| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
This patch fixes NFCT when hash_enable is 0. Limitation of treatment to
NFCT_DESTROY message type causes usage of the hashtable function and
hence a crash because it is not initiated.
Signed-off-by: regit <regit@ghlodit.inl.fr>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
| |
instead of being put in the new type ui128. The result was an improper value
of the IPv6 source add destination addresses.
|
| |
|
|
|
|
| |
is used (hash_enable=1 which is the default)
|
|
|
|
| |
entries depending on the event type parameter.
|
| |
|
|
|
|
| |
STOP timestamp for DESTROY packet
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This patch improves the overrun handling. The NFLOG plugin duplicates the
netlink buffer size if the size does not goes after the upper boundary.
This patch also introduces two new clauses, the netlink_socket_buffer_size
and netlink_socket_buffer_maxsize that set the size of the netlink socket
buffer.
|
|
|
|
|
|
| |
This patch cleans up the key building by breaking lines at 80 columns and
it fixes the IPv6 support (use of a pointer after free) by introducing a new
128 bit type.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch improves the overrun handling. The logic behind this patch
consists of two steps:
1) duplicate the netlink buffer size if the size does not goes after the
upper boundary.
2) scheduling a resynchronization (in two seconds) with the kernel conntrack
table if we hit ENOBUFS. During the resynchronization, the NFCT plugin dumps
the current table and purges the objects that do not exist anymore.
This patch also introduces two new clauses, the netlink_socket_buffer_size
and netlink_socket_buffer_maxsize that set the size of the netlink socket
buffer.
|
|
|
|
|
|
|
|
| |
This patch introduces a generic hashtable to store the nf_conntrack objects.
The objects are identified by the original and reply tuples instead of the
conntrack ID which is not dumped in the event message of linux kernel < 2.6.25.
This patch also fixes the NFCT_MSG_* by NFCT_T_* which is the appropriate
message type tag.
|
|
|
|
|
|
|
| |
can be used to determine if the packet has been dropped, rejected or accepted.
The meaning of label is completely user-defined.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
connections.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
|
|
|
|
|
| |
Update view_tcp_quad and view_udp_quad.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
| |
|
|
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
| |
NFLOG has been modified to support GID display. There is a problem as this
feature is only available in latest subversion of libnetfilter_log. This
patch made this feature optional:
* It detects if system support the nflog_get_gid() function
* Compilation of nflog_get_gid() related code is conditional
|
| |
|
| |
|
|
|
|
|
| |
I have no idea what the intention behind this change was, but it
seems bogus, the output format should (mostly) match ipt_LOG.
|
|
|
|
|
|
|
|
|
| |
Due to the modifications done to be able to use multiple time the SOURCE
plugin, a single instance of database output plugin could not anymore be
used in separate stack. This patch fixes this by limiting the effect of
the previous modification on SOURCE plugin.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
| |
Signed-off-by: Anton Vazir <anton.vazir@gmail.com>
|
|
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
some stack to take my latest patches into account.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
accross the stack NFCT IP2BIN MYSQL.In fact IP2BIN out .bin suffixed
fields.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
This patch introduces a explicit list of input keys and obtains IPv6
compliance by using IP2STR output as input for IP address.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
|
| |
have now to be used with a defined IP storage type.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
detection.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
plugin. To be able to send IP addresses to the IP2STR and IP2BIN module
oob.family and oob.protocol keys have been added.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
This patch change the input key of the module to use conversion made by the
IP2STR module.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
address to be transformed in a string not really related to the real Ipv6
address.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
for flow display.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
misbehaviour was also causing to read datas out of the correct range.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
patch also removes mac_daddr which does not provide any interesting
logging information.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
of conversion to string of MAC address. It is used by database
output plugin to store MAC related information.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
interger. This patch fix this in the ULOG module.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
interger. This patch fix this in the NFLOG module.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the db.c file for PgSQL and MySQL. In case of problem during request execution
a new connection to the database was immediatly started without closing the
previous one. The consequence was to block the database by having too much
simultaneous open connections.
This patch fixes the problem by disconnectinng from the database after a
request failure and trying to reconnect after a delay which is by default
of 2 secondes. This delay can be customized via the reconnect configuration
variable in the database configuration section.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
|
| |
to display event type in textual output modules. Here's an output example:
[DESTROY] ORIG: SRC=192.168.1.2 DST=192.168.1.255 PROTO=UDP SPT=631 DPT=631 \\
PKTS=1 BYTES=197 , REPLY: SRC=192.168.1.255 DST=192.168.1.2 \\
PROTO=UDP SPT=631 DPT=631 PKTS=0 BYTES=0
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
- event mask is now configurable though the event_mask configuration variable
- event type is now stored in the ct.event output key. This can be used to
display the information or to use it to implement some tracking algorithm in
userspace.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
loading and stack example.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
able to use multiple time the same instance of NFCT.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
by duplicating the interpretation of the message.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
by duplicating the interpretation of the message.
Signed-off-by: Eric Leblond <eric@inl.fr>
|