summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* DB output: fix crash in SIGHUP handlingEric Leblond2010-09-221-8/+15
| | | | | | This patch fixes the handling of SIGHUP when a SQL plugin is used. A freed structure was previoulsy used to build the request and this was leading to a crash.
* HWHDR: Fix various crashesEric Leblond2010-09-221-19/+17
| | | | | | This patch fixes the HWHDR plugin. The logic of the interaction with exiting plugin was not correctly coded and this was leading to crashes due to the lack of sanity check.
* autoconf: fix sqlite configure description message.Eric Leblond2010-09-221-2/+2
| | | | | This patch fixes configure message as pointed out by http://bugzilla.netfilter.org/show_bug.cgi?id=594
* ulogd.conf: fix mysql definition for NFCTEric Leblond2010-09-221-1/+1
| | | | Mysql definition for NFCT usage was not correct.
* Mysql schema: fix procedure declarationEric Leblond2010-09-221-2/+2
| | | | | | It seems that some version of MySQL were more delicate about comment in procedure. THis patch fixes a problem with a procedure comment and fix the inner code which was not using the correct variable.
* Mysql schema: fix delimiterEric Leblond2010-09-221-15/+25
| | | | | | | The use of delimiter was not correct in the MySQL schema. This patch fixes this issue my correctly switching from ";" to "$$" when needed. Based on a patch by Bruno Friedmann <bruno@ioda-net.ch>
* pcap: fix packet length handlingJan Andres2010-09-061-3/+21
| | | | | | | | | | | | | | | | | | | | | | | | Currently, the PCAP output plugin uses ip.totlen to determine both the "len" and "caplen" pcap header fields, as well as the amount of packet data written to the file. There are two issues with this: - For obvious reasons it doesn't work for IPv6. - AFAICT, in case of an incompletely captured packet (--nflog-range) it will attempt to write out the whole packet, not just the part captured. This patch changes the behavior to: - Use raw.pktlen to set the "caplen" field, and the amount of data written. - Determine the "len" (original length) field from ip.totlen or ip6.payload_len if possible, default to the same value as "caplen" otherwise. Signed-off-by: Jan Andres <jandres@gmx.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: remove obsolete reference to debian/ dir in Makefileulogd-2.0.0beta4Pablo Neira Ayuso2010-07-161-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: bump version to 2.0.0beta4 and update dependenciesPablo Neira Ayuso2010-07-161-2/+2
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* IPFIX: remove plugin until it is usablePablo Neira Ayuso2010-06-171-4/+1
| | | | | | | | | This patch removes the IPFIX from the Makefile. Thus, we keep it in the tree in the hope that we'll have time to finish it in the future but don't compile it. This confuses users since they think that it works. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: copy the conntrack object to the plugin oncePablo Neira Ayuso2010-06-171-1/+8
| | | | | | | With this patch, we copy the conntrack object that we propagate to the output plugin instances *only once*. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* fix wrong list addition in plugin re-use logicPablo Neira Ayuso2010-06-171-1/+1
| | | | | | | | | | This patch fixes a bug that makes ulogd loops forever while propagating inputs to the output plugin. It is reproducible if you re-use three or more plugin instances. The problem is that the parameters in the list addition are in incorrect order. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: fix plugin re-use in different stacksPablo Neira Ayuso2010-06-171-4/+6
| | | | | | | | | | This patch fixes a problem in configurations that use the NFCT plugin as input in several stacks. The first plugin loaded contains the hashtable and other important NFCT private data. Other plugin instances of NFCT are dummies that are only used to store the output keys. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* output: XML: add infix in output filePablo Neira Ayuso2010-06-171-1/+12
| | | | | | | | | | This patch adds an infix to the XML file to avoid problems if we are logging packets and flows at the same time. Thus, we create two different XML files whose filename describes the sort of logging information that it contains. It is also useful when listing files at a quick sight. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* output: XML: support reopening file via SIGHUPPablo Neira Ayuso2010-06-171-27/+63
| | | | | | This feature is useful for log-rotation. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* output: add new plugin XML to output logs in XMLPablo Neira Ayuso2010-06-175-2/+283
| | | | | | | This patch adds XML that allows to log information in XML for ulogd2. It supports packet and flow-based accounting. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* fix incorrect negative EINTR checking in main loopPablo Neira Ayuso2010-06-131-1/+1
| | | | | | | | | This patch fixes the following error that is displayed if we send SIGHUP to reopen the logfile: ulogd.c:904 select says Interrupted system call Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* LOGEMU: fix crash if output file cannot be accessedPablo Neira Ayuso2010-06-031-1/+1
| | | | | | This patch fixes a crash if the output file was not correctly opened. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: use ARRAY_SIZE to calculate the array size of keysPablo Neira Ayuso2010-04-022-2/+2
| | | | | | | This patch is a cleanup to use ARRAY_SIZE in NFLOG and ULOG input plugins. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* IP2BIN: fix missing protocol keyChristophe Fish2010-04-021-0/+5
| | | | | | | | | | | | | | | | | ulogd2 from git won't start using filter IP2BIN. It gives the following error message in the log: <1> ulogd.c:670 traversing plugin `IP2BIN' <1> ulogd.c:627 log4(NFLOG) <1> ulogd.c:733 assigning `oob.family(?)' as source for IP2BIN(oob.family) <7> ulogd.c:727 cannot find key `' in stack <1> ulogd.c:863 destroying stack Filling up ip2bin_inp[] declaration with missing section in filter/ulogd_filter_IP2BIN.c solves the problem: Signed-off-by: Christophe Fish <christophe.fish@free.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: fix reset counters via SIGUSR2 signalPablo Neira Ayuso2010-01-171-3/+52
| | | | | | | This patch fixes a feature that allows to force the logging of the existing entries and reset the counters. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: fix number of options (missing one)Pablo Neira Ayuso2010-01-171-1/+1
| | | | | | | This patch fixes the number of options in NFCT that is actually 8, not 7. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: split event handler if hashtable is used or notPablo Neira Ayuso2010-01-171-28/+39
| | | | | | | | | This patch splits event_handler into two functions: event_handler_hashtable and event_handler_no_hashtable. Thus, we register the appropriate handler during the initialization time. This patch is a cleanup. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: use new hashtable implementation for better performancePablo Neira Ayuso2010-01-173-169/+152
| | | | | | | | This patch replaces the existing hashtable implementation with a newer that provide better performance since it reduces the number of hash computations. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: change `pollinterval' behaviourPablo Neira Ayuso2010-01-172-8/+121
| | | | | | | | | | | | | | | This patch adds support for poll-based logging. Basically, ulogd polls from the kernel periodically to log entries. You can use the `pollinterval' option in the configuration file to set the polling period. This patch changes the current behaviour of `pollinterval' that allowed to mix both the event-driven logging with polling periodically from the kernel. I have tried to look for anyone in google (and asking Eric Leblond) using this feature but I found noone. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: cleanup constructor and destructor functionsPablo Neira Ayuso2010-01-111-41/+67
| | | | | | | | This patch cleans up the destructor and the destructor functions in the NFCT plugin. I know, this patch isn't easy to review because it includes too many changes in one. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Fix wrong definition of views in flat DB schemaPierre Chifflier2009-09-172-12/+12
| | | | | | Create views using the ip_protocol field (and not the oob_family). Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
* Remove debian directoryPierre Chifflier2009-09-1710-86/+0
| | | | | | | Remove Debian packaging files, it is easier to maintain the packaging files outside of the sources. Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
* IPFIX: preliminary fixes, yet unusablePablo Neira Ayuso2009-07-291-9/+5
| | | | | | | | | This patch is a preliminary fix for the yet-unfinished IPFIX support. This patch resolves a couple of bugs that made ulogd crash and a couple of missing symbols that didn't allow to use this plugin in the configuration file. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: remove -lpthread from MakefilePablo Neira Ayuso2009-07-221-1/+1
| | | | | | | This patch remove -lpthread that was introduced time ago to workaround a problem in gdb. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: avoid spamming report about netlink overrunsPablo Neira Ayuso2009-07-221-1/+9
| | | | | | | This patch reduces the verbosity of the log messages that report netlink overruns. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: add configurable option to set the value of the resynchronization timerPablo Neira Ayuso2009-07-222-8/+16
| | | | | | | | | This patch adds `netlink_resync_timeout' that allows you to set the number of seconds that we wait to perform a resynchronization due to a netlink overrun. This patch changes the default timeout from 2 to 60 seconds (less agressive). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: improve netlink overrun handlingPablo Neira Ayuso2009-07-221-12/+12
| | | | | | | | | | With this patch, we schedule one resynchronization against the kernel conntrack table that will occur in two seconds (still we need a patch to make this configurable). Before this, we scheduled a resynchronization for every overrun, that is very bad in a scenario in which overruns occurs very frequently. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: fix NULL dereference when hashtable is fullPablo Neira Ayuso2009-06-231-0/+9
| | | | | | | | This patch fixes a NULL dereference to the timestamp structure when hashtable_add() fails, for example, because the hashtable is full. Reported-by: Bernhard Schmidt <berni@birkenwald.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Revert "ulogd: permit compilation of plugin outside of tree"Eric Leblond2009-04-183-4/+2
| | | | | | This reverts commit 0ff525cb0506b2c043bc9df6d7e7b486c865bc38. A stable and clean API should be provided if we choose to offer for external module capability.
* Documentation: information about procedure variable.Eric Leblond2009-04-181-1/+9
| | | | | This patch documents the "procedure" option in the database plugin configurations.
* DB plugins: fixed bug with INSERT* proceduresRomain Bignon2009-04-181-10/+13
| | | | | | | When procedure begins with INSERT* (without space), it considers it as an INSERT statement. Signed-off-by: Romain Bignon <romain@inl.fr>
* DB plugin: add capability to specify complete INSERT commandEric Leblond2009-04-171-3/+8
| | | | | This patch modifies the procedure name parsing to be able to specify a complete INSERT command.
* ulogd: configure all plugins before resolving keys.Pierre Chifflier2009-04-171-7/+13
| | | | | | | | | | Split the 'resolve keys' step in two parts: first call the configure fonction for all plugins (in reverse order), then loop again to resolve the keys. This allows dynamic construction of the input and output keys, even for filter plugins. Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
* ulogd: permit compilation of plugin outside of treeEric Leblond2009-04-053-2/+4
| | | | | This patch modifies Makefile.am to install the headers needed for compilation of plugins outside of the source tree.
* ulogd: include config.h in all files.Eric Leblond2009-03-101-0/+1
| | | | | This patch adds config.h inclusion in ulogd.h to be able to use all defined value in the whole project.
* db plugins: free memory at exit.Eric Leblond2009-03-101-0/+7
| | | | This patches frees an allocated buffer when ulogd is quitting.
* ip2bin: add AF_BRIDGE family support.Eric Leblond2009-03-061-1/+27
| | | | | This patch adds support for AF_BRIDGE family. It synchronizes code of IP2BIN module with the one of IP2STR.
* hwhdr: suppress explicit allocationEric Leblond2009-03-061-12/+12
| | | | | This patch suppresses all allocation and use a statically created array instead.
* ip2bin: suppress explicit allocation of some output key valuesEric Leblond2009-03-061-14/+14
| | | | | This patch suppresses explicit allocation and free for each packet and use a statically created array instead.
* ip2str: suppress explicit allocation of some output key valuesEric Leblond2009-03-061-17/+16
| | | | | This patch suppresses explicit allocation and free for each packet and use a statically created array instead.
* ifindex: avoid memory allocationEric Leblond2009-03-061-21/+16
| | | | | This patch modifies the interp function to avoid to do an explicit allocation of memory.
* nflog: adjust unit which was inaccurate.Eric Leblond2009-03-061-2/+2
| | | | | Timeout unit is 10ms and not 1ms. This patch fixes an invalid comment in the configuration file.
* build: bump version to 2.00beta3ulogd-2.0.0beta3Pablo Neira Ayuso2009-03-061-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Delete timer in destructor function.Eric Leblond2009-02-081-0/+2
| | | | This patch deletes the overrun timer in the destructor function.