| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
This patch make the ip address string converter AF_BRIDGE compatible and add ip address ARP keys in order to make them also convert.
Signed-off-by: Peter Warasin <peter@endian.com>
|
|
|
|
|
|
| |
to form log lines for packets coming from ebtables. Currently it supports IPv4, IPv6 and ARP.
Signed-off-by: Peter Warasin <peter@endian.com>
|
|
|
|
|
|
| |
This patch adds an AF_BRIDGE interpreter to ulogd_raw2packet_BASE plugin, which allows to log packets coming from ebtables. It also adds an ARP header decoder.
Signed-off-by: Peter Warasin <peter@endian.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch adds an AF_BRIDGE interpreter to
ulogd_raw2packet_BASE plugin, which allows to log
packets coming from ebtables.
It also adds an ARP header decoder.
Signed-off-by: Peter Warasin <peter@endian.com>
|
|
|
|
|
|
|
| |
with symbols instead of numbers.
Shortens the lines by the use of GET_VALUE()
Signed-off-by: Peter Warasin <peter@endian.com>
|
|
|
|
| |
Document the difference between IPv4 and IPv6 logging.
|
| |
|
|
|
|
| |
Add UID display to PRINTPKT filter.
|
|
|
|
| |
Add support for UID dumping to NFLOG input plugin.
|
|
|
|
| |
Add Icmpv6 support to SQL schema.
|
|
|
|
|
|
|
| |
Some macros were defined several time. This was the case of GET_VALUE,
pp_is_valid. This patch puts the definition in ulogd.h and fixes the
definition of pp_is_valid which was wrong (causing segfault by acessing to
fields at NULL).
|
|
|
|
| |
The treatment of the return of some functions from libnetfilter_log API was wrong and this was preventing some fields to be propagated through the stack.
|
|
|
|
|
|
| |
This patch adds some examples of stack to the configuration file.
It also fixes some comments to avoid confusion. IP2BIN has been
added to the list of loaded modules.
|
|
|
|
| |
Fix a crash in ulogd2 when dealing with default value given as string.
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using NFLOG or ULOG, obb.family (protocol IPv4 or IPv6) has
to be setup manually in ulogd.conf configuration file. This is
used by the BASE filter to properly parse the packet. This
patch suppress oob.family as output keys of NFLOG and ULOG and let
the BASE filter determine the family of the packet by itself (by
parsing the raw header).
A good side effect is to be able to log in IPv6 and IPv4 in the
same group. Before that, two loggers have to be setup separatly.
|
|
|
|
|
|
|
| |
This patch modify ulogd_filter_IFINDEX to use libnfnetlink for index to
interface name mapping instead of using local version. This requires at least
libnfnetlink 0.0.30. This dependancy is checked in configure (thanks to
Sebastien Tricaud for his patch).
|
| |
|
|
|
|
|
| |
This patch fixes the type of some fields in the SQL schema to sync
with datatype of the corresponding ulogd2 keys.
|
|
|
|
| |
Description of ULOGD_RET_IPADDR was incorrect in information display mode.
|
|
|
|
|
| |
This patch adds an state extension to SQL schema. This can be used to store
the information about the packet being dropped or accepted.
|
|
|
|
|
| |
SQL standard says a function has to be called with SELECT and not CALL.
This patch modify code accordingly.
|
|
|
|
| |
This patch fixes some small typo in MySQL schema.
|
|
|
|
| |
This patch adds oob_family to the schema. Thus it is now possible to easily select IPv4 or IPv6 entries in the database. This patch also explicitly selects fields to create view.
|
|
|
|
|
| |
Change from procedure to function in mysql schema adds the need to free MySQL
result after request.
|
|
|
|
|
| |
With this patch, BASE filter module is able fill oob_family when parsing IPv6
address.
|
|
|
|
| |
OOB_FAMILY output was not set by NFLOG because the key was not set as valid.
|
|
|
|
| |
Fix a bug in IPv4 output of IP2BIN module.
|
|
|
|
|
| |
MySQL need no to be able to print RAW data to be able to display
IP addresses.
|
|
|
|
| |
Fix description and indenting (cleanups)
|
|
|
|
|
| |
This module convert IP from internal notation to a string in binary notation
which is used by the MySQL output plugin.
|
|
|
|
| |
Mark ID as inactive (sequence in pg schema)
|
|
|
|
| |
Fix incorrect options for PGsql module.
|
|
|
|
|
| |
- This patch suppress key relative to IPv6 address because IPv4 and IPv6 can be stored in the same key.
- Add missing IP2STR line to ulogd.conf.in
|
|
|
|
| |
This module is a generic module which is used to convert an IP from internal representation to string representation. This is a task needed by several modules like printpkt or pgsql. This module factorizes the code.
|
|
|
|
| |
MySQL client library does not reconnect automatically since 5.0.
|
|
|
|
| |
Request at least autoconf 2.50 (needed for large file support macro).
|
|
|
|
|
| |
Display filename in the other error case.
Based on Marius Tomaschewski work.
|
|
|
|
|
| |
Changed to show pcap file name when open failed.
Based on Marius Tomaschewski work.
|
|
|
|
|
| |
Put O at the real end of the string.
Based on Marius Tomaschewski work.
|
|
|
|
|
| |
Add some missing line break.
Based on Marius Tomaschewski work.
|
|
|
|
|
| |
For OPRINT, changed sighup_handler_print to fallback to continue using old descriptor on new file opening failure.
Based on Marius Tomaschewski work.
|
|
|
|
|
| |
Added explicit null termination of the hostname buffer
This patch is a backport of Marius Tomaschewski <mt@suse.de> work on ulogd.
|
|
|
|
|
|
| |
Changed sighup_handler_print to fallback to continue using old descriptor on new file opening failure.
This patch is a backport of Marius Tomaschewski <mt@suse.de> work on ulogd.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is difficult to find how to configure a plugin. This patch adds an info
option which can be used to display:
* Name
* Configuration variables
* Input keys
* Output keys
Output example:
/opt/ulogd2/sbin/ulogd --info /opt/ulogd2/lib/ulogd/ulogd_filter_IFINDEX.so
Name: IFINDEX
Input keys:
Key: oob.ifindex_in (unsigned int 32)
Key: oob.ifindex_out (unsigned int 32)
Output keys:
Key: oob.in (string)
Key: oob.out (string)
|
|
|
|
|
| |
This patch update the printflow output module to be able to print a
whole conntrack entry on a single line.
|
|
|
|
| |
This patch clarifies code which will be modified in next patch.
|
|
|
|
| |
Add insert functions for the PostgreSQL version
|
|
|
|
|
|
|
|
|
| |
This patch adds new SQL schema for MySQL and PGsql. The goal is to improve the one line per entry format. There is no more a big table with all fields because this sort of storage is causing bad performance (databases don't like to have a lot of NULL fields to store).
Main changes are :
* Add new schema for MySQL and PGsql
* Use call to configurable procedure in SQL OUTPUT modules
* Arguments of a procedure are given by the list of fields of a selected table
|
|
|
|
| |
renice to -1 on startup
|