summaryrefslogtreecommitdiffstats
path: root/input
Commit message (Collapse)AuthorAgeFilesLines
...
* src: use ARRAY_SIZE to calculate the array size of keysPablo Neira Ayuso2010-04-022-2/+2
| | | | | | | This patch is a cleanup to use ARRAY_SIZE in NFLOG and ULOG input plugins. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: fix reset counters via SIGUSR2 signalPablo Neira Ayuso2010-01-171-3/+52
| | | | | | | This patch fixes a feature that allows to force the logging of the existing entries and reset the counters. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: fix number of options (missing one)Pablo Neira Ayuso2010-01-171-1/+1
| | | | | | | This patch fixes the number of options in NFCT that is actually 8, not 7. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: split event handler if hashtable is used or notPablo Neira Ayuso2010-01-171-28/+39
| | | | | | | | | This patch splits event_handler into two functions: event_handler_hashtable and event_handler_no_hashtable. Thus, we register the appropriate handler during the initialization time. This patch is a cleanup. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: use new hashtable implementation for better performancePablo Neira Ayuso2010-01-171-40/+79
| | | | | | | | This patch replaces the existing hashtable implementation with a newer that provide better performance since it reduces the number of hash computations. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: change `pollinterval' behaviourPablo Neira Ayuso2010-01-171-8/+120
| | | | | | | | | | | | | | | This patch adds support for poll-based logging. Basically, ulogd polls from the kernel periodically to log entries. You can use the `pollinterval' option in the configuration file to set the polling period. This patch changes the current behaviour of `pollinterval' that allowed to mix both the event-driven logging with polling periodically from the kernel. I have tried to look for anyone in google (and asking Eric Leblond) using this feature but I found noone. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: cleanup constructor and destructor functionsPablo Neira Ayuso2010-01-111-41/+67
| | | | | | | | This patch cleans up the destructor and the destructor functions in the NFCT plugin. I know, this patch isn't easy to review because it includes too many changes in one. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: avoid spamming report about netlink overrunsPablo Neira Ayuso2009-07-221-1/+9
| | | | | | | This patch reduces the verbosity of the log messages that report netlink overruns. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: add configurable option to set the value of the resynchronization timerPablo Neira Ayuso2009-07-221-8/+15
| | | | | | | | | This patch adds `netlink_resync_timeout' that allows you to set the number of seconds that we wait to perform a resynchronization due to a netlink overrun. This patch changes the default timeout from 2 to 60 seconds (less agressive). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: improve netlink overrun handlingPablo Neira Ayuso2009-07-221-12/+12
| | | | | | | | | | With this patch, we schedule one resynchronization against the kernel conntrack table that will occur in two seconds (still we need a patch to make this configurable). Before this, we scheduled a resynchronization for every overrun, that is very bad in a scenario in which overruns occurs very frequently. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: fix NULL dereference when hashtable is fullPablo Neira Ayuso2009-06-231-0/+9
| | | | | | | | This patch fixes a NULL dereference to the timestamp structure when hashtable_add() fails, for example, because the hashtable is full. Reported-by: Bernhard Schmidt <berni@birkenwald.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Delete timer in destructor function.Eric Leblond2009-02-081-0/+2
| | | | This patch deletes the overrun timer in the destructor function.
* Add threshold and timeout option to NFLOG plugin.Eric Leblond2009-01-291-1/+45
| | | | | This patch adds support for setting NFLOG threshold and timeout from ulogd.
* Replace INCLUDES by AM_CPPFLAGS in Makefile.am.Eric Leblond2009-01-222-2/+2
| | | | | This patch fixes autotools warning about deprecated usage of INCLUDES in Makefile.am.
* build: use -avoid-version for modulesJan Engelhardt2009-01-202-4/+4
| | | | | | | The modules are pretty much bound to ulogd, and it does not seem to make sense to specially version these. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: compile fixJan Engelhardt2009-01-181-0/+1
| | | | | | | | | ulogd_inpflow_NFCT.c: In function 'propagate_ct': ulogd_inpflow_NFCT.c:483: error: 'IPPROTO_UDPLITE' undeclared (first use in this function) (and more for IPPROTO_SCTP) Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Add variable to force binding of nfnetlink_log.Eric Leblond2009-01-051-7/+16
| | | | | | | | | | | | | This patch updates the behaviour of the NFLOG input plugin to fix an issue related to kernel older than 2.6.29. The call to nflog_bind_pf() that can be necessary to receive packet from the nfnetlink_log was only done if the used group was 0 (system logging). This is logic for the newest kernel (NFLOG really sends message to nfnetlink_log and not to the nf_log logger). But this is unsufficient for older one. By forcing the binding with the new configuration variable bind, it is now possible to trigger the binding from the ulogd2 configuration file. This gives users a way to be sure that ulogd will receive packets if the NFLOG input plugin is used.
* Fix memory leak in destructor_nfct().Eric Leblond2008-12-091-0/+11
| | | | | This patch fixes a memory leak in the destructor function which was not releasing the memory allocated for each connection tracking entry.
* Fix minor memory leak in NFLOG plugin.Eric Leblond2008-12-091-0/+2
| | | | This patch fix a minor memory leak at NFLOG plugin exit.
* Don't free pluginstance when leavingEric Leblond2008-12-092-3/+0
| | | | | If we free pluginstance in the stop function we won't be able to iter anymore on the stack linked list.
* Fix stop function of NFCT plugin.Eric Leblond2008-12-091-1/+1
| | | | | This patch fixes some crashes in NFCT plugin that were triggered by the call of the destructor_nfct function (during stop).
* Get rid of addressfamily variable in NFLOG input pluginEric Leblond2008-12-091-30/+29
| | | | | | | | | | | | | | | | | | The addressfamily configuration variable for NFLOG is used as param for nflog_bind_pf. This function is used to claim the fetching of kernel message sent via nf_log_packet() function. As all kernel messages are sent to the group 0, it is useless to call nflog_bind_pf when nflog group of the input plugin is not 0. Furthermore, as only one plugin can be bound to nflog group 0, it is mandatory to call nflog_bind_pf for all pf family when the group is 0. To sum up, this patch suppress the adressfamily parameter (which simplify the configuration file) and call nflog_bind_pf for all pf family when the nflog group of the instance is 0. Signed-off-by: Eric Leblond <eric@inl.fr>
* Modify usage of nflog_bind_pf function.Eric Leblond2008-12-091-20/+32
| | | | | | | | | The nflog_bind_pf function was called for each NFLOG instance. This patch modifies the behaviour to have it call if and only if the nfgroup is set to 0. As the kernel uses only the 0 group to output subsystem messages, this change clarify the situation. Signed-off-by: Eric Leblond <eric@inl.fr>
* add ukey_* function for key assignationPablo Neira Ayuso2008-12-093-202/+103
| | | | | | | | | This patch cleans up the current key assignation by introducing a set of functions ukey_* to set the key value as Eric Leblond and we discussed during the latest Netfilter Workshop. This patch is based on an idea from Holger Eitzenberger. Signed-off-by: Eric Leblond <eric@inl.fr>
* NFCT: remove unused constant NFLOG_RMEM_DEFAULTPablo Neira Ayuso2008-10-221-6/+0
| | | | | | | This patch removes NFLOG_RMEM_DEFAULT which is a reminiscent of the initial development of NFLOG which is based on the ULOG plugin. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: remove unused optionEric Leblond2008-09-111-14/+7
| | | | | | | | | This patch suppresses the "rmem" configuration variable which was inherited from the original ULOG plugin and which is unused in the NFLOG plugin. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: remove unused timeout parameter in functionEric Leblond2008-07-311-1/+1
| | | | | | | | The function ipulog_read had a timeout parameter which was not used in the code. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: minor cleanupPablo Neira Ayuso2008-07-291-10/+14
| | | | | | break lines at 80 char columns Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFLOG: get full link layer header (requires >= 2.6.27)Eric Leblond2008-07-291-3/+33
| | | | | | | | | | | | This patch modifies the key structure of NFLOG. It solves the conflict between ULOG and NFLOG by ensuring that keys have the same meaning: * raw.mac is the full hardware header * raw.mac.saddr is the source hardware address Following Patrick suggestion, it adds a new key "raw.type" which is used to store the type of hardware. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* revert commit 3178606785161296dc5a1bd4d42d965db8b3e2cdPablo Neira Ayuso2008-06-281-2/+1
| | | | | | | | We already check for latest library version, this checking is not required anymore. Reported-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* suppress useless debugging message in the ULOG input pluginEric Leblond2008-06-231-1/+0
|
* structure initialization cleanupEric Leblond2008-06-232-34/+36
|
* whitespace cleanupEric Leblond2008-06-233-67/+67
|
* Fix warning in compilation due to missing includeEric Leblond2008-06-181-0/+1
| | | | | | | strerror function was used without inclusion of string.h. This patch adds the include and fixes the warning. Signed-off-by: Eric Leblond <eric@inl.fr>
* Fix NFCT/NFLOG plugin compilation when libraries use non-standard prefix.Eric Leblond2008-06-182-2/+4
| | | | | | | | | Fixes compilation of NFLOG and NFCT plugin when libnetfilter libraries are installed under a non standard prefix. Include path and libs path for libnetfilter_conntrack and libnetfilter_log were not correctly set even if pkg-config found them. Signed-off-by: Eric Leblond <eric@inl.fr>
* Cleanup: fix error messages and indentationEric Leblond2008-06-122-4/+4
| | | | | | | | This patch fixes some messages in the NFCT and NFLOG input plugin (end of line before quote). It also fixes indenting by suppressing some spaces on empty line and replacing spaces by tab. Signed-off-by: Eric Leblond <eric@inl.fr>
* Fix crash when using NFCT with hash_enable=0.regit2008-06-041-1/+1
| | | | | | | | | This patch fixes NFCT when hash_enable is 0. Limitation of treatment to NFCT_DESTROY message type causes usage of the hashtable function and hence a crash because it is not initiated. Signed-off-by: regit <regit@ghlodit.inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Modify the code by activating overrun handling if and only if the local hash ↵Eric Leblond2008-06-021-19/+28
| | | | is used (hash_enable=1 which is the default)
* Fill every possible timestamp. It fills START timestamp for NEW packet and ↵Eric Leblond2008-06-021-15/+42
| | | | STOP timestamp for DESTROY packet
* Set timestamp in NFLOG for INPUT and OUTPUTEric Leblond2008-06-021-7/+8
|
* improve overrun handling NFLOGPablo Neira Ayuso2008-06-021-6/+60
| | | | | | | | This patch improves the overrun handling. The NFLOG plugin duplicates the netlink buffer size if the size does not goes after the upper boundary. This patch also introduces two new clauses, the netlink_socket_buffer_size and netlink_socket_buffer_maxsize that set the size of the netlink socket buffer.
* cleanup for key builder and fix IPv6 support and introduce 128-bits typePablo Neira Ayuso2008-06-021-41/+79
| | | | | | This patch cleans up the key building by breaking lines at 80 columns and it fixes the IPv6 support (use of a pointer after free) by introducing a new 128 bit type.
* improve netlink overrun handling of NFCTPablo Neira Ayuso2008-06-021-28/+210
| | | | | | | | | | | | | | | This patch improves the overrun handling. The logic behind this patch consists of two steps: 1) duplicate the netlink buffer size if the size does not goes after the upper boundary. 2) scheduling a resynchronization (in two seconds) with the kernel conntrack table if we hit ENOBUFS. During the resynchronization, the NFCT plugin dumps the current table and purges the objects that do not exist anymore. This patch also introduces two new clauses, the netlink_socket_buffer_size and netlink_socket_buffer_maxsize that set the size of the netlink socket buffer.
* rework NFCT to use a generic hashtablePablo Neira Ayuso2008-06-021-144/+120
| | | | | | | | This patch introduces a generic hashtable to store the nf_conntrack objects. The objects are identified by the original and reply tuples instead of the conntrack ID which is not dumped in the event message of linux kernel < 2.6.25. This patch also fixes the NFCT_MSG_* by NFCT_T_* which is the appropriate message type tag.
* This patchset adds support for the "numeric_label" option. For instance, it/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-292-2/+36
| | | | | | | can be used to determine if the packet has been dropped, rejected or accepted. The meaning of label is completely user-defined. Signed-off-by: Eric Leblond <eric@inl.fr>
* This patch adds oob.hook to the list of output key sof ULOG input plugin./C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-271-0/+13
| | | | Signed-off-by: Eric Leblond <eric@inl.fr>
* Fix a bug in definition of seq_global_ce macro./C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-271-2/+2
| | | | Signed-off-by: Eric Leblond <eric@inl.fr>
* [ULOGD PATCH, RFC] Modify NFLOG to be able to use it with older libnetfilter_log/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-04-221-1/+2
| | | | | | | | NFLOG has been modified to support GID display. There is a problem as this feature is only available in latest subversion of libnetfilter_log. This patch made this feature optional: * It detects if system support the nflog_get_gid() function * Compilation of nflog_get_gid() related code is conditional
* Fix missing chunk for GID logging/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-04-211-1/+5
|
* Print GID/MARK in printpkt.c/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-04-211-1/+6
|