| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
When using NFLOG or ULOG, obb.family (protocol IPv4 or IPv6) has
to be setup manually in ulogd.conf configuration file. This is
used by the BASE filter to properly parse the packet. This
patch suppress oob.family as output keys of NFLOG and ULOG and let
the BASE filter determine the family of the packet by itself (by
parsing the raw header).
A good side effect is to be able to log in IPv6 and IPv4 in the
same group. Before that, two loggers have to be setup separatly.
|
| |
|
|
|
|
|
| |
This patch modify ulogd_filter_IFINDEX to use libnfnetlink for index to
interface name mapping instead of using local version. This requires at least
libnfnetlink 0.0.30. This dependancy is checked in configure (thanks to
Sebastien Tricaud for his patch).
|
| | |
|
| |
|
|
|
| |
This patch fixes the type of some fields in the SQL schema to sync
with datatype of the corresponding ulogd2 keys.
|
| |
|
|
| |
Description of ULOGD_RET_IPADDR was incorrect in information display mode.
|
| |
|
|
|
| |
This patch adds an state extension to SQL schema. This can be used to store
the information about the packet being dropped or accepted.
|
| |
|
|
|
| |
SQL standard says a function has to be called with SELECT and not CALL.
This patch modify code accordingly.
|
| |
|
|
| |
This patch fixes some small typo in MySQL schema.
|
| |
|
|
| |
This patch adds oob_family to the schema. Thus it is now possible to easily select IPv4 or IPv6 entries in the database. This patch also explicitly selects fields to create view.
|
| |
|
|
|
| |
Change from procedure to function in mysql schema adds the need to free MySQL
result after request.
|
| |
|
|
|
| |
With this patch, BASE filter module is able fill oob_family when parsing IPv6
address.
|
| |
|
|
| |
OOB_FAMILY output was not set by NFLOG because the key was not set as valid.
|
| |
|
|
| |
Fix a bug in IPv4 output of IP2BIN module.
|
| |
|
|
|
| |
MySQL need no to be able to print RAW data to be able to display
IP addresses.
|
| |
|
|
| |
Fix description and indenting (cleanups)
|
| |
|
|
|
| |
This module convert IP from internal notation to a string in binary notation
which is used by the MySQL output plugin.
|
| |
|
|
| |
Mark ID as inactive (sequence in pg schema)
|
| |
|
|
| |
Fix incorrect options for PGsql module.
|
| |
|
|
|
| |
- This patch suppress key relative to IPv6 address because IPv4 and IPv6 can be stored in the same key.
- Add missing IP2STR line to ulogd.conf.in
|
| |
|
|
| |
This module is a generic module which is used to convert an IP from internal representation to string representation. This is a task needed by several modules like printpkt or pgsql. This module factorizes the code.
|
| |
|
|
| |
MySQL client library does not reconnect automatically since 5.0.
|
| |
|
|
| |
Request at least autoconf 2.50 (needed for large file support macro).
|
| |
|
|
|
| |
Display filename in the other error case.
Based on Marius Tomaschewski work.
|
| |
|
|
|
| |
Changed to show pcap file name when open failed.
Based on Marius Tomaschewski work.
|
| |
|
|
|
| |
Put O at the real end of the string.
Based on Marius Tomaschewski work.
|
| |
|
|
|
| |
Add some missing line break.
Based on Marius Tomaschewski work.
|
| |
|
|
|
| |
For OPRINT, changed sighup_handler_print to fallback to continue using old descriptor on new file opening failure.
Based on Marius Tomaschewski work.
|
| |
|
|
|
| |
Added explicit null termination of the hostname buffer
This patch is a backport of Marius Tomaschewski <mt@suse.de> work on ulogd.
|
| |
|
|
|
|
| |
Changed sighup_handler_print to fallback to continue using old descriptor on new file opening failure.
This patch is a backport of Marius Tomaschewski <mt@suse.de> work on ulogd.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is difficult to find how to configure a plugin. This patch adds an info
option which can be used to display:
* Name
* Configuration variables
* Input keys
* Output keys
Output example:
/opt/ulogd2/sbin/ulogd --info /opt/ulogd2/lib/ulogd/ulogd_filter_IFINDEX.so
Name: IFINDEX
Input keys:
Key: oob.ifindex_in (unsigned int 32)
Key: oob.ifindex_out (unsigned int 32)
Output keys:
Key: oob.in (string)
Key: oob.out (string)
|
| |
|
|
|
| |
This patch update the printflow output module to be able to print a
whole conntrack entry on a single line.
|
| |
|
|
| |
This patch clarifies code which will be modified in next patch.
|
| |
|
|
| |
Add insert functions for the PostgreSQL version
|
| |
|
|
|
|
|
|
|
| |
This patch adds new SQL schema for MySQL and PGsql. The goal is to improve the one line per entry format. There is no more a big table with all fields because this sort of storage is causing bad performance (databases don't like to have a lot of NULL fields to store).
Main changes are :
* Add new schema for MySQL and PGsql
* Use call to configurable procedure in SQL OUTPUT modules
* Arguments of a procedure are given by the list of fields of a selected table
|
| |
|
|
| |
renice to -1 on startup
|
| |
|
|
| |
conffile cleanup, use common pr_debug()
|
| |
|
|
| |
add common.h
|
| |
|
|
| |
Add NACCT output plugin
|
| |
|
|
|
|
|
|
|
|
| |
The following patch fixes MySQL and Pgsql output modules.
The callback function was not correctly initialized and this was leading
to a crash by calling the a NULL function. This patch correctly inits
the callback.
Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
| |
The following patch fixes some indenting and typo in various ulogd2
files.
Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
|
|
| |
This patch stores the converted values from the configuration file
into the syslog instance structure.
Otherwise configuration parameters are senseless and only the
default values will be used.
Signed-off-by: Peter Warasin <peter@endian.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a workaround which prevents ulogd from logging each
time when recvfrom() returns error because of EAGAIN.
Since the netlink socket is now O_NONBLOCK, we probably run
into the following bug:
http://bugzilla.kernel.org/show_bug.cgi?id=5498
which causes recvfrom() get an error when select() had a good
return, whenever select() receives a packet with a bad checksum.
ipulog_read() always has this problem once after every successful
ipulog_read().
Signed-off-by: Peter Warasin <peter@endian.com>
[Note: this is not a workaround but correct handling of EAGAIN
on a non-blocking socket. -Patrick]
|
| |
|
|
|
|
|
|
| |
This patch logs also the string representations ipulog:_strerror()
and strerror() when an error occurred during receivement of packets
within the ULOG plugin
Signed-off-by: Peter Warasin <peter@endian.com>
|
| |
|
|
|
|
|
| |
Stores mac_len correctly, since within ULOG structire it is not stored
in network byte order.
Signed-off-by: Peter Warasin <peter@endian.com>
|
| |
|
|
|
|
|
|
| |
When [global]'s logfile is syslog, ulogd should log it's own
mesasages (not the firewall log lines) to syslog, which it
does'nt because openlog() is missing. This patch adds openlog()
Signed-off-by: Peter Warasin <peter@endian.com>
|
| |
|
|
|
|
|
| |
The ULOG input plugin of ulogd2 was not working. This patch fixes this
and cleans the code via introduction of an enum.
Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds an enum to get rid of access to array via numerical
index in NFLOG input plugin.
This replaces code like:
ret[0].flags |= ULOGD_RETF_VALID;
ret[11].u.value.ui16 = ntohs(hw->hw_addrlen);
with:
ret[NFLOG_KEY_RAW_MAC].flags |= ULOGD_RETF_VALID;
ret[NFLOG_KEY_RAW_MAC_LEN].u.value.ui16 = ntohs(hw->hw_addrlen);
which is more readable.
Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
| |
- add a call to autoheader which is needed to compile ulogd2 from subversion.
- add a warning message to ulogd2 when it exits on error. It simply tell to look at the configuration file.
- add an empty section which is needed to have NFCT logging
working.
|
| | |
|
| |
|
|
|
| |
repeat by using symbolic names to make sure the assignment matches the array
index.
|
