| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
interger. This patch fix this in the ULOG module.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
interger. This patch fix this in the NFLOG module.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the db.c file for PgSQL and MySQL. In case of problem during request execution
a new connection to the database was immediatly started without closing the
previous one. The consequence was to block the database by having too much
simultaneous open connections.
This patch fixes the problem by disconnectinng from the database after a
request failure and trying to reconnect after a delay which is by default
of 2 secondes. This delay can be customized via the reconnect configuration
variable in the database configuration section.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
|
| |
to display event type in textual output modules. Here's an output example:
[DESTROY] ORIG: SRC=192.168.1.2 DST=192.168.1.255 PROTO=UDP SPT=631 DPT=631 \\
PKTS=1 BYTES=197 , REPLY: SRC=192.168.1.255 DST=192.168.1.2 \\
PROTO=UDP SPT=631 DPT=631 PKTS=0 BYTES=0
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
- event mask is now configurable though the event_mask configuration variable
- event type is now stored in the ct.event output key. This can be used to
display the information or to use it to implement some tracking algorithm in
userspace.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
loading and stack example.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
able to use multiple time the same instance of NFCT.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
by duplicating the interpretation of the message.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
by duplicating the interpretation of the message.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
| |
structure. It can be used by input modules to duplicate an
entry. This solves the issue of not being able to use the same
plugin instance twice.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
call the start function for each stack.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
|
|
| |
can be use by MySQL. This is not strictly speaking raw data but it was of type
RAW.
Following remark from Hugo Mildenberger, I introduce in this patch a dedicated
type ULOGD_RET_RAWSTR. The main reason not to use a ULOGD_RET_STRING parameter
is that the paramater is not human readable.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
adds the capability to know where the packet has been logged and will be used
to make a link between connection and logged packets.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
| |
|
|
|
|
| |
- fix crash when enabling pollinterval clause in flow-based accounting
|
|
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
nflog out to LOGEMU and SYSLOG. It also fixes a config bug with ipv6 (log2)
Signed-off-by: Peter Warasin <peter@endian.com>
|
|
|
|
|
|
| |
This patch make the ip address string converter AF_BRIDGE compatible and add ip address ARP keys in order to make them also convert.
Signed-off-by: Peter Warasin <peter@endian.com>
|
|
|
|
|
|
| |
to form log lines for packets coming from ebtables. Currently it supports IPv4, IPv6 and ARP.
Signed-off-by: Peter Warasin <peter@endian.com>
|
|
|
|
|
|
| |
This patch adds an AF_BRIDGE interpreter to ulogd_raw2packet_BASE plugin, which allows to log packets coming from ebtables. It also adds an ARP header decoder.
Signed-off-by: Peter Warasin <peter@endian.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch adds an AF_BRIDGE interpreter to
ulogd_raw2packet_BASE plugin, which allows to log
packets coming from ebtables.
It also adds an ARP header decoder.
Signed-off-by: Peter Warasin <peter@endian.com>
|
|
|
|
|
|
|
| |
with symbols instead of numbers.
Shortens the lines by the use of GET_VALUE()
Signed-off-by: Peter Warasin <peter@endian.com>
|
|
|
|
| |
Document the difference between IPv4 and IPv6 logging.
|
| |
|
|
|
|
| |
Add UID display to PRINTPKT filter.
|
|
|
|
| |
Add support for UID dumping to NFLOG input plugin.
|
|
|
|
| |
Add Icmpv6 support to SQL schema.
|
|
|
|
|
|
|
| |
Some macros were defined several time. This was the case of GET_VALUE,
pp_is_valid. This patch puts the definition in ulogd.h and fixes the
definition of pp_is_valid which was wrong (causing segfault by acessing to
fields at NULL).
|
|
|
|
| |
The treatment of the return of some functions from libnetfilter_log API was wrong and this was preventing some fields to be propagated through the stack.
|
|
|
|
|
|
| |
This patch adds some examples of stack to the configuration file.
It also fixes some comments to avoid confusion. IP2BIN has been
added to the list of loaded modules.
|
|
|
|
| |
Fix a crash in ulogd2 when dealing with default value given as string.
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using NFLOG or ULOG, obb.family (protocol IPv4 or IPv6) has
to be setup manually in ulogd.conf configuration file. This is
used by the BASE filter to properly parse the packet. This
patch suppress oob.family as output keys of NFLOG and ULOG and let
the BASE filter determine the family of the packet by itself (by
parsing the raw header).
A good side effect is to be able to log in IPv6 and IPv4 in the
same group. Before that, two loggers have to be setup separatly.
|
|
|
|
|
|
|
| |
This patch modify ulogd_filter_IFINDEX to use libnfnetlink for index to
interface name mapping instead of using local version. This requires at least
libnfnetlink 0.0.30. This dependancy is checked in configure (thanks to
Sebastien Tricaud for his patch).
|
| |
|
|
|
|
|
| |
This patch fixes the type of some fields in the SQL schema to sync
with datatype of the corresponding ulogd2 keys.
|
|
|
|
| |
Description of ULOGD_RET_IPADDR was incorrect in information display mode.
|
|
|
|
|
| |
This patch adds an state extension to SQL schema. This can be used to store
the information about the packet being dropped or accepted.
|
|
|
|
|
| |
SQL standard says a function has to be called with SELECT and not CALL.
This patch modify code accordingly.
|
|
|
|
| |
This patch fixes some small typo in MySQL schema.
|
|
|
|
| |
This patch adds oob_family to the schema. Thus it is now possible to easily select IPv4 or IPv6 entries in the database. This patch also explicitly selects fields to create view.
|
|
|
|
|
| |
Change from procedure to function in mysql schema adds the need to free MySQL
result after request.
|
|
|
|
|
| |
With this patch, BASE filter module is able fill oob_family when parsing IPv6
address.
|
|
|
|
| |
OOB_FAMILY output was not set by NFLOG because the key was not set as valid.
|
|
|
|
| |
Fix a bug in IPv4 output of IP2BIN module.
|
|
|
|
|
| |
MySQL need no to be able to print RAW data to be able to display
IP addresses.
|
|
|
|
| |
Fix description and indenting (cleanups)
|
|
|
|
|
| |
This module convert IP from internal notation to a string in binary notation
which is used by the MySQL output plugin.
|