| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
It was wrong, use VERSION constant which uses the version
information available in configure.ac.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This new type will be used in flow-up patch to support XML output.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This patch adds the nfacct plugin.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds reference counting for plugins. This is used to fix
a double stop for input plugins that are reused.
This problem was reported by Salih Gonullu <sag@open.ch>:
http://marc.info/?l=netfilter&m=129439584700693&w=2
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch replaces the existing hashtable implementation with
a newer that provide better performance since it reduces the
number of hash computations.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This reverts commit 0ff525cb0506b2c043bc9df6d7e7b486c865bc38. A stable
and clean API should be provided if we choose to offer for external
module capability.
|
|
|
|
|
| |
This patch modifies Makefile.am to install the headers needed for
compilation of plugins outside of the source tree.
|
|
|
|
|
| |
This patch adds config.h inclusion in ulogd.h to be able to use all
defined value in the whole project.
|
|
|
|
|
| |
Incorrect definition of a IPv6 input key handling function was causing
a crash in ulogd.
|
|
|
|
|
| |
This patch adds the config_stop function which is in charge of releasing
ressources allocated for configuration file parsing.
|
|
|
|
|
| |
This patch adds unloading of plugins (call dlclose()) in ulogd2. This
make valgrind happy and will be useful for daemon live reconfiguration.
|
|
|
|
|
|
| |
This patch modifies PRINTPKT plugin to add SCTP support.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
This patch cleans up the current key assignation by introducing a
set of functions ukey_* to set the key value as Eric Leblond and
we discussed during the latest Netfilter Workshop. This patch is
based on an idea from Holger Eitzenberger.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
This patch fixes the `make distcheck' magic
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
The function ipulog_read had a timeout parameter which was not
used in the code.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This patch cleans up the key building by breaking lines at 80 columns and
it fixes the IPv6 support (use of a pointer after free) by introducing a new
128 bit type.
|
|
|
|
|
|
|
|
| |
This patch introduces a generic hashtable to store the nf_conntrack objects.
The objects are identified by the original and reply tuples instead of the
conntrack ID which is not dumped in the event message of linux kernel < 2.6.25.
This patch also fixes the NFCT_MSG_* by NFCT_T_* which is the appropriate
message type tag.
|
| |
|
|
|
|
|
|
| |
have now to be used with a defined IP storage type.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the db.c file for PgSQL and MySQL. In case of problem during request execution
a new connection to the database was immediatly started without closing the
previous one. The consequence was to block the database by having too much
simultaneous open connections.
This patch fixes the problem by disconnectinng from the database after a
request failure and trying to reconnect after a delay which is by default
of 2 secondes. This delay can be customized via the reconnect configuration
variable in the database configuration section.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
|
| |
to display event type in textual output modules. Here's an output example:
[DESTROY] ORIG: SRC=192.168.1.2 DST=192.168.1.255 PROTO=UDP SPT=631 DPT=631 \\
PKTS=1 BYTES=197 , REPLY: SRC=192.168.1.255 DST=192.168.1.2 \\
PROTO=UDP SPT=631 DPT=631 PKTS=0 BYTES=0
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
| |
structure. It can be used by input modules to duplicate an
entry. This solves the issue of not being able to use the same
plugin instance twice.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
|
|
| |
can be use by MySQL. This is not strictly speaking raw data but it was of type
RAW.
Following remark from Hugo Mildenberger, I introduce in this patch a dedicated
type ULOGD_RET_RAWSTR. The main reason not to use a ULOGD_RET_STRING parameter
is that the paramater is not human readable.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
| |
- fix crash when enabling pollinterval clause in flow-based accounting
|
|
|
|
|
|
| |
to form log lines for packets coming from ebtables. Currently it supports IPv4, IPv6 and ARP.
Signed-off-by: Peter Warasin <peter@endian.com>
|
|
|
|
| |
Add UID display to PRINTPKT filter.
|
|
|
|
|
|
|
| |
Some macros were defined several time. This was the case of GET_VALUE,
pp_is_valid. This patch puts the definition in ulogd.h and fixes the
definition of pp_is_valid which was wrong (causing segfault by acessing to
fields at NULL).
|
|
|
|
|
| |
- This patch suppress key relative to IPv6 address because IPv4 and IPv6 can be stored in the same key.
- Add missing IP2STR line to ulogd.conf.in
|
|
|
|
|
| |
This patch update the printflow output module to be able to print a
whole conntrack entry on a single line.
|
|
|
|
|
|
|
|
|
| |
This patch adds new SQL schema for MySQL and PGsql. The goal is to improve the one line per entry format. There is no more a big table with all fields because this sort of storage is causing bad performance (databases don't like to have a lot of NULL fields to store).
Main changes are :
* Add new schema for MySQL and PGsql
* Use call to configurable procedure in SQL OUTPUT modules
* Arguments of a procedure are given by the list of fields of a selected table
|
|
|
|
| |
add common.h
|
|
|
|
|
| |
repeat by using symbolic names to make sure the assignment matches the array
index.
|
|
|
|
| |
output is compatible with the SYSLOG and LOGEMU plugins. (Philip Craig)
|
|
|
|
|
| |
a separate PRINTPKT plugin. This reduces code duplication, and also
makes the SYSLOG and LOGEMU plugins more general. (Philip Craig)
|
|
|
|
| |
- use real value for netfilter ipfix vendor id
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
original patch by Christian Hentschel, amended like:
1) the hash table has to be per-instance, since [at least in the future]
we can have nfnetlink messages routed from other machines over the
network, thus every NFCT instance has to have it's own hash table.
2) Whether or not to use a preallocated table is now a configuration
value, as is the number of buckets and max_entries
3) configure_nfct was not used in the struct ulogd_plugin.configure
4) don't put the hashtable buckets in BSS, but rather allocate them
dynamically
5) allocate all ct_timestamps (in the preallocated case) at once, rather
than malloc()ing each on its own.
6) use official IPFIX fields for flow start and flow end instead of
private numbers
7) use llist instead of list (linuxlist.h adds an additional 'l')
8) add lots of TODO items
9) add IPFIX_NF_conntrack_id to header file
|
| |
|
| |
|
| |
|
|
|
|
| |
directly into db plugins
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
is now cluttering the namespace by its 'list_add' function.
|