| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
The attached patch fixes building ulogd2 with musl libc. It is being
used on Void Linux right now.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1278
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This new configuration behaviour option eases a bit the configuration of ulogd2
by allowing to load all plugins in one go, without having to know their full
path.
Choosing concrete plugins and using full path for them is great for some
environmnets, but I don't think it's a common case. The common case is to
load all plugins, even ignoring where do they live in the filesystem.
Even worse, the full path may be architecture-dependant, which makes copying
the ulogd.conf file between machines unnecesarily complex.
To experiment this new behaviour, don't put any 'plugin=' directive in the
config file. Plugins will be loaded from a default directory, choosen at
build/configure time (--with-ulogd2libdir). If no specified, this is something
like '/usr/local/lib/ulogd/'.
This new configuration option doesn't implement any special logic. We simply
open the dir and try to load all files ending with '.so'.
The log message level for plugins loading is increased so users can see by
default which plugins are loaded.
Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Is common that ulogd runs in scenarios where a lot of packets are to be logged.
If there are more packets than ulogd can handle, users can start seing log
messages like this:
ulogd[556]: We are losing events. Please, consider using the clauses \
`netlink_socket_buffer_size' and `netlink_socket_buffer_maxsize'
Which means that Netlink buffer overrun have happened.
There are several approaches to prevent this situation:
* in the ruleset, limit the amount of packet queued for log
* in the ruleset, instruct the kernel to use a queue-threshold
* from userspace, increment Netlink buffer sizes
* from userspace, configure ulogd to run as high priority process
The first 3 method can be configured by users at runtime.
This patch deals with the last method. SCHED_RR is configured by default,
with no associated configuration parameter for users, since I believe
this is common enough, and should produce no harm.
A similar approach is used in the conntrackd daemon.
Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Acked-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Format string in error message had more arguments than given and
it was resulting in a crash at start.
|
|
|
|
|
|
|
|
|
| |
On some architecture, ulogd is not starting due to a
crash in memcpy. This patch switches to strncpy to
avoid the problem.
Reported-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Eric Leblond <eric@regit.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ulogd had a critical bug that is calling Async-Signal-Unsafe functions
in signal hander context.
- Most of libc functions like fopen(), malloc() are Async-Signal-Unsafe.
So you should not call these functions in signal handler context.
- Calling pluginstances in signal handler context is danger.
For implementer of pluginstances, it is very hard to recognize their
functions are called in signal handler context.
To solve the issue, I restructured signal handling by self-pipe trick.
For more detail on self-pipe trick, please see the following.
https://lwn.net/Articles/177897/
This patch will solve various symptoms like following.
- Deadlock
- Segmentation fault caused by libc management data corruption,
- Other unpredictable behavior.
Deadlock example
================
This bug was already filed at:
https://bugzilla.netfilter.org/show_bug.cgi?id=1030
I also hit this bug. The backtrace of this issue is following.
In this case, main thread was calling ctime(),
and signal handler called localtime_r().
That caused the dead lock while getting tzset_lock in __tz_convert().
Because vsyslog() is Async-Signal-Unsafe function, we cannot call
this function in signal handler context.
(gdb) bt
#0 __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95
#1 0x00007f3c3fc7e4ac in _L_lock_2462 () at tzset.c:621
#2 0x00007f3c3fc7e2e7 in __tz_convert (timer=0x7f3c3ff8bf00 <tzset_lock>,
timer@entry=0x7fffcfa923b8, use_localtime=use_localtime@entry=1,
tp=tp@entry=0x7fffcfa92400) at tzset.c:624
#3 0x00007f3c3fc7c28d in __localtime_r (t=t@entry=0x7fffcfa923b8,
tp=tp@entry=0x7fffcfa92400) at localtime.c:32
#4 0x00007f3c3fcbf1ba in __GI___vsyslog_chk (pri=<optimized out>, flag=1,
fmt=0x406fa8 "signal received, calling pluginstances\n", ap=0x7fffcfa924a0)
at ../misc/syslog.c:199
#5 0x00000000004037b5 in __ulogd_log ()
#6 0x00000000004047be in signal_handler ()
#7 <signal handler called>
#8 0x00007f3c3fcb62f5 in __GI___xstat (vers=<optimized out>,
name=0x7f3c3fd4b2c3 "/etc/localtime", buf=0x7fffcfa92c10)
at ../sysdeps/unix/sysv/linux/wordsize-64/xstat.c:37
#9 0x00007f3c3fc7e5f6 in __tzfile_read (file=file@entry=0x7f3c3fd4b2c3 "/etc/localtime",
extra=extra@entry=0, extrap=extrap@entry=0x0) at tzfile.c:170
#10 0x00007f3c3fc7d954 in tzset_internal (always=<optimized out>,
explicit=explicit@entry=1) at tzset.c:444
#11 0x00007f3c3fc7e303 in __tz_convert (timer=0x7fffcfa92d50,
use_localtime=use_localtime@entry=1, tp=tp@entry=0x7f3c3ff8ed80 <_tmbuf>)
at tzset.c:629
#12 0x00007f3c3fc7c2a1 in __GI_localtime (t=<optimized out>) at localtime.c:42
#13 0x00007f3c3fc7c1f9 in ctime (t=<optimized out>) at ctime.c:27
#14 0x00007f3c3e180ec2 in ?? ()
#15 0x0000000056a100c2 in ?? ()
#16 0xf8570f79d4fc4200 in ?? ()
#17 0x000000000209bec0 in ?? ()
#18 0x00007f3c4059f1f8 in ?? ()
#19 0x000000000000003c in ?? ()
#20 0x0000000000404952 in ulogd_propagate_results ()
#21 0x00007f3c3f9cc203 in ?? ()
#22 0x0000000000000000 in ?? ()
Segmentation fault in free()
============================
>From my experience, I think this was caused by some routine called
malloc()/free() in signal handler context.
By that, malloc() management data became inconsistent.
As a result, free() made a wrong dereference.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __GI___libc_free (mem=0x7f430f011000) at malloc.c:2903
2903 if (chunk_is_mmapped(p)) /* release mmapped memory. */
(gdb) bt
#0 __GI___libc_free (mem=0x7f430f011000) at malloc.c:2903
#1 0x00007f430e68affa in __GI__IO_free_backup_area (fp=fp@entry=0x742500)
at genops.c:210
#2 0x00007f430e68a795 in _IO_new_file_overflow (f=0x742500, ch=-1) at fileops.c:849
#3 0x00007f430e689511 in _IO_new_file_xsputn (f=0x742500, data=<optimized out>, n=15)
at fileops.c:1372
#4 0x00007f430e65aa4d in _IO_vfprintf_internal (s=s@entry=0x742500,
format=<optimized out>, format@entry=0x7f430cbc4008 "%.15s %s %s",
ap=ap@entry=0x7fff456ece38) at vfprintf.c:1635
#5 0x00007f430e71d615 in ___fprintf_chk (fp=0x742500, flag=flag@entry=1,
format=format@entry=0x7f430cbc4008 "%.15s %s %s") at fprintf_chk.c:36
#6 0x00007f430cbc3f04 in fprintf (__fmt=0x7f430cbc4008 "%.15s %s %s",
__stream=<optimized out>) at /usr/include/bits/stdio2.h:97
#7 _output_logemu (upi=0x74e5a0) at ulogd_output_LOGEMU.c:102
#8 0x0000000000404952 in ulogd_propagate_results ()
#9 0x00007f430e40f203 in interp_packet (ldata=0x7fff456ed060, pf_family=2 '\002',
upi=0x74a6b0) at ulogd_inppkt_NFLOG.c:400
#10 msg_cb (gh=<optimized out>, nfmsg=0x7f430efe2020, nfa=0x7fff456ed060, data=0x74a6b0)
at ulogd_inppkt_NFLOG.c:483
#11 0x00007f430e20a307 in __nflog_rcv_pkt (nlh=<optimized out>, nfa=<optimized out>,
data=<optimized out>) at libnetfilter_log.c:160
#12 0x00007f430e0056b7 in __nfnl_handle_msg (len=268, nlh=0x7f430efe2010, h=0x74e8e0)
at libnfnetlink.c:1236
#13 nfnl_handle_packet (h=0x74e8e0, buf=0x7f430efe2010 "\f\001", len=<optimized out>)
at libnfnetlink.c:1256
#14 0x00007f430e20a508 in nflog_handle_packet (h=<optimized out>, buf=<optimized out>,
len=<optimized out>) at libnetfilter_log.c:323
#15 0x00007f430e40eaed in nful_read_cb (fd=<optimized out>, what=<optimized out>,
param=0x74a6b0) at ulogd_inppkt_NFLOG.c:463
#16 0x0000000000404ee0 in ulogd_select_main ()
#17 0x0000000000402b17 in main ()
Signed-off-by: Hironobu Ishii <ishii.hironobu@jp.fujitsu.com>
|
|
|
|
|
|
|
|
|
| |
Fixes compilation error with musl libc:
ulogd.c:86:13: error: storage size of 'syslog_dummy' isn't known
static FILE syslog_dummy;
Signed-off-by: Felix Janda <felix.janda@posteo.de>
|
|
|
|
|
|
| |
It was always default if not specified by command parameter.
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
|
|
|
|
|
| |
In case there is no logfile, ulogd could possibly display each
log message twice to stderr.
|
|
|
|
|
|
|
|
| |
This patches update the daemonization code. It is done earlier and
it uses the daemon(à function which is used for daemonization by
most projects.
Signed-off-by: Eric Leblond <eric@regit.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch improves latest patch by splitting in two part the pid
file creation. This allows to display a message to stdout when
ulogd can not be started. Another linked improvement is that the
plugin initialization is not done if the pid file existence will
result in a ulogd exit.
Signed-off-by: Eric Leblond <eric@regit.org>
|
|
|
|
|
|
|
|
| |
The deamon currently does not have the ability to write a PID file to track its
process ID. This is very useful to an init script and to ensure there is only
one running instance. This patch implements this functionality.
Signed-off-by: Chris Boot <bootc@bootc.net>
|
|
|
|
|
|
|
|
| |
The daemon code currently tries to nice(-1) just after having given up root
privileges, which fails. This patch moves the nice(-1) call to just before
the code that gives up the required privileges.
Signed-off-by: Chris Boot <bootc@bootc.net>
|
| |
|
|
|
|
|
|
|
| |
This reverts commit 3179bd4de89de7c2388849f5bc48e8f5aad9e5b9.
Pointing to the wrong place. This is not the file descriptor
that ulogd is leaking.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Joan Touzet reported that file descriptor 3 was not ever closed
in the exit path of the parent process:
open("ulogd.conf", O_RDONLY) = 3
That corresponds to the the file descriptor that was used to
parse the configuration file was not closed.
This closes: http://bugzilla.netfilter.org/show_bug.cgi?id=793
Reported-by: Joan Touzet <joant@cloudant.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
The "registering plugin" message is not really useful as the message
is really explicit if a plugin is missing.
|
|
|
|
|
| |
When an argument or a line is too long, it can not be store
into ulogd configuration and this must results in a error.
|
|
|
|
|
| |
This patch adds a call to access to check the readability of the
configuration file.
|
| |
|
|
|
|
| |
This patch also update some copyright and licence declaration.
|
|
|
|
|
|
| |
This patch adds a '-l' option which can be used to setup ulogd
loglevel. Command line option has precedence on the configuration
file one.
|
|
|
|
|
| |
If can be painful to have to check the logfile, so this patch adds
a '-v' option which display logs message to stderr.
|
|
|
|
|
|
|
|
| |
Include Eric and myself in the copyright notice and the AUTHORS file
since we're the most recurrent contributors (of course, after the
original author of this software, Harald Welte).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
It was wrong, use VERSION constant which uses the version
information available in configure.ac.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds reference counting for plugins. This is used to fix
a double stop for input plugins that are reused.
This problem was reported by Salih Gonullu <sag@open.ch>:
http://marc.info/?l=netfilter&m=129439584700693&w=2
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a bug that makes ulogd loops forever while
propagating inputs to the output plugin. It is reproducible
if you re-use three or more plugin instances. The problem is
that the parameters in the list addition are in incorrect
order.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch fixes the following error that is displayed if we send
SIGHUP to reopen the logfile:
ulogd.c:904 select says Interrupted system call
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
Split the 'resolve keys' step in two parts: first call the configure
fonction for all plugins (in reverse order), then loop again
to resolve the keys.
This allows dynamic construction of the input and output keys, even
for filter plugins.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
|
|
|
|
| |
This patch adds a "optional" keyword to description of input key which are
optional when --info is used to dump information about a plugin.
|
|
|
|
|
| |
This patch adds the display of the used logging file to look at if there
is a critical error.
|
|
|
|
|
|
| |
Valgrind messages are obscur when the plugins are unloaded. This patch
adds a macro that can be used to desactivate unloading. To use it, you
have to specify 'CPPFLAGS=-DDEBUG_VALGRIND' on configure line.
|
|
|
|
| |
This patch modifies ulogd2 to have it free the stacks when leaving.
|
|
|
|
|
| |
This patch adds the config_stop function which is in charge of releasing
ressources allocated for configuration file parsing.
|
|
|
|
|
| |
This patch adds unloading of plugins (call dlclose()) in ulogd2. This
make valgrind happy and will be useful for daemon live reconfiguration.
|
|
|
|
|
| |
This patch modifies ulogd to intercept SIGINT signal
and quit nicely when this signal is received.
|
|
|
|
|
|
| |
The stop function of plugin was not called when ulogd2 was
preparing to quit. This patch adds a call to stop for all
plugins in each stack and free pluginstance.
|
|
|
|
|
| |
gcc was warning that the return of the nice function should
be treated. This patch adds an error message in case of failure.
|
|
|
|
|
|
|
| |
This patch fixes some improper initialization in ulogd.c.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This patch fixes the warning related to signed and unsigned comparaison.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
This patch fixes some gcc warnings:
* Unused variables
* Functions with wrong return (or without return)
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
When a plugin returns ULOGD_IRET_STOP, the propagation should
stop. This was not the case as break was used to do so but it was called
inside a switch and thus apply to the switch instruction and not to
the llist iteration.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
| |
crash due to ulogd_logfile set to a string allocated on stack by config_parse_file
|
|
|
|
|
|
|
|
|
| |
Due to the modifications done to be able to use multiple time the SOURCE
plugin, a single instance of database output plugin could not anymore be
used in separate stack. This patch fixes this by limiting the effect of
the previous modification on SOURCE plugin.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
| |
structure. It can be used by input modules to duplicate an
entry. This solves the issue of not being able to use the same
plugin instance twice.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
call the start function for each stack.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
| |
- fix crash when enabling pollinterval clause in flow-based accounting
|