| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
It seems Z is a libc5 only format modifier. Using standard 'z'
instead.
|
|
|
|
| |
This patch also update some copyright and licence declaration.
|
|
|
|
|
| |
Rename internal keyname ip6.payload_len to remove "_"
to facilitate this.
|
|
|
|
|
|
|
|
|
|
|
| |
MySQL stored procedures must be invoked by the "CALL" SQL command and
not by "SELECT". Add the convention that if the procedure name starts
with "CALL", then the issued SQL command is "CALL procedurename(args)".
The stored procedure support in MySQL automatically brings transaction
support too.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
|
|
| |
This patch fixes the handling of SIGHUP when a SQL plugin is used. A
freed structure was previoulsy used to build the request and this was
leading to a crash.
|
|
|
|
|
|
|
| |
When procedure begins with INSERT* (without space), it considers it as an
INSERT statement.
Signed-off-by: Romain Bignon <romain@inl.fr>
|
|
|
|
|
| |
This patch modifies the procedure name parsing to be able to specify a
complete INSERT command.
|
|
|
|
| |
This patches frees an allocated buffer when ulogd is quitting.
|
|
|
|
|
|
|
|
|
| |
If the procedure name specified in configuration is INSERT, than use
a regular insertion instead of a stored procedure.
This should be used when performance is needed, with a flat SQL schema,
to reduce the cost of SQL procedure calls.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
|
|
|
|
|
| |
This patch modifies PRINTPKT plugin to add SCTP support.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
This patch cleans up the current key assignation by introducing a
set of functions ukey_* to set the key value as Eric Leblond and
we discussed during the latest Netfilter Workshop. This patch is
based on an idea from Holger Eitzenberger.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
This patch fixes a multiple definition of the key TCP_URG.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch uses PRIu64 and PRId64 macros from inttypes.h to have a correct
definition of 64 bit integer format for 64bits and 32bits arch.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch cast to (char *) some (void *) to avoid a gcc warning in
string format parsing.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org
|
|
|
|
|
|
| |
This patch fixes the warning related to signed and unsigned comparaison.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
This patch fixes some gcc warnings:
* Unused variables
* Functions with wrong return (or without return)
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch fixes a trivial typo.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch fixes the computation of the allocation size for the query.
It was not taking into account the length of the name of the procedure.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
| |
I have no idea what the intention behind this change was, but it
seems bogus, the output format should (mostly) match ipt_LOG.
|
|
|
|
|
|
| |
have now to be used with a defined IP storage type.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
detection.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
This patch change the input key of the module to use conversion made by the
IP2STR module.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
misbehaviour was also causing to read datas out of the correct range.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the db.c file for PgSQL and MySQL. In case of problem during request execution
a new connection to the database was immediatly started without closing the
previous one. The consequence was to block the database by having too much
simultaneous open connections.
This patch fixes the problem by disconnectinng from the database after a
request failure and trying to reconnect after a delay which is by default
of 2 secondes. This delay can be customized via the reconnect configuration
variable in the database configuration section.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
|
| |
to display event type in textual output modules. Here's an output example:
[DESTROY] ORIG: SRC=192.168.1.2 DST=192.168.1.255 PROTO=UDP SPT=631 DPT=631 \\
PKTS=1 BYTES=197 , REPLY: SRC=192.168.1.255 DST=192.168.1.2 \\
PROTO=UDP SPT=631 DPT=631 PKTS=0 BYTES=0
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
|
|
| |
can be use by MySQL. This is not strictly speaking raw data but it was of type
RAW.
Following remark from Hugo Mildenberger, I introduce in this patch a dedicated
type ULOGD_RET_RAWSTR. The main reason not to use a ULOGD_RET_STRING parameter
is that the paramater is not human readable.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
to form log lines for packets coming from ebtables. Currently it supports IPv4, IPv6 and ARP.
Signed-off-by: Peter Warasin <peter@endian.com>
|
|
|
|
| |
Add UID display to PRINTPKT filter.
|
|
|
|
|
|
|
| |
Some macros were defined several time. This was the case of GET_VALUE,
pp_is_valid. This patch puts the definition in ulogd.h and fixes the
definition of pp_is_valid which was wrong (causing segfault by acessing to
fields at NULL).
|
|
|
|
|
| |
MySQL need no to be able to print RAW data to be able to display
IP addresses.
|
|
|
|
|
| |
- This patch suppress key relative to IPv6 address because IPv4 and IPv6 can be stored in the same key.
- Add missing IP2STR line to ulogd.conf.in
|
|
|
|
|
| |
This patch update the printflow output module to be able to print a
whole conntrack entry on a single line.
|
|
|
|
| |
This patch clarifies code which will be modified in next patch.
|
|
|
|
|
|
|
|
|
| |
This patch adds new SQL schema for MySQL and PGsql. The goal is to improve the one line per entry format. There is no more a big table with all fields because this sort of storage is causing bad performance (databases don't like to have a lot of NULL fields to store).
Main changes are :
* Add new schema for MySQL and PGsql
* Use call to configurable procedure in SQL OUTPUT modules
* Arguments of a procedure are given by the list of fields of a selected table
|
|
|
|
|
|
|
|
|
|
| |
The following patch fixes MySQL and Pgsql output modules.
The callback function was not correctly initialized and this was leading
to a crash by calling the a NULL function. This patch correctly inits
the callback.
Eric Leblond <eric@inl.fr>
|
|
|
|
|
| |
repeat by using symbolic names to make sure the assignment matches the array
index.
|
|
|
|
| |
output is compatible with the SYSLOG and LOGEMU plugins. (Philip Craig)
|
|
|
|
|
| |
a separate PRINTPKT plugin. This reduces code duplication, and also
makes the SYSLOG and LOGEMU plugins more general. (Philip Craig)
|
| |
|
|
|
|
| |
Signed-off-by: Christian Hentschel <chentschel@people.netfilter.org>
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|