| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support for logging the destination mac address and
raw header in the SQL databases.
In case of an ethernet header, a tuple (mac_saddr,mac_daddr,mac_proto)
is logged only once.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch fixes some gcc warnings:
* Unused variables
* Functions with wrong return (or without return)
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
break lines at 80 char columns
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Use a more appropriate name for this filter.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch modifies MAC2STR to use the new MAC keys that gives us more
accurate information to parse the link layer header. This patch also
does some probing based on the header and field size in the case of
ULOG (since we do not have enough information to perform accurate
parsing).
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch modifies the key structure of NFLOG. It solves the conflict
between ULOG and NFLOG by ensuring that keys have the same meaning:
* raw.mac is the full hardware header
* raw.mac.saddr is the source hardware address
Following Patrick suggestion, it adds a new key "raw.type" which is
used to store the type of hardware.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch fixes a trivial typo.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch cast a expression to avoid a warning.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
IPFIX needs some huge work. This patch fixes some basic logic errors.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch modifies CFLAGS to add -Wall and -Wextra flags to gcc
compilation flag. This will help to detect some stupid problems.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch fixes the computation of the allocation size for the query.
It was not taking into account the length of the name of the procedure.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
This patch suppress a dist-hook in Makefile.am which was related
to the suppression of some subversion related files.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
| |
We already check for latest library version, this checking
is not required anymore.
Reported-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
| |
|
| |
|
|
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
strerror function was used without inclusion of string.h. This patch
adds the include and fixes the warning.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
Fixes compilation of NFLOG and NFCT plugin when libnetfilter libraries
are installed under a non standard prefix. Include path and libs path
for libnetfilter_conntrack and libnetfilter_log were not correctly set even
if pkg-config found them.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
This patch modifies the SQL schema for MySQL and PostgreSQL to store
the mac address only once (instead of duplicating the mac address for
each packet). This is done by using a shared reference to the entry
containing the tuple (mac_address,mac_protocol).
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
|
|
|
|
|
|
|
| |
This patch fixes some messages in the NFCT and NFLOG input
plugin (end of line before quote). It also fixes indenting by
suppressing some spaces on empty line and replacing spaces by tab.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
Add stack example for MARK and update some wrong stacks.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
| |
This patch modifies plugins to use the already defined but not used
define. This also fixes some weird behaviours in error treatment (like
not stopping after OOM).
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
| |
The config file parsing was not able to parse integer given in hex notation.
This patch modify the parsing of configfile to be able to use different
integers notation.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
This module filters message by using the mark to decide wether or not a
packet or a flow has to be logged. It takes a mark and a mask option. It
demonstrates the usage of ULOGD_IRET_STOP which can be used to abort
iteration through the stack.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
When a plugin returns ULOGD_IRET_STOP, the propagation should
stop. This was not the case as break was used to do so but it was called
inside a switch and thus apply to the switch instruction and not to
the llist iteration.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
| |
crash due to ulogd_logfile set to a string allocated on stack by config_parse_file
|
|
|
|
|
|
|
|
|
| |
This patch fixes NFCT when hash_enable is 0. Limitation of treatment to
NFCT_DESTROY message type causes usage of the hashtable function and
hence a crash because it is not initiated.
Signed-off-by: regit <regit@ghlodit.inl.fr>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
| |
instead of being put in the new type ui128. The result was an improper value
of the IPv6 source add destination addresses.
|
| |
|
|
|
|
| |
is used (hash_enable=1 which is the default)
|
|
|
|
| |
entries depending on the event type parameter.
|
| |
|
|
|
|
| |
STOP timestamp for DESTROY packet
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This patch improves the overrun handling. The NFLOG plugin duplicates the
netlink buffer size if the size does not goes after the upper boundary.
This patch also introduces two new clauses, the netlink_socket_buffer_size
and netlink_socket_buffer_maxsize that set the size of the netlink socket
buffer.
|
|
|
|
|
|
| |
This patch cleans up the key building by breaking lines at 80 columns and
it fixes the IPv6 support (use of a pointer after free) by introducing a new
128 bit type.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch improves the overrun handling. The logic behind this patch
consists of two steps:
1) duplicate the netlink buffer size if the size does not goes after the
upper boundary.
2) scheduling a resynchronization (in two seconds) with the kernel conntrack
table if we hit ENOBUFS. During the resynchronization, the NFCT plugin dumps
the current table and purges the objects that do not exist anymore.
This patch also introduces two new clauses, the netlink_socket_buffer_size
and netlink_socket_buffer_maxsize that set the size of the netlink socket
buffer.
|
|
|
|
|
|
|
|
| |
This patch introduces a generic hashtable to store the nf_conntrack objects.
The objects are identified by the original and reply tuples instead of the
conntrack ID which is not dumped in the event message of linux kernel < 2.6.25.
This patch also fixes the NFCT_MSG_* by NFCT_T_* which is the appropriate
message type tag.
|
|
|
|
|
|
|
| |
can be used to determine if the packet has been dropped, rejected or accepted.
The meaning of label is completely user-defined.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
connections.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
|
|
|
|
|
| |
Update view_tcp_quad and view_udp_quad.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
| |
|
|
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
| |
NFLOG has been modified to support GID display. There is a problem as this
feature is only available in latest subversion of libnetfilter_log. This
patch made this feature optional:
* It detects if system support the nflog_get_gid() function
* Compilation of nflog_get_gid() related code is conditional
|
| |
|
| |
|