summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* configure: add flag to disable NFACCT buildEric Leblond2012-11-043-4/+17
| | | | | | It is now possible to pass the --disable-nfacct flag to disable compilation of NFACCT input plugin. Doing this the build of ulogd is possible on system where nfacct is not available.
* autoconf/ulogd: fix broken libpcap AM_CONDITIONALGustavo Zacarias2012-10-101-1/+1
| | | | | | | | The AM_CONDITIONAL lacks the opening bracket, hence it always evaluates as true, even if there's no libpcap found thus causing build breakage. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* bump version to 2.0.1ulogd-2.0.1Pablo Neira Ayuso2012-10-081-4/+4
| | | | | | | And update library dependency. Push users to upgrade to get fixes from library releases. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ipfix: fix bracket imbalance if IPPROTO_SCTP is definedThomas Jarosch2012-08-061-0/+1
| | | | | | | Detected by cppcheck. Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: update copyright and authors informationPablo Neira Ayuso2012-08-032-1/+5
| | | | | | | | Include Eric and myself in the copyright notice and the AUTHORS file since we're the most recurrent contributors (of course, after the original author of this software, Harald Welte). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* filter: IP2HBIN: fix compilation warning with gcc-4.7Pablo Neira Ayuso2012-08-031-1/+0
| | | | | | | ulogd_filter_IP2HBIN.c: In function 'interp_ip2hbin': ulogd_filter_IP2HBIN.c:122:6: warning: unused variable 'fret' [-Wunused-variable] Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ulogd.conf: slightly expand documentation on zerocounter option for nfacctPablo Neira Ayuso2012-08-031-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfacct: add timestamp optionEric Leblond2012-08-032-1/+34
| | | | | | | | | This patch adds a timestamp option to the nfacct plugin. If activated, nfacct output a timestamp which is computed just after sending the nfacct request. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: fix version that -V displaysPablo Neira Ayuso2012-08-0329-33/+31
| | | | | | | It was wrong, use VERSION constant which uses the version information available in configure.ac. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* input: NFCT: fix compilation warning with gcc-4.7Pablo Neira Ayuso2012-08-031-2/+0
| | | | | | | | CC ulogd_inpflow_NFCT_la-ulogd_inpflow_NFCT.lo ulogd_inpflow_NFCT.c: In function 'configure_nfct': ulogd_inpflow_NFCT.c:977:28: warning: unused variable 'cpi' [-Wunused-variable] Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* pgsql: only disable key if it starts with underscoreEric Leblond2012-08-031-2/+3
| | | | | | | | | | ulogd2 was magically making inactive the first key of description table. This patch improves this system by only doing so when the key start with an undescore. This way, system like nfacct which do not have a primary key can be implemented easily. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* pgsql schema: fix timestamp default valueEric Leblond2012-08-031-1/+1
| | | | | | | | | Set timestamp default value to now() not now which is the time at table creation. Reported-by: Mr Dash Four <mr.dash.four@googlemail.com> Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* pgsql schema: add nfacct tableEric Leblond2012-08-032-0/+30
| | | | | | | | This patch adds a nfacct table to the postgresql schema. It enables the storage of all counters at each poll. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfacct: add variable to not zero counter after readEric Leblond2012-08-032-9/+22
| | | | | | | | | | | | The default nfacct input plugin zeroes counter after each read. This is a limitation as other software can't use the counter at the same time as ulogd2. This patch adds the zerocounter variable to the NFACCT input plugin. If set to zero, the counters are not zeroed. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* sqlite3: Add more logging if database initialization fails.Michael Tremer2012-07-231-2/+6
| | | | | Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: fix crash in polling mode if used by two stacksEric Leblond2012-07-201-5/+5
| | | | | | | | | | | | The polling timer initialisation code was put in the configurator code. It was then created for all instances. But only first one has a valid NFCT handle. This was resulting in a crash. This patch moves the timer initialisation in the constructor which is called only once on the main NFCT instance. Signed-off-by: Eric Leblond <eric@regit.org> Reported-by: Gomathivinayagam Muthuvinayagam <sankarmail@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* output: XML: display time for NFACCTPablo Neira Ayuso2012-06-222-2/+3
| | | | | | <obj><name>test</name><pkts>00000000000000000000</pkts><bytes>00000000000000000000</bytes><hour>17</hour><min>46</min><sec>47</sec><wday>6</wday><day>22</day><month>6</month><year>2012</year></obj> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* output: XML: support for NFACCT input pluginPablo Neira Ayuso2012-06-224-5/+44
| | | | | | | | | This patch extends XML plugin to support NFACCT. You can use the following line in ulogd.conf to test it: stack=acct1:NFACCT,xml1:XML Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add ULOGD_DTYPE_SUM for nfacct-based accountingPablo Neira Ayuso2012-06-223-3/+4
| | | | | | This new type will be used in flow-up patch to support XML output. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: require 1.0.0 of all librariesulogd-2.0.0Pablo Neira Ayuso2012-06-171-2/+2
| | | | | | | Bump library version requirement to relatively recent releases of all libraries (ie. 1.0.0 release). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: bump release version to 2.0.0Pablo Neira Ayuso2012-06-171-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: add documentation for SIGUSR2Björn Lässig2012-06-091-0/+3
| | | | | | | | | Signal SIGUSR2 makes plugin ulogd_inpflow_NFCT to * dump conntrack table * flush counters Signed-off-by: Björn Lässig <laessig@bitformer.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* pcap: resolve unreliable detectionJan Engelhardt2012-06-052-6/+5
| | | | | | | | | | | | pcap is not found reliably by either --with-pcap=%_prefix or --with-pcap-lib=%_libdir --with-pcap-inc=%_includedir. If you have any special paths, just use ./configure CPPFLAGS="-I/my/pcap" LDFLAGS="-L/my/pcap" (And -lpcap is already known so no need to specify that.) Signed-off-by: Jan Engelhardt <jengelh@inai.de>
* nfacct: resolve build failureJan Engelhardt2012-06-051-3/+3
| | | | | | | | | | | CC ulogd_inpflow_NFACCT_la-ulogd_inpflow_NFACCT.lo ulogd_inpflow_NFACCT.c:24:27: fatal error: libmnl/libmnl.h: No such file or directory compilation terminated. LIBS is not interchangeable with C(PP)FLAGS. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
* sqlite: resolve compiler warningsJan Engelhardt2012-06-051-1/+1
| | | | | | | | | | | | | | | | In file included from /usr/include/string.h:642:0, from ulogd_output_SQLITE3.c:34: In function 'strncat', inlined from 'db_count_cols' at ulogd_output_SQLITE3.c:306:9, inlined from 'sqlite3_init_db' at ulogd_output_SQLITE3.c:328:11: /usr/include/bits/string3.h:152:3: warning: call to __builtin___strncat_chk might overflow destination buffer [enabled by default] I: Statement might be overflowing a buffer in strncat. Common mistake: BAD: strncat(buffer,charptr,sizeof(buffer)) is wrong, it takes the left over size as 3rd argument GOOD: strncat(buffer,charptr,sizeof(buffer)-strlen(buffer)-1) E: ulogd2 bufferoverflowstrncat ulogd_output_SQLITE3.c:328:11 Signed-off-by: Jan Engelhardt <jengelh@inai.de>
* build: use pkglibdir instead of pkglibexecdir for automakeBjörn Lässig2012-05-1813-36/+36
| | | | | | | | | | | This fixes the following problem while running `autoreconf -fi` `pkglibexecdir' is not a legitimate directory for `LTLIBRARIES' variable `ulogd_filter_PRINTPKT_la_SOURCES' is defined but no program or library has `ulogd_filter_PRINTPKT_la' as canonical name (possible typo) Signed-off-by: Björn Lässig <laessig@bitformer.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: add `reliable' config option to enable reliable flow-based loggingPablo Neira Ayuso2012-03-052-1/+19
| | | | | | | | | | | | Reliability comes at the cost of dropping new flows if the destroy event that ctnetlink delivers to us is lost. Under heavy stress this may imply dropping packets, you've been warned. If you do want not to lose one single flow-logging information, enable this. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ulogd2 / DBI / table nameHarald Welte2012-02-241-1/+4
| | | | | | | | | | | | | DBI: allow to define table name via table config option While using the DBI plugin of ulogd2 for NFCT based accounting, despite using table="conntrack", it always insisted in using the table "ulog" for deriving the keys/columns to be stored. I've hacked up a quick fix, and it seems to work as expected (though no proper null termination after strncpy). Signed-off-by: Harald Welte <laforge@netfilter.org>
* src: add example use of GPRINT to ulogd.conf.in configuration filePablo Neira Ayuso2012-02-221-3/+5
| | | | | | | | | | | | | | | Example on how this display one conntrack: timestamp=2012/02/22-13:16:54,orig.ip.saddr=192.168.1.129,orig.ip.daddr=173.194.34.235,orig.ip.protocol=6,orig.l4.sport=58221,orig.l4.dport=80,orig.raw.pktlen=1206,orig.raw.pktcount=4,reply.ip.saddr=173.194.34.235,reply.ip.daddr=192.168.1.129,reply.ip.protocol=6,reply.l4.sport=80,reply.l4.dport=58221,reply.raw.pktlen=1104,reply.raw.pktcount=3,ct.mark=0,ct.id=846180008,ct.event=4,flow.end.sec=1329913014,flow.end.usec=413771,oob.family=2,oob.protocol=0 and one NFLOG line look like this timestamp=2012/02/22-13:21:24,raw.pktlen=40,raw.pktcount=1,oob.prefix=test,oob.time.sec=1329913284,oob.time.usec=226795,oob.mark=0,oob.ifindex_in=3,oob.hook=1,raw.mac_len=14,oob.family=2,oob.protocol=2048,raw.label=0,raw.type=1,raw.mac.addrlen=6 People that like parsing comma-separated key-value files will like this. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* input: add nfacct pluginPablo Neira Ayuso2012-02-229-2/+326
| | | | | | This patch adds the nfacct plugin. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* output: add GPRINT pluginPablo Neira Ayuso2012-02-223-1/+280
| | | | | | | | | | This patch adds GPRINT which is a generalization of OPRINT. It display the set of key-values separated by commas. This is the generic print that you can attach to whatever kind of input plugin. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* OPRINT: display u64 fieldsPablo Neira Ayuso2012-02-221-0/+3
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ulogd: add okey_set_u64Pablo Neira Ayuso2012-02-221-0/+6
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* A simple filter plugin called IP2HBIN addedJozsef Kadlecsik2012-01-164-1/+209
| | | | | | | | The plugin converts the IPv4 addresses to host order for databases like MySQL. The expected name of the table fields are ip.hsaddr, ip.hdaddr, etc. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Support stored mysql procedures besides stored functionsJozsef Kadlecsik2012-01-162-0/+6
| | | | | | | | | | | MySQL stored procedures must be invoked by the "CALL" SQL command and not by "SELECT". Add the convention that if the procedure name starts with "CALL", then the issued SQL command is "CALL procedurename(args)". The stored procedure support in MySQL automatically brings transaction support too. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* build: disable implicit .tar.gz archive generation and use POSIX modeJan Engelhardt2011-12-171-1/+1
|
* build: use AC_CONFIG_AUX_DIR and stash away toolsJan Engelhardt2011-12-172-5/+2
|
* Update .gitignoreJan Engelhardt2011-12-171-3/+3
| | | | Only ignore these paths if they are a directory.
* pcap: add file option to configuration fileEric Leblond2011-09-011-0/+2
| | | | | Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
* pcap: fix build on some recent x86_64 platformEric Leblond2011-09-012-2/+3
| | | | | Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
* build: abort autogen on subcommand failureJan Engelhardt2011-08-011-1/+1
| | | | | | | Needed to stop an automated build process when automake requirements are not fulfilled. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* ulogd: fix segfault if syslog and SIGTERM is receivedSalih Gonullu2011-03-271-2/+2
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Linux kernel-style for compilation messagesPablo Neira Ayuso2011-03-151-0/+3
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* sqlite3: remove automatic creation of table `daily'Pablo Neira Ayuso2011-02-253-47/+17
| | | | | | | | | | | | | | | | | | | This patch removes the creation of the `daily' table. Now, we assume that the table that we use are created before launching ulogd2. This code is broken because you have to specify in the configuration file that the table used is `daily', otherwise this `daily' table is created and dropped during the daemon starting, but not used. Moreover, the code explicit shows a message that it says: /* FIXME make this configurable */ So, I think that this patch is the way to go :-). This patch also documents the table creation in ulogd.sgml Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* sqlite3: fix warning during compilationPablo Neira Ayuso2011-02-251-1/+1
| | | | | | | | | This patch fixes the following warning during the compilation: ulogd_output_SQLITE3.c: In function ‘ulogd_find_key’: ulogd_output_SQLITE3.c:292: warning: comparison between signed and unsigned integer expressions Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* sqlite3: cleanup error handling of sqlite3_bind_int() in sqlite3_interp()Pablo Neira Ayuso2011-02-251-20/+4
| | | | | | | Move error handling after the switch statement since it's the same for all cases, we save several lines of code. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* sqlite3: use continue instead of goto in sqlite3_interp()Pablo Neira Ayuso2011-02-251-3/+2
| | | | | | | | | Use continue instead of goto inside loop. I don't need to scroll up and down in the code to know what the jump is performing. I think this improve code readability. It's a comestic cleanup, of course. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: don't display overrun message once we have reach the buffer limitPablo Neira Ayuso2011-02-251-1/+12
| | | | | | | We only report the overrun once with this patch, instead of spamming the ulogd.log file. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: simplify sqlite3 checkJan Engelhardt2011-02-253-106/+5
| | | | | | | | With pkg-config variables, even a non-installed sqlite3 can be configured easily. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: use nfct_copy() instead of deprecated nfct_sizeof() functionPablo Neira Ayuso2011-02-251-1/+1
| | | | | | | | | | nfct_sizeof() allows memcpy() of ct objects, which violates the library design (that aims to hide binary layout). We use nfct_copy() with the override flag instead as added by libnetfilter_conntrack 0.9.1. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>