path: root/ulogd
diff options
authorlaforge <laforge>2000-08-10 11:45:49 +0000
committerlaforge <laforge>2000-08-10 11:45:49 +0000
commitde923c5f36f5244e888b616de42b6a1cbf045372 (patch)
tree040fd9216087374470af2f6345d8922084b4623c /ulogd
parentec20233e75f69011f41c58a2edcbcd29be484768 (diff)
Initial revision
Diffstat (limited to 'ulogd')
4 files changed, 116 insertions, 0 deletions
diff --git a/ulogd/Makefile b/ulogd/Makefile
new file mode 100644
index 0000000..9cb52f6
--- /dev/null
+++ b/ulogd/Makefile
@@ -0,0 +1,33 @@
+# Path of libipulog (from iptables)
+# Names of the plugins to be compiled
+# Normally You should not need to change anything below
+CC = gcc
+CFLAGS = -I. -I$(LIBIPULOG)/include -g -Wall
+SHARED_LIBS+=$(foreach T,$(ULOGD_SL),extensions/ulogd_$(T).so)
+all: $(SHARED_LIBS) ulogd
+$(SHARED_LIBS): %_sh.o
+ ld -shared -o $@ $<
+%_sh.o: %.c
+ gcc $(SH_CFLAGS) -o $@ -c $<
+ulogd: ulogd.c ../libipulog/libipulog.a ulogd.h
+ $(CC) $(CFLAGS) -rdynamic -ldl -i ulogd.c $(LIBIPULOG)/libipulog.a -o ulogd
+ rm -f ulogd extensions/*.o extensions/*.so
+install: all
+ mkdir -p /usr/local/lib/ulogd && cp extensions/*.so /usr/local/lib/ulogd
+ cp ulogd /usr/local/sbin
diff --git a/ulogd/README b/ulogd/README
new file mode 100644
index 0000000..4d0870b
--- /dev/null
+++ b/ulogd/README
@@ -0,0 +1,39 @@
+I want to write a flexible, almost universal logging daemon for my netfilter
+ULOG target. These are my thoughts about how the architecture which is most capable of doing that:
+1. Interpreter lugins
+It should be possible to add plugins / runtime modules for new protocols, etc.
+For example the standard logging daemon provides source-ip, dest-ip,
+source-port, dest-port, etc. Logging for variuos other protocols (GRE,
+IPsec, ...) may be implemented as modules.
+2. Output plugins
+... describe how and where to put the information gained by logging plugins.
+The easiest way is to build a line per packet and fprint it to a file.
+Some people might want to log into a SQL database or want an output
+conforming to the intrusion detection systems communication draft from the
+The major clue is providing a framework which is as flexible as possible.
+Nobody knows what strange network protocols are out there :) Flexibility
+depends on the communication between the output of the logging plugins
+and input of the output plugins.
+Rusty advised me to use some kind of type-key-value triples, but I think
+this is the total overkill and is too complicated for me to implement it
+in a reasonable short period of time. (3 hours later) Hmm... Rusty finally
+convinced me to use linked lists of type-key-value triples - and it wasn't
+that difficult.
+Just copy the plugins into /usr/local/lib/ulogd and the ulogd to wherever
+You want it to be.
diff --git a/ulogd/libipulog/Makefile b/ulogd/libipulog/Makefile
new file mode 100644
index 0000000..e737363
--- /dev/null
+++ b/ulogd/libipulog/Makefile
@@ -0,0 +1,14 @@
+CC = gcc
+CFLAGS = -I./include # -g
+ulog_test: ulog_test.c libipulog.a
+ $(CC) $(CFLAGS) -i ulog_test.c libipulog.a -o ulog_test
+libipulog.o: libipulog.c
+ $(CC) $(CFLAGS) -c libipulog.c -o libipulog.o
+libipulog.a: libipulog.o
+ ld -i libipulog.o -o libipulog.a
+ rm -f ulog_test libipulog.o libipulog.a
diff --git a/ulogd/libipulog/include/libipulog/libipulog.h b/ulogd/libipulog/include/libipulog/libipulog.h
new file mode 100644
index 0000000..9f920dd
--- /dev/null
+++ b/ulogd/libipulog/include/libipulog/libipulog.h
@@ -0,0 +1,30 @@
+#ifndef _LIBIPULOG_H
+#define _LIBIPULOG_H
+#include <errno.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/uio.h>
+#include <asm/types.h>
+#include <linux/netlink.h>
+#include <net/if.h>
+#include <linux/netfilter_ipv4/ipt_ULOG.h>
+struct ipulog_handle;
+u_int32_t ipulog_group2gmask(u_int32_t group);
+struct ipulog_handle *ipulog_create_handle(u_int32_t gmask);
+void ipulog_destroy_handle(struct ipulog_handle *h);
+ssize_t ipulog_read(struct ipulog_handle *h,
+ unsigned char *buf, size_t len, int timeout);
+ulog_packet_msg_t *ipulog_get_packet(const unsigned char *buf);
+void ipulog_perror(const char *s);
+#endif /* _LIBULOG_H */