| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
| |
break lines at 80 char columns
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch modifies the key structure of NFLOG. It solves the conflict
between ULOG and NFLOG by ensuring that keys have the same meaning:
* raw.mac is the full hardware header
* raw.mac.saddr is the source hardware address
Following Patrick suggestion, it adds a new key "raw.type" which is
used to store the type of hardware.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
We already check for latest library version, this checking
is not required anymore.
Reported-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
strerror function was used without inclusion of string.h. This patch
adds the include and fixes the warning.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
Fixes compilation of NFLOG and NFCT plugin when libnetfilter libraries
are installed under a non standard prefix. Include path and libs path
for libnetfilter_conntrack and libnetfilter_log were not correctly set even
if pkg-config found them.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
| |
This patch fixes some messages in the NFCT and NFLOG input
plugin (end of line before quote). It also fixes indenting by
suppressing some spaces on empty line and replacing spaces by tab.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
This patch fixes NFCT when hash_enable is 0. Limitation of treatment to
NFCT_DESTROY message type causes usage of the hashtable function and
hence a crash because it is not initiated.
Signed-off-by: regit <regit@ghlodit.inl.fr>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
is used (hash_enable=1 which is the default)
|
|
|
|
| |
STOP timestamp for DESTROY packet
|
| |
|
|
|
|
|
|
|
|
| |
This patch improves the overrun handling. The NFLOG plugin duplicates the
netlink buffer size if the size does not goes after the upper boundary.
This patch also introduces two new clauses, the netlink_socket_buffer_size
and netlink_socket_buffer_maxsize that set the size of the netlink socket
buffer.
|
|
|
|
|
|
| |
This patch cleans up the key building by breaking lines at 80 columns and
it fixes the IPv6 support (use of a pointer after free) by introducing a new
128 bit type.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch improves the overrun handling. The logic behind this patch
consists of two steps:
1) duplicate the netlink buffer size if the size does not goes after the
upper boundary.
2) scheduling a resynchronization (in two seconds) with the kernel conntrack
table if we hit ENOBUFS. During the resynchronization, the NFCT plugin dumps
the current table and purges the objects that do not exist anymore.
This patch also introduces two new clauses, the netlink_socket_buffer_size
and netlink_socket_buffer_maxsize that set the size of the netlink socket
buffer.
|
|
|
|
|
|
|
|
| |
This patch introduces a generic hashtable to store the nf_conntrack objects.
The objects are identified by the original and reply tuples instead of the
conntrack ID which is not dumped in the event message of linux kernel < 2.6.25.
This patch also fixes the NFCT_MSG_* by NFCT_T_* which is the appropriate
message type tag.
|
|
|
|
|
|
|
| |
can be used to determine if the packet has been dropped, rejected or accepted.
The meaning of label is completely user-defined.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
| |
NFLOG has been modified to support GID display. There is a problem as this
feature is only available in latest subversion of libnetfilter_log. This
patch made this feature optional:
* It detects if system support the nflog_get_gid() function
* Compilation of nflog_get_gid() related code is conditional
|
| |
|
| |
|
|
|
|
|
|
|
| |
plugin. To be able to send IP addresses to the IP2STR and IP2BIN module
oob.family and oob.protocol keys have been added.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
interger. This patch fix this in the ULOG module.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
interger. This patch fix this in the NFLOG module.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
- event mask is now configurable though the event_mask configuration variable
- event type is now stored in the ct.event output key. This can be used to
display the information or to use it to implement some tracking algorithm in
userspace.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
able to use multiple time the same instance of NFCT.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
by duplicating the interpretation of the message.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
by duplicating the interpretation of the message.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
| |
- fix crash when enabling pollinterval clause in flow-based accounting
|
|
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
| |
Add support for UID dumping to NFLOG input plugin.
|
|
|
|
| |
The treatment of the return of some functions from libnetfilter_log API was wrong and this was preventing some fields to be propagated through the stack.
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using NFLOG or ULOG, obb.family (protocol IPv4 or IPv6) has
to be setup manually in ulogd.conf configuration file. This is
used by the BASE filter to properly parse the packet. This
patch suppress oob.family as output keys of NFLOG and ULOG and let
the BASE filter determine the family of the packet by itself (by
parsing the raw header).
A good side effect is to be able to log in IPv6 and IPv4 in the
same group. Before that, two loggers have to be setup separatly.
|
|
|
|
| |
OOB_FAMILY output was not set by NFLOG because the key was not set as valid.
|
|
|
|
|
|
|
| |
The following patch fixes some indenting and typo in various ulogd2
files.
Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a workaround which prevents ulogd from logging each
time when recvfrom() returns error because of EAGAIN.
Since the netlink socket is now O_NONBLOCK, we probably run
into the following bug:
http://bugzilla.kernel.org/show_bug.cgi?id=5498
which causes recvfrom() get an error when select() had a good
return, whenever select() receives a packet with a bad checksum.
ipulog_read() always has this problem once after every successful
ipulog_read().
Signed-off-by: Peter Warasin <peter@endian.com>
[Note: this is not a workaround but correct handling of EAGAIN
on a non-blocking socket. -Patrick]
|
|
|
|
|
|
|
|
| |
This patch logs also the string representations ipulog:_strerror()
and strerror() when an error occurred during receivement of packets
within the ULOG plugin
Signed-off-by: Peter Warasin <peter@endian.com>
|
|
|
|
|
|
|
| |
Stores mac_len correctly, since within ULOG structire it is not stored
in network byte order.
Signed-off-by: Peter Warasin <peter@endian.com>
|
|
|
|
|
|
|
| |
The ULOG input plugin of ulogd2 was not working. This patch fixes this
and cleans the code via introduction of an enum.
Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds an enum to get rid of access to array via numerical
index in NFLOG input plugin.
This replaces code like:
ret[0].flags |= ULOGD_RETF_VALID;
ret[11].u.value.ui16 = ntohs(hw->hw_addrlen);
with:
ret[NFLOG_KEY_RAW_MAC].flags |= ULOGD_RETF_VALID;
ret[NFLOG_KEY_RAW_MAC_LEN].u.value.ui16 = ntohs(hw->hw_addrlen);
which is more readable.
Eric Leblond <eric@inl.fr>
|
|
|
|
|
| |
repeat by using symbolic names to make sure the assignment matches the array
index.
|
| |
|
|
|
|
| |
Leblond)
|
| |
|
|
|
|
| |
output is compatible with the SYSLOG and LOGEMU plugins. (Philip Craig)
|
| |
|