| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
This patch fixes autotools warning about deprecated usage of INCLUDES in
Makefile.am.
|
|
|
|
|
|
|
| |
The modules are pretty much bound to ulogd, and it does not seem
to make sense to specially version these.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
| |
This patch fixes a incorrect computing of the allocation size
of a string.
|
|
|
|
|
| |
Signed-off-by: Thomas Jacob <jacob@internet24.de>
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
THis patch adds basic support for SCTP in the BASE plugin.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
This patch cleans up the current key assignation by introducing a
set of functions ukey_* to set the key value as Eric Leblond and
we discussed during the latest Netfilter Workshop. This patch is
based on an idea from Holger Eitzenberger.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
When len is 0 (for ex. when the input mac is NULL), parse_mac2str tries
to calloc a 0-bytes bloc, which leads to a conditional jump based
on uninitialized value (spotted by valgrind).
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
MAC2STR has been renamed to HWHDR.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This fixes a segfault when RAW_MAC key is NULL in MAC2STR plugin.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This patch fixes the warning related to signed and unsigned comparaison.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
This patch fixes some gcc warnings:
* Unused variables
* Functions with wrong return (or without return)
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Use a more appropriate name for this filter.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch modifies MAC2STR to use the new MAC keys that gives us more
accurate information to parse the link layer header. This patch also
does some probing based on the header and field size in the case of
ULOG (since we do not have enough information to perform accurate
parsing).
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch cast a expression to avoid a warning.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch modifies plugins to use the already defined but not used
define. This also fixes some weird behaviours in error treatment (like
not stopping after OOM).
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
This module filters message by using the mark to decide wether or not a
packet or a flow has to be logged. It takes a mark and a mask option. It
demonstrates the usage of ULOGD_IRET_STOP which can be used to abort
iteration through the stack.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
| |
instead of being put in the new type ui128. The result was an improper value
of the IPv6 source add destination addresses.
|
|
|
|
|
|
| |
This patch cleans up the key building by breaking lines at 80 columns and
it fixes the IPv6 support (use of a pointer after free) by introducing a new
128 bit type.
|
| |
|
|
|
|
|
|
|
| |
address to be transformed in a string not really related to the real Ipv6
address.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
for flow display.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
of conversion to string of MAC address. It is used by database
output plugin to store MAC related information.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
|
|
| |
can be use by MySQL. This is not strictly speaking raw data but it was of type
RAW.
Following remark from Hugo Mildenberger, I introduce in this patch a dedicated
type ULOGD_RET_RAWSTR. The main reason not to use a ULOGD_RET_STRING parameter
is that the paramater is not human readable.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
This patch make the ip address string converter AF_BRIDGE compatible and add ip address ARP keys in order to make them also convert.
Signed-off-by: Peter Warasin <peter@endian.com>
|
|
|
|
|
|
| |
This patch adds an AF_BRIDGE interpreter to ulogd_raw2packet_BASE plugin, which allows to log packets coming from ebtables. It also adds an ARP header decoder.
Signed-off-by: Peter Warasin <peter@endian.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch adds an AF_BRIDGE interpreter to
ulogd_raw2packet_BASE plugin, which allows to log
packets coming from ebtables.
It also adds an ARP header decoder.
Signed-off-by: Peter Warasin <peter@endian.com>
|
|
|
|
|
|
|
| |
with symbols instead of numbers.
Shortens the lines by the use of GET_VALUE()
Signed-off-by: Peter Warasin <peter@endian.com>
|
| |
|
|
|
|
|
|
|
| |
Some macros were defined several time. This was the case of GET_VALUE,
pp_is_valid. This patch puts the definition in ulogd.h and fixes the
definition of pp_is_valid which was wrong (causing segfault by acessing to
fields at NULL).
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using NFLOG or ULOG, obb.family (protocol IPv4 or IPv6) has
to be setup manually in ulogd.conf configuration file. This is
used by the BASE filter to properly parse the packet. This
patch suppress oob.family as output keys of NFLOG and ULOG and let
the BASE filter determine the family of the packet by itself (by
parsing the raw header).
A good side effect is to be able to log in IPv6 and IPv4 in the
same group. Before that, two loggers have to be setup separatly.
|
|
|
|
|
|
|
| |
This patch modify ulogd_filter_IFINDEX to use libnfnetlink for index to
interface name mapping instead of using local version. This requires at least
libnfnetlink 0.0.30. This dependancy is checked in configure (thanks to
Sebastien Tricaud for his patch).
|
|
|
|
|
| |
With this patch, BASE filter module is able fill oob_family when parsing IPv6
address.
|
|
|
|
| |
Fix a bug in IPv4 output of IP2BIN module.
|
|
|
|
| |
Fix description and indenting (cleanups)
|
|
|
|
|
| |
This module convert IP from internal notation to a string in binary notation
which is used by the MySQL output plugin.
|
|
|
|
|
| |
- This patch suppress key relative to IPv6 address because IPv4 and IPv6 can be stored in the same key.
- Add missing IP2STR line to ulogd.conf.in
|
|
|
|
| |
This module is a generic module which is used to convert an IP from internal representation to string representation. This is a task needed by several modules like printpkt or pgsql. This module factorizes the code.
|
|
|
|
|
| |
Put O at the real end of the string.
Based on Marius Tomaschewski work.
|
|
|
|
|
| |
Added explicit null termination of the hostname buffer
This patch is a backport of Marius Tomaschewski <mt@suse.de> work on ulogd.
|
|
|
|
|
| |
repeat by using symbolic names to make sure the assignment matches the array
index.
|
|
|
|
| |
output is compatible with the SYSLOG and LOGEMU plugins. (Philip Craig)
|
|
|
|
|
| |
a separate PRINTPKT plugin. This reduces code duplication, and also
makes the SYSLOG and LOGEMU plugins more general. (Philip Craig)
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
version
|
| |
|
| |
|