From bd214d4b5e4a88b39a798bc5efd63a8462779e58 Mon Sep 17 00:00:00 2001 From: laforge Date: Sat, 15 Oct 2005 18:19:08 +0000 Subject: update readme and todo --- README | 29 ++++++++++++++++++++--------- TODO | 31 +------------------------------ 2 files changed, 21 insertions(+), 39 deletions(-) diff --git a/README b/README index 545e7f7..31549a4 100644 --- a/README +++ b/README @@ -1,4 +1,5 @@ -Userspace logging facility for iptables / linux 2.4 +Userspace logging daemon for netfilter/iptables + $Id$ Project Homepage: http://www.gnumonks.org/projects/ulogd @@ -9,7 +10,16 @@ in the doc/ subdirectory. ===> IDEA -This packages is intended for passing packets from the kernel to userspace +This packages is intended for doing all netfilter related logging inside a +userspace process. This includes + - logging of ruleset violations via ipt_ULOG (kernel 2.4.18+) + - logging of ruleset violations via nfnetlink_log (kernel 2.6.14+) + - logging of connection startup/teardown (kernel 2.6.14+) + - connection-based accounting (kernel 2.6.14+) + +The to-be-logged information + +from passing packets from the kernel to userspace to do some logging there. It should work like that: - Register a target called ULOG with iptables @@ -31,10 +41,11 @@ write userspace logging daemons. The functions provided are described in the source code, a small demo program (ulog_test) is also included. = ulogd daemon (ulogd) -A sophisticated logging daemon which uses libipulog. The daemon provides -an easy to use plugin interface to write additional packet interpreters and -output targets. Example plugins (interpreter: ip, tcp, icmp output: simple -logging to a file) are included. +A sophisticated logging daemon core which uses a plugin for about anything. The +daemon provides a plugin API for + - input plugins + - filter plugins + - output plugins = documentation (doc) A quite verbose documentation of this package and it's configuration exists, @@ -88,10 +99,10 @@ Setting --ulog-cprange to 0 does always copy the whole packet. Default is 0 ===> COPYRIGHT + CREDITS -The code is (C) 2000-2004 by Harald Welte +The code and documentation is (C) 2000-2005 by Harald Welte -Thanks also to the valuable Contributions of Daniel Stone, Alexander -Janssen and Michael Stolovitzsky. +Thanks also to the valuable contributions of Daniel Stone, Alexander Janssen, +Michael Stolovitzsky and Jozsef Kadlecsik. Credits to Rusty Russell, James Morris, Marc Boucher and all the other netfilter hackers. diff --git a/TODO b/TODO index 3ab6194..1a92f6a 100644 --- a/TODO +++ b/TODO @@ -1,37 +1,8 @@ -libipulog: -X handle multi-part nlmsgs -- Error checking at netlink socket -- forward port my timeout enabled read-function from libipq to libipulog -- man pages - -kernel: -X queue the logging in the kernel and send multiple packets in one - multipart nlmsg -X add timer to flush queue in user-defineable time intervals -- IPv6 ULOG target - -ulogd: -X MYSQL output plugin -X syslog compatibility output plugin -- autoconf-detection of ipt_ULOG.h -X _fini() support for plugin destructors (needed for clean shutdown and - SIGHUP configfile reload -X commandline option for "to fork or not to fork" -X various command line options (we don't even have --version) +- autoconf/automake detection of libulog, mysql, pgsql, sqlite3, pcap - add support for capabilities to run as non-root -X big endian fixes -X man pages - IPv6 support (core and extensions) -X pcap output plugin (to use ethereal/tcpdump/... for the logs) - enable user to specify directory where to look for kernel include files - support for static linking -- make core maintain a list of keyid's that all the output plugins are - interested. The interpreters would be called with their respective - section of that list, and only compute those values that are actually - used by any of the running output plugins - issues with ulogd_BASE and partially copied packets (--ulog-cprange) - problem wrt. ulogd_BASE and fragments -- implement extension SIGHUP handlers (including config re-parse) -conffile: -- rewrite parser. This stuff is a real mess. Anybody interested? -- cgit v1.2.3