| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
This patch extends XML plugin to support NFACCT. You can use
the following line in ulogd.conf to test it:
stack=acct1:NFACCT,xml1:XML
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This new type will be used in flow-up patch to support XML output.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
pcap is not found reliably by either --with-pcap=%_prefix or
--with-pcap-lib=%_libdir --with-pcap-inc=%_includedir.
If you have any special paths, just use
./configure CPPFLAGS="-I/my/pcap" LDFLAGS="-L/my/pcap"
(And -lpcap is already known so no need to specify that.)
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In file included from /usr/include/string.h:642:0,
from ulogd_output_SQLITE3.c:34:
In function 'strncat',
inlined from 'db_count_cols' at ulogd_output_SQLITE3.c:306:9,
inlined from 'sqlite3_init_db' at ulogd_output_SQLITE3.c:328:11:
/usr/include/bits/string3.h:152:3: warning: call to __builtin___strncat_chk might overflow destination buffer [enabled by default]
I: Statement might be overflowing a buffer in strncat. Common mistake:
BAD: strncat(buffer,charptr,sizeof(buffer)) is wrong, it takes the left over size as 3rd argument
GOOD: strncat(buffer,charptr,sizeof(buffer)-strlen(buffer)-1)
E: ulogd2 bufferoverflowstrncat ulogd_output_SQLITE3.c:328:11
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following problem while running `autoreconf -fi`
`pkglibexecdir' is not a legitimate directory for `LTLIBRARIES'
variable `ulogd_filter_PRINTPKT_la_SOURCES' is defined but no program or
library has `ulogd_filter_PRINTPKT_la' as canonical name (possible typo)
Signed-off-by: Björn Lässig <laessig@bitformer.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DBI: allow to define table name via table config option
While using the DBI plugin of ulogd2 for NFCT based accounting, despite
using table="conntrack", it always insisted in using the table "ulog"
for deriving the keys/columns to be stored.
I've hacked up a quick fix, and it seems to work as expected (though no
proper null termination after strncpy).
Signed-off-by: Harald Welte <laforge@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch adds GPRINT which is a generalization of OPRINT.
It display the set of key-values separated by commas. This is
the generic print that you can attach to whatever kind of
input plugin.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes the creation of the `daily' table. Now, we assume
that the table that we use are created before launching ulogd2.
This code is broken because you have to specify in the configuration
file that the table used is `daily', otherwise this `daily' table is
created and dropped during the daemon starting, but not used.
Moreover, the code explicit shows a message that it says:
/* FIXME make this configurable */
So, I think that this patch is the way to go :-).
This patch also documents the table creation in ulogd.sgml
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch fixes the following warning during the compilation:
ulogd_output_SQLITE3.c: In function ‘ulogd_find_key’:
ulogd_output_SQLITE3.c:292: warning: comparison between signed and unsigned integer expressions
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Move error handling after the switch statement since it's the same
for all cases, we save several lines of code.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
Use continue instead of goto inside loop. I don't need to scroll
up and down in the code to know what the jump is performing.
I think this improve code readability. It's a comestic cleanup,
of course.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
With pkg-config variables, even a non-installed sqlite3 can be
configured easily.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch imports the sqlite3 support from Holger.
I applied folded the following patches, that Harald passed to me
during the last Netfilter workshop, into one:
0001-ulog2-sqlite-port-to-v2.diff.patch
0002-ulog2-sqlite-prepare-fix.diff.patch
0003-ulogd-sqlite-new-logging.diff.patch
0004-ulogd-accounting-add-flow-start-day.patch
0005-ulogd-sqlite3-err-codes-fix.dif.patch
0006-ulogd-sqlite3-tbl-corrupt-fix.diff.patch
0007-ulogd-sqlite3-handle-schema-change.diff.patch
0008-SQLITE3-count-instead-of-log-table-busy-messags.patch
0009-ulogd-SQLITE-Added-flowstartsec.diff.patch
Harald passed them to me with no description, so applying them
separately does not provide more information.
I'll start adding patches on top on these so Holger can get in
sync with my work. This also can help him to take my patches
and to integrate them to his tree.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This is important for when the libraries are in a non-default path.
Also, libs must be listed in LDADD/LIBADD, not LDFLAGS.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
Modules - since they are dependent on the executable - generally go to
libexec/.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
The variable contains global libraries linked into every possible
object, which is unwanted. Clean up things.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
|
| |
We must not override CFLAGS, because that will break when the user
overrides CFLAGS again at make time (which he is entitled to). So,
name our CFLAGS regular_CFLAGS, and also include that across all
Makefiles so that they are actually uesd for all the code.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
ulogd_output_LOGEMU.c:37:2: warning: #warning this libc does not
define HOST_NAME_MAX
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the PCAP output plugin uses ip.totlen to determine both the
"len" and "caplen" pcap header fields, as well as the amount of packet
data written to the file. There are two issues with this:
- For obvious reasons it doesn't work for IPv6.
- AFAICT, in case of an incompletely captured packet (--nflog-range)
it will attempt to write out the whole packet, not just the part
captured.
This patch changes the behavior to:
- Use raw.pktlen to set the "caplen" field, and the amount of data
written.
- Determine the "len" (original length) field from ip.totlen or
ip6.payload_len if possible, default to the same value as "caplen"
otherwise.
Signed-off-by: Jan Andres <jandres@gmx.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch removes the IPFIX from the Makefile. Thus, we keep
it in the tree in the hope that we'll have time to finish it
in the future but don't compile it. This confuses users since
they think that it works.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch adds an infix to the XML file to avoid problems if we are
logging packets and flows at the same time. Thus, we create two
different XML files whose filename describes the sort of logging
information that it contains. It is also useful when listing files
at a quick sight.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This feature is useful for log-rotation.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch adds XML that allows to log information in XML for
ulogd2. It supports packet and flow-based accounting.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This patch fixes a crash if the output file was not correctly opened.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch is a preliminary fix for the yet-unfinished IPFIX
support. This patch resolves a couple of bugs that made ulogd
crash and a couple of missing symbols that didn't allow to
use this plugin in the configuration file.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
This patch affect type and flag to PCAP input key.
|
|
|
|
|
| |
This patch fixes autotools warning about deprecated usage of INCLUDES in
Makefile.am.
|
|
|
|
|
|
|
| |
The modules are pretty much bound to ulogd, and it does not seem
to make sense to specially version these.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
| |
This patch allows to connect to the server using the local (unix) socket,
thus not using a network socket and SSL encryption.
Local connection is used if host parameter is omitted or empty.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
|
|
|
|
|
|
| |
Some databases (e.g Oracle) return column name in uppercase, while
key name is in lowercase. This patch allows to match keys correctly.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
|
|
|
|
|
|
|
|
| |
This patch cleans up the current key assignation by introducing a
set of functions ukey_* to set the key value as Eric Leblond and
we discussed during the latest Netfilter Workshop. This patch is
based on an idea from Holger Eitzenberger.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
libdbi implements a database-independent abstraction layer in C, similar to
the DBI/DBD layer in Perl.
This module brings support for all database types supported by libdbi.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
Fix gcc warning related to the lack of parenthesis.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch adds parenthesis around an expression to avoid confusion
between order preference of && and || operators.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch cast to (char *) some (void *) to avoid a gcc warning in
string format parsing.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org
|
|
|
|
|
|
|
|
| |
This patch adds a stop function to the module which closes the
connection to the log system.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch fixes some gcc warnings:
* Unused variables
* Functions with wrong return (or without return)
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
IPFIX needs some huge work. This patch fixes some basic logic errors.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
| |
This patch modifies plugins to use the already defined but not used
define. This also fixes some weird behaviours in error treatment (like
not stopping after OOM).
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
This patch introduces a explicit list of input keys and obtains IPv6
compliance by using IP2STR output as input for IP address.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
| |
This patch fixes the type of some fields in the SQL schema to sync
with datatype of the corresponding ulogd2 keys.
|
|
|
|
|
| |
Change from procedure to function in mysql schema adds the need to free MySQL
result after request.
|
|
|
|
| |
Mark ID as inactive (sequence in pg schema)
|
|
|
|
| |
Fix incorrect options for PGsql module.
|
|
|
|
| |
MySQL client library does not reconnect automatically since 5.0.
|
|
|
|
|
| |
Display filename in the other error case.
Based on Marius Tomaschewski work.
|
|
|
|
|
| |
Changed to show pcap file name when open failed.
Based on Marius Tomaschewski work.
|