summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* compilation: set -Wno-ununused-parameter in CFLAGSEric Leblond2008-08-011-1/+1
| | | | | | | | | This patch adds the "-Wno-unused-parameter" option to CFLAGS. This suppress gcc warning that can not be fixed due to the usage of generic system like callback where function definition has to be standardized. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: fix warning due to lack of parenthesisEric Leblond2008-07-311-1/+1
| | | | | | | Fix gcc warning related to the lack of parenthesis. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: fix inappropriate initializations in ulogd.cEric Leblond2008-07-311-2/+1
| | | | | | | This patch fixes some improper initialization in ulogd.c. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: fix redefinition of TCP_URG key in printpktEric Leblond2008-07-311-1/+0
| | | | | | | This patch fixes a multiple definition of the key TCP_URG. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: fix warning about integer formatEric Leblond2008-07-311-2/+3
| | | | | | | | This patch uses PRIu64 and PRId64 macros from inttypes.h to have a correct definition of 64 bit integer format for 64bits and 32bits arch. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: fix compilation warning about lack of parenthesisEric Leblond2008-07-311-2/+2
| | | | | | | | This patch adds parenthesis around an expression to avoid confusion between order preference of && and || operators. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: fix compilation warnings related to pointer comparisonsEric Leblond2008-07-316-17/+17
| | | | | | | | This patch cast to (char *) some (void *) to avoid a gcc warning in string format parsing. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org
* cleanup: fix compilation warning related to signed and unsigned comparisonsEric Leblond2008-07-317-14/+15
| | | | | | This patch fixes the warning related to signed and unsigned comparaison. Signed-off-by: Eric Leblond <eric@inl.fr>
* cleanup: remove unused timeout parameter in functionEric Leblond2008-07-314-4/+4
| | | | | | | | The function ipulog_read had a timeout parameter which was not used in the code. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* syslog: cleanly stops syslogEric Leblond2008-07-311-1/+5
| | | | | | | | This patch adds a stop function to the module which closes the connection to the log system. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* DB: update schemas to integrate the link layer informationEric Leblond2008-07-292-23/+94
| | | | | | | | | | | | This patch adds support for logging the destination mac address and raw header in the SQL databases. In case of an ethernet header, a tuple (mac_saddr,mac_daddr,mac_proto) is logged only once. Signed-off-by: Pierre Chifflier <chifflier@inl.fr> Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: fix gcc warningsEric Leblond2008-07-299-18/+5
| | | | | | | | | This patch fixes some gcc warnings: * Unused variables * Functions with wrong return (or without return) Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: minor cleanupPablo Neira Ayuso2008-07-291-10/+14
| | | | | | break lines at 80 char columns Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* MAC2STR: Rename it to HWHDREric Leblond2008-07-292-3/+3
| | | | | | | Use a more appropriate name for this filter. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* MAC2STR: add support for the new RAW MAC keysEric Leblond2008-07-291-22/+152
| | | | | | | | | | | This patch modifies MAC2STR to use the new MAC keys that gives us more accurate information to parse the link layer header. This patch also does some probing based on the header and field size in the case of ULOG (since we do not have enough information to perform accurate parsing). Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: get full link layer header (requires >= 2.6.27)Eric Leblond2008-07-292-4/+34
| | | | | | | | | | | | This patch modifies the key structure of NFLOG. It solves the conflict between ULOG and NFLOG by ensuring that keys have the same meaning: * raw.mac is the full hardware header * raw.mac.saddr is the source hardware address Following Patrick suggestion, it adds a new key "raw.type" which is used to store the type of hardware. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Fix a trivial typoEric Leblond2008-07-231-1/+1
| | | | | | | This patch fixes a trivial typo. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Fix wrong casting warning during compilationEric Leblond2008-07-231-1/+1
| | | | | | | This patch cast a expression to avoid a warning. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Minor IPFIX fixesEric Leblond2008-07-231-5/+7
| | | | | | | IPFIX needs some huge work. This patch fixes some basic logic errors. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Modify CFLAGS to have useful gcc warningsEric Leblond2008-07-231-0/+2
| | | | | | | | This patch modifies CFLAGS to add -Wall and -Wextra flags to gcc compilation flag. This will help to detect some stupid problems. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Fix computation of allocated size for queryEric Leblond2008-07-101-2/+3
| | | | | | | This patch fixes the computation of the allocation size for the query. It was not taking into account the length of the name of the procedure. Signed-off-by: Eric Leblond <eric@inl.fr>
* Remove obsolete dist-hook for svnEric Leblond2008-07-101-2/+0
| | | | | | | This patch suppress a dist-hook in Makefile.am which was related to the suppression of some subversion related files. Signed-off-by: Eric Leblond <eric@inl.fr>
* revert commit 3178606785161296dc5a1bd4d42d965db8b3e2cdPablo Neira Ayuso2008-06-282-6/+1
| | | | | | | | We already check for latest library version, this checking is not required anymore. Reported-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* bump libraries dependencies to lastest releasePablo Neira Ayuso2008-06-271-3/+3
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* suppress useless debugging message in the ULOG input pluginEric Leblond2008-06-231-1/+0
|
* structure initialization cleanupEric Leblond2008-06-232-34/+36
|
* whitespace cleanupEric Leblond2008-06-233-67/+67
|
* This patch is a backport of Jaap Keuter fix for PCAP output module.Eric Leblond2008-06-181-1/+1
| | | | Signed-off-by: Eric Leblond <eric@inl.fr>
* Fix warning in compilation due to missing includeEric Leblond2008-06-181-0/+1
| | | | | | | strerror function was used without inclusion of string.h. This patch adds the include and fixes the warning. Signed-off-by: Eric Leblond <eric@inl.fr>
* Fix NFCT/NFLOG plugin compilation when libraries use non-standard prefix.Eric Leblond2008-06-182-2/+4
| | | | | | | | | Fixes compilation of NFLOG and NFCT plugin when libnetfilter libraries are installed under a non standard prefix. Include path and libs path for libnetfilter_conntrack and libnetfilter_log were not correctly set even if pkg-config found them. Signed-off-by: Eric Leblond <eric@inl.fr>
* Store MAC in SQL databases only oncePierre Chifflier2008-06-122-32/+53
| | | | | | | | | This patch modifies the SQL schema for MySQL and PostgreSQL to store the mac address only once (instead of duplicating the mac address for each packet). This is done by using a shared reference to the entry containing the tuple (mac_address,mac_protocol). Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
* Cleanup: fix error messages and indentationEric Leblond2008-06-122-4/+4
| | | | | | | | This patch fixes some messages in the NFCT and NFLOG input plugin (end of line before quote). It also fixes indenting by suppressing some spaces on empty line and replacing spaces by tab. Signed-off-by: Eric Leblond <eric@inl.fr>
* Update configfile for MARK moduleEric Leblond2008-06-121-1/+8
| | | | | | Add stack example for MARK and update some wrong stacks. Signed-off-by: Eric Leblond <eric@inl.fr>
* Use ULOGD_IRET_* as return for all interpretersEric Leblond2008-06-1214-47/+47
| | | | | | | | This patch modifies plugins to use the already defined but not used define. This also fixes some weird behaviours in error treatment (like not stopping after OOM). Signed-off-by: Eric Leblond <eric@inl.fr>
* Fix hexadecimal parsing in config fileEric Leblond2008-06-121-1/+1
| | | | | | | | The config file parsing was not able to parse integer given in hex notation. This patch modify the parsing of configfile to be able to use different integers notation. Signed-off-by: Eric Leblond <eric@inl.fr>
* New MARK-based filterEric Leblond2008-06-122-1/+127
| | | | | | | | | This module filters message by using the mark to decide wether or not a packet or a flow has to be logged. It takes a mark and a mask option. It demonstrates the usage of ULOGD_IRET_STOP which can be used to abort iteration through the stack. Signed-off-by: Eric Leblond <eric@inl.fr>
* Fix the propagation through the stackEric Leblond2008-06-121-0/+6
| | | | | | | | | When a plugin returns ULOGD_IRET_STOP, the propagation should stop. This was not the case as break was used to do so but it was called inside a switch and thus apply to the switch instruction and not to the llist iteration. Signed-off-by: Eric Leblond <eric@inl.fr>
* fix crash when SIGHUP is received.Hugo Mildenberger2008-06-061-8/+18
| | | | crash due to ulogd_logfile set to a string allocated on stack by config_parse_file
* Fix crash when using NFCT with hash_enable=0.regit2008-06-041-1/+1
| | | | | | | | | This patch fixes NFCT when hash_enable is 0. Limitation of treatment to NFCT_DESTROY message type causes usage of the hashtable function and hence a crash because it is not initiated. Signed-off-by: regit <regit@ghlodit.inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Source and destination addresses were put in ptr field of the target structureEric Leblond2008-06-021-2/+4
| | | | | instead of being put in the new type ui128. The result was an improper value of the IPv6 source add destination addresses.
* adds some examples to the configuration fileEric Leblond2008-06-021-0/+36
|
* Modify the code by activating overrun handling if and only if the local hash ↵Eric Leblond2008-06-021-19/+28
| | | | is used (hash_enable=1 which is the default)
* This patch adds a new function which insert or update connection trackingEric Leblond2008-06-021-0/+61
| | | | entries depending on the event type parameter.
* Sync SQL fields with NFCT keysEric Leblond2008-06-021-14/+14
|
* Fill every possible timestamp. It fills START timestamp for NEW packet and ↵Eric Leblond2008-06-021-15/+42
| | | | STOP timestamp for DESTROY packet
* Set timestamp in NFLOG for INPUT and OUTPUTEric Leblond2008-06-021-7/+8
|
* check for required libraries for compilation in configure.inPablo Neira Ayuso2008-06-021-6/+6
|
* improve overrun handling NFLOGPablo Neira Ayuso2008-06-022-6/+62
| | | | | | | | This patch improves the overrun handling. The NFLOG plugin duplicates the netlink buffer size if the size does not goes after the upper boundary. This patch also introduces two new clauses, the netlink_socket_buffer_size and netlink_socket_buffer_maxsize that set the size of the netlink socket buffer.
* cleanup for key builder and fix IPv6 support and introduce 128-bits typePablo Neira Ayuso2008-06-024-43/+95
| | | | | | This patch cleans up the key building by breaking lines at 80 columns and it fixes the IPv6 support (use of a pointer after free) by introducing a new 128 bit type.
* improve netlink overrun handling of NFCTPablo Neira Ayuso2008-06-022-28/+212
| | | | | | | | | | | | | | | This patch improves the overrun handling. The logic behind this patch consists of two steps: 1) duplicate the netlink buffer size if the size does not goes after the upper boundary. 2) scheduling a resynchronization (in two seconds) with the kernel conntrack table if we hit ENOBUFS. During the resynchronization, the NFCT plugin dumps the current table and purges the objects that do not exist anymore. This patch also introduces two new clauses, the netlink_socket_buffer_size and netlink_socket_buffer_maxsize that set the size of the netlink socket buffer.