| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Declaring a function inline and building with -O0 was causing the
following message:
undefined symbol: uint32_to_ipv6
By declaring the function as static we fix the problem.
|
| |
|
|
|
|
|
|
|
|
|
| |
If ipv4 packet is truncated, we should not try to dereference the
iph pointer. Otherwise, if the user add such iptables rules
"-j NFLOG --nflog-size 0", we will dereference the NULL pointer
and crash may happen.
Reported-by: Chris Caputo <ccaputo@alt.net>
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Felix Janda <felix.janda@posteo.de>
|
| |
|
|
|
|
|
|
| |
The source uses linux names for members of tcphdr. For example
"source" instead of "th_sport", ... musl libc's headers need
_GNU_SOURCE defined in order to expose these.
Signed-off-by: Felix Janda <felix.janda@posteo.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds storage for CIM field name in ulogd key. This
will be used by JSON output to interoperate with logging
collector such as logstash or splunk.
Common Information Model is an open standard that defines how managed
elements in an IT environment are represented as a common set of objects
and relationships between them:
http://www.dmtf.org/standards/cim
This seems to be mainly XML based but there is a JSON version of some
aspects of the model. One of the main documentation on CIM in JSON
format seems to be:
http://docs.splunk.com/Documentation/PCI/2.0/DataSource/CommonInformationModelFieldReference
Using the correct CIM field name allow events coming from ulogd to be
correlated with events coming from other sources.
|
| | |
|
| |
|
|
| |
This patch also update some copyright and licence declaration.
|
| |
|
|
|
| |
Rename internal keyname ip6.payload_len to remove "_"
to facilitate this.
|
| |
|
|
| |
Mask should be applied after ntohl conversion.
|
| |
|
|
|
|
|
|
| |
The flags retrieved from `pkg-config --cflags ...` are generally only
preprocessor flags (mostly -I to point to the directories), since
anything else would inconvenience downstream users.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
|
| |
|
|
|
|
|
| |
ulogd_filter_IP2HBIN.c: In function 'interp_ip2hbin':
ulogd_filter_IP2HBIN.c:122:6: warning: unused variable 'fret' [-Wunused-variable]
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
It was wrong, use VERSION constant which uses the version
information available in configure.ac.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This fixes the following problem while running `autoreconf -fi`
`pkglibexecdir' is not a legitimate directory for `LTLIBRARIES'
variable `ulogd_filter_PRINTPKT_la_SOURCES' is defined but no program or
library has `ulogd_filter_PRINTPKT_la' as canonical name (possible typo)
Signed-off-by: Björn Lässig <laessig@bitformer.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
The plugin converts the IPv4 addresses to host order for databases
like MySQL. The expected name of the table fields are ip.hsaddr,
ip.hdaddr, etc.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
| |
|
|
|
|
|
| |
This is important for when the libraries are in a non-default path.
Also, libs must be listed in LDADD/LIBADD, not LDFLAGS.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
| |
Modules - since they are dependent on the executable - generally go to
libexec/.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
| |
It is 1 by definition.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
|
| |
We must not override CFLAGS, because that will break when the user
overrides CFLAGS again at make time (which he is entitled to). So,
name our CFLAGS regular_CFLAGS, and also include that across all
Makefiles so that they are actually uesd for all the code.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
| |
This patch fixes the HWHDR plugin. The logic of the interaction with
exiting plugin was not correctly coded and this was leading to crashes
due to the lack of sanity check.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ulogd2 from git won't start using filter IP2BIN. It gives the following error
message in the log:
<1> ulogd.c:670 traversing plugin `IP2BIN'
<1> ulogd.c:627 log4(NFLOG)
<1> ulogd.c:733 assigning `oob.family(?)' as source for IP2BIN(oob.family)
<7> ulogd.c:727 cannot find key `' in stack
<1> ulogd.c:863 destroying stack
Filling up ip2bin_inp[] declaration with missing section in
filter/ulogd_filter_IP2BIN.c solves the problem:
Signed-off-by: Christophe Fish <christophe.fish@free.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
This patch adds support for AF_BRIDGE family. It synchronizes code of
IP2BIN module with the one of IP2STR.
|
| |
|
|
|
| |
This patch suppresses all allocation and use a statically
created array instead.
|
| |
|
|
|
| |
This patch suppresses explicit allocation and free for each packet and use
a statically created array instead.
|
| |
|
|
|
| |
This patch suppresses explicit allocation and free for each packet
and use a statically created array instead.
|
| |
|
|
|
| |
This patch modifies the interp function to avoid to do an explicit
allocation of memory.
|
| |
|
|
|
| |
This patch fixes autotools warning about deprecated usage of INCLUDES in
Makefile.am.
|
| |
|
|
|
|
|
| |
The modules are pretty much bound to ulogd, and it does not seem
to make sense to specially version these.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
| |
This patch fixes a incorrect computing of the allocation size
of a string.
|
| |
|
|
|
| |
Signed-off-by: Thomas Jacob <jacob@internet24.de>
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
| |
THis patch adds basic support for SCTP in the BASE plugin.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
|
|
| |
This patch cleans up the current key assignation by introducing a
set of functions ukey_* to set the key value as Eric Leblond and
we discussed during the latest Netfilter Workshop. This patch is
based on an idea from Holger Eitzenberger.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
|
|
| |
When len is 0 (for ex. when the input mac is NULL), parse_mac2str tries
to calloc a 0-bytes bloc, which leads to a conditional jump based
on uninitialized value (spotted by valgrind).
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
| |
MAC2STR has been renamed to HWHDR.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This fixes a segfault when RAW_MAC key is NULL in MAC2STR plugin.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
This patch fixes the warning related to signed and unsigned comparaison.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
|
|
| |
This patch fixes some gcc warnings:
* Unused variables
* Functions with wrong return (or without return)
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Use a more appropriate name for this filter.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch modifies MAC2STR to use the new MAC keys that gives us more
accurate information to parse the link layer header. This patch also
does some probing based on the header and field size in the case of
ULOG (since we do not have enough information to perform accurate
parsing).
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch cast a expression to avoid a warning.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This patch modifies plugins to use the already defined but not used
define. This also fixes some weird behaviours in error treatment (like
not stopping after OOM).
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
|
|
| |
This module filters message by using the mark to decide wether or not a
packet or a flow has to be logged. It takes a mark and a mask option. It
demonstrates the usage of ULOGD_IRET_STOP which can be used to abort
iteration through the stack.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
| |
instead of being put in the new type ui128. The result was an improper value
of the IPv6 source add destination addresses.
|
| |
|
|
|
|
| |
This patch cleans up the key building by breaking lines at 80 columns and
it fixes the IPv6 support (use of a pointer after free) by introducing a new
128 bit type.
|
| | |
|
| |
|
|
|
|
|
| |
address to be transformed in a string not really related to the real Ipv6
address.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
| |
for flow display.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
| |
of conversion to string of MAC address. It is used by database
output plugin to store MAC related information.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
|
|
|
|
| |
can be use by MySQL. This is not strictly speaking raw data but it was of type
RAW.
Following remark from Hugo Mildenberger, I introduce in this patch a dedicated
type ULOGD_RET_RAWSTR. The main reason not to use a ULOGD_RET_STRING parameter
is that the paramater is not human readable.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
| |
This patch make the ip address string converter AF_BRIDGE compatible and add ip address ARP keys in order to make them also convert.
Signed-off-by: Peter Warasin <peter@endian.com>
|
