summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* This patch is a backport of Jaap Keuter fix for PCAP output module.Eric Leblond2008-06-181-1/+1
| | | | Signed-off-by: Eric Leblond <eric@inl.fr>
* Fix warning in compilation due to missing includeEric Leblond2008-06-181-0/+1
| | | | | | | strerror function was used without inclusion of string.h. This patch adds the include and fixes the warning. Signed-off-by: Eric Leblond <eric@inl.fr>
* Fix NFCT/NFLOG plugin compilation when libraries use non-standard prefix.Eric Leblond2008-06-182-2/+4
| | | | | | | | | Fixes compilation of NFLOG and NFCT plugin when libnetfilter libraries are installed under a non standard prefix. Include path and libs path for libnetfilter_conntrack and libnetfilter_log were not correctly set even if pkg-config found them. Signed-off-by: Eric Leblond <eric@inl.fr>
* Store MAC in SQL databases only oncePierre Chifflier2008-06-122-32/+53
| | | | | | | | | This patch modifies the SQL schema for MySQL and PostgreSQL to store the mac address only once (instead of duplicating the mac address for each packet). This is done by using a shared reference to the entry containing the tuple (mac_address,mac_protocol). Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
* Cleanup: fix error messages and indentationEric Leblond2008-06-122-4/+4
| | | | | | | | This patch fixes some messages in the NFCT and NFLOG input plugin (end of line before quote). It also fixes indenting by suppressing some spaces on empty line and replacing spaces by tab. Signed-off-by: Eric Leblond <eric@inl.fr>
* Update configfile for MARK moduleEric Leblond2008-06-121-1/+8
| | | | | | Add stack example for MARK and update some wrong stacks. Signed-off-by: Eric Leblond <eric@inl.fr>
* Use ULOGD_IRET_* as return for all interpretersEric Leblond2008-06-1214-47/+47
| | | | | | | | This patch modifies plugins to use the already defined but not used define. This also fixes some weird behaviours in error treatment (like not stopping after OOM). Signed-off-by: Eric Leblond <eric@inl.fr>
* Fix hexadecimal parsing in config fileEric Leblond2008-06-121-1/+1
| | | | | | | | The config file parsing was not able to parse integer given in hex notation. This patch modify the parsing of configfile to be able to use different integers notation. Signed-off-by: Eric Leblond <eric@inl.fr>
* New MARK-based filterEric Leblond2008-06-122-1/+127
| | | | | | | | | This module filters message by using the mark to decide wether or not a packet or a flow has to be logged. It takes a mark and a mask option. It demonstrates the usage of ULOGD_IRET_STOP which can be used to abort iteration through the stack. Signed-off-by: Eric Leblond <eric@inl.fr>
* Fix the propagation through the stackEric Leblond2008-06-121-0/+6
| | | | | | | | | When a plugin returns ULOGD_IRET_STOP, the propagation should stop. This was not the case as break was used to do so but it was called inside a switch and thus apply to the switch instruction and not to the llist iteration. Signed-off-by: Eric Leblond <eric@inl.fr>
* fix crash when SIGHUP is received.Hugo Mildenberger2008-06-061-8/+18
| | | | crash due to ulogd_logfile set to a string allocated on stack by config_parse_file
* Fix crash when using NFCT with hash_enable=0.regit2008-06-041-1/+1
| | | | | | | | | This patch fixes NFCT when hash_enable is 0. Limitation of treatment to NFCT_DESTROY message type causes usage of the hashtable function and hence a crash because it is not initiated. Signed-off-by: regit <regit@ghlodit.inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Source and destination addresses were put in ptr field of the target structureEric Leblond2008-06-021-2/+4
| | | | | instead of being put in the new type ui128. The result was an improper value of the IPv6 source add destination addresses.
* adds some examples to the configuration fileEric Leblond2008-06-021-0/+36
|
* Modify the code by activating overrun handling if and only if the local hash ↵Eric Leblond2008-06-021-19/+28
| | | | is used (hash_enable=1 which is the default)
* This patch adds a new function which insert or update connection trackingEric Leblond2008-06-021-0/+61
| | | | entries depending on the event type parameter.
* Sync SQL fields with NFCT keysEric Leblond2008-06-021-14/+14
|
* Fill every possible timestamp. It fills START timestamp for NEW packet and ↵Eric Leblond2008-06-021-15/+42
| | | | STOP timestamp for DESTROY packet
* Set timestamp in NFLOG for INPUT and OUTPUTEric Leblond2008-06-021-7/+8
|
* check for required libraries for compilation in configure.inPablo Neira Ayuso2008-06-021-6/+6
|
* improve overrun handling NFLOGPablo Neira Ayuso2008-06-022-6/+62
| | | | | | | | This patch improves the overrun handling. The NFLOG plugin duplicates the netlink buffer size if the size does not goes after the upper boundary. This patch also introduces two new clauses, the netlink_socket_buffer_size and netlink_socket_buffer_maxsize that set the size of the netlink socket buffer.
* cleanup for key builder and fix IPv6 support and introduce 128-bits typePablo Neira Ayuso2008-06-024-43/+95
| | | | | | This patch cleans up the key building by breaking lines at 80 columns and it fixes the IPv6 support (use of a pointer after free) by introducing a new 128 bit type.
* improve netlink overrun handling of NFCTPablo Neira Ayuso2008-06-022-28/+212
| | | | | | | | | | | | | | | This patch improves the overrun handling. The logic behind this patch consists of two steps: 1) duplicate the netlink buffer size if the size does not goes after the upper boundary. 2) scheduling a resynchronization (in two seconds) with the kernel conntrack table if we hit ENOBUFS. During the resynchronization, the NFCT plugin dumps the current table and purges the objects that do not exist anymore. This patch also introduces two new clauses, the netlink_socket_buffer_size and netlink_socket_buffer_maxsize that set the size of the netlink socket buffer.
* rework NFCT to use a generic hashtablePablo Neira Ayuso2008-06-026-145/+548
| | | | | | | | This patch introduces a generic hashtable to store the nf_conntrack objects. The objects are identified by the original and reply tuples instead of the conntrack ID which is not dumped in the event message of linux kernel < 2.6.25. This patch also fixes the NFCT_MSG_* by NFCT_T_* which is the appropriate message type tag.
* This patchset adds support for the "numeric_label" option. For instance, it/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-295-14/+58
| | | | | | | can be used to determine if the packet has been dropped, rejected or accepted. The meaning of label is completely user-defined. Signed-off-by: Eric Leblond <eric@inl.fr>
* This patch adds oob.hook to the list of output key sof ULOG input plugin./C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-271-0/+13
| | | | Signed-off-by: Eric Leblond <eric@inl.fr>
* Update PostgreSQL schema to add the insert procedure for conntrack/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-271-4/+44
| | | | | | connections. Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
* Introduce function to convert binary data to printable strings./C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-271-2/+37
| | | | | | Update view_tcp_quad and view_udp_quad. Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
* Add function INSERT_CT for conntrack/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-271-27/+29
|
* Fix a bug in definition of seq_global_ce macro./C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-271-2/+2
| | | | Signed-off-by: Eric Leblond <eric@inl.fr>
* [ULOGD PATCH, RFC] Modify NFLOG to be able to use it with older libnetfilter_log/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-04-222-1/+6
| | | | | | | | NFLOG has been modified to support GID display. There is a problem as this feature is only available in latest subversion of libnetfilter_log. This patch made this feature optional: * It detects if system support the nflog_get_gid() function * Compilation of nflog_get_gid() related code is conditional
* Fix missing chunk for GID logging/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-04-211-1/+5
|
* Print GID/MARK in printpkt.c/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-04-213-2/+19
|
* Fix "PROTO=KEY_TCP"/"PROTO=KEY_UDP"/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-04-211-2/+2
| | | | | I have no idea what the intention behind this change was, but it seems bogus, the output format should (mostly) match ipt_LOG.
* [ULOGD PATCH] Fix multiple usage of DB output plugin./C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-04-211-7/+11
| | | | | | | | | Due to the modifications done to be able to use multiple time the SOURCE plugin, a single instance of database output plugin could not anymore be used in separate stack. This patch fixes this by limiting the effect of the previous modification on SOURCE plugin. Signed-off-by: Eric Leblond <eric@inl.fr>
* example for logging IPv6 packet to PGsql after a collect via NFLOG/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-131-1/+2
| | | | Signed-off-by: Anton Vazir <anton.vazir@gmail.com>
* fix PGSql types/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-121-8/+8
| | | | Signed-off-by: Eric Leblond <eric@inl.fr>
* This patch adds some example to the default configuration file. It modify/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-091-2/+9
| | | | | | some stack to take my latest patches into account. Signed-off-by: Eric Leblond <eric@inl.fr>
* Fix an inconsistency of field naming among the different tables and/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-091-2/+2
| | | | | | | accross the stack NFCT IP2BIN MYSQL.In fact IP2BIN out .bin suffixed fields. Signed-off-by: Eric Leblond <eric@inl.fr>
* NACCT was IPv4 only and was heavily dependant of the order of NFCT keys./C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-091-41/+96
| | | | | | | This patch introduces a explicit list of input keys and obtains IPv6 compliance by using IP2STR output as input for IP address. Signed-off-by: Eric Leblond <eric@inl.fr>
* add missing ulogd_filter_MAC2STR/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-091-0/+111
|
* This patch suppress a now unused option. Each database module/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-072-19/+3
| | | | | | have now to be used with a defined IP storage type. Signed-off-by: Eric Leblond <eric@inl.fr>
* DESTROY event were not correctly displayed due to a problem in event type/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-051-1/+1
| | | | | | detection. Signed-off-by: Eric Leblond <eric@inl.fr>
* This patch is a port to the new libnetfilter_conntrack API of the NFCT/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-051-64/+82
| | | | | | | plugin. To be able to send IP addresses to the IP2STR and IP2BIN module oob.family and oob.protocol keys have been added. Signed-off-by: Eric Leblond <eric@inl.fr>
* The PRINTFLOW module had its own code for string conversion of IPv6 address./C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-051-12/+16
| | | | | | | This patch change the input key of the module to use conversion made by the IP2STR module. Signed-off-by: Eric Leblond <eric@inl.fr>
* This patch fixes a typo in an error message./C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-051-1/+1
| | | | Signed-off-by: Eric Leblond <eric@inl.fr>
* An error in the type of an argument in the call to inet_ntop was causing IPv6/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-051-1/+1
| | | | | | | address to be transformed in a string not really related to the real Ipv6 address. Signed-off-by: Eric Leblond <eric@inl.fr>
* Arp related key have to be optionnal to be able to use the IP2STR module/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-051-2/+2
| | | | | | for flow display. Signed-off-by: Eric Leblond <eric@inl.fr>
* Length of MAC address was set to big and thus display was wrong. This/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-051-1/+1
| | | | | | misbehaviour was also causing to read datas out of the correct range. Signed-off-by: Eric Leblond <eric@inl.fr>
* This patch adds MAC address handling to the postgresql output plugin./C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-051-4/+19
| | | | Signed-off-by: Eric Leblond <eric@inl.fr>