path: root/ulogd/README
diff options
authorlaforge <laforge>2001-05-20 13:51:46 +0000
committerlaforge <laforge>2001-05-20 13:51:46 +0000
commit37ec046bf4cdab96a1e9bddd60e8b76b36bcf64a (patch)
treec956ea934a62ca701637aec8eb15a82eced4e37e /ulogd/README
parent9e4b5111183b9fa80606903fde1c280b472d6973 (diff)
included --with-log-ip-as-string option
removed ./configure (run autoconf) autoconf now adds -I/usr/src/linux/include to CFLAGS
Diffstat (limited to 'ulogd/README')
1 files changed, 85 insertions, 0 deletions
diff --git a/ulogd/README b/ulogd/README
new file mode 100644
index 0000000..d6d2017
--- /dev/null
+++ b/ulogd/README
@@ -0,0 +1,85 @@
+Userspace logging facility for netfilter / linux 2.4
+$Id: README,v 1.3 2001/01/30 09:29:42 laforge Exp $
+===> IDEA
+This packages is intended for passing packets from the kernel to userspace
+to do some logging there. It should work like that:
+- Register a target called ULOG with netfilter
+- if the target is hit:
+ - send the packet out using netlink multicast facility
+ - return NF_CONTINUE immediately
+New with ipt_ULOG 0.8 we can accumulate packets in userspace and send
+them in small batches (1-50) to userspace. This reduces the amount of
+expensive context switches.
+More than one logging daemon may listen to the netlink multicast address.
+= Ulog library (libipulog.a)
+Just a little library like libipq.a which provides a convenient way to
+write userspace logging daemons. The functions provided are described
+in the source code, a small demo program (ulog_test) is also included.
+= ulogd daemon (ulogd)
+A sophisticated logging daemon which uses libipulog. The daemon provides
+an easy to use plugin interface to write additional packet interpreters and
+output targets. Example plugins (interpreter: ip, tcp, icmp output: simple
+logging to a file) are included.
+===> USAGE
+YOU MUST INSTALL THE ulog-patch from netfilter patch-o-matic FIRST !!
+Please go to the netfilter homepage (
+and download the latest iptables package. There is a system called
+patch-o-matic, which manages recent netfilter development, which has
+not been included in the stock kernel yet.
+Just apply the ulog-patch from patch-o-matic (there is some documentation
+included in the iptables package how to use patch-o-matic).
+Next you have to enable the kernel config option CONFIG_IP_NF_TARGET_ULOG in
+the netfilter subsection of the network options.
+Then recompile the kernel or just recompile the netfilter modules using 'make
+modules SUBDIRS=net/ipv4/netfilter'. Next step is installing the module using
+'make modules_install'
+It is also a good idea to recompile and re-install the iptables package,
+if you don't already have in /usr/local/lib/iptables or
+Now You are ready to go. You may now insert logging rules to every chain.
+To see the full syntax, type 'iptables -j ULOG -h'
+At first a simple example, which passes every outgoing packet to the
+userspace logging, using netlink multicast group 3.
+iptables -A OUTPUT -j ULOG --ulog-nlgroup 3
+A more advanced one, passing all incoming tcp packets with destination
+port 80 to the userspace logging daemon listening on netlink multicast
+group 32. All packets get tagged with the ulog prefix "inp"
+iptables -A INPUT -j ULOG -p tcp --dport 80 --ulog-nlgroup 32 --ulog-prefix inp
+In the latest Version (0.2) I added another parameter (--ulog-cprange).
+Using this parameter You are able to specify how much octets of the
+packet should be copied from the kernel to userspace.
+Setting --ulog-cprange to 0 does always copy the whole packet. Default is 0
+The code is (C) 2000 by Harald Welte <>
+Thanks also to the valuable Contributions of Daniel Stone and Alexander
+Credits to Rusty Russel, James Morris, Marc Boucher and all the other
+netfilter hackers.