summaryrefslogtreecommitdiffstats
path: root/input/packet/ulogd_inppkt_NFLOG.c
Commit message (Collapse)AuthorAgeFilesLines
* output: add new plugin XML to output logs in XMLPablo Neira Ayuso2010-06-171-1/+8
| | | | | | | This patch adds XML that allows to log information in XML for ulogd2. It supports packet and flow-based accounting. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: use ARRAY_SIZE to calculate the array size of keysPablo Neira Ayuso2010-04-021-1/+1
| | | | | | | This patch is a cleanup to use ARRAY_SIZE in NFLOG and ULOG input plugins. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Add threshold and timeout option to NFLOG plugin.Eric Leblond2009-01-291-1/+45
| | | | | This patch adds support for setting NFLOG threshold and timeout from ulogd.
* Add variable to force binding of nfnetlink_log.Eric Leblond2009-01-051-7/+16
| | | | | | | | | | | | | This patch updates the behaviour of the NFLOG input plugin to fix an issue related to kernel older than 2.6.29. The call to nflog_bind_pf() that can be necessary to receive packet from the nfnetlink_log was only done if the used group was 0 (system logging). This is logic for the newest kernel (NFLOG really sends message to nfnetlink_log and not to the nf_log logger). But this is unsufficient for older one. By forcing the binding with the new configuration variable bind, it is now possible to trigger the binding from the ulogd2 configuration file. This gives users a way to be sure that ulogd will receive packets if the NFLOG input plugin is used.
* Fix minor memory leak in NFLOG plugin.Eric Leblond2008-12-091-0/+2
| | | | This patch fix a minor memory leak at NFLOG plugin exit.
* Don't free pluginstance when leavingEric Leblond2008-12-091-2/+0
| | | | | If we free pluginstance in the stop function we won't be able to iter anymore on the stack linked list.
* Get rid of addressfamily variable in NFLOG input pluginEric Leblond2008-12-091-30/+29
| | | | | | | | | | | | | | | | | | The addressfamily configuration variable for NFLOG is used as param for nflog_bind_pf. This function is used to claim the fetching of kernel message sent via nf_log_packet() function. As all kernel messages are sent to the group 0, it is useless to call nflog_bind_pf when nflog group of the input plugin is not 0. Furthermore, as only one plugin can be bound to nflog group 0, it is mandatory to call nflog_bind_pf for all pf family when the group is 0. To sum up, this patch suppress the adressfamily parameter (which simplify the configuration file) and call nflog_bind_pf for all pf family when the nflog group of the instance is 0. Signed-off-by: Eric Leblond <eric@inl.fr>
* Modify usage of nflog_bind_pf function.Eric Leblond2008-12-091-20/+32
| | | | | | | | | The nflog_bind_pf function was called for each NFLOG instance. This patch modifies the behaviour to have it call if and only if the nfgroup is set to 0. As the kernel uses only the 0 group to output subsystem messages, this change clarify the situation. Signed-off-by: Eric Leblond <eric@inl.fr>
* add ukey_* function for key assignationPablo Neira Ayuso2008-12-091-66/+35
| | | | | | | | | This patch cleans up the current key assignation by introducing a set of functions ukey_* to set the key value as Eric Leblond and we discussed during the latest Netfilter Workshop. This patch is based on an idea from Holger Eitzenberger. Signed-off-by: Eric Leblond <eric@inl.fr>
* NFCT: remove unused constant NFLOG_RMEM_DEFAULTPablo Neira Ayuso2008-10-221-6/+0
| | | | | | | This patch removes NFLOG_RMEM_DEFAULT which is a reminiscent of the initial development of NFLOG which is based on the ULOG plugin. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: remove unused optionEric Leblond2008-09-111-14/+7
| | | | | | | | | This patch suppresses the "rmem" configuration variable which was inherited from the original ULOG plugin and which is unused in the NFLOG plugin. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: minor cleanupPablo Neira Ayuso2008-07-291-10/+14
| | | | | | break lines at 80 char columns Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: get full link layer header (requires >= 2.6.27)Eric Leblond2008-07-291-3/+33
| | | | | | | | | | | | This patch modifies the key structure of NFLOG. It solves the conflict between ULOG and NFLOG by ensuring that keys have the same meaning: * raw.mac is the full hardware header * raw.mac.saddr is the source hardware address Following Patrick suggestion, it adds a new key "raw.type" which is used to store the type of hardware. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* revert commit 3178606785161296dc5a1bd4d42d965db8b3e2cdPablo Neira Ayuso2008-06-281-2/+1
| | | | | | | | We already check for latest library version, this checking is not required anymore. Reported-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* structure initialization cleanupEric Leblond2008-06-231-19/+20
|
* whitespace cleanupEric Leblond2008-06-231-26/+26
|
* Cleanup: fix error messages and indentationEric Leblond2008-06-121-1/+1
| | | | | | | | This patch fixes some messages in the NFCT and NFLOG input plugin (end of line before quote). It also fixes indenting by suppressing some spaces on empty line and replacing spaces by tab. Signed-off-by: Eric Leblond <eric@inl.fr>
* Set timestamp in NFLOG for INPUT and OUTPUTEric Leblond2008-06-021-7/+8
|
* improve overrun handling NFLOGPablo Neira Ayuso2008-06-021-6/+60
| | | | | | | | This patch improves the overrun handling. The NFLOG plugin duplicates the netlink buffer size if the size does not goes after the upper boundary. This patch also introduces two new clauses, the netlink_socket_buffer_size and netlink_socket_buffer_maxsize that set the size of the netlink socket buffer.
* This patchset adds support for the "numeric_label" option. For instance, it/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-291-1/+19
| | | | | | | can be used to determine if the packet has been dropped, rejected or accepted. The meaning of label is completely user-defined. Signed-off-by: Eric Leblond <eric@inl.fr>
* Fix a bug in definition of seq_global_ce macro./C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-271-2/+2
| | | | Signed-off-by: Eric Leblond <eric@inl.fr>
* [ULOGD PATCH, RFC] Modify NFLOG to be able to use it with older libnetfilter_log/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-04-221-1/+2
| | | | | | | | NFLOG has been modified to support GID display. There is a problem as this feature is only available in latest subversion of libnetfilter_log. This patch made this feature optional: * It detects if system support the nflog_get_gid() function * Compilation of nflog_get_gid() related code is conditional
* Fix missing chunk for GID logging/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-04-211-1/+5
|
* Print GID/MARK in printpkt.c/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-04-211-1/+6
|
* Type of the raw.mac_len key was set to string but this is an unsigned/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-051-1/+1
| | | | | | interger. This patch fix this in the NFLOG module. Signed-off-by: Eric Leblond <eric@inl.fr>
* An instance of NFLOG can now be use in multiple stacks. This is done/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-251-1/+10
| | | | | | by duplicating the interpretation of the message. Signed-off-by: Eric Leblond <eric@inl.fr>
* Minor indentation fix in ulogd_inppkt_NFLOG.c./C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-251-1/+1
| | | | Signed-off-by: Eric Leblond <eric@inl.fr>
* revert r7348/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-101-0/+15
|
* From: Eric Leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-091-0/+14
| | | | Add support for UID dumping to NFLOG input plugin.
* From: Eric Leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-091-2/+2
| | | | The treatment of the return of some functions from libnetfilter_log API was wrong and this was preventing some fields to be propagated through the stack.
* From: Eric Leblond <eric@inl.fr>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-091-15/+0
| | | | | | | | | | | | When using NFLOG or ULOG, obb.family (protocol IPv4 or IPv6) has to be setup manually in ulogd.conf configuration file. This is used by the BASE filter to properly parse the packet. This patch suppress oob.family as output keys of NFLOG and ULOG and let the BASE filter determine the family of the packet by itself (by parsing the raw header). A good side effect is to be able to log in IPv6 and IPv4 in the same group. Before that, two loggers have to be setup separatly.
* From: Eric leblond <eric@inl.fr>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-031-0/+1
| | | | OOB_FAMILY output was not set by NFLOG because the key was not set as valid.
* [PATCH]: Ulogd2: code cleaning/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-01-041-32/+50
| | | | | | | | | | | | | | | | | This patch adds an enum to get rid of access to array via numerical index in NFLOG input plugin. This replaces code like: ret[0].flags |= ULOGD_RETF_VALID; ret[11].u.value.ui16 = ntohs(hw->hw_addrlen); with: ret[NFLOG_KEY_RAW_MAC].flags |= ULOGD_RETF_VALID; ret[NFLOG_KEY_RAW_MAC_LEN].u.value.ui16 = ntohs(hw->hw_addrlen); which is more readable. Eric Leblond <eric@inl.fr>
* Add IPv6 support, fix a few incorrect key assignments and make sure this doesn't/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-03-061-7/+19
| | | | | repeat by using symbolic names to make sure the assignment matches the array index.
* - add IPFIX netfilter vendor specific fields for seq global/local/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-261-0/+8
| | | | - use real value for netfilter ipfix vendor id
* add support for new 'seq_local' and 'seq_global' arguments/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-261-2/+48
|
* fix compiler warning (void/char) (Christian Hentschel)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-121-1/+1
|
* we don't need RETF_FREE for stuf that isn't dynamically allocated/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-12-141-2/+2
|
* more verbose error reporting/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-12-081-5/+18
|
* fixes/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-291-1/+1
|
* make 'num_keys' an attribute of pluginstance instead of pluginlaforge2005-11-201-6/+7
|
* introduce version field for plugins, refuse loading plugins with different ↵laforge2005-11-051-0/+1
| | | | version
* - add IPFIX field id's laforge2005-11-051-41/+60
| | | | - add some more output keys
* use accessor functions as available by latest libnetfilter_loglaforge2005-11-051-49/+49
|
* it's now libnetfilter_log, not libnfnetlink_loglaforge2005-11-041-1/+1
|
* cosmetic changeslaforge2005-10-081-2/+3
|
* fix off-by-one bugs in netlink parsing, add config file parsing and better ↵laforge2005-10-081-5/+19
| | | | error handling
* use new init function logiclaforge2005-10-031-3/+5
|
* bring NFLOG input plugin into compiling statelaforge2005-10-031-110/+159
|
* too many changes to comment on. ulogd now compiles again.laforge2005-10-021-2/+1
|