in the iptables package how to use patch-o-matic).
+
+Next you have to enable the kernel config option CONFIG_IP_NF_TARGET_ULOG in
+the netfilter subsection of the network options.
+
+Then recompile the kernel or just recompile the netfilter modules using 'make
+modules SUBDIRS=net/ipv4/netfilter'. Next step is installing the module using
+'make modules_install'
+
+It is also a good idea to recompile and re-install the iptables package,
+if you don't already have libipt_ULOG.so in /usr/local/lib/iptables or
+/usr/lib/iptables
+
+Now You are ready to go. You may now insert logging rules to every chain.
+To see the full syntax, type 'iptables -j ULOG -h'
+
+===> EXAMPLES
+
+At first a simple example, which passes every outgoing packet to the
+userspace logging, using netlink multicast group 3.
+
+iptables -A OUTPUT -j ULOG --ulog-nlgroup 3
+
+A more advanced one, passing all incoming tcp packets with destination
+port 80 to the userspace logging daemon listening on netlink multicast
+group 32. All packets get tagged with the ulog prefix "inp"
+
+iptables -A INPUT -j ULOG -p tcp --dport 80 --ulog-nlgroup 32 --ulog-prefix inp
+
+In the latest Version (0.2) I added another parameter (--ulog-cprange).
+Using this parameter You are able to specify how much octets of the
+packet should be copied from the kernel to userspace.
+Setting --ulog-cprange to 0 does always copy the whole packet. Default is 0
+
+===> COPYRIGHT + CREDITS
+
+The code is (C) 2000 by Harald Welte <laforge@gnumonks.org>
+
+Thanks also to the valuable Contributions of Daniel Stone and Alexander
+Janssen.
+
+Credits to Rusty Russel, James Morris, Marc Boucher and all the other
+netfilter hackers.