summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* This patch adds support of event type display in printflow filter. This is used/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-262-1/+21
| | | | | | | | | | to display event type in textual output modules. Here's an output example: [DESTROY] ORIG: SRC=192.168.1.2 DST=192.168.1.255 PROTO=UDP SPT=631 DPT=631 \\ PKTS=1 BYTES=197 , REPLY: SRC=192.168.1.255 DST=192.168.1.2 \\ PROTO=UDP SPT=631 DPT=631 PKTS=0 BYTES=0 Signed-off-by: Eric Leblond <eric@inl.fr>
* This patch contains two linked modifications in NFCT input plugin:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-261-18/+37
| | | | | | | | | - event mask is now configurable though the event_mask configuration variable - event type is now stored in the ct.event output key. This can be used to display the information or to use it to implement some tracking algorithm in userspace. Signed-off-by: Eric Leblond <eric@inl.fr>
* This patch updates included configuration file example by adding some plugins/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-261-0/+11
| | | | | | loading and stack example. Signed-off-by: Eric Leblond <eric@inl.fr>
* This patch adds support for duplication of the message to be/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-251-0/+10
| | | | | | able to use multiple time the same instance of NFCT. Signed-off-by: Eric Leblond <eric@inl.fr>
* A specific instance of NFLOG can now be use in multiple stacks. This is done/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-251-0/+6
| | | | | | by duplicating the interpretation of the message. Signed-off-by: Eric Leblond <eric@inl.fr>
* An instance of NFLOG can now be use in multiple stacks. This is done/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-251-1/+10
| | | | | | by duplicating the interpretation of the message. Signed-off-by: Eric Leblond <eric@inl.fr>
* This patch adds plist a linked list to the pluginstance/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-252-0/+4
| | | | | | | | structure. It can be used by input modules to duplicate an entry. This solves the issue of not being able to use the same plugin instance twice. Signed-off-by: Eric Leblond <eric@inl.fr>
* When a plugin instance is used in multiple stack it is not necessary to/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-251-5/+27
| | | | | | call the start function for each stack. Signed-off-by: Eric Leblond <eric@inl.fr>
* Minor indentation fix in ulogd_inppkt_NFLOG.c./C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-251-1/+1
| | | | Signed-off-by: Eric Leblond <eric@inl.fr>
* IP2BIN filter convert IP address from host storage to a "binary" string which/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-253-7/+11
| | | | | | | | | | | can be use by MySQL. This is not strictly speaking raw data but it was of type RAW. Following remark from Hugo Mildenberger, I introduce in this patch a dedicated type ULOGD_RET_RAWSTR. The main reason not to use a ULOGD_RET_STRING parameter is that the paramater is not human readable. Signed-off-by: Eric Leblond <eric@inl.fr>
* This patch adds oob.hook to the list of fields export to the databases. This/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-252-14/+23
| | | | | | | adds the capability to know where the packet has been logged and will be used to make a link between connection and logged packets. Signed-off-by: Eric Leblond <eric@inl.fr>
* add missing timer.h/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-221-0/+26
|
* Improve fd_sets handling. Based on a previous patch from Holger Eitzenberger./C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-191-20/+34
|
* - implement a synchronous timer framework/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-199-155/+687
| | | | - fix crash when enabling pollinterval clause in flow-based accounting
* Sends one message for each connection event instead of two/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-191-68/+168
| | | | Signed-off-by: Eric Leblond <eric@inl.fr>
* This patch adds a sample configuration for logging with ebtables through ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-191-1/+15
| | | | | | nflog out to LOGEMU and SYSLOG. It also fixes a config bug with ipv6 (log2) Signed-off-by: Peter Warasin <peter@endian.com>
* adds AF_BRIDGE support to IP2STR/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-191-17/+71
| | | | | | This patch make the ip address string converter AF_BRIDGE compatible and add ip address ARP keys in order to make them also convert. Signed-off-by: Peter Warasin <peter@endian.com>
* This patch adds support for AF_BRIDGE to the PRINTPKT plugin, which allows ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-192-0/+89
| | | | | | to form log lines for packets coming from ebtables. Currently it supports IPv4, IPv6 and ARP. Signed-off-by: Peter Warasin <peter@endian.com>
* Adds AF_BRIDGE and ARP header interpreter to BASE plugin/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-191-2/+130
| | | | | | This patch adds an AF_BRIDGE interpreter to ulogd_raw2packet_BASE plugin, which allows to log packets coming from ebtables. It also adds an ARP header decoder. Signed-off-by: Peter Warasin <peter@endian.com>
* revert r7369 until clarified/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-141-125/+2
|
* Adds AF_BRIDGE and ARP header interpreter to BASE plugin/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-141-2/+125
| | | | | | | | | This patch adds an AF_BRIDGE interpreter to ulogd_raw2packet_BASE plugin, which allows to log packets coming from ebtables. It also adds an ARP header decoder. Signed-off-by: Peter Warasin <peter@endian.com>
* Adds input key enumeration in order to address the fields/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-141-4/+12
| | | | | | | with symbols instead of numbers. Shortens the lines by the use of GET_VALUE() Signed-off-by: Peter Warasin <peter@endian.com>
* Eric Leblond <eric@inl.fr>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-101-4/+13
| | | | Document the difference between IPv4 and IPv6 logging.
* revert r7348/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-103-23/+33
|
* From: Eric Leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-092-0/+8
| | | | Add UID display to PRINTPKT filter.
* From: Eric Leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-091-0/+14
| | | | Add support for UID dumping to NFLOG input plugin.
* From: Pierre Chifflier <chifflier@inl.fr> and Eric Leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-092-12/+110
| | | | Add Icmpv6 support to SQL schema.
* From: Eric Leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-095-18/+5
| | | | | | | Some macros were defined several time. This was the case of GET_VALUE, pp_is_valid. This patch puts the definition in ulogd.h and fixes the definition of pp_is_valid which was wrong (causing segfault by acessing to fields at NULL).
* From: Eric Leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-091-2/+2
| | | | The treatment of the return of some functions from libnetfilter_log API was wrong and this was preventing some fields to be propagated through the stack.
* From: Eric Leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-091-9/+21
| | | | | | This patch adds some examples of stack to the configuration file. It also fixes some comments to avoid confusion. IP2BIN has been added to the list of loaded modules.
* From: Eric Leblond <eric@inl.fr>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-091-1/+1
| | | | Fix a crash in ulogd2 when dealing with default value given as string.
* From: Eric Leblond <eric@inl.fr>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-093-33/+23
| | | | | | | | | | | | When using NFLOG or ULOG, obb.family (protocol IPv4 or IPv6) has to be setup manually in ulogd.conf configuration file. This is used by the BASE filter to properly parse the packet. This patch suppress oob.family as output keys of NFLOG and ULOG and let the BASE filter determine the family of the packet by itself (by parsing the raw header). A good side effect is to be able to log in IPv6 and IPv4 in the same group. Before that, two loggers have to be setup separatly.
* From Eric Leblond <eric@inl.fr>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-077-589/+51
| | | | | | | This patch modify ulogd_filter_IFINDEX to use libnfnetlink for index to interface name mapping instead of using local version. This requires at least libnfnetlink 0.0.30. This dependancy is checked in configure (thanks to Sebastien Tricaud for his patch).
* remove old mysql and pgsql definitions/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-034-195/+1
|
* From: Pierre Chifflier <chifflier@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-032-84/+72
| | | | | This patch fixes the type of some fields in the SQL schema to sync with datatype of the corresponding ulogd2 keys.
* From: Eric leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-031-4/+1
| | | | Description of ULOGD_RET_IPADDR was incorrect in information display mode.
* From: Eric leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-031-0/+28
| | | | | This patch adds an state extension to SQL schema. This can be used to store the information about the packet being dropped or accepted.
* From: Pierre Chifflier <chifflier@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-031-4/+4
| | | | | SQL standard says a function has to be called with SELECT and not CALL. This patch modify code accordingly.
* From: Eric leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-031-2/+2
| | | | This patch fixes some small typo in MySQL schema.
* From: Pierre Chifflier <chifflier@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-032-75/+170
| | | | This patch adds oob_family to the schema. Thus it is now possible to easily select IPv4 or IPv6 entries in the database. This patch also explicitly selects fields to create view.
* From: Pierre Chifflier <chifflier@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-031-0/+5
| | | | | Change from procedure to function in mysql schema adds the need to free MySQL result after request.
* From: Eric leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-031-0/+4
| | | | | With this patch, BASE filter module is able fill oob_family when parsing IPv6 address.
* From: Eric leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-031-0/+1
| | | | OOB_FAMILY output was not set by NFLOG because the key was not set as valid.
* From: Eric leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-031-0/+2
| | | | Fix a bug in IPv4 output of IP2BIN module.
* From: Eric Leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-031-3/+1
| | | | | MySQL need no to be able to print RAW data to be able to display IP addresses.
* From: Eric Leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-031-5/+2
| | | | Fix description and indenting (cleanups)
* From: Eric leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-032-1/+220
| | | | | This module convert IP from internal notation to a string in binary notation which is used by the MySQL output plugin.
* From: Pierre Chifflier <chifflier@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-031-1/+2
| | | | Mark ID as inactive (sequence in pg schema)
* From: Pierre Chifflier <chifflier@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-031-2/+2
| | | | Fix incorrect options for PGsql module.
* From: Eric leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-034-45/+21
| | | | | - This patch suppress key relative to IPv6 address because IPv4 and IPv6 can be stored in the same key. - Add missing IP2STR line to ulogd.conf.in