Initial revision

author: laforge <laforge> 2000-08-10 11:45:49 +0000
committer: laforge <laforge> 2000-08-10 11:45:49 +0000
commit: de923c5f36f5244e888b616de42b6a1cbf045372 (patch)
tree: 040fd9216087374470af2f6345d8922084b4623c
parent: ec20233e75f69011f41c58a2edcbcd29be484768 (diff)
9 files changed, 836 insertions, 0 deletions
diff --git a/iptables/Makefile b/iptables/Makefile
new file mode 100644
index 0000000..302bb39
--- /dev/null
+++ b/iptables/Makefile
@@ -0,0 +1,10 @@
+CFLAGS = -DNETFILTER_VERSION=\"1.1.1\" -fPIC
+
+libipt_ULOG.so: libipt_ULOG_sh.o
+	ld -shared libipt_ULOG_sh.o -o libipt_ULOG.so
+
+libipt_ULOG_sh.o: libipt_ULOG.c 
+	gcc $(CFLAGS) -c libipt_ULOG.c -o libipt_ULOG_sh.o
+
+clean: 
+	rm -f libipt_ULOG_sh.o libipt_ULOG.so
diff --git a/kernel-ULOG-2.4.0-test4.diff b/kernel-ULOG-2.4.0-test4.diff
new file mode 100644
index 0000000..f4a5501
--- /dev/null
+++ b/kernel-ULOG-2.4.0-test4.diff
@@ -0,0 +1,229 @@
+diff -Nru linux-2.4.0-test4-plain/Documentation/Configure.help linux-2.4.0-test4-work/Documentation/Configure.help
+--- linux-2.4.0-test4-plain/Documentation/Configure.help	Thu Jul 13 18:42:51 2000
++++ linux-2.4.0-test4-work/Documentation/Configure.help	Sun Jul 30 21:56:01 2000
+@@ -2010,6 +2010,16 @@
+   If you want to compile it as a module, say M here and read
+   Documentation/modules.txt.  If unsure, say `N'.
+ 
++ULOG target support
++CONFIG_IP_NF_TARGET_ULOG
++  This option adds a `ULOG' target, which allows you to create rules in
++  any iptables table. The packet is passed to one or more userspace logging
++  daemon using netlink multicast sockets. Logging is no longer forced to
++  be in syslog, but can be done by any userspace process.
++
++  If you want to compile it as a module, say M here and read
++  Documentation/modules.txt.  If unsure, say `N'.
++
+ ipchains (2.2-style) support
+ CONFIG_IP_NF_COMPAT_IPCHAINS
+   This option places ipchains (with masquerading and redirection
+diff -Nru linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h
+--- linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h	Thu Jan  1 01:00:00 1970
++++ linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h	Sun Jul 30 22:11:07 2000
+@@ -0,0 +1,36 @@
++#ifndef _IPT_ULOG_H
++#define _IPT_ULOG_H
++
++#ifdef __KERNEL__
++#include <linux/netdevice.h>
++#endif
++
++#define ULOG_MAC_LEN	80
++
++
++/* just until this is in netfilter.h */
++#ifndef NETLINK_NFLOG
++#define NETLINK_NFLOG 25
++#endif
++
++struct ipt_ulog_info {
++	unsigned char logflags;
++	unsigned int nl_group;
++	char prefix[30];
++};
++
++typedef struct ulog_packet_msg {
++        unsigned long mark;
++        long timestamp_sec;
++        long timestamp_usec;
++        unsigned int hook;
++        char indev_name[IFNAMSIZ];
++        char outdev_name[IFNAMSIZ];
++        size_t data_len;
++	char prefix[30];
++	unsigned char mac_len;
++	unsigned char mac[ULOG_MAC_LEN];
++        unsigned char payload[0];
++} ulog_packet_msg_t;
++
++#endif /*_IPT_ULOG_H*/
+diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in
+--- linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in	Mon Mar 27 20:35:56 2000
++++ linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in	Sun Jul 30 21:47:35 2000
+@@ -51,6 +51,7 @@
+     dep_tristate '    MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE
+   fi
+   dep_tristate '  LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES
++  dep_tristate '  ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES
+ fi
+ 
+ # Backwards compatibility modules: only if you don't build in the others.
+diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile
+--- linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile	Mon Mar 27 20:35:56 2000
++++ linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile	Sun Jul 30 22:02:16 2000
+@@ -197,6 +197,14 @@
+   endif
+ endif
+ 
++ifeq ($(CONFIG_IP_NF_TARGET_ULOG),y)
++O_OBJS += ipt_ULOG.o
++else
++  ifeq ($(CONFIG_IP_NF_TARGET_ULOG),m)
++  M_OBJS += ipt_ULOG.o
++  endif
++endif
++
+ ifeq ($(CONFIG_IP_NF_COMPAT_IPCHAINS),y)
+ O_OBJS += ipchains_core.o $(IP_NF_COMPAT_LAYER)
+ else
+diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c
+--- linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c	Thu Jan  1 01:00:00 1970
++++ linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c	Sun Jul 30 21:45:44 2000
+@@ -0,0 +1,136 @@
++/* 
++ * netfilter module for userspace packet logging daemons
++ *
++ * (C) 2000 by Harald Welte <laforge@sunbeam.franken.de>
++ * 
++ * Released under the terms of the GPL
++ */
++
++#include <linux/module.h>
++#include <linux/version.h>
++#include <linux/config.h>
++#include <linux/socket.h>
++#include <linux/skbuff.h>
++#include <linux/kernel.h>
++#include <linux/netlink.h>
++#include <linux/netdevice.h>
++#include <linux/mm.h>
++#include <linux/netfilter_ipv4/ip_tables.h>
++#include <linux/netfilter_ipv4/ipt_ULOG.h>
++
++#define NETLINK_NFLOG 	25
++#define ULOG_NL_EVENT	111
++
++#if 1
++#define DEBUGP	printk
++#else
++#define DEBUGP(format, args ...)
++#endif
++
++struct sock *nflognl;
++
++static void nflog_rcv(struct sock *sk, int len)
++{
++	printk("nflog_rcv: did receive netlink message ?!?\n");
++}
++
++static unsigned int ipt_ulog_target(
++	struct sk_buff **pskb,
++	unsigned int hooknum,
++	const struct net_device *in,
++	const struct net_device *out,
++	const void *targinfo,
++	void *userinfo)
++{
++	ulog_packet_msg_t *pm;
++	size_t size;
++	struct sk_buff *nlskb;
++	unsigned char *old_tail;
++	struct nlmsghdr *nlh;
++	struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *)targinfo;
++
++	/* calculate the size of the skb needed */
++
++	size = NLMSG_SPACE(sizeof(*pm) + (*pskb)->len);
++	nlskb = alloc_skb(size, GFP_ATOMIC);
++	if (!nlskb)
++		goto nlmsg_failure;
++	
++	old_tail = nlskb->tail;
++	nlh = NLMSG_PUT(nlskb, 0, 0, ULOG_NL_EVENT, size - sizeof(*nlh));
++	pm = NLMSG_DATA(nlh);
++	
++	/* copy hook, prefix, timestamp, payload, etc. */
++
++	pm->data_len = (*pskb)->len;
++	pm->timestamp_sec = (*pskb)->stamp.tv_sec;
++	pm->timestamp_usec = (*pskb)->stamp.tv_usec;
++	pm->mark = (*pskb)->nfmark;
++	pm->hook = hooknum;
++	if (loginfo->prefix)
++		strcpy(pm->prefix, loginfo->prefix);
++
++	if (in && !out)
++	{
++		if ((*pskb)->dev && (*pskb)->dev->hard_header_len > 0 
++			&& (*pskb)->dev->hard_header_len <= ULOG_MAC_LEN)
++		{
++			memcpy(pm->mac, (*pskb)->mac.raw, (*pskb)->dev->hard_header_len);
++			pm->mac_len = (*pskb)->dev->hard_header_len;
++		}
++
++	}
++/*
++	if (in) strcpy(pm->indev_name, in->name);
++	else pm->indev_name[0] = '\0';
++*/
++	if ((*pskb)->len)
++		memcpy(pm->payload, (*pskb)->data, (*pskb)->len);
++	nlh->nlmsg_len = nlskb->tail - old_tail;
++	NETLINK_CB(nlskb).dst_groups = loginfo->nl_group;
++	DEBUGP("ipt_ULOG: going to throw out a packet to netlink groupmask %u\n", loginfo->nl_group);
++	netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group, GFP_ATOMIC);
++
++	return IPT_CONTINUE;
++
++nlmsg_failure:
++	if (nlskb)
++		kfree(nlskb);	
++	printk("ipt_ULOG: Error building netlink message\n");
++	return IPT_CONTINUE;
++
++}
++
++static int ipt_ulog_checkentry(
++	const char *tablename,
++	const struct ipt_entry *e,
++	void *targinfo,
++	unsigned int targinfosize,
++	unsigned int hookmask)
++{
++	return 1;
++}
++	
++
++static struct ipt_target ipt_ulog_reg =
++  { { NULL, NULL }, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL,
++	THIS_MODULE };
++
++static int __init init(void)
++{
++	DEBUGP("ipt_ULOG: init module\n");
++	nflognl = netlink_kernel_create(NETLINK_NFLOG, nflog_rcv);
++	if (ipt_register_target(&ipt_ulog_reg))
++		return -EINVAL;
++
++	return 0;
++}
++
++static void __exit fini(void)
++{       
++	DEBUGP("ipt_ULOG: cleanup_module\n");
++	ipt_unregister_target(&ipt_ulog_reg);
++}
++
++module_init(init);
++module_exit(fini);
diff --git a/kernel-ULOG1-to-ULOG2.diff b/kernel-ULOG1-to-ULOG2.diff
new file mode 100644
index 0000000..a690e05
--- /dev/null
+++ b/kernel-ULOG1-to-ULOG2.diff
@@ -0,0 +1,210 @@
+diff -Nru linux-2.4.0-test4-ulog1/include/linux/netfilter_ipv4/ipt_ULOG.h linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h
+--- linux-2.4.0-test4-ulog1/include/linux/netfilter_ipv4/ipt_ULOG.h	Mon Jul 31 13:31:51 2000
++++ linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h	Mon Jul 31 17:17:04 2000
+@@ -7,6 +7,7 @@
+ struct ipt_ulog_info
+ {
+ 	unsigned int nl_group;
++	size_t copy_range;
+ 	char prefix[ULOG_PREFIX_LEN];
+ };
+ 
+diff -Nru linux-2.4.0-test4-ulog1/net/ipv4/netfilter/ipt_ULOG.c linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c
+--- linux-2.4.0-test4-ulog1/net/ipv4/netfilter/ipt_ULOG.c	Mon Jul 31 13:31:51 2000
++++ linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c	Mon Jul 31 13:41:57 2000
+@@ -4,6 +4,8 @@
+  * (C) 2000 by Harald Welte <laforge@sunbeam.franken.de>
+  *
+  * Released under the terms of the GPL
++ *
++ * ipt_ULOG.c,v 1.4 2000/07/31 11:41:06 laforge Exp
+  */
+ 
+ #include <linux/module.h>
+@@ -15,15 +17,17 @@
+ #include <linux/netlink.h>
+ #include <linux/netdevice.h>
+ #include <linux/mm.h>
++#include <linux/socket.h>
+ #include <linux/netfilter_ipv4/ip_tables.h>
+ #include <linux/netfilter_ipv4/ipt_ULOG.h>
++#include <net/sock.h>
+ 
+-#define ULOG_NL_EVENT	111 /* Harald's favorite number */
++#define ULOG_NL_EVENT	111	/* Harald's favorite number */
+ 
+ #if 0
+ #define DEBUGP	printk
+ #else
+-#define DEBUGP(format, args ...)
++#define DEBUGP(format, args...)
+ #endif
+ 
+ static struct sock *nflognl;
+@@ -33,35 +37,38 @@
+ 	printk("nflog_rcv: did receive netlink message ?!?\n");
+ }
+ 
+-static unsigned int ipt_ulog_target(
+-	struct sk_buff **pskb,
+-	unsigned int hooknum,
+-	const struct net_device *in,
+-	const struct net_device *out,
+-	const void *targinfo,
+-	void *userinfo)
++static unsigned int ipt_ulog_target(struct sk_buff **pskb,
++				    unsigned int hooknum,
++				    const struct net_device *in,
++				    const struct net_device *out,
++				    const void *targinfo, void *userinfo)
+ {
+ 	ulog_packet_msg_t *pm;
+-	size_t size;
++	size_t size, copy_len;
+ 	struct sk_buff *nlskb;
+ 	unsigned char *old_tail;
+ 	struct nlmsghdr *nlh;
+-	struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *)targinfo;
++	struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
+ 
+ 	/* calculate the size of the skb needed */
+-
+-	size = NLMSG_SPACE(sizeof(*pm) + (*pskb)->len);
++	if ((loginfo->copy_range == 0) ||
++	    (loginfo->copy_range > (*pskb)->len)) {
++		copy_len = (*pskb)->len;
++	} else {
++		copy_len = loginfo->copy_range;
++	}
++	size = NLMSG_SPACE(sizeof(*pm) + copy_len);
+ 	nlskb = alloc_skb(size, GFP_ATOMIC);
+ 	if (!nlskb)
+ 		goto nlmsg_failure;
+-	
++
+ 	old_tail = nlskb->tail;
+ 	nlh = NLMSG_PUT(nlskb, 0, 0, ULOG_NL_EVENT, size - sizeof(*nlh));
+ 	pm = NLMSG_DATA(nlh);
+-	
++
+ 	/* copy hook, prefix, timestamp, payload, etc. */
+ 
+-	pm->data_len = (*pskb)->len;
++	pm->data_len = copy_len;
+ 	pm->timestamp_sec = (*pskb)->stamp.tv_sec;
+ 	pm->timestamp_usec = (*pskb)->stamp.tv_usec;
+ 	pm->mark = (*pskb)->nfmark;
+@@ -70,52 +77,57 @@
+ 		strcpy(pm->prefix, loginfo->prefix);
+ 
+ 	if (in && in->hard_header_len > 0
+-	    && (*pskb)->mac.raw != (*pskb)->nh.iph
++	    && (*pskb)->mac.raw != (void *) (*pskb)->nh.iph
+ 	    && in->hard_header_len <= ULOG_MAC_LEN) {
+ 		memcpy(pm->mac, (*pskb)->mac.raw, in->hard_header_len);
+ 		pm->mac_len = in->hard_header_len;
+ 	}
+ 
+-	if (in) strcpy(pm->indev_name, in->name);
+-	else pm->indev_name[0] = '\0';
++	if (in)
++		strcpy(pm->indev_name, in->name);
++	else
++		pm->indev_name[0] = '\0';
++
++	if (out)
++		strcpy(pm->outdev_name, out->name);
++	else
++		pm->outdev_name[0] = '\0';
+ 
+-	if (out) strcpy(pm->outdev_name, out->name);
+-	else pm->outdev_name[0] = '\0';
+-
+-	if ((*pskb)->len)
+-		memcpy(pm->payload, (*pskb)->data, (*pskb)->len);
++	if (copy_len)
++		memcpy(pm->payload, (*pskb)->data, copy_len);
+ 	nlh->nlmsg_len = nlskb->tail - old_tail;
+ 	NETLINK_CB(nlskb).dst_groups = loginfo->nl_group;
+-	DEBUGP("ipt_ULOG: going to throw a packet to netlink groupmask %u\n",
+-	       loginfo->nl_group);
+-	netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group, GFP_ATOMIC);
++	DEBUGP
++	    ("ipt_ULOG: going to throw a packet to netlink groupmask %u\n",
++	     loginfo->nl_group);
++	netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group,
++			  GFP_ATOMIC);
+ 
+ 	return IPT_CONTINUE;
+ 
+-nlmsg_failure:
++      nlmsg_failure:
+ 	if (nlskb)
+-		kfree(nlskb);	
++		kfree(nlskb);
+ 	printk("ipt_ULOG: Error building netlink message\n");
+ 	return IPT_CONTINUE;
+ }
+ 
+-static int ipt_ulog_checkentry(
+-	const char *tablename,
+-	const struct ipt_entry *e,
+-	void *targinfo,
+-	unsigned int targinfosize,
+-	unsigned int hookmask)
++static int ipt_ulog_checkentry(const char *tablename,
++			       const struct ipt_entry *e,
++			       void *targinfo,
++			       unsigned int targinfosize,
++			       unsigned int hookmask)
+ {
+-	struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *)targinfo;
++	struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
+ 
+- 	if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ulog_info))) {
+-  		DEBUGP("ULOG: targinfosize %u != 0\n", targinfosize);
+-  		return 0;
+-  	}
++	if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ulog_info))) {
++		DEBUGP("ULOG: targinfosize %u != 0\n", targinfosize);
++		return 0;
++	}
+ 
+-	if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
++	if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') {
+ 		DEBUGP("ULOG: prefix term %i\n",
+-		       loginfo->prefix[sizeof(loginfo->prefix)-1]);
++		       loginfo->prefix[sizeof(loginfo->prefix) - 1]);
+ 		return 0;
+ 	}
+ 
+@@ -123,8 +135,9 @@
+ }
+ 
+ static struct ipt_target ipt_ulog_reg =
+-  { { NULL, NULL }, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL,
+-	THIS_MODULE };
++    { {NULL, NULL}, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL,
++THIS_MODULE
++};
+ 
+ static int __init init(void)
+ {
+@@ -134,7 +147,7 @@
+ 		return -ENOMEM;
+ 
+ 	if (ipt_register_target(&ipt_ulog_reg) != 0) {
+-		sock_release(nflognl->socket);			
++		sock_release(nflognl->socket);
+ 		return -EINVAL;
+ 	}
+ 
+@@ -144,7 +157,7 @@
+ static void __exit fini(void)
+ {
+ 	DEBUGP("ipt_ULOG: cleanup_module\n");
+-	
++
+ 	ipt_unregister_target(&ipt_ulog_reg);
+ 	sock_release(nflognl->socket);
+ }
diff --git a/kernel/Makefile b/kernel/Makefile
new file mode 100644
index 0000000..889a815
--- /dev/null
+++ b/kernel/Makefile
@@ -0,0 +1,8 @@
+CFLAGS = -D__KERNEL__ -march=i586 -DMODULE -DMODVERSIONS -include /usr/src/linux/include/linux/modversions.h -I/usr/src/linux/include -Wall -O2 -fomit-frame-pointer
+
+
+ipt_ULOG.o: ipt_ULOG.c Makefile
+	gcc $(CFLAGS) -c ipt_ULOG.c
+
+clean: 
+	rm -f *.o
diff --git a/plain-2.4.0-to-ulog2.diff b/plain-2.4.0-to-ulog2.diff
new file mode 100644
index 0000000..ab858ea
--- /dev/null
+++ b/plain-2.4.0-to-ulog2.diff
@@ -0,0 +1,263 @@
+diff -Nru linux-2.4.0-test4-plain/Documentation/Configure.help linux-2.4.0-test4-work/Documentation/Configure.help
+--- linux-2.4.0-test4-plain/Documentation/Configure.help	Thu Jul 13 18:42:51 2000
++++ linux-2.4.0-test4-work/Documentation/Configure.help	Mon Jul 31 17:23:30 2000
+@@ -2010,6 +2010,16 @@
+   If you want to compile it as a module, say M here and read
+   Documentation/modules.txt.  If unsure, say `N'.
+ 
++ULOG target support
++CONFIG_IP_NF_TARGET_ULOG
++  This option adds a `ULOG' target, which allows you to create rules in
++  any iptables table. The packet is passed to a userspace logging
++  daemon using netlink multicast sockets; unlike the LOG target
++  which can only be viewed through syslog.
++
++  If you want to compile it as a module, say M here and read
++  Documentation/modules.txt.  If unsure, say `N'.
++
+ ipchains (2.2-style) support
+ CONFIG_IP_NF_COMPAT_IPCHAINS
+   This option places ipchains (with masquerading and redirection
+diff -Nru linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h
+--- linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h	Thu Jan  1 01:00:00 1970
++++ linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h	Mon Jul 31 17:23:31 2000
+@@ -0,0 +1,29 @@
++#ifndef _IPT_ULOG_H
++#define _IPT_ULOG_H
++
++#define ULOG_MAC_LEN	80
++#define ULOG_PREFIX_LEN	32
++
++struct ipt_ulog_info
++{
++	unsigned int nl_group;
++	size_t copy_range;
++	char prefix[ULOG_PREFIX_LEN];
++};
++
++typedef struct ulog_packet_msg
++{
++        unsigned long mark;
++        long timestamp_sec;
++        long timestamp_usec;
++        unsigned int hook;
++        char indev_name[IFNAMSIZ];
++        char outdev_name[IFNAMSIZ];
++        size_t data_len;
++	char prefix[ULOG_PREFIX_LEN];
++	unsigned char mac_len;
++	unsigned char mac[ULOG_MAC_LEN];
++        unsigned char payload[0];
++} ulog_packet_msg_t;
++
++#endif /*_IPT_ULOG_H*/
+diff -Nru linux-2.4.0-test4-plain/include/linux/netlink.h linux-2.4.0-test4-work/include/linux/netlink.h
+--- linux-2.4.0-test4-plain/include/linux/netlink.h	Fri Aug 28 04:33:08 1998
++++ linux-2.4.0-test4-work/include/linux/netlink.h	Mon Jul 31 17:23:30 2000
+@@ -5,6 +5,7 @@
+ #define NETLINK_SKIP		1	/* Reserved for ENskip  			*/
+ #define NETLINK_USERSOCK	2	/* Reserved for user mode socket protocols 	*/
+ #define NETLINK_FIREWALL	3	/* Firewalling hook				*/
++#define NETLINK_NFLOG		4	/* Firewall logging */
+ #define NETLINK_ARPD		8
+ #define NETLINK_ROUTE6		11	/* af_inet6 route comm channel */
+ #define NETLINK_IP6_FW		13
+diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in
+--- linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in	Mon Mar 27 20:35:56 2000
++++ linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in	Mon Jul 31 17:23:30 2000
+@@ -51,6 +51,7 @@
+     dep_tristate '    MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE
+   fi
+   dep_tristate '  LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES
++  dep_tristate '  ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES
+ fi
+ 
+ # Backwards compatibility modules: only if you don't build in the others.
+diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile
+--- linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile	Mon Mar 27 20:35:56 2000
++++ linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile	Mon Jul 31 17:23:30 2000
+@@ -197,6 +197,14 @@
+   endif
+ endif
+ 
++ifeq ($(CONFIG_IP_NF_TARGET_ULOG),y)
++O_OBJS += ipt_ULOG.o
++else
++  ifeq ($(CONFIG_IP_NF_TARGET_ULOG),m)
++  M_OBJS += ipt_ULOG.o
++  endif
++endif
++
+ ifeq ($(CONFIG_IP_NF_COMPAT_IPCHAINS),y)
+ O_OBJS += ipchains_core.o $(IP_NF_COMPAT_LAYER)
+ else
+diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c
+--- linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c	Thu Jan  1 01:00:00 1970
++++ linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c	Mon Jul 31 17:23:31 2000
+@@ -0,0 +1,166 @@
++/*
++ * netfilter module for userspace packet logging daemons
++ *
++ * (C) 2000 by Harald Welte <laforge@sunbeam.franken.de>
++ *
++ * Released under the terms of the GPL
++ *
++ * ipt_ULOG.c,v 1.4 2000/07/31 11:41:06 laforge Exp
++ */
++
++#include <linux/module.h>
++#include <linux/version.h>
++#include <linux/config.h>
++#include <linux/socket.h>
++#include <linux/skbuff.h>
++#include <linux/kernel.h>
++#include <linux/netlink.h>
++#include <linux/netdevice.h>
++#include <linux/mm.h>
++#include <linux/socket.h>
++#include <linux/netfilter_ipv4/ip_tables.h>
++#include <linux/netfilter_ipv4/ipt_ULOG.h>
++#include <net/sock.h>
++
++#define ULOG_NL_EVENT	111	/* Harald's favorite number */
++
++#if 0
++#define DEBUGP	printk
++#else
++#define DEBUGP(format, args...)
++#endif
++
++static struct sock *nflognl;
++
++static void nflog_rcv(struct sock *sk, int len)
++{
++	printk("nflog_rcv: did receive netlink message ?!?\n");
++}
++
++static unsigned int ipt_ulog_target(struct sk_buff **pskb,
++				    unsigned int hooknum,
++				    const struct net_device *in,
++				    const struct net_device *out,
++				    const void *targinfo, void *userinfo)
++{
++	ulog_packet_msg_t *pm;
++	size_t size, copy_len;
++	struct sk_buff *nlskb;
++	unsigned char *old_tail;
++	struct nlmsghdr *nlh;
++	struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
++
++	/* calculate the size of the skb needed */
++	if ((loginfo->copy_range == 0) ||
++	    (loginfo->copy_range > (*pskb)->len)) {
++		copy_len = (*pskb)->len;
++	} else {
++		copy_len = loginfo->copy_range;
++	}
++	size = NLMSG_SPACE(sizeof(*pm) + copy_len);
++	nlskb = alloc_skb(size, GFP_ATOMIC);
++	if (!nlskb)
++		goto nlmsg_failure;
++
++	old_tail = nlskb->tail;
++	nlh = NLMSG_PUT(nlskb, 0, 0, ULOG_NL_EVENT, size - sizeof(*nlh));
++	pm = NLMSG_DATA(nlh);
++
++	/* copy hook, prefix, timestamp, payload, etc. */
++
++	pm->data_len = copy_len;
++	pm->timestamp_sec = (*pskb)->stamp.tv_sec;
++	pm->timestamp_usec = (*pskb)->stamp.tv_usec;
++	pm->mark = (*pskb)->nfmark;
++	pm->hook = hooknum;
++	if (loginfo->prefix)
++		strcpy(pm->prefix, loginfo->prefix);
++
++	if (in && in->hard_header_len > 0
++	    && (*pskb)->mac.raw != (void *) (*pskb)->nh.iph
++	    && in->hard_header_len <= ULOG_MAC_LEN) {
++		memcpy(pm->mac, (*pskb)->mac.raw, in->hard_header_len);
++		pm->mac_len = in->hard_header_len;
++	}
++
++	if (in)
++		strcpy(pm->indev_name, in->name);
++	else
++		pm->indev_name[0] = '\0';
++
++	if (out)
++		strcpy(pm->outdev_name, out->name);
++	else
++		pm->outdev_name[0] = '\0';
++
++	if (copy_len)
++		memcpy(pm->payload, (*pskb)->data, copy_len);
++	nlh->nlmsg_len = nlskb->tail - old_tail;
++	NETLINK_CB(nlskb).dst_groups = loginfo->nl_group;
++	DEBUGP
++	    ("ipt_ULOG: going to throw a packet to netlink groupmask %u\n",
++	     loginfo->nl_group);
++	netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group,
++			  GFP_ATOMIC);
++
++	return IPT_CONTINUE;
++
++      nlmsg_failure:
++	if (nlskb)
++		kfree(nlskb);
++	printk("ipt_ULOG: Error building netlink message\n");
++	return IPT_CONTINUE;
++}
++
++static int ipt_ulog_checkentry(const char *tablename,
++			       const struct ipt_entry *e,
++			       void *targinfo,
++			       unsigned int targinfosize,
++			       unsigned int hookmask)
++{
++	struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
++
++	if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ulog_info))) {
++		DEBUGP("ULOG: targinfosize %u != 0\n", targinfosize);
++		return 0;
++	}
++
++	if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') {
++		DEBUGP("ULOG: prefix term %i\n",
++		       loginfo->prefix[sizeof(loginfo->prefix) - 1]);
++		return 0;
++	}
++
++	return 1;
++}
++
++static struct ipt_target ipt_ulog_reg =
++    { {NULL, NULL}, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL,
++THIS_MODULE
++};
++
++static int __init init(void)
++{
++	DEBUGP("ipt_ULOG: init module\n");
++	nflognl = netlink_kernel_create(NETLINK_NFLOG, nflog_rcv);
++	if (!nflognl)
++		return -ENOMEM;
++
++	if (ipt_register_target(&ipt_ulog_reg) != 0) {
++		sock_release(nflognl->socket);
++		return -EINVAL;
++	}
++
++	return 0;
++}
++
++static void __exit fini(void)
++{
++	DEBUGP("ipt_ULOG: cleanup_module\n");
++
++	ipt_unregister_target(&ipt_ulog_reg);
++	sock_release(nflognl->socket);
++}
++
++module_init(init);
++module_exit(fini);
diff --git a/ulogd/Makefile b/ulogd/Makefile
new file mode 100644
index 0000000..9cb52f6
--- /dev/null
+++ b/ulogd/Makefile
@@ -0,0 +1,33 @@
+# Path of libipulog (from iptables)
+LIBIPULOG=../libipulog
+
+# Names of the plugins to be compiled
+ULOGD_SL:=BASE OPRINT
+
+
+#  Normally You should not need to change anything below
+#
+CC = gcc
+CFLAGS = -I. -I$(LIBIPULOG)/include -g -Wall
+SH_CFLAGS:=$(CFLAGS) -fPIC
+
+SHARED_LIBS+=$(foreach T,$(ULOGD_SL),extensions/ulogd_$(T).so)
+
+all: $(SHARED_LIBS) ulogd
+
+$(SHARED_LIBS): %.so: %_sh.o
+	ld -shared -o $@ $<
+
+%_sh.o: %.c
+	gcc $(SH_CFLAGS) -o $@ -c $<
+
+ulogd: ulogd.c ../libipulog/libipulog.a ulogd.h
+	$(CC) $(CFLAGS) -rdynamic -ldl -i ulogd.c $(LIBIPULOG)/libipulog.a -o ulogd
+
+clean:
+	rm -f ulogd extensions/*.o extensions/*.so
+
+install: all
+	mkdir -p /usr/local/lib/ulogd && cp extensions/*.so /usr/local/lib/ulogd
+	cp ulogd /usr/local/sbin
+	
diff --git a/ulogd/README b/ulogd/README
new file mode 100644
index 0000000..4d0870b
--- /dev/null
+++ b/ulogd/README
@@ -0,0 +1,39 @@
+===> CONECEPT
+
+I want to write a flexible, almost universal logging daemon for my netfilter 
+ULOG target. These are my thoughts about how the architecture which is most capable of doing that:
+
+1. Interpreter lugins
+
+It should be possible to add plugins / runtime modules for new protocols, etc.
+For example the standard logging daemon provides source-ip, dest-ip, 
+source-port, dest-port, etc. Logging for variuos other protocols (GRE, 
+IPsec, ...) may be implemented as modules.
+
+2. Output plugins
+... describe how and where to put the information gained by logging plugins. 
+The easiest way is to build a line per packet and fprint it to a file. 
+Some people might want to log into a SQL database or want an output 
+conforming to the intrusion detection systems communication draft from the
+ietf.
+
+
+===> DETAILS
+
+The major clue is providing a framework which is as flexible as possible. 
+Nobody knows what strange network protocols are out there :) Flexibility
+depends on the communication between the output of the logging plugins 
+and input of the output plugins.
+
+Rusty advised me to use some kind of type-key-value triples, but I think
+this is the total overkill and is too complicated for me to implement it 
+in a reasonable short period of time. (3 hours later) Hmm... Rusty finally 
+convinced me to use linked lists of type-key-value triples - and it wasn't 
+that difficult.
+
+===> INSTALLATION
+
+Just copy the plugins into /usr/local/lib/ulogd and the ulogd to wherever 
+You want it to be.
+
+===>
diff --git a/ulogd/libipulog/Makefile b/ulogd/libipulog/Makefile
new file mode 100644
index 0000000..e737363
--- /dev/null
+++ b/ulogd/libipulog/Makefile
@@ -0,0 +1,14 @@
+CC = gcc
+CFLAGS = -I./include # -g
+
+ulog_test: ulog_test.c libipulog.a
+	$(CC) $(CFLAGS) -i ulog_test.c libipulog.a -o ulog_test
+
+libipulog.o: libipulog.c
+	$(CC) $(CFLAGS) -c libipulog.c -o libipulog.o
+
+libipulog.a: libipulog.o
+	ld -i libipulog.o -o libipulog.a
+
+clean:
+	rm -f ulog_test libipulog.o libipulog.a
diff --git a/ulogd/libipulog/include/libipulog/libipulog.h b/ulogd/libipulog/include/libipulog/libipulog.h
new file mode 100644
index 0000000..9f920dd
--- /dev/null
+++ b/ulogd/libipulog/include/libipulog/libipulog.h
@@ -0,0 +1,30 @@
+#ifndef _LIBIPULOG_H
+#define _LIBIPULOG_H
+
+#include <errno.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/uio.h>
+#include <asm/types.h>
+#include <linux/netlink.h>
+#include <net/if.h>
+#include <linux/netfilter_ipv4/ipt_ULOG.h>
+
+struct ipulog_handle;
+
+u_int32_t ipulog_group2gmask(u_int32_t group);
+
+struct ipulog_handle *ipulog_create_handle(u_int32_t gmask);
+
+void ipulog_destroy_handle(struct ipulog_handle *h);
+
+ssize_t ipulog_read(struct ipulog_handle *h,
+		    unsigned char *buf, size_t len, int timeout);
+
+ulog_packet_msg_t *ipulog_get_packet(const unsigned char *buf);
+
+void ipulog_perror(const char *s);
+
+#endif /* _LIBULOG_H */
author	laforge <laforge>	2000-08-10 11:45:49 +0000
committer	laforge <laforge>	2000-08-10 11:45:49 +0000
commit	de923c5f36f5244e888b616de42b6a1cbf045372 (patch)
tree	040fd9216087374470af2f6345d8922084b4623c
parent	ec20233e75f69011f41c58a2edcbcd29be484768 (diff)