| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes the creation of the `daily' table. Now, we assume
that the table that we use are created before launching ulogd2.
This code is broken because you have to specify in the configuration
file that the table used is `daily', otherwise this `daily' table is
created and dropped during the daemon starting, but not used.
Moreover, the code explicit shows a message that it says:
/* FIXME make this configurable */
So, I think that this patch is the way to go :-).
This patch also documents the table creation in ulogd.sgml
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch fixes the following warning during the compilation:
ulogd_output_SQLITE3.c: In function ‘ulogd_find_key’:
ulogd_output_SQLITE3.c:292: warning: comparison between signed and unsigned integer expressions
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Move error handling after the switch statement since it's the same
for all cases, we save several lines of code.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
Use continue instead of goto inside loop. I don't need to scroll
up and down in the code to know what the jump is performing.
I think this improve code readability. It's a comestic cleanup,
of course.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
We only report the overrun once with this patch, instead of spamming
the ulogd.log file.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
With pkg-config variables, even a non-installed sqlite3 can be
configured easily.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
nfct_sizeof() allows memcpy() of ct objects, which violates the
library design (that aims to hide binary layout).
We use nfct_copy() with the override flag instead as added by
libnetfilter_conntrack 0.9.1.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch adds two configuration examples for sqlite3 to log
flows and packets.
We use two tables, one for packet logging information, and
another for flow-based information.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch imports the sqlite3 support from Holger.
I applied folded the following patches, that Harald passed to me
during the last Netfilter workshop, into one:
0001-ulog2-sqlite-port-to-v2.diff.patch
0002-ulog2-sqlite-prepare-fix.diff.patch
0003-ulogd-sqlite-new-logging.diff.patch
0004-ulogd-accounting-add-flow-start-day.patch
0005-ulogd-sqlite3-err-codes-fix.dif.patch
0006-ulogd-sqlite3-tbl-corrupt-fix.diff.patch
0007-ulogd-sqlite3-handle-schema-change.diff.patch
0008-SQLITE3-count-instead-of-log-table-busy-messags.patch
0009-ulogd-SQLITE-Added-flowstartsec.diff.patch
Harald passed them to me with no description, so applying them
separately does not provide more information.
I'll start adding patches on top on these so Holger can get in
sync with my work. This also can help him to take my patches
and to integrate them to his tree.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This is important for when the libraries are in a non-default path.
Also, libs must be listed in LDADD/LIBADD, not LDFLAGS.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
Modules - since they are dependent on the executable - generally go to
libexec/.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
The variable contains global libraries linked into every possible
object, which is unwanted. Clean up things.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds reference counting for plugins. This is used to fix
a double stop for input plugins that are reused.
This problem was reported by Salih Gonullu <sag@open.ch>:
http://marc.info/?l=netfilter&m=129439584700693&w=2
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This closes the following bug:
http://bugzilla.netfilter.org/show_bug.cgi?id=684
This problem was introduced with the XML output plugin.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
It is 1 by definition.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
PKG_CHECK_MODULES already produces its own (and more verbose) messsage
when a module cannot be found.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
|
| |
We must not override CFLAGS, because that will break when the user
overrides CFLAGS again at make time (which he is entitled to). So,
name our CFLAGS regular_CFLAGS, and also include that across all
Makefiles so that they are actually uesd for all the code.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
ulogd_output_LOGEMU.c:37:2: warning: #warning this libc does not
define HOST_NAME_MAX
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
| |
libtool automatically adds PIC flags as needed.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
This script uses the Net::Pcap Perl library to parse an pcap file and
send packets to ulogd2 throught the UNIXSOCK input module.
Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
|
|
|
|
|
|
|
|
|
| |
This input plugins creates a unix socket which can be used to log packets.
Scripts or applications can connect to the socket (only one client allowed
per socket) and send data in a Key-Length-Value format (including the
payload).
Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
|
|
|
|
|
|
| |
This patch fixes the handling of SIGHUP when a SQL plugin is used. A
freed structure was previoulsy used to build the request and this was
leading to a crash.
|
|
|
|
|
|
| |
This patch fixes the HWHDR plugin. The logic of the interaction with
exiting plugin was not correctly coded and this was leading to crashes
due to the lack of sanity check.
|
|
|
|
|
| |
This patch fixes configure message as pointed out by
http://bugzilla.netfilter.org/show_bug.cgi?id=594
|
|
|
|
| |
Mysql definition for NFCT usage was not correct.
|
|
|
|
|
|
| |
It seems that some version of MySQL were more delicate about comment
in procedure. THis patch fixes a problem with a procedure comment
and fix the inner code which was not using the correct variable.
|
|
|
|
|
|
|
| |
The use of delimiter was not correct in the MySQL schema. This patch
fixes this issue my correctly switching from ";" to "$$" when needed.
Based on a patch by Bruno Friedmann <bruno@ioda-net.ch>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the PCAP output plugin uses ip.totlen to determine both the
"len" and "caplen" pcap header fields, as well as the amount of packet
data written to the file. There are two issues with this:
- For obvious reasons it doesn't work for IPv6.
- AFAICT, in case of an incompletely captured packet (--nflog-range)
it will attempt to write out the whole packet, not just the part
captured.
This patch changes the behavior to:
- Use raw.pktlen to set the "caplen" field, and the amount of data
written.
- Determine the "len" (original length) field from ip.totlen or
ip6.payload_len if possible, default to the same value as "caplen"
otherwise.
Signed-off-by: Jan Andres <jandres@gmx.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch removes the IPFIX from the Makefile. Thus, we keep
it in the tree in the hope that we'll have time to finish it
in the future but don't compile it. This confuses users since
they think that it works.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
With this patch, we copy the conntrack object that we propagate
to the output plugin instances *only once*.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a bug that makes ulogd loops forever while
propagating inputs to the output plugin. It is reproducible
if you re-use three or more plugin instances. The problem is
that the parameters in the list addition are in incorrect
order.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a problem in configurations that use the NFCT
plugin as input in several stacks. The first plugin loaded contains
the hashtable and other important NFCT private data. Other plugin
instances of NFCT are dummies that are only used to store the
output keys.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch adds an infix to the XML file to avoid problems if we are
logging packets and flows at the same time. Thus, we create two
different XML files whose filename describes the sort of logging
information that it contains. It is also useful when listing files
at a quick sight.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This feature is useful for log-rotation.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch adds XML that allows to log information in XML for
ulogd2. It supports packet and flow-based accounting.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch fixes the following error that is displayed if we send
SIGHUP to reopen the logfile:
ulogd.c:904 select says Interrupted system call
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This patch fixes a crash if the output file was not correctly opened.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch is a cleanup to use ARRAY_SIZE in NFLOG and ULOG input
plugins.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ulogd2 from git won't start using filter IP2BIN. It gives the following error
message in the log:
<1> ulogd.c:670 traversing plugin `IP2BIN'
<1> ulogd.c:627 log4(NFLOG)
<1> ulogd.c:733 assigning `oob.family(?)' as source for IP2BIN(oob.family)
<7> ulogd.c:727 cannot find key `' in stack
<1> ulogd.c:863 destroying stack
Filling up ip2bin_inp[] declaration with missing section in
filter/ulogd_filter_IP2BIN.c solves the problem:
Signed-off-by: Christophe Fish <christophe.fish@free.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch fixes a feature that allows to force the logging of
the existing entries and reset the counters.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch fixes the number of options in NFCT that is
actually 8, not 7.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch splits event_handler into two functions:
event_handler_hashtable and event_handler_no_hashtable.
Thus, we register the appropriate handler during the
initialization time. This patch is a cleanup.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|