diff options
-rw-r--r-- | AUTHORS (renamed from ulogd/AUTHORS) | 0 | ||||
-rw-r--r-- | COPYING | 7 | ||||
-rw-r--r-- | Changes (renamed from ulogd/Changes) | 0 | ||||
-rw-r--r-- | Makefile.in (renamed from ulogd/Makefile.in) | 0 | ||||
-rw-r--r-- | README | 70 | ||||
-rw-r--r-- | Rules.make.in (renamed from ulogd/Rules.make.in) | 0 | ||||
-rw-r--r-- | TODO | 20 | ||||
-rw-r--r-- | aclocal.m4 (renamed from ulogd/aclocal.m4) | 0 | ||||
-rw-r--r-- | cftest/cftest.c (renamed from ulogd/cftest/cftest.c) | 0 | ||||
-rw-r--r-- | cftest/test.txt (renamed from ulogd/cftest/test.txt) | 0 | ||||
-rw-r--r-- | conffile/Makefile.in (renamed from ulogd/conffile/Makefile.in) | 0 | ||||
-rw-r--r-- | conffile/conffile.c (renamed from ulogd/conffile/conffile.c) | 0 | ||||
-rwxr-xr-x | config.guess (renamed from ulogd/config.guess) | 0 | ||||
-rwxr-xr-x | config.sub (renamed from ulogd/config.sub) | 0 | ||||
-rw-r--r-- | configure.in (renamed from ulogd/configure.in) | 0 | ||||
-rw-r--r-- | contrib/ulog_query.php.gz (renamed from ulogd/contrib/ulog_query.php.gz) | bin | 2875 -> 2875 bytes | |||
-rw-r--r-- | doc/Makefile.in (renamed from ulogd/doc/Makefile.in) | 0 | ||||
-rw-r--r-- | doc/mysql.table (renamed from ulogd/doc/mysql.table) | 0 | ||||
-rw-r--r-- | doc/mysql.table.ipaddr-as-string (renamed from ulogd/doc/mysql.table.ipaddr-as-string) | 0 | ||||
-rw-r--r-- | doc/pgsql.table (renamed from ulogd/doc/pgsql.table) | 0 | ||||
-rw-r--r-- | doc/sqlite3.table (renamed from ulogd/doc/sqlite3.table) | 0 | ||||
-rw-r--r-- | doc/ulogd.html (renamed from ulogd/doc/ulogd.html) | 0 | ||||
-rw-r--r-- | doc/ulogd.sgml (renamed from ulogd/doc/ulogd.sgml) | 0 | ||||
-rw-r--r-- | extensions/Makefile.in (renamed from ulogd/extensions/Makefile.in) | 0 | ||||
-rw-r--r-- | extensions/chtons.h (renamed from ulogd/extensions/chtons.h) | 0 | ||||
-rw-r--r-- | extensions/printpkt.c (renamed from ulogd/extensions/printpkt.c) | 0 | ||||
-rw-r--r-- | extensions/printpkt.h (renamed from ulogd/extensions/printpkt.h) | 0 | ||||
-rw-r--r-- | extensions/ulogd_BASE.c (renamed from ulogd/extensions/ulogd_BASE.c) | 0 | ||||
-rw-r--r-- | extensions/ulogd_LOCAL.c (renamed from ulogd/extensions/ulogd_LOCAL.c) | 0 | ||||
-rw-r--r-- | extensions/ulogd_LOCALTIME.c (renamed from ulogd/extensions/ulogd_LOCALTIME.c) | 0 | ||||
-rw-r--r-- | extensions/ulogd_LOGEMU.c (renamed from ulogd/extensions/ulogd_LOGEMU.c) | 0 | ||||
-rw-r--r-- | extensions/ulogd_OPRINT.c (renamed from ulogd/extensions/ulogd_OPRINT.c) | 0 | ||||
-rw-r--r-- | extensions/ulogd_PWSNIFF.c (renamed from ulogd/extensions/ulogd_PWSNIFF.c) | 0 | ||||
-rw-r--r-- | extensions/ulogd_SYSLOG.c (renamed from ulogd/extensions/ulogd_SYSLOG.c) | 0 | ||||
-rw-r--r-- | include/ulogd/conffile.h (renamed from ulogd/include/ulogd/conffile.h) | 0 | ||||
-rw-r--r-- | include/ulogd/ulogd.h (renamed from ulogd/include/ulogd/ulogd.h) | 0 | ||||
-rwxr-xr-x | install-sh (renamed from ulogd/install-sh) | 0 | ||||
-rw-r--r-- | iptables/Makefile | 10 | ||||
-rw-r--r-- | iptables/libipt_ULOG.c | 207 | ||||
-rw-r--r-- | kernel-ULOG-2.4.0-test4.diff | 229 | ||||
-rw-r--r-- | kernel-ULOG1-to-ULOG2.diff | 210 | ||||
-rw-r--r-- | kernel/Makefile | 8 | ||||
-rw-r--r-- | kernel/ipt_ULOG.c | 370 | ||||
-rw-r--r-- | kernel/ipt_ULOG.h | 46 | ||||
-rw-r--r-- | libipulog/Makefile.in (renamed from ulogd/libipulog/Makefile.in) | 0 | ||||
-rw-r--r-- | libipulog/include/libipulog/libipulog.h (renamed from ulogd/libipulog/include/libipulog/libipulog.h) | 0 | ||||
-rw-r--r-- | libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h (renamed from ulogd/libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h) | 0 | ||||
-rw-r--r-- | libipulog/libipulog.c (renamed from ulogd/libipulog/libipulog.c) | 0 | ||||
-rw-r--r-- | libipulog/ulog_test.c (renamed from ulogd/libipulog/ulog_test.c) | 0 | ||||
-rw-r--r-- | mysql/Makefile.in (renamed from ulogd/mysql/Makefile.in) | 0 | ||||
-rw-r--r-- | mysql/ulogd_MYSQL.c (renamed from ulogd/mysql/ulogd_MYSQL.c) | 0 | ||||
-rw-r--r-- | pcap/Makefile.in (renamed from ulogd/pcap/Makefile.in) | 0 | ||||
-rw-r--r-- | pcap/ulogd_PCAP.c (renamed from ulogd/pcap/ulogd_PCAP.c) | 0 | ||||
-rw-r--r-- | pgsql/Makefile.in (renamed from ulogd/pgsql/Makefile.in) | 0 | ||||
-rw-r--r-- | pgsql/ulogd_PGSQL.c (renamed from ulogd/pgsql/ulogd_PGSQL.c) | 0 | ||||
-rw-r--r-- | plain-2.4.0-to-ulog2.diff | 263 | ||||
-rw-r--r-- | sqlite3/Makefile.in (renamed from ulogd/sqlite3/Makefile.in) | 0 | ||||
-rw-r--r-- | sqlite3/ulogd_SQLITE3.c (renamed from ulogd/sqlite3/ulogd_SQLITE3.c) | 0 | ||||
-rw-r--r-- | ulogd.8 (renamed from ulogd/ulogd.8) | 0 | ||||
-rw-r--r-- | ulogd.c (renamed from ulogd/ulogd.c) | 0 | ||||
-rw-r--r-- | ulogd.conf.in (renamed from ulogd/ulogd.conf.in) | 0 | ||||
-rwxr-xr-x | ulogd.init (renamed from ulogd/ulogd.init) | 0 | ||||
-rw-r--r-- | ulogd.logrotate (renamed from ulogd/ulogd.logrotate) | 0 | ||||
-rw-r--r-- | ulogd.spec (renamed from ulogd/ulogd.spec) | 0 | ||||
-rw-r--r-- | ulogd/COPYING | 340 | ||||
-rw-r--r-- | ulogd/README | 97 | ||||
-rw-r--r-- | ulogd/TODO | 37 |
67 files changed, 60 insertions, 1854 deletions
@@ -2,7 +2,7 @@ Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 675 Mass Ave, Cambridge, MA 02139, USA + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -279,7 +279,7 @@ POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS - Appendix: How to Apply These Terms to Your New Programs + How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it @@ -305,7 +305,8 @@ the "copyright" line and a pointer to where the full notice is found. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Also add information on how to contact you by electronic and paper mail. diff --git a/ulogd/Makefile.in b/Makefile.in index 0f1845c..0f1845c 100644 --- a/ulogd/Makefile.in +++ b/Makefile.in @@ -1,12 +1,18 @@ -Userspace logging facility for netfilter / linux 2.4 -$Id: README,v 1.2 2000/09/22 06:57:16 laforge Exp $ +Userspace logging facility for iptables / linux 2.4 +$Id: README,v 1.7 2002/04/16 12:44:41 laforge Exp $ + +Project Homepage: http://www.gnumonks.org/projects/ulogd +Mailinglist: http://lists.gnumonks.org/mailman/listinfo/ulogd/ + +This is just a short README, pleaes see the more extensive documentation +in the doc/ subdirectory. ===> IDEA This packages is intended for passing packets from the kernel to userspace to do some logging there. It should work like that: -- Register a target called ULOG with netfilter +- Register a target called ULOG with iptables - if the target is hit: - send the packet out using netlink multicast facility - return NF_CONTINUE immediately @@ -19,42 +25,45 @@ More than one logging daemon may listen to the netlink multicast address. ===> CONTENTS -The package is consisting out of three parts: - -NOTE: -ipt_ULOG and libipt_ULOG are NOW INCLUDED IN NETFILTER patch-o-matic. -I strongly recommend using the latest package or even CVS from -http://netfilter.samba.org - -1. Netfilter target ipt_ULOG -This is the kernel module which does the kernel part of packet passing to -the userspace. This module is inserted on demand through the netfilter -subsystem as soon as You add a rule with the target ULOG to any chain. - -2. iptables plugin (libipt_ULOG.so) -This is a plugin for the netfilter configuration tool iptables. Just put -it to /usr/local/lib/iptables and it is loaded on demand from iptables. - -3. Ulog library (libipulog.a) += Ulog library (libipulog.a) Just a little library like libipq.a which provides a convenient way to write userspace logging daemons. The functions provided are described in the source code, a small demo program (ulog_test) is also included. -4. ulogd daemon (ulogd) += ulogd daemon (ulogd) A sophisticated logging daemon which uses libipulog. The daemon provides an easy to use plugin interface to write additional packet interpreters and output targets. Example plugins (interpreter: ip, tcp, icmp output: simple logging to a file) are included. += documentation (doc) +A quite verbose documentation of this package and it's configuration exists, +please actually make use of it and read it :) + ===> USAGE -Just apply the kernel patch and enable the kernel config option -CONFIG_IP_NF_TARGET_ULOG in the netfilter subsection of the network options. -Then recompile the kernel or just recompile the netfilter modules using -'make modules SUBDIRS=net/ipv4/netfilter'. -Next step is installing the module using 'make modules_install' +The kernel part of the userspace logging facility (ipt_ULOG.o) is included +in kernels >= 2.4.18-pre8. If you are running older kernel versions, you MUST +install the ulog-patch from netfilter patch-o-matic FIRST !! + +Please go to the netfilter homepage (http://www.netfilter.org/) +and download the latest iptables package. There is a system called +patch-o-matic, which manages recent netfilter development, which has +not been included in the stock kernel yet. + +Just apply the ulog-patch from patch-o-matic (there is some documentation +included in the iptables package how to use patch-o-matic). -To use the iptables plugin, copy libipt_ULOG.so to /usr/local/lib/iptables +Next you have to enable the kernel config option CONFIG_IP_NF_TARGET_ULOG in +the netfilter subsection of the network options. + +Then recompile the kernel or just recompile the netfilter modules using 'make +modules SUBDIRS=net/ipv4/netfilter'. Next step is installing the module using +'make modules_install' + +It is also a good idea to recompile and re-install the iptables package, +if you don't already have libipt_ULOG.so in /usr/local/lib/iptables or +/usr/lib/iptables Now You are ready to go. You may now insert logging rules to every chain. To see the full syntax, type 'iptables -j ULOG -h' @@ -72,14 +81,17 @@ group 32. All packets get tagged with the ulog prefix "inp" iptables -A INPUT -j ULOG -p tcp --dport 80 --ulog-nlgroup 32 --ulog-prefix inp -In the latest Version (0.2) I added another parameter (--ulog-cprange). +Since version 0.2, I added another parameter (--ulog-cprange). Using this parameter You are able to specify how much octets of the packet should be copied from the kernel to userspace. Setting --ulog-cprange to 0 does always copy the whole packet. Default is 0 ===> COPYRIGHT + CREDITS -The code is (C) 2000 by Harald Welte <laforge@gnumonks.org> +The code is (C) 2000-2003 by Harald Welte <laforge@gnumonks.org> + +Thanks also to the valuable Contributions of Daniel Stone, Alexander +Janssen and Michael Stolovitzsky. Credits to Rusty Russel, James Morris, Marc Boucher and all the other netfilter hackers. diff --git a/ulogd/Rules.make.in b/Rules.make.in index 4a161a4..4a161a4 100644 --- a/ulogd/Rules.make.in +++ b/Rules.make.in @@ -13,15 +13,25 @@ X add timer to flush queue in user-defineable time intervals ulogd: X MYSQL output plugin X syslog compatibility output plugin -- _fini() support for plugin destructors (needed for clean shutdown and +- autoconf-detection of ipt_ULOG.h +X _fini() support for plugin destructors (needed for clean shutdown and SIGHUP configfile reload X commandline option for "to fork or not to fork" X various command line options (we don't even have --version) - add support for capabilities to run as non-root -- big endian fixes -- man pages +X big endian fixes +X man pages - IPv6 support (core and extensions) -- make ULOGD_RET_RAW contain information about the size of the returned object +X pcap output plugin (to use ethereal/tcpdump/... for the logs) +- enable user to specify directory where to look for kernel include files +- support for static linking +- make core maintain a list of keyid's that all the output plugins are + interested. The interpreters would be called with their respective + section of that list, and only compute those values that are actually + used by any of the running output plugins +- issues with ulogd_BASE and partially copied packets (--ulog-cprange) +- problem wrt. ulogd_BASE and fragments +- implement extension SIGHUP handlers (including config re-parse) conffile: -- rewrite. This stuff is a real mess. +- rewrite parser. This stuff is a real mess. Anybody interested? diff --git a/ulogd/aclocal.m4 b/aclocal.m4 index 368464b..368464b 100644 --- a/ulogd/aclocal.m4 +++ b/aclocal.m4 diff --git a/ulogd/cftest/cftest.c b/cftest/cftest.c index b99882b..b99882b 100644 --- a/ulogd/cftest/cftest.c +++ b/cftest/cftest.c diff --git a/ulogd/cftest/test.txt b/cftest/test.txt index 3c0b663..3c0b663 100644 --- a/ulogd/cftest/test.txt +++ b/cftest/test.txt diff --git a/ulogd/conffile/Makefile.in b/conffile/Makefile.in index 907e6a7..907e6a7 100644 --- a/ulogd/conffile/Makefile.in +++ b/conffile/Makefile.in diff --git a/ulogd/conffile/conffile.c b/conffile/conffile.c index d26c5ff..d26c5ff 100644 --- a/ulogd/conffile/conffile.c +++ b/conffile/conffile.c diff --git a/ulogd/config.guess b/config.guess index 0e30d56..0e30d56 100755 --- a/ulogd/config.guess +++ b/config.guess diff --git a/ulogd/config.sub b/config.sub index 6eea727..6eea727 100755 --- a/ulogd/config.sub +++ b/config.sub diff --git a/ulogd/configure.in b/configure.in index c9db6c2..c9db6c2 100644 --- a/ulogd/configure.in +++ b/configure.in diff --git a/ulogd/contrib/ulog_query.php.gz b/contrib/ulog_query.php.gz Binary files differindex e57bc0b..e57bc0b 100644 --- a/ulogd/contrib/ulog_query.php.gz +++ b/contrib/ulog_query.php.gz diff --git a/ulogd/doc/Makefile.in b/doc/Makefile.in index e6c71a9..e6c71a9 100644 --- a/ulogd/doc/Makefile.in +++ b/doc/Makefile.in diff --git a/ulogd/doc/mysql.table b/doc/mysql.table index bdfee71..bdfee71 100644 --- a/ulogd/doc/mysql.table +++ b/doc/mysql.table diff --git a/ulogd/doc/mysql.table.ipaddr-as-string b/doc/mysql.table.ipaddr-as-string index 4a9cecc..4a9cecc 100644 --- a/ulogd/doc/mysql.table.ipaddr-as-string +++ b/doc/mysql.table.ipaddr-as-string diff --git a/ulogd/doc/pgsql.table b/doc/pgsql.table index 193f747..193f747 100644 --- a/ulogd/doc/pgsql.table +++ b/doc/pgsql.table diff --git a/ulogd/doc/sqlite3.table b/doc/sqlite3.table index 7b5e99a..7b5e99a 100644 --- a/ulogd/doc/sqlite3.table +++ b/doc/sqlite3.table diff --git a/ulogd/doc/ulogd.html b/doc/ulogd.html index 8bf7fed..8bf7fed 100644 --- a/ulogd/doc/ulogd.html +++ b/doc/ulogd.html diff --git a/ulogd/doc/ulogd.sgml b/doc/ulogd.sgml index c019c63..c019c63 100644 --- a/ulogd/doc/ulogd.sgml +++ b/doc/ulogd.sgml diff --git a/ulogd/extensions/Makefile.in b/extensions/Makefile.in index 589bf7b..589bf7b 100644 --- a/ulogd/extensions/Makefile.in +++ b/extensions/Makefile.in diff --git a/ulogd/extensions/chtons.h b/extensions/chtons.h index 4506e33..4506e33 100644 --- a/ulogd/extensions/chtons.h +++ b/extensions/chtons.h diff --git a/ulogd/extensions/printpkt.c b/extensions/printpkt.c index a9e78d7..a9e78d7 100644 --- a/ulogd/extensions/printpkt.c +++ b/extensions/printpkt.c diff --git a/ulogd/extensions/printpkt.h b/extensions/printpkt.h index ce42de4..ce42de4 100644 --- a/ulogd/extensions/printpkt.h +++ b/extensions/printpkt.h diff --git a/ulogd/extensions/ulogd_BASE.c b/extensions/ulogd_BASE.c index 61bad21..61bad21 100644 --- a/ulogd/extensions/ulogd_BASE.c +++ b/extensions/ulogd_BASE.c diff --git a/ulogd/extensions/ulogd_LOCAL.c b/extensions/ulogd_LOCAL.c index 6504ec6..6504ec6 100644 --- a/ulogd/extensions/ulogd_LOCAL.c +++ b/extensions/ulogd_LOCAL.c diff --git a/ulogd/extensions/ulogd_LOCALTIME.c b/extensions/ulogd_LOCALTIME.c index e69de29..e69de29 100644 --- a/ulogd/extensions/ulogd_LOCALTIME.c +++ b/extensions/ulogd_LOCALTIME.c diff --git a/ulogd/extensions/ulogd_LOGEMU.c b/extensions/ulogd_LOGEMU.c index 5473668..5473668 100644 --- a/ulogd/extensions/ulogd_LOGEMU.c +++ b/extensions/ulogd_LOGEMU.c diff --git a/ulogd/extensions/ulogd_OPRINT.c b/extensions/ulogd_OPRINT.c index ed34382..ed34382 100644 --- a/ulogd/extensions/ulogd_OPRINT.c +++ b/extensions/ulogd_OPRINT.c diff --git a/ulogd/extensions/ulogd_PWSNIFF.c b/extensions/ulogd_PWSNIFF.c index d205cdd..d205cdd 100644 --- a/ulogd/extensions/ulogd_PWSNIFF.c +++ b/extensions/ulogd_PWSNIFF.c diff --git a/ulogd/extensions/ulogd_SYSLOG.c b/extensions/ulogd_SYSLOG.c index 3b8dd44..3b8dd44 100644 --- a/ulogd/extensions/ulogd_SYSLOG.c +++ b/extensions/ulogd_SYSLOG.c diff --git a/ulogd/include/ulogd/conffile.h b/include/ulogd/conffile.h index 4a390d2..4a390d2 100644 --- a/ulogd/include/ulogd/conffile.h +++ b/include/ulogd/conffile.h diff --git a/ulogd/include/ulogd/ulogd.h b/include/ulogd/ulogd.h index 36816dc..36816dc 100644 --- a/ulogd/include/ulogd/ulogd.h +++ b/include/ulogd/ulogd.h diff --git a/ulogd/install-sh b/install-sh index e9de238..e9de238 100755 --- a/ulogd/install-sh +++ b/install-sh diff --git a/iptables/Makefile b/iptables/Makefile deleted file mode 100644 index 64a6b73..0000000 --- a/iptables/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -CFLAGS = -DNETFILTER_VERSION=\"1.1.1\" -fPIC - -libipt_ULOG.so: libipt_ULOG_sh.o - ld -shared libipt_ULOG_sh.o -o libipt_ULOG.so - -libipt_ULOG_sh.o: libipt_ULOG.c - gcc $(CFLAGS) -include ../kernel/ipt_ULOG.h -c libipt_ULOG.c -o libipt_ULOG_sh.o - -clean: - rm -f libipt_ULOG_sh.o libipt_ULOG.so diff --git a/iptables/libipt_ULOG.c b/iptables/libipt_ULOG.c deleted file mode 100644 index fd44a50..0000000 --- a/iptables/libipt_ULOG.c +++ /dev/null @@ -1,207 +0,0 @@ -/* Shared library add-on to iptables to add ULOG support. - * - * (C) 2000 by Harald Welte <laforge@gnumonks.org> - * - * multipart netlink support based on ideas by Sebastian Zander - * <zander@fokus.gmd.de> - * - * This software is released under the terms of GNU GPL - * - * $Id: libipt_ULOG.c,v 1.6 2001/01/30 11:17:26 laforge Exp $ - */ -#include <stdio.h> -#include <netdb.h> -#include <string.h> -#include <stdlib.h> -#include <syslog.h> -#include <getopt.h> -#include <iptables.h> -#include <linux/netfilter_ipv4/ip_tables.h> -#include <linux/netfilter_ipv4/ipt_ULOG.h> - -#define ULOG_DEFAULT_NLGROUP 1 -#define ULOG_DEFAULT_QTHRESHOLD 1 - - -void print_groups(unsigned int gmask) -{ - int b; - unsigned int test; - - for (b = 31; b >= 0; b--) { - test = (1 << b); - if (gmask & test) - printf("%d ", b + 1); - } -} - -/* Function which prints out usage message. */ -static void help(void) -{ - printf("ULOG v%s options:\n" - " --ulog-nlgroup nlgroup NETLINK group used for logging\n" - " --ulog-cprange size Bytes of each packet to be passed\n" - " --ulog-qthreshold Threshold of in-kernel queue\n" - " --ulog-prefix prefix Prefix log messages with this prefix.\n\n", - NETFILTER_VERSION); -} - -static struct option opts[] = { - {"ulog-nlgroup", 1, 0, '!'}, - {"ulog-prefix", 1, 0, '#'}, - {"ulog-cprange", 1, 0, 'A'}, - {"ulog-qthreshold", 1, 0, 'B'}, - {0} -}; - -/* Initialize the target. */ -static void init(struct ipt_entry_target *t, unsigned int *nfcache) -{ - struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) t->data; - - loginfo->nl_group = ULOG_DEFAULT_NLGROUP; - loginfo->qthreshold = ULOG_DEFAULT_QTHRESHOLD; - - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; -} - -#define IPT_LOG_OPT_NLGROUP 0x01 -#define IPT_LOG_OPT_PREFIX 0x02 -#define IPT_LOG_OPT_CPRANGE 0x04 -#define IPT_LOG_OPT_QTHRESHOLD 0x08 - -/* Function which parses command options; returns true if it - ate an option */ -static int parse(int c, char **argv, int invert, unsigned int *flags, - const struct ipt_entry *entry, - struct ipt_entry_target **target) -{ - struct ipt_ulog_info *loginfo = - (struct ipt_ulog_info *) (*target)->data; - int group_d; - - switch (c) { - case '!': - if (*flags & IPT_LOG_OPT_NLGROUP) - exit_error(PARAMETER_PROBLEM, - "Can't specify --ulog-nlgroup twice"); - - if (check_inverse(optarg, &invert)) - exit_error(PARAMETER_PROBLEM, - "Unexpected `!' after --ulog-nlgroup"); - group_d = atoi(optarg); - if (group_d > 32 || group_d < 1) - exit_error(PARAMETER_PROBLEM, - "--ulog-nlgroup has to be between 1 and 32"); - - loginfo->nl_group = (1 << (group_d - 1)); - - *flags |= IPT_LOG_OPT_NLGROUP; - break; - - case '#': - if (*flags & IPT_LOG_OPT_PREFIX) - exit_error(PARAMETER_PROBLEM, - "Can't specify --ulog-prefix twice"); - - if (check_inverse(optarg, &invert)) - exit_error(PARAMETER_PROBLEM, - "Unexpected `!' after --ulog-prefix"); - - if (strlen(optarg) > sizeof(loginfo->prefix) - 1) - exit_error(PARAMETER_PROBLEM, - "Maximum prefix length %u for --ulog-prefix", - sizeof(loginfo->prefix) - 1); - - strcpy(loginfo->prefix, optarg); - *flags |= IPT_LOG_OPT_PREFIX; - break; - case 'A': - if (*flags & IPT_LOG_OPT_CPRANGE) - exit_error(PARAMETER_PROBLEM, - "Can't specify --ulog-cprange twice"); - if (atoi(optarg) < 0) - exit_error(PARAMETER_PROBLEM, - "Negative copy range?"); - loginfo->copy_range = atoi(optarg); - *flags |= IPT_LOG_OPT_CPRANGE; - break; - case 'B': - if (*flags & IPT_LOG_OPT_QTHRESHOLD) - exit_error(PARAMETER_PROBLEM, - "Can't specify --ulog-qthreshold twice"); - if (atoi(optarg) < 1) - exit_error(PARAMETER_PROBLEM, - "Negative or zero queue threshold ?"); - if (atoi(optarg) > ULOG_MAX_QLEN) - exit_error(PARAMETER_PROBLEM, - "Maximum queue length exceeded"); - loginfo->qthreshold = atoi(optarg); - *flags |= IPT_LOG_OPT_QTHRESHOLD; - break; - } - return 1; -} - -/* Final check; nothing. */ -static void final_check(unsigned int flags) -{ -} - -/* Saves the union ipt_targinfo in parsable form to stdout. */ -static void save(const struct ipt_ip *ip, - const struct ipt_entry_target *target) -{ - const struct ipt_ulog_info *loginfo - = (const struct ipt_ulog_info *) target->data; - - if (strcmp(loginfo->prefix, "") != 0) - printf("--ulog-prefix %s ", loginfo->prefix); - - if (loginfo->nl_group != ULOG_DEFAULT_NLGROUP) { - printf("--ulog-nlgroup "); - print_groups(loginfo->nl_group); - printf("\n"); - } - if (loginfo->copy_range) - printf("--ulog-cprange %d ", loginfo->copy_range); - - if (loginfo->qthreshold != ULOG_DEFAULT_QTHRESHOLD) - printf("--ulog-qthreshold %d ", loginfo->qthreshold); -} - -/* Prints out the targinfo. */ -static void -print(const struct ipt_ip *ip, - const struct ipt_entry_target *target, int numeric) -{ - const struct ipt_ulog_info *loginfo - = (const struct ipt_ulog_info *) target->data; - - printf("ULOG "); - printf("copy_range %d nlgroup ", loginfo->copy_range); - print_groups(loginfo->nl_group); - if (strcmp(loginfo->prefix, "") != 0) - printf("prefix `%s' ", loginfo->prefix); - printf("queue_threshold %d ", loginfo->qthreshold); -} - -struct iptables_target ulog = { NULL, - "ULOG", - NETFILTER_VERSION, - IPT_ALIGN(sizeof(struct ipt_ulog_info)), - IPT_ALIGN(sizeof(struct ipt_ulog_info)), - &help, - &init, - &parse, - &final_check, - &print, - &save, - opts -}; - -void _init(void) -{ - register_target(&ulog); -} diff --git a/kernel-ULOG-2.4.0-test4.diff b/kernel-ULOG-2.4.0-test4.diff deleted file mode 100644 index f4a5501..0000000 --- a/kernel-ULOG-2.4.0-test4.diff +++ /dev/null @@ -1,229 +0,0 @@ -diff -Nru linux-2.4.0-test4-plain/Documentation/Configure.help linux-2.4.0-test4-work/Documentation/Configure.help ---- linux-2.4.0-test4-plain/Documentation/Configure.help Thu Jul 13 18:42:51 2000 -+++ linux-2.4.0-test4-work/Documentation/Configure.help Sun Jul 30 21:56:01 2000 -@@ -2010,6 +2010,16 @@ - If you want to compile it as a module, say M here and read - Documentation/modules.txt. If unsure, say `N'. - -+ULOG target support -+CONFIG_IP_NF_TARGET_ULOG -+ This option adds a `ULOG' target, which allows you to create rules in -+ any iptables table. The packet is passed to one or more userspace logging -+ daemon using netlink multicast sockets. Logging is no longer forced to -+ be in syslog, but can be done by any userspace process. -+ -+ If you want to compile it as a module, say M here and read -+ Documentation/modules.txt. If unsure, say `N'. -+ - ipchains (2.2-style) support - CONFIG_IP_NF_COMPAT_IPCHAINS - This option places ipchains (with masquerading and redirection -diff -Nru linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h ---- linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h Thu Jan 1 01:00:00 1970 -+++ linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h Sun Jul 30 22:11:07 2000 -@@ -0,0 +1,36 @@ -+#ifndef _IPT_ULOG_H -+#define _IPT_ULOG_H -+ -+#ifdef __KERNEL__ -+#include <linux/netdevice.h> -+#endif -+ -+#define ULOG_MAC_LEN 80 -+ -+ -+/* just until this is in netfilter.h */ -+#ifndef NETLINK_NFLOG -+#define NETLINK_NFLOG 25 -+#endif -+ -+struct ipt_ulog_info { -+ unsigned char logflags; -+ unsigned int nl_group; -+ char prefix[30]; -+}; -+ -+typedef struct ulog_packet_msg { -+ unsigned long mark; -+ long timestamp_sec; -+ long timestamp_usec; -+ unsigned int hook; -+ char indev_name[IFNAMSIZ]; -+ char outdev_name[IFNAMSIZ]; -+ size_t data_len; -+ char prefix[30]; -+ unsigned char mac_len; -+ unsigned char mac[ULOG_MAC_LEN]; -+ unsigned char payload[0]; -+} ulog_packet_msg_t; -+ -+#endif /*_IPT_ULOG_H*/ -diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in ---- linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in Mon Mar 27 20:35:56 2000 -+++ linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in Sun Jul 30 21:47:35 2000 -@@ -51,6 +51,7 @@ - dep_tristate ' MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE - fi - dep_tristate ' LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES -+ dep_tristate ' ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES - fi - - # Backwards compatibility modules: only if you don't build in the others. -diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile ---- linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile Mon Mar 27 20:35:56 2000 -+++ linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile Sun Jul 30 22:02:16 2000 -@@ -197,6 +197,14 @@ - endif - endif - -+ifeq ($(CONFIG_IP_NF_TARGET_ULOG),y) -+O_OBJS += ipt_ULOG.o -+else -+ ifeq ($(CONFIG_IP_NF_TARGET_ULOG),m) -+ M_OBJS += ipt_ULOG.o -+ endif -+endif -+ - ifeq ($(CONFIG_IP_NF_COMPAT_IPCHAINS),y) - O_OBJS += ipchains_core.o $(IP_NF_COMPAT_LAYER) - else -diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c ---- linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c Thu Jan 1 01:00:00 1970 -+++ linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c Sun Jul 30 21:45:44 2000 -@@ -0,0 +1,136 @@ -+/* -+ * netfilter module for userspace packet logging daemons -+ * -+ * (C) 2000 by Harald Welte <laforge@sunbeam.franken.de> -+ * -+ * Released under the terms of the GPL -+ */ -+ -+#include <linux/module.h> -+#include <linux/version.h> -+#include <linux/config.h> -+#include <linux/socket.h> -+#include <linux/skbuff.h> -+#include <linux/kernel.h> -+#include <linux/netlink.h> -+#include <linux/netdevice.h> -+#include <linux/mm.h> -+#include <linux/netfilter_ipv4/ip_tables.h> -+#include <linux/netfilter_ipv4/ipt_ULOG.h> -+ -+#define NETLINK_NFLOG 25 -+#define ULOG_NL_EVENT 111 -+ -+#if 1 -+#define DEBUGP printk -+#else -+#define DEBUGP(format, args ...) -+#endif -+ -+struct sock *nflognl; -+ -+static void nflog_rcv(struct sock *sk, int len) -+{ -+ printk("nflog_rcv: did receive netlink message ?!?\n"); -+} -+ -+static unsigned int ipt_ulog_target( -+ struct sk_buff **pskb, -+ unsigned int hooknum, -+ const struct net_device *in, -+ const struct net_device *out, -+ const void *targinfo, -+ void *userinfo) -+{ -+ ulog_packet_msg_t *pm; -+ size_t size; -+ struct sk_buff *nlskb; -+ unsigned char *old_tail; -+ struct nlmsghdr *nlh; -+ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *)targinfo; -+ -+ /* calculate the size of the skb needed */ -+ -+ size = NLMSG_SPACE(sizeof(*pm) + (*pskb)->len); -+ nlskb = alloc_skb(size, GFP_ATOMIC); -+ if (!nlskb) -+ goto nlmsg_failure; -+ -+ old_tail = nlskb->tail; -+ nlh = NLMSG_PUT(nlskb, 0, 0, ULOG_NL_EVENT, size - sizeof(*nlh)); -+ pm = NLMSG_DATA(nlh); -+ -+ /* copy hook, prefix, timestamp, payload, etc. */ -+ -+ pm->data_len = (*pskb)->len; -+ pm->timestamp_sec = (*pskb)->stamp.tv_sec; -+ pm->timestamp_usec = (*pskb)->stamp.tv_usec; -+ pm->mark = (*pskb)->nfmark; -+ pm->hook = hooknum; -+ if (loginfo->prefix) -+ strcpy(pm->prefix, loginfo->prefix); -+ -+ if (in && !out) -+ { -+ if ((*pskb)->dev && (*pskb)->dev->hard_header_len > 0 -+ && (*pskb)->dev->hard_header_len <= ULOG_MAC_LEN) -+ { -+ memcpy(pm->mac, (*pskb)->mac.raw, (*pskb)->dev->hard_header_len); -+ pm->mac_len = (*pskb)->dev->hard_header_len; -+ } -+ -+ } -+/* -+ if (in) strcpy(pm->indev_name, in->name); -+ else pm->indev_name[0] = '\0'; -+*/ -+ if ((*pskb)->len) -+ memcpy(pm->payload, (*pskb)->data, (*pskb)->len); -+ nlh->nlmsg_len = nlskb->tail - old_tail; -+ NETLINK_CB(nlskb).dst_groups = loginfo->nl_group; -+ DEBUGP("ipt_ULOG: going to throw out a packet to netlink groupmask %u\n", loginfo->nl_group); -+ netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group, GFP_ATOMIC); -+ -+ return IPT_CONTINUE; -+ -+nlmsg_failure: -+ if (nlskb) -+ kfree(nlskb); -+ printk("ipt_ULOG: Error building netlink message\n"); -+ return IPT_CONTINUE; -+ -+} -+ -+static int ipt_ulog_checkentry( -+ const char *tablename, -+ const struct ipt_entry *e, -+ void *targinfo, -+ unsigned int targinfosize, -+ unsigned int hookmask) -+{ -+ return 1; -+} -+ -+ -+static struct ipt_target ipt_ulog_reg = -+ { { NULL, NULL }, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL, -+ THIS_MODULE }; -+ -+static int __init init(void) -+{ -+ DEBUGP("ipt_ULOG: init module\n"); -+ nflognl = netlink_kernel_create(NETLINK_NFLOG, nflog_rcv); -+ if (ipt_register_target(&ipt_ulog_reg)) -+ return -EINVAL; -+ -+ return 0; -+} -+ -+static void __exit fini(void) -+{ -+ DEBUGP("ipt_ULOG: cleanup_module\n"); -+ ipt_unregister_target(&ipt_ulog_reg); -+} -+ -+module_init(init); -+module_exit(fini); diff --git a/kernel-ULOG1-to-ULOG2.diff b/kernel-ULOG1-to-ULOG2.diff deleted file mode 100644 index a690e05..0000000 --- a/kernel-ULOG1-to-ULOG2.diff +++ /dev/null @@ -1,210 +0,0 @@ -diff -Nru linux-2.4.0-test4-ulog1/include/linux/netfilter_ipv4/ipt_ULOG.h linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h ---- linux-2.4.0-test4-ulog1/include/linux/netfilter_ipv4/ipt_ULOG.h Mon Jul 31 13:31:51 2000 -+++ linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h Mon Jul 31 17:17:04 2000 -@@ -7,6 +7,7 @@ - struct ipt_ulog_info - { - unsigned int nl_group; -+ size_t copy_range; - char prefix[ULOG_PREFIX_LEN]; - }; - -diff -Nru linux-2.4.0-test4-ulog1/net/ipv4/netfilter/ipt_ULOG.c linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c ---- linux-2.4.0-test4-ulog1/net/ipv4/netfilter/ipt_ULOG.c Mon Jul 31 13:31:51 2000 -+++ linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c Mon Jul 31 13:41:57 2000 -@@ -4,6 +4,8 @@ - * (C) 2000 by Harald Welte <laforge@sunbeam.franken.de> - * - * Released under the terms of the GPL -+ * -+ * ipt_ULOG.c,v 1.4 2000/07/31 11:41:06 laforge Exp - */ - - #include <linux/module.h> -@@ -15,15 +17,17 @@ - #include <linux/netlink.h> - #include <linux/netdevice.h> - #include <linux/mm.h> -+#include <linux/socket.h> - #include <linux/netfilter_ipv4/ip_tables.h> - #include <linux/netfilter_ipv4/ipt_ULOG.h> -+#include <net/sock.h> - --#define ULOG_NL_EVENT 111 /* Harald's favorite number */ -+#define ULOG_NL_EVENT 111 /* Harald's favorite number */ - - #if 0 - #define DEBUGP printk - #else --#define DEBUGP(format, args ...) -+#define DEBUGP(format, args...) - #endif - - static struct sock *nflognl; -@@ -33,35 +37,38 @@ - printk("nflog_rcv: did receive netlink message ?!?\n"); - } - --static unsigned int ipt_ulog_target( -- struct sk_buff **pskb, -- unsigned int hooknum, -- const struct net_device *in, -- const struct net_device *out, -- const void *targinfo, -- void *userinfo) -+static unsigned int ipt_ulog_target(struct sk_buff **pskb, -+ unsigned int hooknum, -+ const struct net_device *in, -+ const struct net_device *out, -+ const void *targinfo, void *userinfo) - { - ulog_packet_msg_t *pm; -- size_t size; -+ size_t size, copy_len; - struct sk_buff *nlskb; - unsigned char *old_tail; - struct nlmsghdr *nlh; -- struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *)targinfo; -+ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; - - /* calculate the size of the skb needed */ -- -- size = NLMSG_SPACE(sizeof(*pm) + (*pskb)->len); -+ if ((loginfo->copy_range == 0) || -+ (loginfo->copy_range > (*pskb)->len)) { -+ copy_len = (*pskb)->len; -+ } else { -+ copy_len = loginfo->copy_range; -+ } -+ size = NLMSG_SPACE(sizeof(*pm) + copy_len); - nlskb = alloc_skb(size, GFP_ATOMIC); - if (!nlskb) - goto nlmsg_failure; -- -+ - old_tail = nlskb->tail; - nlh = NLMSG_PUT(nlskb, 0, 0, ULOG_NL_EVENT, size - sizeof(*nlh)); - pm = NLMSG_DATA(nlh); -- -+ - /* copy hook, prefix, timestamp, payload, etc. */ - -- pm->data_len = (*pskb)->len; -+ pm->data_len = copy_len; - pm->timestamp_sec = (*pskb)->stamp.tv_sec; - pm->timestamp_usec = (*pskb)->stamp.tv_usec; - pm->mark = (*pskb)->nfmark; -@@ -70,52 +77,57 @@ - strcpy(pm->prefix, loginfo->prefix); - - if (in && in->hard_header_len > 0 -- && (*pskb)->mac.raw != (*pskb)->nh.iph -+ && (*pskb)->mac.raw != (void *) (*pskb)->nh.iph - && in->hard_header_len <= ULOG_MAC_LEN) { - memcpy(pm->mac, (*pskb)->mac.raw, in->hard_header_len); - pm->mac_len = in->hard_header_len; - } - -- if (in) strcpy(pm->indev_name, in->name); -- else pm->indev_name[0] = '\0'; -+ if (in) -+ strcpy(pm->indev_name, in->name); -+ else -+ pm->indev_name[0] = '\0'; -+ -+ if (out) -+ strcpy(pm->outdev_name, out->name); -+ else -+ pm->outdev_name[0] = '\0'; - -- if (out) strcpy(pm->outdev_name, out->name); -- else pm->outdev_name[0] = '\0'; -- -- if ((*pskb)->len) -- memcpy(pm->payload, (*pskb)->data, (*pskb)->len); -+ if (copy_len) -+ memcpy(pm->payload, (*pskb)->data, copy_len); - nlh->nlmsg_len = nlskb->tail - old_tail; - NETLINK_CB(nlskb).dst_groups = loginfo->nl_group; -- DEBUGP("ipt_ULOG: going to throw a packet to netlink groupmask %u\n", -- loginfo->nl_group); -- netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group, GFP_ATOMIC); -+ DEBUGP -+ ("ipt_ULOG: going to throw a packet to netlink groupmask %u\n", -+ loginfo->nl_group); -+ netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group, -+ GFP_ATOMIC); - - return IPT_CONTINUE; - --nlmsg_failure: -+ nlmsg_failure: - if (nlskb) -- kfree(nlskb); -+ kfree(nlskb); - printk("ipt_ULOG: Error building netlink message\n"); - return IPT_CONTINUE; - } - --static int ipt_ulog_checkentry( -- const char *tablename, -- const struct ipt_entry *e, -- void *targinfo, -- unsigned int targinfosize, -- unsigned int hookmask) -+static int ipt_ulog_checkentry(const char *tablename, -+ const struct ipt_entry *e, -+ void *targinfo, -+ unsigned int targinfosize, -+ unsigned int hookmask) - { -- struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *)targinfo; -+ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; - -- if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ulog_info))) { -- DEBUGP("ULOG: targinfosize %u != 0\n", targinfosize); -- return 0; -- } -+ if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ulog_info))) { -+ DEBUGP("ULOG: targinfosize %u != 0\n", targinfosize); -+ return 0; -+ } - -- if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') { -+ if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { - DEBUGP("ULOG: prefix term %i\n", -- loginfo->prefix[sizeof(loginfo->prefix)-1]); -+ loginfo->prefix[sizeof(loginfo->prefix) - 1]); - return 0; - } - -@@ -123,8 +135,9 @@ - } - - static struct ipt_target ipt_ulog_reg = -- { { NULL, NULL }, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL, -- THIS_MODULE }; -+ { {NULL, NULL}, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL, -+THIS_MODULE -+}; - - static int __init init(void) - { -@@ -134,7 +147,7 @@ - return -ENOMEM; - - if (ipt_register_target(&ipt_ulog_reg) != 0) { -- sock_release(nflognl->socket); -+ sock_release(nflognl->socket); - return -EINVAL; - } - -@@ -144,7 +157,7 @@ - static void __exit fini(void) - { - DEBUGP("ipt_ULOG: cleanup_module\n"); -- -+ - ipt_unregister_target(&ipt_ulog_reg); - sock_release(nflognl->socket); - } diff --git a/kernel/Makefile b/kernel/Makefile deleted file mode 100644 index 801561c..0000000 --- a/kernel/Makefile +++ /dev/null @@ -1,8 +0,0 @@ -CFLAGS = -D__KERNEL__ -march=i586 -DMODULE -DMODVERSIONS -include /usr/src/linux/include/linux/modversions.h -include ./ipt_ULOG.h -I/usr/src/linux/include -Wall -O2 -fomit-frame-pointer - - -ipt_ULOG.o: ipt_ULOG.c Makefile - gcc $(CFLAGS) -c ipt_ULOG.c - -clean: - rm -f *.o diff --git a/kernel/ipt_ULOG.c b/kernel/ipt_ULOG.c deleted file mode 100644 index 90b5a8e..0000000 --- a/kernel/ipt_ULOG.c +++ /dev/null @@ -1,370 +0,0 @@ -/* - * netfilter module for userspace packet logging daemons - * - * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org> - * - * 2000/09/22 ulog-cprange feature added - * 2001/01/04 in-kernel queue as proposed by Sebastian Zander - * <zander@fokus.gmd.de> - * 2001/01/30 per-rule nlgroup conflicts with global queue. - * nlgroup now global (sysctl) - * 2001/04/19 ulog-queue reworked, now fixed buffer size specified at - * module loadtime -HW - * 2002/07/07 remove broken nflog_rcv() function -HW - * 2002/08/29 fix shifted/unshifted nlgroup bug -HW - * 2002/10/30 fix uninitialized mac_len field - <Anders K. Pedersen> - * - * Released under the terms of the GPL - * - * This module accepts two parameters: - * - * nlbufsiz: - * The parameter specifies how big the buffer for each netlink multicast - * group is. e.g. If you say nlbufsiz=8192, up to eight kb of packets will - * get accumulated in the kernel until they are sent to userspace. It is - * NOT possible to allocate more than 128kB, and it is strongly discouraged, - * because atomically allocating 128kB inside the network rx softirq is not - * reliable. Please also keep in mind that this buffer size is allocated for - * each nlgroup you are using, so the total kernel memory usage increases - * by that factor. - * - * flushtimeout: - * Specify, after how many clock ticks (intel: 100 per second) the queue - * should be flushed even if it is not full yet. - * - * $Id: ipt_ULOG.c,v 1.21 2002/08/29 10:54:34 laforge Exp $ - */ - -#include <linux/module.h> -#include <linux/version.h> -#include <linux/config.h> -#include <linux/spinlock.h> -#include <linux/socket.h> -#include <linux/skbuff.h> -#include <linux/kernel.h> -#include <linux/timer.h> -#include <linux/netlink.h> -#include <linux/netdevice.h> -#include <linux/mm.h> -#include <linux/socket.h> -#include <linux/netfilter_ipv4/ip_tables.h> -#include <linux/netfilter_ipv4/ipt_ULOG.h> -#include <linux/netfilter_ipv4/lockhelp.h> -#include <net/sock.h> -#include <asm/bitops.h> - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>"); -MODULE_DESCRIPTION("IP tables userspace logging module"); - -#define ULOG_NL_EVENT 111 /* Harald's favorite number */ -#define ULOG_MAXNLGROUPS 32 /* numer of nlgroups */ - -#if 0 -#define DEBUGP(format, args...) printk(__FILE__ ":" __FUNCTION__ ":" \ - format, ## args) -#else -#define DEBUGP(format, args...) -#endif - -#define PRINTR(format, args...) do { if (net_ratelimit()) printk(format, ## args); } while (0) - -static unsigned int nlbufsiz = 4096; -MODULE_PARM(nlbufsiz, "i"); -MODULE_PARM_DESC(nlbufsiz, "netlink buffer size"); - -static unsigned int flushtimeout = 10 * HZ; -MODULE_PARM(flushtimeout, "i"); -MODULE_PARM_DESC(flushtimeout, "buffer flush timeout"); - -/* global data structures */ - -typedef struct { - unsigned int qlen; /* number of nlmsgs' in the skb */ - struct nlmsghdr *lastnlh; /* netlink header of last msg in skb */ - struct sk_buff *skb; /* the pre-allocated skb */ - struct timer_list timer; /* the timer function */ -} ulog_buff_t; - -static ulog_buff_t ulog_buffers[ULOG_MAXNLGROUPS]; /* array of buffers */ - -static struct sock *nflognl; /* our socket */ -static size_t qlen; /* current length of multipart-nlmsg */ -DECLARE_LOCK(ulog_lock); /* spinlock */ - -/* send one ulog_buff_t to userspace */ -static void ulog_send(unsigned int nlgroupnum) -{ - ulog_buff_t *ub = &ulog_buffers[nlgroupnum]; - - if (timer_pending(&ub->timer)) { - DEBUGP("ipt_ULOG: ulog_send: timer was pending, deleting\n"); - del_timer(&ub->timer); - } - - /* last nlmsg needs NLMSG_DONE */ - if (ub->qlen > 1) - ub->lastnlh->nlmsg_type = NLMSG_DONE; - - NETLINK_CB(ub->skb).dst_groups = (1 << nlgroupnum); - DEBUGP("ipt_ULOG: throwing %d packets to netlink mask %u\n", - ub->qlen, nlgroup); - netlink_broadcast(nflognl, ub->skb, 0, (1 << nlgroupnum), GFP_ATOMIC); - - ub->qlen = 0; - ub->skb = NULL; - ub->lastnlh = NULL; - -} - - -/* timer function to flush queue in ULOG_FLUSH_INTERVAL time */ -static void ulog_timer(unsigned long data) -{ - DEBUGP("ipt_ULOG: timer function called, calling ulog_send\n"); - - /* lock to protect against somebody modifying our structure - * from ipt_ulog_target at the same time */ - LOCK_BH(&ulog_lock); - ulog_send(data); - UNLOCK_BH(&ulog_lock); -} - -struct sk_buff *ulog_alloc_skb(unsigned int size) -{ - struct sk_buff *skb; - - /* alloc skb which should be big enough for a whole - * multipart message. WARNING: has to be <= 131000 - * due to slab allocator restrictions */ - - skb = alloc_skb(nlbufsiz, GFP_ATOMIC); - if (!skb) { - PRINTR("ipt_ULOG: can't alloc whole buffer %ub!\n", - nlbufsiz); - - /* try to allocate only as much as we need for - * current packet */ - - skb = alloc_skb(size, GFP_ATOMIC); - if (!skb) - PRINTR("ipt_ULOG: can't even allocate %ub\n", size); - } - - return skb; -} - -static unsigned int ipt_ulog_target(struct sk_buff **pskb, - unsigned int hooknum, - const struct net_device *in, - const struct net_device *out, - const void *targinfo, void *userinfo) -{ - ulog_buff_t *ub; - ulog_packet_msg_t *pm; - size_t size, copy_len; - struct nlmsghdr *nlh; - struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; - - /* ffs == find first bit set, necessary because userspace - * is already shifting groupnumber, but we need unshifted. - * ffs() returns [1..32], we need [0..31] */ - unsigned int groupnum = ffs(loginfo->nl_group) - 1; - - /* calculate the size of the skb needed */ - if ((loginfo->copy_range == 0) || - (loginfo->copy_range > (*pskb)->len)) { - copy_len = (*pskb)->len; - } else { - copy_len = loginfo->copy_range; - } - - size = NLMSG_SPACE(sizeof(*pm) + copy_len); - - ub = &ulog_buffers[groupnum]; - - LOCK_BH(&ulog_lock); - - if (!ub->skb) { - if (!(ub->skb = ulog_alloc_skb(size))) - goto alloc_failure; - } else if (ub->qlen >= loginfo->qthreshold || - size > skb_tailroom(ub->skb)) { - /* either the queue len is too high or we don't have - * enough room in nlskb left. send it to userspace. */ - - ulog_send(groupnum); - - if (!(ub->skb = ulog_alloc_skb(size))) - goto alloc_failure; - } - - DEBUGP("ipt_ULOG: qlen %d, qthreshold %d\n", ub->qlen, - loginfo->qthreshold); - - /* NLMSG_PUT contains a hidden goto nlmsg_failure !!! */ - nlh = NLMSG_PUT(ub->skb, 0, ub->qlen, ULOG_NL_EVENT, - size - sizeof(*nlh)); - ub->qlen++; - - pm = NLMSG_DATA(nlh); - - /* copy hook, prefix, timestamp, payload, etc. */ - pm->data_len = copy_len; - pm->timestamp_sec = (*pskb)->stamp.tv_sec; - pm->timestamp_usec = (*pskb)->stamp.tv_usec; - pm->mark = (*pskb)->nfmark; - pm->hook = hooknum; - if (loginfo->prefix[0] != '\0') - strncpy(pm->prefix, loginfo->prefix, sizeof(pm->prefix)); - else - *(pm->prefix) = '\0'; - - if (in && in->hard_header_len > 0 - && (*pskb)->mac.raw != (void *) (*pskb)->nh.iph - && in->hard_header_len <= ULOG_MAC_LEN) { - memcpy(pm->mac, (*pskb)->mac.raw, in->hard_header_len); - pm->mac_len = in->hard_header_len; - } else - pm->mac_len = 0; - - if (in) - strncpy(pm->indev_name, in->name, sizeof(pm->indev_name)); - else - pm->indev_name[0] = '\0'; - - if (out) - strncpy(pm->outdev_name, out->name, sizeof(pm->outdev_name)); - else - pm->outdev_name[0] = '\0'; - - if (copy_len) - memcpy(pm->payload, (*pskb)->data, copy_len); - - /* check if we are building multi-part messages */ - if (ub->qlen > 1) { - ub->lastnlh->nlmsg_flags |= NLM_F_MULTI; - } - - /* if threshold is reached, send message to userspace */ - if (qlen >= loginfo->qthreshold) { - if (loginfo->qthreshold > 1) - nlh->nlmsg_type = NLMSG_DONE; - } - - ub->lastnlh = nlh; - - /* if timer isn't already running, start it */ - if (!timer_pending(&ub->timer)) { - ub->timer.expires = jiffies + flushtimeout; - add_timer(&ub->timer); - } - - UNLOCK_BH(&ulog_lock); - - return IPT_CONTINUE; - - -nlmsg_failure: - PRINTR("ipt_ULOG: error during NLMSG_PUT\n"); - -alloc_failure: - PRINTR("ipt_ULOG: Error building netlink message\n"); - - UNLOCK_BH(&ulog_lock); - - return IPT_CONTINUE; -} - -static int ipt_ulog_checkentry(const char *tablename, - const struct ipt_entry *e, - void *targinfo, - unsigned int targinfosize, - unsigned int hookmask) -{ - struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; - - if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ulog_info))) { - DEBUGP("ipt_ULOG: targinfosize %u != 0\n", targinfosize); - return 0; - } - - if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { - DEBUGP("ipt_ULOG: prefix term %i\n", - loginfo->prefix[sizeof(loginfo->prefix) - 1]); - return 0; - } - - if (loginfo->qthreshold > ULOG_MAX_QLEN) { - DEBUGP("ipt_ULOG: queue threshold %i > MAX_QLEN\n", - loginfo->qthreshold); - return 0; - } - - return 1; -} - -static struct ipt_target ipt_ulog_reg = - { {NULL, NULL}, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL, -THIS_MODULE -}; - -static int __init init(void) -{ - int i; - - DEBUGP("ipt_ULOG: init module\n"); - - if (nlbufsiz >= 128*1024) { - printk("Netlink buffer has to be <= 128kB\n"); - return -EINVAL; - } - - /* initialize ulog_buffers */ - for (i = 0; i < ULOG_MAXNLGROUPS; i++) { - memset(&ulog_buffers[i], 0, sizeof(ulog_buff_t)); - init_timer(&ulog_buffers[i].timer); - ulog_buffers[i].timer.function = ulog_timer; - ulog_buffers[i].timer.data = i; - } - - nflognl = netlink_kernel_create(NETLINK_NFLOG, NULL); - if (!nflognl) - return -ENOMEM; - - if (ipt_register_target(&ipt_ulog_reg) != 0) { - sock_release(nflognl->socket); - return -EINVAL; - } - - return 0; -} - -static void __exit fini(void) -{ - ulog_buff_t *ub; - int i; - - DEBUGP("ipt_ULOG: cleanup_module\n"); - - ipt_unregister_target(&ipt_ulog_reg); - sock_release(nflognl->socket); - - /* remove pending timers and free allocated skb's */ - for (i = 0; i < ULOG_MAXNLGROUPS; i++) { - ub = &ulog_buffers[i]; - if (timer_pending(&ub->timer)) { - DEBUGP("timer was pending, deleting\n"); - del_timer(&ub->timer); - } - - if (ub->skb) { - kfree_skb(ub->skb); - ub->skb = NULL; - } - } - -} - -module_init(init); -module_exit(fini); diff --git a/kernel/ipt_ULOG.h b/kernel/ipt_ULOG.h deleted file mode 100644 index a4d8b01..0000000 --- a/kernel/ipt_ULOG.h +++ /dev/null @@ -1,46 +0,0 @@ -/* Header file for IP tables userspace logging, Version $Revision: 1.8 $ - * - * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org> - * - * Distributed under the terms of GNU GPL */ - -#ifndef _IPT_ULOG_H -#define _IPT_ULOG_H - -#ifndef NETLINK_NFLOG -#define NETLINK_NFLOG 5 -#endif - -#define ULOG_MAC_LEN 80 -#define ULOG_PREFIX_LEN 32 - -#define ULOG_MAX_QLEN 50 -/* Why 50? Well... there is a limit imposed by the slab cache 131000 - * bytes. So the multipart netlink-message has to be < 131000 bytes. - * Assuming a standard ethernet-mtu of 1500, we could define this up - * to 80... but even 50 seems to be big enough. */ - -/* private data structure for each rule with a ULOG target */ -struct ipt_ulog_info { - unsigned int nl_group; - size_t copy_range; - size_t qthreshold; - char prefix[ULOG_PREFIX_LEN]; -}; - -/* Format of the ULOG packets passed through netlink */ -typedef struct ulog_packet_msg { - unsigned long mark; - long timestamp_sec; - long timestamp_usec; - unsigned int hook; - char indev_name[IFNAMSIZ]; - char outdev_name[IFNAMSIZ]; - size_t data_len; - char prefix[ULOG_PREFIX_LEN]; - unsigned char mac_len; - unsigned char mac[ULOG_MAC_LEN]; - unsigned char payload[0]; -} ulog_packet_msg_t; - -#endif /*_IPT_ULOG_H*/ diff --git a/ulogd/libipulog/Makefile.in b/libipulog/Makefile.in index 52a3394..52a3394 100644 --- a/ulogd/libipulog/Makefile.in +++ b/libipulog/Makefile.in diff --git a/ulogd/libipulog/include/libipulog/libipulog.h b/libipulog/include/libipulog/libipulog.h index b3805d7..b3805d7 100644 --- a/ulogd/libipulog/include/libipulog/libipulog.h +++ b/libipulog/include/libipulog/libipulog.h diff --git a/ulogd/libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h b/libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h index de062cd..de062cd 100644 --- a/ulogd/libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h +++ b/libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h diff --git a/ulogd/libipulog/libipulog.c b/libipulog/libipulog.c index 415b712..415b712 100644 --- a/ulogd/libipulog/libipulog.c +++ b/libipulog/libipulog.c diff --git a/ulogd/libipulog/ulog_test.c b/libipulog/ulog_test.c index 792a793..792a793 100644 --- a/ulogd/libipulog/ulog_test.c +++ b/libipulog/ulog_test.c diff --git a/ulogd/mysql/Makefile.in b/mysql/Makefile.in index cbab843..cbab843 100644 --- a/ulogd/mysql/Makefile.in +++ b/mysql/Makefile.in diff --git a/ulogd/mysql/ulogd_MYSQL.c b/mysql/ulogd_MYSQL.c index b917ffa..b917ffa 100644 --- a/ulogd/mysql/ulogd_MYSQL.c +++ b/mysql/ulogd_MYSQL.c diff --git a/ulogd/pcap/Makefile.in b/pcap/Makefile.in index d469c2b..d469c2b 100644 --- a/ulogd/pcap/Makefile.in +++ b/pcap/Makefile.in diff --git a/ulogd/pcap/ulogd_PCAP.c b/pcap/ulogd_PCAP.c index 686fe47..686fe47 100644 --- a/ulogd/pcap/ulogd_PCAP.c +++ b/pcap/ulogd_PCAP.c diff --git a/ulogd/pgsql/Makefile.in b/pgsql/Makefile.in index a242e0d..a242e0d 100644 --- a/ulogd/pgsql/Makefile.in +++ b/pgsql/Makefile.in diff --git a/ulogd/pgsql/ulogd_PGSQL.c b/pgsql/ulogd_PGSQL.c index 695482a..695482a 100644 --- a/ulogd/pgsql/ulogd_PGSQL.c +++ b/pgsql/ulogd_PGSQL.c diff --git a/plain-2.4.0-to-ulog2.diff b/plain-2.4.0-to-ulog2.diff deleted file mode 100644 index ab858ea..0000000 --- a/plain-2.4.0-to-ulog2.diff +++ /dev/null @@ -1,263 +0,0 @@ -diff -Nru linux-2.4.0-test4-plain/Documentation/Configure.help linux-2.4.0-test4-work/Documentation/Configure.help ---- linux-2.4.0-test4-plain/Documentation/Configure.help Thu Jul 13 18:42:51 2000 -+++ linux-2.4.0-test4-work/Documentation/Configure.help Mon Jul 31 17:23:30 2000 -@@ -2010,6 +2010,16 @@ - If you want to compile it as a module, say M here and read - Documentation/modules.txt. If unsure, say `N'. - -+ULOG target support -+CONFIG_IP_NF_TARGET_ULOG -+ This option adds a `ULOG' target, which allows you to create rules in -+ any iptables table. The packet is passed to a userspace logging -+ daemon using netlink multicast sockets; unlike the LOG target -+ which can only be viewed through syslog. -+ -+ If you want to compile it as a module, say M here and read -+ Documentation/modules.txt. If unsure, say `N'. -+ - ipchains (2.2-style) support - CONFIG_IP_NF_COMPAT_IPCHAINS - This option places ipchains (with masquerading and redirection -diff -Nru linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h ---- linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h Thu Jan 1 01:00:00 1970 -+++ linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h Mon Jul 31 17:23:31 2000 -@@ -0,0 +1,29 @@ -+#ifndef _IPT_ULOG_H -+#define _IPT_ULOG_H -+ -+#define ULOG_MAC_LEN 80 -+#define ULOG_PREFIX_LEN 32 -+ -+struct ipt_ulog_info -+{ -+ unsigned int nl_group; -+ size_t copy_range; -+ char prefix[ULOG_PREFIX_LEN]; -+}; -+ -+typedef struct ulog_packet_msg -+{ -+ unsigned long mark; -+ long timestamp_sec; -+ long timestamp_usec; -+ unsigned int hook; -+ char indev_name[IFNAMSIZ]; -+ char outdev_name[IFNAMSIZ]; -+ size_t data_len; -+ char prefix[ULOG_PREFIX_LEN]; -+ unsigned char mac_len; -+ unsigned char mac[ULOG_MAC_LEN]; -+ unsigned char payload[0]; -+} ulog_packet_msg_t; -+ -+#endif /*_IPT_ULOG_H*/ -diff -Nru linux-2.4.0-test4-plain/include/linux/netlink.h linux-2.4.0-test4-work/include/linux/netlink.h ---- linux-2.4.0-test4-plain/include/linux/netlink.h Fri Aug 28 04:33:08 1998 -+++ linux-2.4.0-test4-work/include/linux/netlink.h Mon Jul 31 17:23:30 2000 -@@ -5,6 +5,7 @@ - #define NETLINK_SKIP 1 /* Reserved for ENskip */ - #define NETLINK_USERSOCK 2 /* Reserved for user mode socket protocols */ - #define NETLINK_FIREWALL 3 /* Firewalling hook */ -+#define NETLINK_NFLOG 4 /* Firewall logging */ - #define NETLINK_ARPD 8 - #define NETLINK_ROUTE6 11 /* af_inet6 route comm channel */ - #define NETLINK_IP6_FW 13 -diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in ---- linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in Mon Mar 27 20:35:56 2000 -+++ linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in Mon Jul 31 17:23:30 2000 -@@ -51,6 +51,7 @@ - dep_tristate ' MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE - fi - dep_tristate ' LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES -+ dep_tristate ' ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES - fi - - # Backwards compatibility modules: only if you don't build in the others. -diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile ---- linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile Mon Mar 27 20:35:56 2000 -+++ linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile Mon Jul 31 17:23:30 2000 -@@ -197,6 +197,14 @@ - endif - endif - -+ifeq ($(CONFIG_IP_NF_TARGET_ULOG),y) -+O_OBJS += ipt_ULOG.o -+else -+ ifeq ($(CONFIG_IP_NF_TARGET_ULOG),m) -+ M_OBJS += ipt_ULOG.o -+ endif -+endif -+ - ifeq ($(CONFIG_IP_NF_COMPAT_IPCHAINS),y) - O_OBJS += ipchains_core.o $(IP_NF_COMPAT_LAYER) - else -diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c ---- linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c Thu Jan 1 01:00:00 1970 -+++ linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c Mon Jul 31 17:23:31 2000 -@@ -0,0 +1,166 @@ -+/* -+ * netfilter module for userspace packet logging daemons -+ * -+ * (C) 2000 by Harald Welte <laforge@sunbeam.franken.de> -+ * -+ * Released under the terms of the GPL -+ * -+ * ipt_ULOG.c,v 1.4 2000/07/31 11:41:06 laforge Exp -+ */ -+ -+#include <linux/module.h> -+#include <linux/version.h> -+#include <linux/config.h> -+#include <linux/socket.h> -+#include <linux/skbuff.h> -+#include <linux/kernel.h> -+#include <linux/netlink.h> -+#include <linux/netdevice.h> -+#include <linux/mm.h> -+#include <linux/socket.h> -+#include <linux/netfilter_ipv4/ip_tables.h> -+#include <linux/netfilter_ipv4/ipt_ULOG.h> -+#include <net/sock.h> -+ -+#define ULOG_NL_EVENT 111 /* Harald's favorite number */ -+ -+#if 0 -+#define DEBUGP printk -+#else -+#define DEBUGP(format, args...) -+#endif -+ -+static struct sock *nflognl; -+ -+static void nflog_rcv(struct sock *sk, int len) -+{ -+ printk("nflog_rcv: did receive netlink message ?!?\n"); -+} -+ -+static unsigned int ipt_ulog_target(struct sk_buff **pskb, -+ unsigned int hooknum, -+ const struct net_device *in, -+ const struct net_device *out, -+ const void *targinfo, void *userinfo) -+{ -+ ulog_packet_msg_t *pm; -+ size_t size, copy_len; -+ struct sk_buff *nlskb; -+ unsigned char *old_tail; -+ struct nlmsghdr *nlh; -+ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; -+ -+ /* calculate the size of the skb needed */ -+ if ((loginfo->copy_range == 0) || -+ (loginfo->copy_range > (*pskb)->len)) { -+ copy_len = (*pskb)->len; -+ } else { -+ copy_len = loginfo->copy_range; -+ } -+ size = NLMSG_SPACE(sizeof(*pm) + copy_len); -+ nlskb = alloc_skb(size, GFP_ATOMIC); -+ if (!nlskb) -+ goto nlmsg_failure; -+ -+ old_tail = nlskb->tail; -+ nlh = NLMSG_PUT(nlskb, 0, 0, ULOG_NL_EVENT, size - sizeof(*nlh)); -+ pm = NLMSG_DATA(nlh); -+ -+ /* copy hook, prefix, timestamp, payload, etc. */ -+ -+ pm->data_len = copy_len; -+ pm->timestamp_sec = (*pskb)->stamp.tv_sec; -+ pm->timestamp_usec = (*pskb)->stamp.tv_usec; -+ pm->mark = (*pskb)->nfmark; -+ pm->hook = hooknum; -+ if (loginfo->prefix) -+ strcpy(pm->prefix, loginfo->prefix); -+ -+ if (in && in->hard_header_len > 0 -+ && (*pskb)->mac.raw != (void *) (*pskb)->nh.iph -+ && in->hard_header_len <= ULOG_MAC_LEN) { -+ memcpy(pm->mac, (*pskb)->mac.raw, in->hard_header_len); -+ pm->mac_len = in->hard_header_len; -+ } -+ -+ if (in) -+ strcpy(pm->indev_name, in->name); -+ else -+ pm->indev_name[0] = '\0'; -+ -+ if (out) -+ strcpy(pm->outdev_name, out->name); -+ else -+ pm->outdev_name[0] = '\0'; -+ -+ if (copy_len) -+ memcpy(pm->payload, (*pskb)->data, copy_len); -+ nlh->nlmsg_len = nlskb->tail - old_tail; -+ NETLINK_CB(nlskb).dst_groups = loginfo->nl_group; -+ DEBUGP -+ ("ipt_ULOG: going to throw a packet to netlink groupmask %u\n", -+ loginfo->nl_group); -+ netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group, -+ GFP_ATOMIC); -+ -+ return IPT_CONTINUE; -+ -+ nlmsg_failure: -+ if (nlskb) -+ kfree(nlskb); -+ printk("ipt_ULOG: Error building netlink message\n"); -+ return IPT_CONTINUE; -+} -+ -+static int ipt_ulog_checkentry(const char *tablename, -+ const struct ipt_entry *e, -+ void *targinfo, -+ unsigned int targinfosize, -+ unsigned int hookmask) -+{ -+ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; -+ -+ if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ulog_info))) { -+ DEBUGP("ULOG: targinfosize %u != 0\n", targinfosize); -+ return 0; -+ } -+ -+ if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { -+ DEBUGP("ULOG: prefix term %i\n", -+ loginfo->prefix[sizeof(loginfo->prefix) - 1]); -+ return 0; -+ } -+ -+ return 1; -+} -+ -+static struct ipt_target ipt_ulog_reg = -+ { {NULL, NULL}, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL, -+THIS_MODULE -+}; -+ -+static int __init init(void) -+{ -+ DEBUGP("ipt_ULOG: init module\n"); -+ nflognl = netlink_kernel_create(NETLINK_NFLOG, nflog_rcv); -+ if (!nflognl) -+ return -ENOMEM; -+ -+ if (ipt_register_target(&ipt_ulog_reg) != 0) { -+ sock_release(nflognl->socket); -+ return -EINVAL; -+ } -+ -+ return 0; -+} -+ -+static void __exit fini(void) -+{ -+ DEBUGP("ipt_ULOG: cleanup_module\n"); -+ -+ ipt_unregister_target(&ipt_ulog_reg); -+ sock_release(nflognl->socket); -+} -+ -+module_init(init); -+module_exit(fini); diff --git a/ulogd/sqlite3/Makefile.in b/sqlite3/Makefile.in index 5c0e1f1..5c0e1f1 100644 --- a/ulogd/sqlite3/Makefile.in +++ b/sqlite3/Makefile.in diff --git a/ulogd/sqlite3/ulogd_SQLITE3.c b/sqlite3/ulogd_SQLITE3.c index 7854f2b..7854f2b 100644 --- a/ulogd/sqlite3/ulogd_SQLITE3.c +++ b/sqlite3/ulogd_SQLITE3.c diff --git a/ulogd/ulogd.conf.in b/ulogd.conf.in index e0c873a..e0c873a 100644 --- a/ulogd/ulogd.conf.in +++ b/ulogd.conf.in diff --git a/ulogd/ulogd.init b/ulogd.init index b678652..b678652 100755 --- a/ulogd/ulogd.init +++ b/ulogd.init diff --git a/ulogd/ulogd.logrotate b/ulogd.logrotate index b3fb6d1..b3fb6d1 100644 --- a/ulogd/ulogd.logrotate +++ b/ulogd.logrotate diff --git a/ulogd/ulogd.spec b/ulogd.spec index 8afc4c4..8afc4c4 100644 --- a/ulogd/ulogd.spec +++ b/ulogd.spec diff --git a/ulogd/COPYING b/ulogd/COPYING deleted file mode 100644 index eeb586b..0000000 --- a/ulogd/COPYING +++ /dev/null @@ -1,340 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Library General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - <one line to give the program's name and a brief idea of what it does.> - Copyright (C) 19yy <name of author> - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) 19yy name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - <signature of Ty Coon>, 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Library General -Public License instead of this License. diff --git a/ulogd/README b/ulogd/README deleted file mode 100644 index 3510007..0000000 --- a/ulogd/README +++ /dev/null @@ -1,97 +0,0 @@ -Userspace logging facility for iptables / linux 2.4 -$Id: README,v 1.7 2002/04/16 12:44:41 laforge Exp $ - -Project Homepage: http://www.gnumonks.org/projects/ulogd -Mailinglist: http://lists.gnumonks.org/mailman/listinfo/ulogd/ - -This is just a short README, pleaes see the more extensive documentation -in the doc/ subdirectory. - -===> IDEA - -This packages is intended for passing packets from the kernel to userspace -to do some logging there. It should work like that: - -- Register a target called ULOG with iptables -- if the target is hit: - - send the packet out using netlink multicast facility - - return NF_CONTINUE immediately - -New with ipt_ULOG 0.8 we can accumulate packets in userspace and send -them in small batches (1-50) to userspace. This reduces the amount of -expensive context switches. - -More than one logging daemon may listen to the netlink multicast address. - -===> CONTENTS - -= Ulog library (libipulog.a) -Just a little library like libipq.a which provides a convenient way to -write userspace logging daemons. The functions provided are described -in the source code, a small demo program (ulog_test) is also included. - -= ulogd daemon (ulogd) -A sophisticated logging daemon which uses libipulog. The daemon provides -an easy to use plugin interface to write additional packet interpreters and -output targets. Example plugins (interpreter: ip, tcp, icmp output: simple -logging to a file) are included. - -= documentation (doc) -A quite verbose documentation of this package and it's configuration exists, -please actually make use of it and read it :) - -===> USAGE - -The kernel part of the userspace logging facility (ipt_ULOG.o) is included -in kernels >= 2.4.18-pre8. If you are running older kernel versions, you MUST -install the ulog-patch from netfilter patch-o-matic FIRST !! - -Please go to the netfilter homepage (http://www.netfilter.org/) -and download the latest iptables package. There is a system called -patch-o-matic, which manages recent netfilter development, which has -not been included in the stock kernel yet. - -Just apply the ulog-patch from patch-o-matic (there is some documentation -included in the iptables package how to use patch-o-matic). - -Next you have to enable the kernel config option CONFIG_IP_NF_TARGET_ULOG in -the netfilter subsection of the network options. - -Then recompile the kernel or just recompile the netfilter modules using 'make -modules SUBDIRS=net/ipv4/netfilter'. Next step is installing the module using -'make modules_install' - -It is also a good idea to recompile and re-install the iptables package, -if you don't already have libipt_ULOG.so in /usr/local/lib/iptables or -/usr/lib/iptables - -Now You are ready to go. You may now insert logging rules to every chain. -To see the full syntax, type 'iptables -j ULOG -h' - -===> EXAMPLES - -At first a simple example, which passes every outgoing packet to the -userspace logging, using netlink multicast group 3. - -iptables -A OUTPUT -j ULOG --ulog-nlgroup 3 - -A more advanced one, passing all incoming tcp packets with destination -port 80 to the userspace logging daemon listening on netlink multicast -group 32. All packets get tagged with the ulog prefix "inp" - -iptables -A INPUT -j ULOG -p tcp --dport 80 --ulog-nlgroup 32 --ulog-prefix inp - -Since version 0.2, I added another parameter (--ulog-cprange). -Using this parameter You are able to specify how much octets of the -packet should be copied from the kernel to userspace. -Setting --ulog-cprange to 0 does always copy the whole packet. Default is 0 - -===> COPYRIGHT + CREDITS - -The code is (C) 2000-2003 by Harald Welte <laforge@gnumonks.org> - -Thanks also to the valuable Contributions of Daniel Stone, Alexander -Janssen and Michael Stolovitzsky. - -Credits to Rusty Russel, James Morris, Marc Boucher and all the other -netfilter hackers. diff --git a/ulogd/TODO b/ulogd/TODO deleted file mode 100644 index 3ab6194..0000000 --- a/ulogd/TODO +++ /dev/null @@ -1,37 +0,0 @@ -libipulog: -X handle multi-part nlmsgs -- Error checking at netlink socket -- forward port my timeout enabled read-function from libipq to libipulog -- man pages - -kernel: -X queue the logging in the kernel and send multiple packets in one - multipart nlmsg -X add timer to flush queue in user-defineable time intervals -- IPv6 ULOG target - -ulogd: -X MYSQL output plugin -X syslog compatibility output plugin -- autoconf-detection of ipt_ULOG.h -X _fini() support for plugin destructors (needed for clean shutdown and - SIGHUP configfile reload -X commandline option for "to fork or not to fork" -X various command line options (we don't even have --version) -- add support for capabilities to run as non-root -X big endian fixes -X man pages -- IPv6 support (core and extensions) -X pcap output plugin (to use ethereal/tcpdump/... for the logs) -- enable user to specify directory where to look for kernel include files -- support for static linking -- make core maintain a list of keyid's that all the output plugins are - interested. The interpreters would be called with their respective - section of that list, and only compute those values that are actually - used by any of the running output plugins -- issues with ulogd_BASE and partially copied packets (--ulog-cprange) -- problem wrt. ulogd_BASE and fragments -- implement extension SIGHUP handlers (including config re-parse) - -conffile: -- rewrite parser. This stuff is a real mess. Anybody interested? |