summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* ulogd: load all plugins by defaultArturo Borrero Gonzalez2018-01-081-1/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | This new configuration behaviour option eases a bit the configuration of ulogd2 by allowing to load all plugins in one go, without having to know their full path. Choosing concrete plugins and using full path for them is great for some environmnets, but I don't think it's a common case. The common case is to load all plugins, even ignoring where do they live in the filesystem. Even worse, the full path may be architecture-dependant, which makes copying the ulogd.conf file between machines unnecesarily complex. To experiment this new behaviour, don't put any 'plugin=' directive in the config file. Plugins will be loaded from a default directory, choosen at build/configure time (--with-ulogd2libdir). If no specified, this is something like '/usr/local/lib/ulogd/'. This new configuration option doesn't implement any special logic. We simply open the dir and try to load all files ending with '.so'. The log message level for plugins loading is increased so users can see by default which plugins are loaded. Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ulogd: use a RT scheduler by defaultArturo Borrero Gonzalez2017-09-201-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Is common that ulogd runs in scenarios where a lot of packets are to be logged. If there are more packets than ulogd can handle, users can start seing log messages like this: ulogd[556]: We are losing events. Please, consider using the clauses \ `netlink_socket_buffer_size' and `netlink_socket_buffer_maxsize' Which means that Netlink buffer overrun have happened. There are several approaches to prevent this situation: * in the ruleset, limit the amount of packet queued for log * in the ruleset, instruct the kernel to use a queue-threshold * from userspace, increment Netlink buffer sizes * from userspace, configure ulogd to run as high priority process The first 3 method can be configured by users at runtime. This patch deals with the last method. SCHED_RR is configured by default, with no associated configuration parameter for users, since I believe this is common enough, and should produce no harm. A similar approach is used in the conntrackd daemon. Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Acked-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ulogd: fix crash when plugin version are incorrectEric Leblond2017-07-021-0/+1
| | | | | Format string in error message had more arguments than given and it was resulting in a crash at start.
* ulogd: use strncpy instead of memcpyEric Leblond2017-03-211-1/+1
| | | | | | | | | On some architecture, ulogd is not starting due to a crash in memcpy. This patch switches to strncpy to avoid the problem. Reported-by: Alexandru Ardelean <ardeleanalex@gmail.com> Signed-off-by: Eric Leblond <eric@regit.org>
* ulogd: add missing newline in log messageEric Leblond2016-02-051-1/+1
|
* ulogd: restructures signal handling by self-pipe trickHironobu Ishii2016-02-051-7/+125
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ulogd had a critical bug that is calling Async-Signal-Unsafe functions in signal hander context. - Most of libc functions like fopen(), malloc() are Async-Signal-Unsafe. So you should not call these functions in signal handler context. - Calling pluginstances in signal handler context is danger. For implementer of pluginstances, it is very hard to recognize their functions are called in signal handler context. To solve the issue, I restructured signal handling by self-pipe trick. For more detail on self-pipe trick, please see the following. https://lwn.net/Articles/177897/ This patch will solve various symptoms like following. - Deadlock - Segmentation fault caused by libc management data corruption, - Other unpredictable behavior. Deadlock example ================ This bug was already filed at: https://bugzilla.netfilter.org/show_bug.cgi?id=1030 I also hit this bug. The backtrace of this issue is following. In this case, main thread was calling ctime(), and signal handler called localtime_r(). That caused the dead lock while getting tzset_lock in __tz_convert(). Because vsyslog() is Async-Signal-Unsafe function, we cannot call this function in signal handler context. (gdb) bt #0 __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95 #1 0x00007f3c3fc7e4ac in _L_lock_2462 () at tzset.c:621 #2 0x00007f3c3fc7e2e7 in __tz_convert (timer=0x7f3c3ff8bf00 <tzset_lock>, timer@entry=0x7fffcfa923b8, use_localtime=use_localtime@entry=1, tp=tp@entry=0x7fffcfa92400) at tzset.c:624 #3 0x00007f3c3fc7c28d in __localtime_r (t=t@entry=0x7fffcfa923b8, tp=tp@entry=0x7fffcfa92400) at localtime.c:32 #4 0x00007f3c3fcbf1ba in __GI___vsyslog_chk (pri=<optimized out>, flag=1, fmt=0x406fa8 "signal received, calling pluginstances\n", ap=0x7fffcfa924a0) at ../misc/syslog.c:199 #5 0x00000000004037b5 in __ulogd_log () #6 0x00000000004047be in signal_handler () #7 <signal handler called> #8 0x00007f3c3fcb62f5 in __GI___xstat (vers=<optimized out>, name=0x7f3c3fd4b2c3 "/etc/localtime", buf=0x7fffcfa92c10) at ../sysdeps/unix/sysv/linux/wordsize-64/xstat.c:37 #9 0x00007f3c3fc7e5f6 in __tzfile_read (file=file@entry=0x7f3c3fd4b2c3 "/etc/localtime", extra=extra@entry=0, extrap=extrap@entry=0x0) at tzfile.c:170 #10 0x00007f3c3fc7d954 in tzset_internal (always=<optimized out>, explicit=explicit@entry=1) at tzset.c:444 #11 0x00007f3c3fc7e303 in __tz_convert (timer=0x7fffcfa92d50, use_localtime=use_localtime@entry=1, tp=tp@entry=0x7f3c3ff8ed80 <_tmbuf>) at tzset.c:629 #12 0x00007f3c3fc7c2a1 in __GI_localtime (t=<optimized out>) at localtime.c:42 #13 0x00007f3c3fc7c1f9 in ctime (t=<optimized out>) at ctime.c:27 #14 0x00007f3c3e180ec2 in ?? () #15 0x0000000056a100c2 in ?? () #16 0xf8570f79d4fc4200 in ?? () #17 0x000000000209bec0 in ?? () #18 0x00007f3c4059f1f8 in ?? () #19 0x000000000000003c in ?? () #20 0x0000000000404952 in ulogd_propagate_results () #21 0x00007f3c3f9cc203 in ?? () #22 0x0000000000000000 in ?? () Segmentation fault in free() ============================ >From my experience, I think this was caused by some routine called malloc()/free() in signal handler context. By that, malloc() management data became inconsistent. As a result, free() made a wrong dereference. Program terminated with signal SIGSEGV, Segmentation fault. #0 __GI___libc_free (mem=0x7f430f011000) at malloc.c:2903 2903 if (chunk_is_mmapped(p)) /* release mmapped memory. */ (gdb) bt #0 __GI___libc_free (mem=0x7f430f011000) at malloc.c:2903 #1 0x00007f430e68affa in __GI__IO_free_backup_area (fp=fp@entry=0x742500) at genops.c:210 #2 0x00007f430e68a795 in _IO_new_file_overflow (f=0x742500, ch=-1) at fileops.c:849 #3 0x00007f430e689511 in _IO_new_file_xsputn (f=0x742500, data=<optimized out>, n=15) at fileops.c:1372 #4 0x00007f430e65aa4d in _IO_vfprintf_internal (s=s@entry=0x742500, format=<optimized out>, format@entry=0x7f430cbc4008 "%.15s %s %s", ap=ap@entry=0x7fff456ece38) at vfprintf.c:1635 #5 0x00007f430e71d615 in ___fprintf_chk (fp=0x742500, flag=flag@entry=1, format=format@entry=0x7f430cbc4008 "%.15s %s %s") at fprintf_chk.c:36 #6 0x00007f430cbc3f04 in fprintf (__fmt=0x7f430cbc4008 "%.15s %s %s", __stream=<optimized out>) at /usr/include/bits/stdio2.h:97 #7 _output_logemu (upi=0x74e5a0) at ulogd_output_LOGEMU.c:102 #8 0x0000000000404952 in ulogd_propagate_results () #9 0x00007f430e40f203 in interp_packet (ldata=0x7fff456ed060, pf_family=2 '\002', upi=0x74a6b0) at ulogd_inppkt_NFLOG.c:400 #10 msg_cb (gh=<optimized out>, nfmsg=0x7f430efe2020, nfa=0x7fff456ed060, data=0x74a6b0) at ulogd_inppkt_NFLOG.c:483 #11 0x00007f430e20a307 in __nflog_rcv_pkt (nlh=<optimized out>, nfa=<optimized out>, data=<optimized out>) at libnetfilter_log.c:160 #12 0x00007f430e0056b7 in __nfnl_handle_msg (len=268, nlh=0x7f430efe2010, h=0x74e8e0) at libnfnetlink.c:1236 #13 nfnl_handle_packet (h=0x74e8e0, buf=0x7f430efe2010 "\f\001", len=<optimized out>) at libnfnetlink.c:1256 #14 0x00007f430e20a508 in nflog_handle_packet (h=<optimized out>, buf=<optimized out>, len=<optimized out>) at libnetfilter_log.c:323 #15 0x00007f430e40eaed in nful_read_cb (fd=<optimized out>, what=<optimized out>, param=0x74a6b0) at ulogd_inppkt_NFLOG.c:463 #16 0x0000000000404ee0 in ulogd_select_main () #17 0x0000000000402b17 in main () Signed-off-by: Hironobu Ishii <ishii.hironobu@jp.fujitsu.com>
* Use stdint types everywhereFelix Janda2015-06-261-2/+2
| | | | Signed-off-by: Felix Janda <felix.janda@posteo.de>
* ulogd: Use /dev/null as dummy logfile when logging to syslogFelix Janda2015-06-231-5/+5
| | | | | | | | | Fixes compilation error with musl libc: ulogd.c:86:13: error: storage size of 'syslog_dummy' isn't known static FILE syslog_dummy; Signed-off-by: Felix Janda <felix.janda@posteo.de>
* ulogd: fix loglevel handlingKen-ichirou MATSUZAWA2014-03-071-1/+2
| | | | | | It was always default if not specified by command parameter. Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
* ulogd: add carriage return as separatorEric Leblond2014-02-221-3/+3
| | | | | | | If the file is in DOS mode, the string coming from config file parsing are containing the carriage return. The result is that string are not correct and the parsing of confuguration file is failling.
* ulogd: avoid potential double print of messageEric Leblond2014-02-041-2/+2
| | | | | In case there is no logfile, ulogd could possibly display each log message twice to stderr.
* ulogd: use AC_SEARCH_LIBS for libpthreadGustavo Zacarias2013-12-111-2/+2
| | | | | | | | | Some uClibc-based toolchains lack threading support, so use AC_SEARCH_LIB instead of AC_CHECK_LIB to check for libpthread availability and link conditionally if found since it's only used for the database backends. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
* ulogd: use daemon() functionEric Leblond2013-10-101-17/+13
| | | | | | | | This patches update the daemonization code. It is done earlier and it uses the daemon(à function which is used for daemonization by most projects. Signed-off-by: Eric Leblond <eric@regit.org>
* Improve pid file handling.Eric Leblond2013-05-211-12/+54
| | | | | | | | | | This patch improves latest patch by splitting in two part the pid file creation. This allows to display a message to stdout when ulogd can not be started. Another linked improvement is that the plugin initialization is not done if the pid file existence will result in a ulogd exit. Signed-off-by: Eric Leblond <eric@regit.org>
* ulogd: Implement PID file writingChris Boot2013-05-211-1/+146
| | | | | | | | The deamon currently does not have the ability to write a PID file to track its process ID. This is very useful to an init script and to ensure there is only one running instance. This patch implements this functionality. Signed-off-by: Chris Boot <bootc@bootc.net>
* ulogd: Perform nice() before giving up rootChris Boot2013-05-211-7/+7
| | | | | | | | The daemon code currently tries to nice(-1) just after having given up root privileges, which fails. This patch moves the nice(-1) call to just before the code that gives up the required privileges. Signed-off-by: Chris Boot <bootc@bootc.net>
* db: add ring buffer for DB queryEric Leblond2013-05-211-1/+1
| | | | | | | | | | | This patch adds an optional ring buffer option which modify the way database queries are made. The main thread is only handling kernel message reading and query formatting. The SQL request is made in a separate dedicated thread. The idea is to try to avoid buffer overrun by minimizing the time requested to treat kernel message. Doing synchronous SQL request, as it was made before was causing a delay which could cause some messages to be lost in case of burst from kernel side.
* ulogd: display stack during configurationEric Leblond2013-04-201-1/+1
|
* Revert "ulogd: close logfile description in the exit path of parent process"Pablo Neira Ayuso2013-03-271-1/+0
| | | | | | | This reverts commit 3179bd4de89de7c2388849f5bc48e8f5aad9e5b9. Pointing to the wrong place. This is not the file descriptor that ulogd is leaking.
* ulogd: close logfile description in the exit path of parent processPablo Neira Ayuso2013-03-261-0/+1
| | | | | | | | | | | | | | | Joan Touzet reported that file descriptor 3 was not ever closed in the exit path of the parent process: open("ulogd.conf", O_RDONLY) = 3 That corresponds to the the file descriptor that was used to parse the configuration file was not closed. This closes: http://bugzilla.netfilter.org/show_bug.cgi?id=793 Reported-by: Joan Touzet <joant@cloudant.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ulogd: change verbosity of a messageEric Leblond2013-03-201-1/+1
| | | | | The "registering plugin" message is not really useful as the message is really explicit if a plugin is missing.
* Add handling of too long line and arguments.Eric Leblond2013-02-182-1/+28
| | | | | When an argument or a line is too long, it can not be store into ulogd configuration and this must results in a error.
* Use access to ensure readability of config gileEric Leblond2013-02-182-2/+11
| | | | | This patch adds a call to access to check the readability of the configuration file.
* Suppress dead FIXME.Eric Leblond2013-02-181-1/+0
|
* Get rid of SVN tag in comment.Eric Leblond2013-01-185-18/+6
| | | | This patch also update some copyright and licence declaration.
* Add -l option to set log level from command lineEric Leblond2013-01-181-2/+13
| | | | | | This patch adds a '-l' option which can be used to setup ulogd loglevel. Command line option has precedence on the configuration file one.
* conf: add flag to allow option setup tuningEric Leblond2013-01-181-1/+2
| | | | | | This patch adds a flag to the config_entry structure to be able to tune setup. First usage is to ask config parser not to update a key if it has been already set.
* ulogd: add -v option to display message on stderr.Eric Leblond2013-01-061-8/+33
| | | | | If can be painful to have to check the logfile, so this patch adds a '-v' option which display logs message to stderr.
* addr: fix compilation warningEric Leblond2013-01-051-2/+2
| | | | | This patch fixes a compilation warning related to a signed and unsigned integer comparison.
* addr: add file containing addr utility functions.Eric Leblond2013-01-052-1/+114
|
* src: update copyright and authors informationPablo Neira Ayuso2012-08-031-1/+3
| | | | | | | | Include Eric and myself in the copyright notice and the AUTHORS file since we're the most recurrent contributors (of course, after the original author of this software, Harald Welte). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: fix version that -V displaysPablo Neira Ayuso2012-08-031-4/+4
| | | | | | | It was wrong, use VERSION constant which uses the version information available in configure.ac. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ulogd: fix segfault if syslog and SIGTERM is receivedSalih Gonullu2011-03-271-2/+2
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: avoid use of LIBS variableJan Engelhardt2011-02-011-0/+1
| | | | | | | The variable contains global libraries linked into every possible object, which is unwanted. Clean up things. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* ulogd: fix double call of stop for reused input pluginsPablo Neira Ayuso2011-01-071-2/+12
| | | | | | | | | | | This patch adds reference counting for plugins. This is used to fix a double stop for input plugins that are reused. This problem was reported by Salih Gonullu <sag@open.ch>: http://marc.info/?l=netfilter&m=129439584700693&w=2 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: propagate global CFLAGSJan Engelhardt2010-11-051-0/+1
| | | | | | | | | We must not override CFLAGS, because that will break when the user overrides CFLAGS again at make time (which he is entitled to). So, name our CFLAGS regular_CFLAGS, and also include that across all Makefiles so that they are actually uesd for all the code. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: remove unused $(all_includes)Jan Engelhardt2010-11-051-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* fix wrong list addition in plugin re-use logicPablo Neira Ayuso2010-06-171-1/+1
| | | | | | | | | | This patch fixes a bug that makes ulogd loops forever while propagating inputs to the output plugin. It is reproducible if you re-use three or more plugin instances. The problem is that the parameters in the list addition are in incorrect order. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* fix incorrect negative EINTR checking in main loopPablo Neira Ayuso2010-06-131-1/+1
| | | | | | | | | This patch fixes the following error that is displayed if we send SIGHUP to reopen the logfile: ulogd.c:904 select says Interrupted system call Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* NFCT: use new hashtable implementation for better performancePablo Neira Ayuso2010-01-171-110/+58
| | | | | | | | This patch replaces the existing hashtable implementation with a newer that provide better performance since it reduces the number of hash computations. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: remove -lpthread from MakefilePablo Neira Ayuso2009-07-221-1/+1
| | | | | | | This patch remove -lpthread that was introduced time ago to workaround a problem in gdb. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ulogd: configure all plugins before resolving keys.Pierre Chifflier2009-04-171-7/+13
| | | | | | | | | | Split the 'resolve keys' step in two parts: first call the configure fonction for all plugins (in reverse order), then loop again to resolve the keys. This allows dynamic construction of the input and output keys, even for filter plugins. Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
* Display which keys are optional in info mode.Eric Leblond2009-01-271-1/+6
| | | | | This patch adds a "optional" keyword to description of input key which are optional when --info is used to dump information about a plugin.
* Update .gitignore and remove install-shJan Engelhardt2009-01-201-0/+1
| | | | | | install-sh is autogenerated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Display logfile to check in case of error.Eric Leblond2009-01-131-2/+7
| | | | | This patch adds the display of the used logging file to look at if there is a critical error.
* Add valgrind compilation option.Eric Leblond2008-12-091-0/+4
| | | | | | Valgrind messages are obscur when the plugins are unloaded. This patch adds a macro that can be used to desactivate unloading. To use it, you have to specify 'CPPFLAGS=-DDEBUG_VALGRIND' on configure line.
* Free stacks when exiting.Eric Leblond2008-12-091-0/+12
| | | | This patch modifies ulogd2 to have it free the stacks when leaving.
* Introduce config_stop() functionEric Leblond2008-12-092-0/+6
| | | | | This patch adds the config_stop function which is in charge of releasing ressources allocated for configuration file parsing.
* Unload plugins when quitting.Eric Leblond2008-12-091-1/+20
| | | | | This patch adds unloading of plugins (call dlclose()) in ulogd2. This make valgrind happy and will be useful for daemon live reconfiguration.
* Add SIGINT to list of terminal signal.Eric Leblond2008-12-091-1/+2
| | | | | This patch modifies ulogd to intercept SIGINT signal and quit nicely when this signal is received.