summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix stop function of NFCT plugin.Eric Leblond2008-12-092-3/+5
| | | | | This patch fixes some crashes in NFCT plugin that were triggered by the call of the destructor_nfct function (during stop).
* Treat nice function return.Eric Leblond2008-12-091-1/+7
| | | | | gcc was warning that the return of the nice function should be treated. This patch adds an error message in case of failure.
* Add SCTP support to MySQL and PGSQL output.Eric Leblond2008-12-092-5/+79
| | | | | | | | This patch adds support for SCTP in the MySQL and PGSQL output plugins. It adds a dedicated SCTP table and modifies the insert_packet_full procedure. Signed-off-by: Eric Leblond <eric@inl.fr>
* SCTP support for PRINTPKT.Eric Leblond2008-12-092-1/+18
| | | | | | This patch modifies PRINTPKT plugin to add SCTP support. Signed-off-by: Eric Leblond <eric@inl.fr>
* Add SCTP support to BASE plugin.Eric Leblond2008-12-091-0/+53
| | | | | | THis patch adds basic support for SCTP in the BASE plugin. Signed-off-by: Eric Leblond <eric@inl.fr>
* Document group 0 usage and suppress address_familyEric Leblond2008-12-091-17/+20
| | | | | | | | Document the fact that group 0 is used by system logging and update stack and plugin definition to match the suppression of the address_family variable. Signed-off-by: Eric Leblond <eric@inl.fr>
* Get rid of addressfamily variable in NFLOG input pluginEric Leblond2008-12-091-30/+29
| | | | | | | | | | | | | | | | | | The addressfamily configuration variable for NFLOG is used as param for nflog_bind_pf. This function is used to claim the fetching of kernel message sent via nf_log_packet() function. As all kernel messages are sent to the group 0, it is useless to call nflog_bind_pf when nflog group of the input plugin is not 0. Furthermore, as only one plugin can be bound to nflog group 0, it is mandatory to call nflog_bind_pf for all pf family when the group is 0. To sum up, this patch suppress the adressfamily parameter (which simplify the configuration file) and call nflog_bind_pf for all pf family when the nflog group of the instance is 0. Signed-off-by: Eric Leblond <eric@inl.fr>
* Modify usage of nflog_bind_pf function.Eric Leblond2008-12-091-20/+32
| | | | | | | | | The nflog_bind_pf function was called for each NFLOG instance. This patch modifies the behaviour to have it call if and only if the nfgroup is set to 0. As the kernel uses only the 0 group to output subsystem messages, this change clarify the situation. Signed-off-by: Eric Leblond <eric@inl.fr>
* add ukey_* function for key assignationPablo Neira Ayuso2008-12-0918-552/+449
| | | | | | | | | This patch cleans up the current key assignation by introducing a set of functions ukey_* to set the key value as Eric Leblond and we discussed during the latest Netfilter Workshop. This patch is based on an idea from Holger Eitzenberger. Signed-off-by: Eric Leblond <eric@inl.fr>
* Add new output plugin DBIPierre Chifflier2008-12-095-1/+337
| | | | | | | | | libdbi implements a database-independent abstraction layer in C, similar to the DBI/DBD layer in Perl. This module brings support for all database types supported by libdbi. Signed-off-by: Pierre Chifflier <chifflier@inl.fr> Signed-off-by: Eric Leblond <eric@inl.fr>
* Search for libdbi includes during configurePierre Chifflier2008-12-092-0/+89
| | | | | | | | libdbi is a database-independent abstraction layer in C, similar to the DBI/DBD layer in Perl. Signed-off-by: Pierre Chifflier <chifflier@inl.fr> Signed-off-by: Eric Leblond <eric@inl.fr>
* Link ulogd2 with libpthreadPierre Chifflier2008-12-091-1/+1
| | | | | | | | Explicitly link with libpthread. This allows to run ulogd within gdb, else it fails with message: Cannot find new threads: generic error Signed-off-by: Pierre Chifflier <chifflier@inl.fr> Signed-off-by: Eric Leblond <eric@inl.fr>
* Fix light memory error in parse_mac2strPierre Chifflier2008-12-091-2/+8
| | | | | | | | | When len is 0 (for ex. when the input mac is NULL), parse_mac2str tries to calloc a 0-bytes bloc, which leads to a conditional jump based on uninitialized value (spotted by valgrind). Signed-off-by: Pierre Chifflier <chifflier@inl.fr> Signed-off-by: Eric Leblond <eric@inl.fr>
* NFCT: remove unused constant NFLOG_RMEM_DEFAULTPablo Neira Ayuso2008-10-221-6/+0
| | | | | | | This patch removes NFLOG_RMEM_DEFAULT which is a reminiscent of the initial development of NFLOG which is based on the ULOG plugin. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* pgsql: remove useless checkingsPierre Chifflier2008-10-201-6/+0
| | | | | | | This patch removes useless checkings. Signed-off-by: Pierre Chifflier <chifflier@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* hwhdr: finish missing renamingPierre Chifflier2008-10-202-3/+3
| | | | | | | MAC2STR has been renamed to HWHDR. Signed-off-by: Pierre Chifflier <chifflier@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* hwhdr: fix segfault when RAW_MAC is NULLPierre Chifflier2008-10-201-1/+1
| | | | | | | This fixes a segfault when RAW_MAC key is NULL in MAC2STR plugin. Signed-off-by: Pierre Chifflier <chifflier@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* config: remove obsolete global variablesEric Leblond2008-09-121-7/+0
| | | | | | | | | 'rmem' and 'bufsize' global variables are unherited from ulogd1 and are not used anymore. This patch suppresses them from the example configuration file. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: update author credits and fix reference to closed MLEric Leblond2008-09-111-5/+1
| | | | | | | | This patch adds Eric Lenblond as documentation author and it removes a reference to the ulogd ML which is closed. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: update ulogd SGML documentationEric Leblond2008-09-111-41/+181
| | | | | | | | This patch updates the SGML documentation to be in sync with the latest version of the code. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: remove unused optionEric Leblond2008-09-111-14/+7
| | | | | | | | | This patch suppresses the "rmem" configuration variable which was inherited from the original ULOG plugin and which is unused in the NFLOG plugin. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: update ulogd man-pagePablo Neira Ayuso2008-09-111-6/+14
| | | | | | | | | This patch updates ulogd man page to add information about the new features. Based on one Eric Leblond's patch. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* distrib: fix distcheck magiculogd-2.0.0beta2Pablo Neira Ayuso2008-08-154-11/+10
| | | | | | This patch fixes the `make distcheck' magic Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* compilation: set -Wno-ununused-parameter in CFLAGSEric Leblond2008-08-011-1/+1
| | | | | | | | | This patch adds the "-Wno-unused-parameter" option to CFLAGS. This suppress gcc warning that can not be fixed due to the usage of generic system like callback where function definition has to be standardized. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: fix warning due to lack of parenthesisEric Leblond2008-07-311-1/+1
| | | | | | | Fix gcc warning related to the lack of parenthesis. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: fix inappropriate initializations in ulogd.cEric Leblond2008-07-311-2/+1
| | | | | | | This patch fixes some improper initialization in ulogd.c. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: fix redefinition of TCP_URG key in printpktEric Leblond2008-07-311-1/+0
| | | | | | | This patch fixes a multiple definition of the key TCP_URG. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: fix warning about integer formatEric Leblond2008-07-311-2/+3
| | | | | | | | This patch uses PRIu64 and PRId64 macros from inttypes.h to have a correct definition of 64 bit integer format for 64bits and 32bits arch. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: fix compilation warning about lack of parenthesisEric Leblond2008-07-311-2/+2
| | | | | | | | This patch adds parenthesis around an expression to avoid confusion between order preference of && and || operators. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: fix compilation warnings related to pointer comparisonsEric Leblond2008-07-316-17/+17
| | | | | | | | This patch cast to (char *) some (void *) to avoid a gcc warning in string format parsing. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org
* cleanup: fix compilation warning related to signed and unsigned comparisonsEric Leblond2008-07-317-14/+15
| | | | | | This patch fixes the warning related to signed and unsigned comparaison. Signed-off-by: Eric Leblond <eric@inl.fr>
* cleanup: remove unused timeout parameter in functionEric Leblond2008-07-314-4/+4
| | | | | | | | The function ipulog_read had a timeout parameter which was not used in the code. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* syslog: cleanly stops syslogEric Leblond2008-07-311-1/+5
| | | | | | | | This patch adds a stop function to the module which closes the connection to the log system. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* DB: update schemas to integrate the link layer informationEric Leblond2008-07-292-23/+94
| | | | | | | | | | | | This patch adds support for logging the destination mac address and raw header in the SQL databases. In case of an ethernet header, a tuple (mac_saddr,mac_daddr,mac_proto) is logged only once. Signed-off-by: Pierre Chifflier <chifflier@inl.fr> Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: fix gcc warningsEric Leblond2008-07-299-18/+5
| | | | | | | | | This patch fixes some gcc warnings: * Unused variables * Functions with wrong return (or without return) Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: minor cleanupPablo Neira Ayuso2008-07-291-10/+14
| | | | | | break lines at 80 char columns Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* MAC2STR: Rename it to HWHDREric Leblond2008-07-292-3/+3
| | | | | | | Use a more appropriate name for this filter. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* MAC2STR: add support for the new RAW MAC keysEric Leblond2008-07-291-22/+152
| | | | | | | | | | | This patch modifies MAC2STR to use the new MAC keys that gives us more accurate information to parse the link layer header. This patch also does some probing based on the header and field size in the case of ULOG (since we do not have enough information to perform accurate parsing). Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: get full link layer header (requires >= 2.6.27)Eric Leblond2008-07-292-4/+34
| | | | | | | | | | | | This patch modifies the key structure of NFLOG. It solves the conflict between ULOG and NFLOG by ensuring that keys have the same meaning: * raw.mac is the full hardware header * raw.mac.saddr is the source hardware address Following Patrick suggestion, it adds a new key "raw.type" which is used to store the type of hardware. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Fix a trivial typoEric Leblond2008-07-231-1/+1
| | | | | | | This patch fixes a trivial typo. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Fix wrong casting warning during compilationEric Leblond2008-07-231-1/+1
| | | | | | | This patch cast a expression to avoid a warning. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Minor IPFIX fixesEric Leblond2008-07-231-5/+7
| | | | | | | IPFIX needs some huge work. This patch fixes some basic logic errors. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Modify CFLAGS to have useful gcc warningsEric Leblond2008-07-231-0/+2
| | | | | | | | This patch modifies CFLAGS to add -Wall and -Wextra flags to gcc compilation flag. This will help to detect some stupid problems. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Fix computation of allocated size for queryEric Leblond2008-07-101-2/+3
| | | | | | | This patch fixes the computation of the allocation size for the query. It was not taking into account the length of the name of the procedure. Signed-off-by: Eric Leblond <eric@inl.fr>
* Remove obsolete dist-hook for svnEric Leblond2008-07-101-2/+0
| | | | | | | This patch suppress a dist-hook in Makefile.am which was related to the suppression of some subversion related files. Signed-off-by: Eric Leblond <eric@inl.fr>
* revert commit 3178606785161296dc5a1bd4d42d965db8b3e2cdPablo Neira Ayuso2008-06-282-6/+1
| | | | | | | | We already check for latest library version, this checking is not required anymore. Reported-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* bump libraries dependencies to lastest releasePablo Neira Ayuso2008-06-271-3/+3
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* suppress useless debugging message in the ULOG input pluginEric Leblond2008-06-231-1/+0
|
* structure initialization cleanupEric Leblond2008-06-232-34/+36
|
* whitespace cleanupEric Leblond2008-06-233-67/+67
|