summaryrefslogtreecommitdiffstats
path: root/input/packet
Commit message (Collapse)AuthorAgeFilesLines
* input: UNIXSOCK: prevent unaligned pointer accessJeremy Sowden2021-11-301-9/+9
| | | | | | | | | | | | | `struct ulogd_unixsock_packet_t` is packed, so taking the address of its `struct iphdr payload` member may yield an unaligned pointer value. We only actually dereference the pointer to get the IP version, so replace the pointer with a version variable and elsewhere use `pkt.payload` directly. Remove a couple of stray semicolons. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* input: UNIXSOCK: fix possible truncation of socket pathJeremy Sowden2021-11-301-5/+10
| | | | | | | | Verify that the socket path is short enough, and replace `strncpy` with `strcpy`. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* input: UNIXSOCK: remove stat of socket-pathJeremy Sowden2021-11-301-14/+5
| | | | | | | | | | | When creating the UNIX socket, there is a TOCTOU race between the stat(2) and bind(2) calls, and if the path is already bound, the bind(2) call will fail in any case. Remove the stat(2) call. Tidy up a couple of error message. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: attach struct nf_conntrackKen-ichirou MATSUZAWA2021-11-232-6/+68
| | | | | | | | put nf_conntrack in ct outputkey when "attach_conntrack" is specified. But there is no way to show both nflog "raw" and "ct" now. Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: add NFULNL_CFG_F_CONNTRACK flagKen-ichirou MATSUZAWA2021-11-231-1/+10
| | | | | | | acquiring conntrack information by specifying "attack_conntrack=1" Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* input: UNIXSOCK: correct format specifiersJeremy Sowden2021-11-231-5/+6
| | | | | | | | There are a couple of logging calls which use the wrong specifiers for their integer arguments. Change the specifiers to match the arguments. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: use correct automake variable for library dependenciesJeremy Sowden2021-11-151-1/+2
| | | | | | | | A couple of library dependencies are specified in `_LDFLAGS` variables. They are supposed to be specified in `_LIBADD` variables. Move them. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: group `*_la_*` variables with their librariesJeremy Sowden2021-11-151-8/+8
| | | | | | | | | | Move the `_SOURCES`, `_LIBADD` and `_LDFLAGS` variables for each input-packet library alongside the matching `.la` definition. In particular, move the `NFLOG` and `ULOG` variables inside the conditionals controlling whether the libraries get built. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: add Make_global.am for common flagsJeremy Sowden2021-11-151-2/+2
| | | | | | | | | | Move `${regular_CFLAGS}` from configure.ac to Make_global.am, renaming it to `AM_CFLAGS`. Add `AM_CPPFGLAGS` to include `$(top_srcdir)/include`. Include the new file in the Makefiles that require it. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: fix seq global flag settingKen-ichirou MATSUZAWA2021-10-121-1/+1
| | | | | | | | Otherwise this is incorrectly setting on NFULNL_CFG_F_SEQ_GLOBAL if local sequence number via NFULNL_CFG_F_SEQ is requested. Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Use stdint types everywhereFelix Janda2015-06-262-25/+25
| | | | Signed-off-by: Felix Janda <felix.janda@posteo.de>
* Add flag to disable ULOG input pluginEric Leblond2015-04-241-1/+6
| | | | | ULOG target is removed from kernel so we can prepare the removal of the plugin for ulogd. For now, we just add a configure flag.
* ulogd: ulogd_inppkt_NFLOG: close nflog handle after unbindingChris Boot2013-11-181-1/+1
| | | | | | | | The nflog handle is closed, and then nflog_unbind_pf() is called on it, which triggers an assertion failure within libnfnetlink. This patch simply moves the nflog_close() just after the nflog_unbind_pf() calls. Signed-off-by: Chris Boot <bootc@bootc.net>
* Suppress dead FIXME.Eric Leblond2013-02-181-2/+0
|
* build: avoid per-target CFLAGSJan Engelhardt2012-11-271-2/+1
| | | | | | | | There is no harm in putting the includes in the global AM_CPPFLAGS; this can generally save number of compilations of a file when a source file is used multiple times. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
* configure: add flag to disable NFLOG buildEric Leblond2012-11-041-2/+4
|
* src: fix version that -V displaysPablo Neira Ayuso2012-08-033-3/+3
| | | | | | | It was wrong, use VERSION constant which uses the version information available in configure.ac. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: use pkglibdir instead of pkglibexecdir for automakeBjörn Lässig2012-05-181-1/+1
| | | | | | | | | | | This fixes the following problem while running `autoreconf -fi` `pkglibexecdir' is not a legitimate directory for `LTLIBRARIES' variable `ulogd_filter_PRINTPKT_la_SOURCES' is defined but no program or library has `ulogd_filter_PRINTPKT_la' as canonical name (possible typo) Signed-off-by: Björn Lässig <laessig@bitformer.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: don't display overrun message once we have reach the buffer limitPablo Neira Ayuso2011-02-251-1/+12
| | | | | | | We only report the overrun once with this patch, instead of spamming the ulogd.log file. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: use appropriate location for program modulesJan Engelhardt2011-02-011-1/+2
| | | | | | | Modules - since they are dependent on the executable - generally go to libexec/. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: avoid use of LIBS variableJan Engelhardt2011-02-011-1/+0
| | | | | | | The variable contains global libraries linked into every possible object, which is unwanted. Clean up things. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: propagate global CFLAGSJan Engelhardt2010-11-051-1/+1
| | | | | | | | | We must not override CFLAGS, because that will break when the user overrides CFLAGS again at make time (which he is entitled to). So, name our CFLAGS regular_CFLAGS, and also include that across all Makefiles so that they are actually uesd for all the code. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: remove unused $(all_includes)Jan Engelhardt2010-11-051-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: remove -fPIC flagJan Engelhardt2010-11-051-1/+1
| | | | | | libtool automatically adds PIC flags as needed. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Add new input plugin UNIXSOCKPierre Chifflier2010-10-232-1/+830
| | | | | | | | | This input plugins creates a unix socket which can be used to log packets. Scripts or applications can connect to the socket (only one client allowed per socket) and send data in a Key-Length-Value format (including the payload). Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
* output: add new plugin XML to output logs in XMLPablo Neira Ayuso2010-06-171-1/+8
| | | | | | | This patch adds XML that allows to log information in XML for ulogd2. It supports packet and flow-based accounting. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: use ARRAY_SIZE to calculate the array size of keysPablo Neira Ayuso2010-04-022-2/+2
| | | | | | | This patch is a cleanup to use ARRAY_SIZE in NFLOG and ULOG input plugins. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Add threshold and timeout option to NFLOG plugin.Eric Leblond2009-01-291-1/+45
| | | | | This patch adds support for setting NFLOG threshold and timeout from ulogd.
* Replace INCLUDES by AM_CPPFLAGS in Makefile.am.Eric Leblond2009-01-221-1/+1
| | | | | This patch fixes autotools warning about deprecated usage of INCLUDES in Makefile.am.
* build: use -avoid-version for modulesJan Engelhardt2009-01-201-2/+2
| | | | | | | The modules are pretty much bound to ulogd, and it does not seem to make sense to specially version these. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Add variable to force binding of nfnetlink_log.Eric Leblond2009-01-051-7/+16
| | | | | | | | | | | | | This patch updates the behaviour of the NFLOG input plugin to fix an issue related to kernel older than 2.6.29. The call to nflog_bind_pf() that can be necessary to receive packet from the nfnetlink_log was only done if the used group was 0 (system logging). This is logic for the newest kernel (NFLOG really sends message to nfnetlink_log and not to the nf_log logger). But this is unsufficient for older one. By forcing the binding with the new configuration variable bind, it is now possible to trigger the binding from the ulogd2 configuration file. This gives users a way to be sure that ulogd will receive packets if the NFLOG input plugin is used.
* Fix minor memory leak in NFLOG plugin.Eric Leblond2008-12-091-0/+2
| | | | This patch fix a minor memory leak at NFLOG plugin exit.
* Don't free pluginstance when leavingEric Leblond2008-12-092-3/+0
| | | | | If we free pluginstance in the stop function we won't be able to iter anymore on the stack linked list.
* Get rid of addressfamily variable in NFLOG input pluginEric Leblond2008-12-091-30/+29
| | | | | | | | | | | | | | | | | | The addressfamily configuration variable for NFLOG is used as param for nflog_bind_pf. This function is used to claim the fetching of kernel message sent via nf_log_packet() function. As all kernel messages are sent to the group 0, it is useless to call nflog_bind_pf when nflog group of the input plugin is not 0. Furthermore, as only one plugin can be bound to nflog group 0, it is mandatory to call nflog_bind_pf for all pf family when the group is 0. To sum up, this patch suppress the adressfamily parameter (which simplify the configuration file) and call nflog_bind_pf for all pf family when the nflog group of the instance is 0. Signed-off-by: Eric Leblond <eric@inl.fr>
* Modify usage of nflog_bind_pf function.Eric Leblond2008-12-091-20/+32
| | | | | | | | | The nflog_bind_pf function was called for each NFLOG instance. This patch modifies the behaviour to have it call if and only if the nfgroup is set to 0. As the kernel uses only the 0 group to output subsystem messages, this change clarify the situation. Signed-off-by: Eric Leblond <eric@inl.fr>
* add ukey_* function for key assignationPablo Neira Ayuso2008-12-092-96/+50
| | | | | | | | | This patch cleans up the current key assignation by introducing a set of functions ukey_* to set the key value as Eric Leblond and we discussed during the latest Netfilter Workshop. This patch is based on an idea from Holger Eitzenberger. Signed-off-by: Eric Leblond <eric@inl.fr>
* NFCT: remove unused constant NFLOG_RMEM_DEFAULTPablo Neira Ayuso2008-10-221-6/+0
| | | | | | | This patch removes NFLOG_RMEM_DEFAULT which is a reminiscent of the initial development of NFLOG which is based on the ULOG plugin. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: remove unused optionEric Leblond2008-09-111-14/+7
| | | | | | | | | This patch suppresses the "rmem" configuration variable which was inherited from the original ULOG plugin and which is unused in the NFLOG plugin. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: remove unused timeout parameter in functionEric Leblond2008-07-311-1/+1
| | | | | | | | The function ipulog_read had a timeout parameter which was not used in the code. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: minor cleanupPablo Neira Ayuso2008-07-291-10/+14
| | | | | | break lines at 80 char columns Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: get full link layer header (requires >= 2.6.27)Eric Leblond2008-07-291-3/+33
| | | | | | | | | | | | This patch modifies the key structure of NFLOG. It solves the conflict between ULOG and NFLOG by ensuring that keys have the same meaning: * raw.mac is the full hardware header * raw.mac.saddr is the source hardware address Following Patrick suggestion, it adds a new key "raw.type" which is used to store the type of hardware. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* revert commit 3178606785161296dc5a1bd4d42d965db8b3e2cdPablo Neira Ayuso2008-06-281-2/+1
| | | | | | | | We already check for latest library version, this checking is not required anymore. Reported-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* suppress useless debugging message in the ULOG input pluginEric Leblond2008-06-231-1/+0
|
* structure initialization cleanupEric Leblond2008-06-232-34/+36
|
* whitespace cleanupEric Leblond2008-06-232-48/+48
|
* Fix warning in compilation due to missing includeEric Leblond2008-06-181-0/+1
| | | | | | | strerror function was used without inclusion of string.h. This patch adds the include and fixes the warning. Signed-off-by: Eric Leblond <eric@inl.fr>
* Fix NFCT/NFLOG plugin compilation when libraries use non-standard prefix.Eric Leblond2008-06-181-1/+2
| | | | | | | | | Fixes compilation of NFLOG and NFCT plugin when libnetfilter libraries are installed under a non standard prefix. Include path and libs path for libnetfilter_conntrack and libnetfilter_log were not correctly set even if pkg-config found them. Signed-off-by: Eric Leblond <eric@inl.fr>
* Cleanup: fix error messages and indentationEric Leblond2008-06-121-1/+1
| | | | | | | | This patch fixes some messages in the NFCT and NFLOG input plugin (end of line before quote). It also fixes indenting by suppressing some spaces on empty line and replacing spaces by tab. Signed-off-by: Eric Leblond <eric@inl.fr>
* Set timestamp in NFLOG for INPUT and OUTPUTEric Leblond2008-06-021-7/+8
|
* improve overrun handling NFLOGPablo Neira Ayuso2008-06-021-6/+60
| | | | | | | | This patch improves the overrun handling. The NFLOG plugin duplicates the netlink buffer size if the size does not goes after the upper boundary. This patch also introduces two new clauses, the netlink_socket_buffer_size and netlink_socket_buffer_maxsize that set the size of the netlink socket buffer.