path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* Fix crash on IPv6 packet.Eric Leblond2009-01-131-1/+4
| | | | | Incorrect definition of a IPv6 input key handling function was causing a crash in ulogd.
* Introduce config_stop() functionEric Leblond2008-12-091-0/+3
| | | | | This patch adds the config_stop function which is in charge of releasing ressources allocated for configuration file parsing.
* Unload plugins when quitting.Eric Leblond2008-12-091-0/+8
| | | | | This patch adds unloading of plugins (call dlclose()) in ulogd2. This make valgrind happy and will be useful for daemon live reconfiguration.
* SCTP support for PRINTPKT.Eric Leblond2008-12-091-0/+2
| | | | | | This patch modifies PRINTPKT plugin to add SCTP support. Signed-off-by: Eric Leblond <>
* add ukey_* function for key assignationPablo Neira Ayuso2008-12-091-1/+59
| | | | | | | | | This patch cleans up the current key assignation by introducing a set of functions ukey_* to set the key value as Eric Leblond and we discussed during the latest Netfilter Workshop. This patch is based on an idea from Holger Eitzenberger. Signed-off-by: Eric Leblond <>
* distrib: fix distcheck magiculogd-2.0.0beta2Pablo Neira Ayuso2008-08-151-1/+1
| | | | | | This patch fixes the `make distcheck' magic Signed-off-by: Pablo Neira Ayuso <>
* cleanup: remove unused timeout parameter in functionEric Leblond2008-07-311-1/+1
| | | | | | | | The function ipulog_read had a timeout parameter which was not used in the code. Signed-off-by: Eric Leblond <> Signed-off-by: Pablo Neira Ayuso <>
* cleanup for key builder and fix IPv6 support and introduce 128-bits typePablo Neira Ayuso2008-06-021-0/+14
| | | | | | This patch cleans up the key building by breaking lines at 80 columns and it fixes the IPv6 support (use of a pointer after free) by introducing a new 128 bit type.
* rework NFCT to use a generic hashtablePablo Neira Ayuso2008-06-023-0/+234
| | | | | | | | This patch introduces a generic hashtable to store the nf_conntrack objects. The objects are identified by the original and reply tuples instead of the conntrack ID which is not dumped in the event message of linux kernel < 2.6.25. This patch also fixes the NFCT_MSG_* by NFCT_T_* which is the appropriate message type tag.
* Print GID/MARK in printpkt.c/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-04-211-0/+2
* This patch suppress a now unused option. Each database module/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-071-8/+3
| | | | | | have now to be used with a defined IP storage type. Signed-off-by: Eric Leblond <>
* This patch fixes a problem in SQL reconnection algorithm which is managed in/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-051-0/+2
| | | | | | | | | | | | | | the db.c file for PgSQL and MySQL. In case of problem during request execution a new connection to the database was immediatly started without closing the previous one. The consequence was to block the database by having too much simultaneous open connections. This patch fixes the problem by disconnectinng from the database after a request failure and trying to reconnect after a delay which is by default of 2 secondes. This delay can be customized via the reconnect configuration variable in the database configuration section. Signed-off-by: Eric Leblond <>
* This patch adds support of event type display in printflow filter. This is used/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-261-1/+1
| | | | | | | | | | to display event type in textual output modules. Here's an output example: [DESTROY] ORIG: SRC= DST= PROTO=UDP SPT=631 DPT=631 \\ PKTS=1 BYTES=197 , REPLY: SRC= DST= \\ PROTO=UDP SPT=631 DPT=631 PKTS=0 BYTES=0 Signed-off-by: Eric Leblond <>
* This patch adds plist a linked list to the pluginstance/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-251-0/+2
| | | | | | | | structure. It can be used by input modules to duplicate an entry. This solves the issue of not being able to use the same plugin instance twice. Signed-off-by: Eric Leblond <>
* IP2BIN filter convert IP address from host storage to a "binary" string which/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-251-0/+1
| | | | | | | | | | | can be use by MySQL. This is not strictly speaking raw data but it was of type RAW. Following remark from Hugo Mildenberger, I introduce in this patch a dedicated type ULOGD_RET_RAWSTR. The main reason not to use a ULOGD_RET_STRING parameter is that the paramater is not human readable. Signed-off-by: Eric Leblond <>
* add missing timer.h/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-221-0/+26
* - implement a synchronous timer framework/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-193-12/+163
| | | | - fix crash when enabling pollinterval clause in flow-based accounting
* This patch adds support for AF_BRIDGE to the PRINTPKT plugin, which allows ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-191-0/+8
| | | | | | to form log lines for packets coming from ebtables. Currently it supports IPv4, IPv6 and ARP. Signed-off-by: Peter Warasin <>
* From: Eric Leblond <>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-091-0/+1
| | | | Add UID display to PRINTPKT filter.
* From: Eric Leblond <>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-091-0/+5
| | | | | | | Some macros were defined several time. This was the case of GET_VALUE, pp_is_valid. This patch puts the definition in ulogd.h and fixes the definition of pp_is_valid which was wrong (causing segfault by acessing to fields at NULL).
* From: Eric leblond <>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-031-2/+0
| | | | | - This patch suppress key relative to IPv6 address because IPv4 and IPv6 can be stored in the same key. - Add missing IP2STR line to
* From: Eric leblond <>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-031-1/+1
| | | | | This patch update the printflow output module to be able to print a whole conntrack entry on a single line.
* From: Eric leblond <>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-031-1/+7
| | | | | | | | | This patch adds new SQL schema for MySQL and PGsql. The goal is to improve the one line per entry format. There is no more a big table with all fields because this sort of storage is causing bad performance (databases don't like to have a lot of NULL fields to store). Main changes are : * Add new schema for MySQL and PGsql * Use call to configurable procedure in SQL OUTPUT modules * Arguments of a procedure are given by the list of fields of a selected table
* Holger Heitzenberger <>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-022-1/+49
| | | | add common.h
* Add IPv6 support, fix a few incorrect key assignments and make sure this doesn't/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-03-062-3/+57
| | | | | repeat by using symbolic names to make sure the assignment matches the array index.
* Add a printflow plugin is similar to the PRINTPKT plugin, but for flows. It's/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-05-232-1/+10
| | | | output is compatible with the SYSLOG and LOGEMU plugins. (Philip Craig)
* Move the printpkt functionality out of SYSLOG and LOGEMU, and into/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-05-231-2/+1
| | | | | a separate PRINTPKT plugin. This reduces code duplication, and also makes the SYSLOG and LOGEMU plugins more general. (Philip Craig)
* - add IPFIX netfilter vendor specific fields for seq global/local/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-261-1/+5
| | | | - use real value for netfilter ipfix vendor id
* add include makefile/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-251-0/+2
* introduce NFCT input plugin hash table for start/end timestamps. Based on an/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-121-0/+1
| | | | | | | | | | | | | | | | | | | | original patch by Christian Hentschel, amended like: 1) the hash table has to be per-instance, since [at least in the future] we can have nfnetlink messages routed from other machines over the network, thus every NFCT instance has to have it's own hash table. 2) Whether or not to use a preallocated table is now a configuration value, as is the number of buckets and max_entries 3) configure_nfct was not used in the struct ulogd_plugin.configure 4) don't put the hashtable buckets in BSS, but rather allocate them dynamically 5) allocate all ct_timestamps (in the preallocated case) at once, rather than malloc()ing each on its own. 6) use official IPFIX fields for flow start and flow end instead of private numbers 7) use llist instead of list (linuxlist.h adds an additional 'l') 8) add lots of TODO items 9) add IPFIX_NF_conntrack_id to header file
* clean up printpkt situation (now we no longer include .c files)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-082-1/+11
* now 'make dist-bzip2' finally works/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-083-23/+2
* further 'make dist' fixes/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-083-0/+63
* remove strerror function of db helpers and move error printing/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-071-1/+0
| | | | directly into db plugins
* introduce core timer handling/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-071-0/+14
* make ipfix output plugin compile (not yet functional)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-12-151-3/+9
* move plugin wildcard input key generation into core/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-12-151-0/+1
* add new 'ulogd_key_size()' function/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-12-151-12/+3
* don't "#include" a .c file but rather compile db.c on it's own/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-12-151-0/+61
* use 'const char' in parser function/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-12-141-1/+1
* rename all linux list related structs/functs/macros to 'llist', since mysql ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-12-052-149/+149
| | | | is now cluttering the namespace by its 'list_add' function.
* make 'num_keys' an attribute of pluginstance instead of pluginlaforge2005-11-201-21/+17
* use bitmask instead of enum for input/output data typelaforge2005-11-201-10/+10
* introduce version field for plugins, refuse loading plugins with different ↵laforge2005-11-051-1/+4
| | | | version
* add netfilter specific information elementslaforge2005-11-051-0/+8
* add more ipfix related information to raw2packet_BASElaforge2005-11-041-0/+180
* cleanup unused structs / memberslaforge2005-11-041-11/+2
* remvoe unneeded structure memberslaforge2005-10-081-3/+0
* too many changes to comment on. ulogd now compiles again.laforge2005-10-021-8/+40
* minor updateslaforge2005-06-241-3/+2