From 835110044bd970518e10b28348ce6619818ce363 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Sun, 18 May 2008 18:35:35 +0200 Subject: Remove obsolete patches and files and move ulogd to repository top-level directory --- AUTHORS | 1 + COPYING | 7 +- Changes | 129 ++ Makefile.in | 85 ++ README | 70 +- Rules.make.in | 50 + TODO | 20 +- aclocal.m4 | 130 ++ cftest/cftest.c | 30 + cftest/test.txt | 3 + conffile/Makefile.in | 21 + conffile/conffile.c | 241 ++++ config.guess | 1407 ++++++++++++++++++ config.sub | 1505 ++++++++++++++++++++ configure.in | 273 ++++ contrib/ulog_query.php.gz | Bin 0 -> 2875 bytes doc/Makefile.in | 51 + doc/mysql.table | 55 + doc/mysql.table.ipaddr-as-string | 58 + doc/pgsql.table | 81 ++ doc/sqlite3.table | 22 + doc/ulogd.html | 421 ++++++ doc/ulogd.sgml | 449 ++++++ extensions/Makefile.in | 37 + extensions/chtons.h | 32 + extensions/printpkt.c | 276 ++++ extensions/printpkt.h | 7 + extensions/ulogd_BASE.c | 569 ++++++++ extensions/ulogd_LOCAL.c | 102 ++ extensions/ulogd_LOCALTIME.c | 0 extensions/ulogd_LOGEMU.c | 139 ++ extensions/ulogd_OPRINT.c | 149 ++ extensions/ulogd_PWSNIFF.c | 167 +++ extensions/ulogd_SYSLOG.c | 149 ++ include/ulogd/conffile.h | 66 + include/ulogd/ulogd.h | 162 +++ install-sh | 251 ++++ iptables/Makefile | 10 - iptables/libipt_ULOG.c | 207 --- kernel-ULOG-2.4.0-test4.diff | 229 --- kernel-ULOG1-to-ULOG2.diff | 210 --- kernel/Makefile | 8 - kernel/ipt_ULOG.c | 370 ----- kernel/ipt_ULOG.h | 46 - libipulog/Makefile.in | 23 + libipulog/include/libipulog/libipulog.h | 58 + libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h | 62 + libipulog/libipulog.c | 256 ++++ libipulog/ulog_test.c | 84 ++ mysql/Makefile.in | 30 + mysql/ulogd_MYSQL.c | 525 +++++++ pcap/Makefile.in | 30 + pcap/ulogd_PCAP.c | 286 ++++ pgsql/Makefile.in | 30 + pgsql/ulogd_PGSQL.c | 543 +++++++ plain-2.4.0-to-ulog2.diff | 263 ---- sqlite3/Makefile.in | 29 + sqlite3/ulogd_SQLITE3.c | 435 ++++++ ulogd.8 | 64 + ulogd.c | 826 +++++++++++ ulogd.conf.in | 82 ++ ulogd.init | 61 + ulogd.logrotate | 7 + ulogd.spec | 143 ++ ulogd/AUTHORS | 1 - ulogd/COPYING | 340 ----- ulogd/Changes | 129 -- ulogd/Makefile.in | 85 -- ulogd/README | 97 -- ulogd/Rules.make.in | 50 - ulogd/TODO | 37 - ulogd/aclocal.m4 | 130 -- ulogd/cftest/cftest.c | 30 - ulogd/cftest/test.txt | 3 - ulogd/conffile/Makefile.in | 21 - ulogd/conffile/conffile.c | 241 ---- ulogd/config.guess | 1407 ------------------ ulogd/config.sub | 1505 -------------------- ulogd/configure.in | 273 ---- ulogd/contrib/ulog_query.php.gz | Bin 2875 -> 0 bytes ulogd/doc/Makefile.in | 51 - ulogd/doc/mysql.table | 55 - ulogd/doc/mysql.table.ipaddr-as-string | 58 - ulogd/doc/pgsql.table | 81 -- ulogd/doc/sqlite3.table | 22 - ulogd/doc/ulogd.html | 421 ------ ulogd/doc/ulogd.sgml | 449 ------ ulogd/extensions/Makefile.in | 37 - ulogd/extensions/chtons.h | 32 - ulogd/extensions/printpkt.c | 276 ---- ulogd/extensions/printpkt.h | 7 - ulogd/extensions/ulogd_BASE.c | 569 -------- ulogd/extensions/ulogd_LOCAL.c | 102 -- ulogd/extensions/ulogd_LOCALTIME.c | 0 ulogd/extensions/ulogd_LOGEMU.c | 139 -- ulogd/extensions/ulogd_OPRINT.c | 149 -- ulogd/extensions/ulogd_PWSNIFF.c | 167 --- ulogd/extensions/ulogd_SYSLOG.c | 149 -- ulogd/include/ulogd/conffile.h | 66 - ulogd/include/ulogd/ulogd.h | 162 --- ulogd/install-sh | 251 ---- ulogd/libipulog/Makefile.in | 23 - ulogd/libipulog/include/libipulog/libipulog.h | 58 - .../include/linux/netfilter_ipv4/ipt_ULOG.h | 62 - ulogd/libipulog/libipulog.c | 256 ---- ulogd/libipulog/ulog_test.c | 84 -- ulogd/mysql/Makefile.in | 30 - ulogd/mysql/ulogd_MYSQL.c | 525 ------- ulogd/pcap/Makefile.in | 30 - ulogd/pcap/ulogd_PCAP.c | 286 ---- ulogd/pgsql/Makefile.in | 30 - ulogd/pgsql/ulogd_PGSQL.c | 543 ------- ulogd/sqlite3/Makefile.in | 29 - ulogd/sqlite3/ulogd_SQLITE3.c | 435 ------ ulogd/ulogd.8 | 64 - ulogd/ulogd.c | 826 ----------- ulogd/ulogd.conf.in | 82 -- ulogd/ulogd.init | 61 - ulogd/ulogd.logrotate | 7 - ulogd/ulogd.spec | 143 -- 120 files changed, 10752 insertions(+), 12546 deletions(-) create mode 100644 AUTHORS create mode 100644 Changes create mode 100644 Makefile.in create mode 100644 Rules.make.in create mode 100644 aclocal.m4 create mode 100644 cftest/cftest.c create mode 100644 cftest/test.txt create mode 100644 conffile/Makefile.in create mode 100644 conffile/conffile.c create mode 100755 config.guess create mode 100755 config.sub create mode 100644 configure.in create mode 100644 contrib/ulog_query.php.gz create mode 100644 doc/Makefile.in create mode 100644 doc/mysql.table create mode 100644 doc/mysql.table.ipaddr-as-string create mode 100644 doc/pgsql.table create mode 100644 doc/sqlite3.table create mode 100644 doc/ulogd.html create mode 100644 doc/ulogd.sgml create mode 100644 extensions/Makefile.in create mode 100644 extensions/chtons.h create mode 100644 extensions/printpkt.c create mode 100644 extensions/printpkt.h create mode 100644 extensions/ulogd_BASE.c create mode 100644 extensions/ulogd_LOCAL.c create mode 100644 extensions/ulogd_LOCALTIME.c create mode 100644 extensions/ulogd_LOGEMU.c create mode 100644 extensions/ulogd_OPRINT.c create mode 100644 extensions/ulogd_PWSNIFF.c create mode 100644 extensions/ulogd_SYSLOG.c create mode 100644 include/ulogd/conffile.h create mode 100644 include/ulogd/ulogd.h create mode 100755 install-sh delete mode 100644 iptables/Makefile delete mode 100644 iptables/libipt_ULOG.c delete mode 100644 kernel-ULOG-2.4.0-test4.diff delete mode 100644 kernel-ULOG1-to-ULOG2.diff delete mode 100644 kernel/Makefile delete mode 100644 kernel/ipt_ULOG.c delete mode 100644 kernel/ipt_ULOG.h create mode 100644 libipulog/Makefile.in create mode 100644 libipulog/include/libipulog/libipulog.h create mode 100644 libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h create mode 100644 libipulog/libipulog.c create mode 100644 libipulog/ulog_test.c create mode 100644 mysql/Makefile.in create mode 100644 mysql/ulogd_MYSQL.c create mode 100644 pcap/Makefile.in create mode 100644 pcap/ulogd_PCAP.c create mode 100644 pgsql/Makefile.in create mode 100644 pgsql/ulogd_PGSQL.c delete mode 100644 plain-2.4.0-to-ulog2.diff create mode 100644 sqlite3/Makefile.in create mode 100644 sqlite3/ulogd_SQLITE3.c create mode 100644 ulogd.8 create mode 100644 ulogd.c create mode 100644 ulogd.conf.in create mode 100755 ulogd.init create mode 100644 ulogd.logrotate create mode 100644 ulogd.spec delete mode 100644 ulogd/AUTHORS delete mode 100644 ulogd/COPYING delete mode 100644 ulogd/Changes delete mode 100644 ulogd/Makefile.in delete mode 100644 ulogd/README delete mode 100644 ulogd/Rules.make.in delete mode 100644 ulogd/TODO delete mode 100644 ulogd/aclocal.m4 delete mode 100644 ulogd/cftest/cftest.c delete mode 100644 ulogd/cftest/test.txt delete mode 100644 ulogd/conffile/Makefile.in delete mode 100644 ulogd/conffile/conffile.c delete mode 100755 ulogd/config.guess delete mode 100755 ulogd/config.sub delete mode 100644 ulogd/configure.in delete mode 100644 ulogd/contrib/ulog_query.php.gz delete mode 100644 ulogd/doc/Makefile.in delete mode 100644 ulogd/doc/mysql.table delete mode 100644 ulogd/doc/mysql.table.ipaddr-as-string delete mode 100644 ulogd/doc/pgsql.table delete mode 100644 ulogd/doc/sqlite3.table delete mode 100644 ulogd/doc/ulogd.html delete mode 100644 ulogd/doc/ulogd.sgml delete mode 100644 ulogd/extensions/Makefile.in delete mode 100644 ulogd/extensions/chtons.h delete mode 100644 ulogd/extensions/printpkt.c delete mode 100644 ulogd/extensions/printpkt.h delete mode 100644 ulogd/extensions/ulogd_BASE.c delete mode 100644 ulogd/extensions/ulogd_LOCAL.c delete mode 100644 ulogd/extensions/ulogd_LOCALTIME.c delete mode 100644 ulogd/extensions/ulogd_LOGEMU.c delete mode 100644 ulogd/extensions/ulogd_OPRINT.c delete mode 100644 ulogd/extensions/ulogd_PWSNIFF.c delete mode 100644 ulogd/extensions/ulogd_SYSLOG.c delete mode 100644 ulogd/include/ulogd/conffile.h delete mode 100644 ulogd/include/ulogd/ulogd.h delete mode 100755 ulogd/install-sh delete mode 100644 ulogd/libipulog/Makefile.in delete mode 100644 ulogd/libipulog/include/libipulog/libipulog.h delete mode 100644 ulogd/libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h delete mode 100644 ulogd/libipulog/libipulog.c delete mode 100644 ulogd/libipulog/ulog_test.c delete mode 100644 ulogd/mysql/Makefile.in delete mode 100644 ulogd/mysql/ulogd_MYSQL.c delete mode 100644 ulogd/pcap/Makefile.in delete mode 100644 ulogd/pcap/ulogd_PCAP.c delete mode 100644 ulogd/pgsql/Makefile.in delete mode 100644 ulogd/pgsql/ulogd_PGSQL.c delete mode 100644 ulogd/sqlite3/Makefile.in delete mode 100644 ulogd/sqlite3/ulogd_SQLITE3.c delete mode 100644 ulogd/ulogd.8 delete mode 100644 ulogd/ulogd.c delete mode 100644 ulogd/ulogd.conf.in delete mode 100755 ulogd/ulogd.init delete mode 100644 ulogd/ulogd.logrotate delete mode 100644 ulogd/ulogd.spec diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..dcc5998 --- /dev/null +++ b/AUTHORS @@ -0,0 +1 @@ +Harald Welte diff --git a/COPYING b/COPYING index a43ea21..eeb586b 100644 --- a/COPYING +++ b/COPYING @@ -2,7 +2,7 @@ Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 675 Mass Ave, Cambridge, MA 02139, USA + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -279,7 +279,7 @@ POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS - Appendix: How to Apply These Terms to Your New Programs + How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it @@ -305,7 +305,8 @@ the "copyright" line and a pointer to where the full notice is found. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Also add information on how to contact you by electronic and paper mail. diff --git a/Changes b/Changes new file mode 100644 index 0000000..95bc457 --- /dev/null +++ b/Changes @@ -0,0 +1,129 @@ +Version 1.24 (2006-01-25) +- Fix memory leak in postgresql plugin +- Fix printing of "PROTO=XX" for XX != (TCP,UDP,ICMP,ESP) +- Fix parsing of syslog log level +- Add support for 'mysql_config' and 'pg_config' programs +- Add support for 'lib64' to sqlite3 autoconf macros +- Fix some gcc-4 warnings +- Add reconnect support to mysql plugin +- Fix pcap header on some architectures +- Fix off-by-one-column error in sqlite3 plugin + +Version 1.23 (2005-04-18) +- Add supprt for ulogd logging in syslog (the daemon log, not packet log) + +Version 1.22 (2005-03-07) +- Fix postgresql endless loop (Jani Averbach) +- Add postgrsql schema support (Bob Hockney) + +Version 1.21 (2005-02-16) +- Fix compilation on certain gcc versions (Roberto Nibali) +- Fix --log-ip-as-string for mysql, pgsql and sqlite3 (Jani Averbach) + +Version 1.20 (2005-02-12) +- Add SQLITE3 Plugin +- Add 'port' option (for tcp port number) to mysql and postgresql plugins +- Cosmetic changes (c99 initializers, coding style) + +Version 1.10 (2003-Oct-xx) +- Change format of configuration file. Now every plugin has it's own section + in the config file, making the whole parsing procedure easier - and + eliminating multiple loading of .so plugins. (Magnus Boden) +- Make the config file format completely syntax compatible with .ini style files +- Add a new 'SYSLOG' plugin for real syslogging + +Version 1.02 (2003-Oct-08) +- fix printout of time information in ulogd_LOGEMU.c + +Version 1.01 (2003-Aug-23) +- use $(LD) macro in order to provide cross-compiling/linking support +- add 'rmem' configuration key to set the netlink socket rmem buffsize +- don't use kernel header files for IP/TCP header definitions +- various cosmetic cleanup to compile with -Wall +- fix usage of libmysqlclient: call mysql_init() before mysql_real_connect +- don't have LOGEMU read the system time, ulogd_LOCAL.so does this already + +Version 1.00 (2003-Mar-06) +- update documentation to reflect recent additions +- renamed LOCALTIME plugin to LOCAL plugin, since it now also returns + the hostname +- cleanup #include statements +- tcp.window is a 16bit value +- always return tcp flags, even if they are not set [to not cause NULL entries + in the database table +- cosmetic fixes to acommodate most compiler warnings +- moved location of conffile.h and ulog.h +- big update to ulogd_PGSQL.c +- more verbose error reporting when unable to load plugin +- print usage information +- add '--configfile' directive to allow multiple instances with multiple + configfiles + +Version 0.98 +- Fix MAC address printing if there is none (by Andrej Ota) +- Add PostgreSQL support by Jakab Laszlo +- Add Version Number (-V) commandline option +- Make MYBUFSIZ a runtime config directive (Bogdan Dobrota) +- Fix daemonize function (call setsid() and close stdin) +- Add ulogd_PCAP output plugin (to use ethereal/tcpdump/... on the logs) +- Update documentation to reflect kernel inclusion of ipt_ULOG module +- Add ulogd_LOCALTIME 'interpreter' for providing the timestamp at the + time of logging (Florent Aide) +- Fix ulogd_LOGEMU 'PROTO=' printing in case of unknown l4 protocol +- Add support for non-forking mode and logging to stderr (Alessandro Bono) + +Version 0.97 +- added error handling after ipulog_read() to prevent endless loops + +Version 0.96 +- support for old mysql versions (Alexander Janssen) +- support for dotted-quad IP addresses in MySQL (Alexander Janssen) +- added support for synchronous write to LOGEMU (Michael Stolovitzsky) +- autoconf now checks for mysql .so libraries instead of static .a +- autoconf now includes /usr/src/linux/include, because most distros + now have a glibc-provided /usr/include/linux :( +- removed ./configure from CVS tree as it may cause inconsistencies +- better commented example configuration file +- Makefiles now know DESTDIR (for RPM packaging) +- documentation now built at release-time, not compile time +- support for logfile-rotating, using new SIGHUP handler + +Version 0.95 +- libipulog problems of 0.94 fixed +- 1.0 now really soon + +Version 0.94 +- fixed stupid build problem because of missing libipulog + (i'll never try to be intelligent again ;)) + +Version 0.93 +- fixes logfile bug: wrong filename and line numbers printed +- fixes config file parsing, new generic get_word() in conffile.c +- fixes bug in ulogd_LOGEMU.c on big-endian systems +- fixes segfault when packet received but no interpreters registered + (reported by Drori Ghiora) +- sigterm handler installed for clean shutdown +- logfile now fflush()ed after each line printed +- ulogd_LOGEMU now prints date and hostname, just as syslog does + +Version 0.92 +- fixes libipulog loop-bug (reported by Drori Ghiora) + +Version 0.91 +- changes for new kernel ULOG. Includes support for multilink netlink + messages. + +Version 0.9 +- configuration file routines +- plugins are able to register new configfile keys +- new MYSQL output plugin +- new syslog compatibility output plugin + +Version 0.3 + +- new PWSNIFF interpreter plugin +- verbose error reporting + +Version 0.2 + +- real daemon, we are forking now diff --git a/Makefile.in b/Makefile.in new file mode 100644 index 0000000..0f1845c --- /dev/null +++ b/Makefile.in @@ -0,0 +1,85 @@ +RELEASE_DIR:=/tmp + +include @top_srcdir@/Rules.make +CFLAGS+=-I@top_srcdir@/libipulog/include -I@top_srcdir@/include + +SUBDIRS=conffile libipulog extensions doc + +ifeq (x@MYSQLINCLUDES@,x) +else +SUBDIRS+=mysql +endif + +ifeq (x@PGSQLINCLUDES@,x) +else +SUBDIRS+=pgsql +endif + +ifeq (x@HAVE_PCAP_H@,x) +else +SUBDIRS+=pcap +endif + + +ULOGD_VERSION=1.23 +OLD_ULOGD_VERSION=1.22 + +ifeq (x@SQLITE3INCLUDES@,x) +else +SUBDIRS+=sqlite3 +endif + +# Normally You should not need to change anything below + +all: recurse ulogd + +.PHONY: distclean +distclean: clean + @for d in $(SUBDIRS); do if ! make -C $$d $@; then exit 1; fi; done + rm -f Makefile config.cache config.log config.status Rules.make + +.PHONY: docbuild +docbuild: + make -C doc distrib + +.PHONY: distrib +distrib: docbuild distclean delrelease $(RELEASE_DIR)/ulogd-$(ULOGD_VERSION).tar.bz2 diff + +.PHONY: delrelease +delrelease: + rm -f $(RELEASE_DIR)/ulogd-$(ULOGD_VERSION).tar.bz2 + +$(RELEASE_DIR)/ulogd-$(ULOGD_VERSION).tar.bz2: + cd .. && ln -sf ulogd ulogd-$(ULOGD_VERSION) && tar cvf - --exclude CVS --exclude .svn ulogd-$(ULOGD_VERSION)/. | bzip2 -9 > $@ && rm ulogd-$(ULOGD_VERSION) + +.PHONY: diff +diff: $(RELEASE_DIR)/ulogd-$(ULOGD_VERSION).tar.bz2 + @mkdir /tmp/diffdir + @cd /tmp/diffdir && tar -x --bzip2 -f $(RELEASE_DIR)/ulogd-$(ULOGD_VERSION).tar.bz2 + @set -e; cd /tmp/diffdir; tar -x --bzip2 -f $(RELEASE_DIR)/ulogd-$(OLD_ULOGD_VERSION).tar.bz2; echo Creating patch-ulogd-$(OLD_ULOGD_VERSION)-$(ULOGD_VERSION).bz2; diff -urN ulogd-$(OLD_ULOGD_VERSION) ulogd-$(ULOGD_VERSION) | bzip2 -9 > $(RELEASE_DIR)/patch-ulogd-$(OLD_ULOGD_VERSION)-$(ULOGD_VERSION).bz2 + +recurse: + @for d in $(SUBDIRS); do if ! make -C $$d; then exit 1; fi; done + +ulogd: ulogd.c $(LIBIPULOG) include/ulogd/ulogd.h conffile/conffile.o $(LIBIPULOG)/libipulog.a ulogd.conf + $(CC) $(CFLAGS) $(LDFLAGS) -rdynamic $< conffile/conffile.o $(LIBIPULOG)/libipulog.a -o $@ $(LIBS) + +edit = sed -e 's,@libdir\@,$(ULOGD_LIB_PATH),g' + +ulogd.conf: ulogd.conf.in + $(edit) ulogd.conf.in > ulogd.conf + +clean: +# rm -f ulogd *.o extensions/*.o extensions/*.so conffile/*.o + rm -f ulogd ulogd.o ulogd.conf + @for d in $(SUBDIRS); do if ! make -C $$d $@; then exit 1; fi; done + +install: all + @for d in $(SUBDIRS); do if ! make -C $$d $@; then exit 1; fi; done + @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) + @INSTALL@ -D -m 755 ulogd $(DESTDIR)$(BINDIR)/ulogd + @[ -d $(DESTDIR)$(ETCDIR) ] || mkdir -p $(DESTDIR)$(ETCDIR) + @[ -f $(DESTDIR)$(ETCDIR)/ulogd.conf ] || @INSTALL@ -D -m 600 ulogd.conf $(DESTDIR)$(ETCDIR)/ulogd.conf + +doc: + $(MAKE) -C $@ diff --git a/README b/README index 04f8f71..3510007 100644 --- a/README +++ b/README @@ -1,12 +1,18 @@ -Userspace logging facility for netfilter / linux 2.4 -$Id: README,v 1.2 2000/09/22 06:57:16 laforge Exp $ +Userspace logging facility for iptables / linux 2.4 +$Id: README,v 1.7 2002/04/16 12:44:41 laforge Exp $ + +Project Homepage: http://www.gnumonks.org/projects/ulogd +Mailinglist: http://lists.gnumonks.org/mailman/listinfo/ulogd/ + +This is just a short README, pleaes see the more extensive documentation +in the doc/ subdirectory. ===> IDEA This packages is intended for passing packets from the kernel to userspace to do some logging there. It should work like that: -- Register a target called ULOG with netfilter +- Register a target called ULOG with iptables - if the target is hit: - send the packet out using netlink multicast facility - return NF_CONTINUE immediately @@ -19,42 +25,45 @@ More than one logging daemon may listen to the netlink multicast address. ===> CONTENTS -The package is consisting out of three parts: - -NOTE: -ipt_ULOG and libipt_ULOG are NOW INCLUDED IN NETFILTER patch-o-matic. -I strongly recommend using the latest package or even CVS from -http://netfilter.samba.org - -1. Netfilter target ipt_ULOG -This is the kernel module which does the kernel part of packet passing to -the userspace. This module is inserted on demand through the netfilter -subsystem as soon as You add a rule with the target ULOG to any chain. - -2. iptables plugin (libipt_ULOG.so) -This is a plugin for the netfilter configuration tool iptables. Just put -it to /usr/local/lib/iptables and it is loaded on demand from iptables. - -3. Ulog library (libipulog.a) += Ulog library (libipulog.a) Just a little library like libipq.a which provides a convenient way to write userspace logging daemons. The functions provided are described in the source code, a small demo program (ulog_test) is also included. -4. ulogd daemon (ulogd) += ulogd daemon (ulogd) A sophisticated logging daemon which uses libipulog. The daemon provides an easy to use plugin interface to write additional packet interpreters and output targets. Example plugins (interpreter: ip, tcp, icmp output: simple logging to a file) are included. += documentation (doc) +A quite verbose documentation of this package and it's configuration exists, +please actually make use of it and read it :) + ===> USAGE -Just apply the kernel patch and enable the kernel config option -CONFIG_IP_NF_TARGET_ULOG in the netfilter subsection of the network options. -Then recompile the kernel or just recompile the netfilter modules using -'make modules SUBDIRS=net/ipv4/netfilter'. -Next step is installing the module using 'make modules_install' +The kernel part of the userspace logging facility (ipt_ULOG.o) is included +in kernels >= 2.4.18-pre8. If you are running older kernel versions, you MUST +install the ulog-patch from netfilter patch-o-matic FIRST !! + +Please go to the netfilter homepage (http://www.netfilter.org/) +and download the latest iptables package. There is a system called +patch-o-matic, which manages recent netfilter development, which has +not been included in the stock kernel yet. + +Just apply the ulog-patch from patch-o-matic (there is some documentation +included in the iptables package how to use patch-o-matic). -To use the iptables plugin, copy libipt_ULOG.so to /usr/local/lib/iptables +Next you have to enable the kernel config option CONFIG_IP_NF_TARGET_ULOG in +the netfilter subsection of the network options. + +Then recompile the kernel or just recompile the netfilter modules using 'make +modules SUBDIRS=net/ipv4/netfilter'. Next step is installing the module using +'make modules_install' + +It is also a good idea to recompile and re-install the iptables package, +if you don't already have libipt_ULOG.so in /usr/local/lib/iptables or +/usr/lib/iptables Now You are ready to go. You may now insert logging rules to every chain. To see the full syntax, type 'iptables -j ULOG -h' @@ -72,14 +81,17 @@ group 32. All packets get tagged with the ulog prefix "inp" iptables -A INPUT -j ULOG -p tcp --dport 80 --ulog-nlgroup 32 --ulog-prefix inp -In the latest Version (0.2) I added another parameter (--ulog-cprange). +Since version 0.2, I added another parameter (--ulog-cprange). Using this parameter You are able to specify how much octets of the packet should be copied from the kernel to userspace. Setting --ulog-cprange to 0 does always copy the whole packet. Default is 0 ===> COPYRIGHT + CREDITS -The code is (C) 2000 by Harald Welte +The code is (C) 2000-2003 by Harald Welte + +Thanks also to the valuable Contributions of Daniel Stone, Alexander +Janssen and Michael Stolovitzsky. Credits to Rusty Russel, James Morris, Marc Boucher and all the other netfilter hackers. diff --git a/Rules.make.in b/Rules.make.in new file mode 100644 index 0000000..4a161a4 --- /dev/null +++ b/Rules.make.in @@ -0,0 +1,50 @@ +# + +prefix=@prefix@ +exec_prefix=@exec_prefix@ +ETCDIR=@sysconfdir@ +BINDIR=@sbindir@ + +ULOGD_CONFIGFILE=@sysconfdir@/ulogd.conf + +ULOGD_LIB_PATH=@libdir@/ulogd + +# Path of libipulog (from iptables) +LIBIPULOG=@top_srcdir@/libipulog +INCIPULOG=-I@top_srcdir@/libipulog/include +INCCONFFILE=-I@top_srcdir@/conffile + +CC=@CC@ +LD=@LD@ +INSTALL=@INSTALL@ + +CFLAGS=@CFLAGS@ @CPPFLAGS@ -Wall +CFLAGS+=-DULOGD_CONFIGFILE=\"$(ULOGD_CONFIGFILE)\" +CFLAGS+=@KERNEL64_USERSPACE32@ +# doesn't work for subdirs +CFLAGS+=$(INCIPULOG) +#CFLAGS+=-I/lib/modules/`uname -r`/build/include +CFLAGS+=@DEFS@ +#CFLAGS+=-g -DDEBUG -DDEBUG_MYSQL -DDEBUG_PGSQL + +LIBS=@LIBS@ + + +# Names of the plugins to be compiled +ULOGD_SL:=BASE OPRINT PWSNIFF LOGEMU LOCAL SYSLOG + +# mysql output support +#ULOGD_SL+=MYSQL +MYSQL_CFLAGS=@MYSQLINCLUDES@ @EXTRA_MYSQL_DEF@ +MYSQL_LDFLAGS=$(LDFLAGS) @MYSQL_LIB@ + +# postgreSQL output support +#ULOGD_SL+=PGSQL +PGSQL_CFLAGS=@PGSQLINCLUDES@ @EXTRA_PGSQL_DEF@ +PGSQL_LDFLAGS=$(LDFLAGS) @PGSQL_LIB@ + +# mysql output support +#ULOGD_SL+=SQLITE3 +SQLITE3_CFLAGS=@SQLITE3INCLUDES@ @EXTRA_SQLITE3_DEF@ +SQLITE3_LDFLAGS=$(LDFLAGS) @SQLITE3_LIB@ + diff --git a/TODO b/TODO index f305204..3ab6194 100644 --- a/TODO +++ b/TODO @@ -13,15 +13,25 @@ X add timer to flush queue in user-defineable time intervals ulogd: X MYSQL output plugin X syslog compatibility output plugin -- _fini() support for plugin destructors (needed for clean shutdown and +- autoconf-detection of ipt_ULOG.h +X _fini() support for plugin destructors (needed for clean shutdown and SIGHUP configfile reload X commandline option for "to fork or not to fork" X various command line options (we don't even have --version) - add support for capabilities to run as non-root -- big endian fixes -- man pages +X big endian fixes +X man pages - IPv6 support (core and extensions) -- make ULOGD_RET_RAW contain information about the size of the returned object +X pcap output plugin (to use ethereal/tcpdump/... for the logs) +- enable user to specify directory where to look for kernel include files +- support for static linking +- make core maintain a list of keyid's that all the output plugins are + interested. The interpreters would be called with their respective + section of that list, and only compute those values that are actually + used by any of the running output plugins +- issues with ulogd_BASE and partially copied packets (--ulog-cprange) +- problem wrt. ulogd_BASE and fragments +- implement extension SIGHUP handlers (including config re-parse) conffile: -- rewrite. This stuff is a real mess. +- rewrite parser. This stuff is a real mess. Anybody interested? diff --git a/aclocal.m4 b/aclocal.m4 new file mode 100644 index 0000000..368464b --- /dev/null +++ b/aclocal.m4 @@ -0,0 +1,130 @@ +dnl aclocal.m4 generated automatically by aclocal 1.4 + +dnl Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +dnl This program is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without +dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A +dnl PARTICULAR PURPOSE. + +dnl aclocal.m4 generated automatically by aclocal 1.4 + +dnl Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +dnl This program is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without +dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A +dnl PARTICULAR PURPOSE. + +# Do all the work for Automake. This macro actually does too much -- +# some checks are only needed if your package does certain things. +# But this isn't really a big deal. + +# serial 1 + +dnl Usage: +dnl AM_INIT_AUTOMAKE(package,version, [no-define]) + +AC_DEFUN(AM_INIT_AUTOMAKE, +[AC_REQUIRE([AC_PROG_INSTALL]) +PACKAGE=[$1] +AC_SUBST(PACKAGE) +VERSION=[$2] +AC_SUBST(VERSION) +dnl test to see if srcdir already configured +if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then + AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) +fi +ifelse([$3],, +AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) +AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])) +AC_REQUIRE([AM_SANITY_CHECK]) +AC_REQUIRE([AC_ARG_PROGRAM]) +dnl FIXME This is truly gross. +missing_dir=`cd $ac_aux_dir && pwd` +AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir) +AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir) +AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir) +AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir) +AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir) +AC_REQUIRE([AC_PROG_MAKE_SET])]) + +# +# Check to make sure that the build environment is sane. +# + +AC_DEFUN(AM_SANITY_CHECK, +[AC_MSG_CHECKING([whether build environment is sane]) +# Just in case +sleep 1 +echo timestamp > conftestfile +# Do `set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + set X `ls -Lt $srcdir/configure conftestfile 2> /dev/null` + if test "[$]*" = "X"; then + # -L didn't work. + set X `ls -t $srcdir/configure conftestfile` + fi + if test "[$]*" != "X $srcdir/configure conftestfile" \ + && test "[$]*" != "X conftestfile $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken +alias in your environment]) + fi + + test "[$]2" = conftestfile + ) +then + # Ok. + : +else + AC_MSG_ERROR([newly created file is older than distributed files! +Check your system clock]) +fi +rm -f conftest* +AC_MSG_RESULT(yes)]) + +dnl AM_MISSING_PROG(NAME, PROGRAM, DIRECTORY) +dnl The program must properly implement --version. +AC_DEFUN(AM_MISSING_PROG, +[AC_MSG_CHECKING(for working $2) +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if ($2 --version) < /dev/null > /dev/null 2>&1; then + $1=$2 + AC_MSG_RESULT(found) +else + $1="$3/missing $2" + AC_MSG_RESULT(missing) +fi +AC_SUBST($1)]) + + +# Define a conditional. + +AC_DEFUN(AM_CONDITIONAL, +[AC_SUBST($1_TRUE) +AC_SUBST($1_FALSE) +if $2; then + $1_TRUE= + $1_FALSE='#' +else + $1_TRUE='#' + $1_FALSE= +fi]) + diff --git a/cftest/cftest.c b/cftest/cftest.c new file mode 100644 index 0000000..b99882b --- /dev/null +++ b/cftest/cftest.c @@ -0,0 +1,30 @@ +#include +#include +#include "conffile.h" + +int bla(char *args) +{ + printf("bla called: %s\n", args); + return 0; +} +int main() +{ + config_entry_t e,f; + memset(&e, 0, sizeof(config_entry_t)); + strcpy(e.key, "zeile"); + e.u.parser = bla; + e.type = CONFIG_TYPE_CALLBACK; + config_register_key(&e); + + strcpy(f.key, "spalte"); + f.type = CONFIG_TYPE_STRING; + f.options |= CONFIG_OPT_MANDATORY; + f.u.str.string = (char *) malloc(100); + f.u.str.maxlen = 99; + config_register_key(&f); + + config_parse_file("test.txt"); + printf("SPALTE: %s\n", f.u.str.string); + + exit(0); +} diff --git a/cftest/test.txt b/cftest/test.txt new file mode 100644 index 0000000..3c0b663 --- /dev/null +++ b/cftest/test.txt @@ -0,0 +1,3 @@ +zeile zeile1 +spalte 0815 +asdfasf diff --git a/conffile/Makefile.in b/conffile/Makefile.in new file mode 100644 index 0000000..907e6a7 --- /dev/null +++ b/conffile/Makefile.in @@ -0,0 +1,21 @@ +# + +include @top_srcdir@/Rules.make +CFLAGS+=-I@top_srcdir@/include/ulogd + +# Normally You should not need to change anything below + +all: conffile.o + +distrib: + +conffile.o: conffile.c + $(CC) $(CFLAGS) -c $< -o $@ + +clean: + rm -f conffile.o + +distclean: + rm -f Makefile + +install: all diff --git a/conffile/conffile.c b/conffile/conffile.c new file mode 100644 index 0000000..d26c5ff --- /dev/null +++ b/conffile/conffile.c @@ -0,0 +1,241 @@ +/* config file parser functions + * + * (C) 2000 by Harald Welte + * + * $Id: conffile.c,v 1.4 2001/09/01 11:51:53 laforge Exp $ + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include +#include +#include +#include "conffile.h" + +#ifdef DEBUG_CONF +#define DEBUGC(format, args...) fprintf(stderr, format, ## args) +#else +#define DEBUGC(format, args...) +#endif + +/* points to config entry with error */ +config_entry_t *config_errce = NULL; + +/* Filename of the config file */ +static char *fname = NULL; + +/* get_word() - Function to parse a line into words. + * Arguments: line line to parse + * delim possible word delimiters + * buf pointer to buffer where word is returned + * Return value: pointer to first char after word + * This function can deal with "" quotes + */ +static char *get_word(char *line, char *not, char *buf) +{ + char *p, *start = NULL, *stop = NULL; + int inquote = 0; + + for (p = line; *p; p++) { + if (*p == '"') { + start = p + 1; + inquote = 1; + break; + } + if (!strchr(not, *p)) { + start = p; + break; + } + } + if (!start) + return NULL; + + /* determine pointer to one char after word */ + for (p = start; *p; p++) { + if (inquote) { + if (*p == '"') { + stop = p; + break; + } + } else { + if (strchr(not, *p)) { + stop = p; + break; + } + } + } + if (!stop) + return NULL; + + strncpy(buf, start, (size_t) (stop-start)); + *(buf + (stop-start)) = '\0'; + + /* skip quote character */ + if (inquote) + /* yes, we can return stop + 1. If " was the last + * character in string, it now points to NULL-term */ + return (stop + 1); + + return stop; +} + +#if 0 +/* do we have a config directive for this name */ +static int config_iskey(char *name) +{ + config_entry_t *ce; + + for (ce = config; ce; ce = ce->next) { + if (!strcmp(name, ce->key)) + return 0; + } + + return 1; +} +#endif + +/*********************************************************************** + * PUBLIC INTERFACE + ***********************************************************************/ + +/* register config file with us */ +int config_register_file(const char *file) +{ + /* FIXME: stat of file */ + if (fname) + return 1; + + fname = (char *) malloc(strlen(file)+1); + if (!fname) + return -ERROOM; + + strcpy(fname, file); + + return 0; +} + +/* parse config file */ +int config_parse_file(const char *section, config_entry_t *keys) +{ + FILE *cfile; + char *args; + config_entry_t *ce; + int err = 0; + int found = 0; + char linebuf[LINE_LEN+1]; + char *line = linebuf; + + cfile = fopen(fname, "r"); + if (!cfile) + return -ERROPEN; + + DEBUGC("prasing section [%s]\n", section); + + /* Search for correct section */ + while (fgets(line, LINE_LEN, cfile)) { + char wordbuf[LINE_LEN]; + char *wordend; + + if (*line == '#') + continue; + + if (!(wordend = get_word(line, " \t\n[]", (char *) wordbuf))) + continue; + DEBUGC("word: \"%s\"\n", wordbuf); + if (!strcmp(wordbuf, section)) { + found = 1; + break; + } + } + + if (!found) { + fclose(cfile); + return -ERRSECTION; + } + + /* Parse this section until next section */ + while (fgets(line, LINE_LEN, cfile)) + { + char wordbuf[LINE_LEN]; + char *wordend; + + DEBUGC("line read: %s\n", line); + if (*line == '#') + continue; + + if (!(wordend = get_word(line, " =\t\n", (char *) &wordbuf))) + continue; + + if (wordbuf[0] == '[' ) { + DEBUGC("Next section '%s' encountered\n", wordbuf); + break; + } + + DEBUGC("parse_file: entering main loop\n"); + for (ce = keys; ce; ce = ce->next) { + DEBUGC("parse main loop, key: %s\n", ce->key); + if (strcmp(ce->key, (char *) &wordbuf)) { + continue; + } + + wordend = get_word(wordend, " =\t\n", (char *) &wordbuf); + args = (char *)&wordbuf; + + if (ce->hit && !(ce->options & CONFIG_OPT_MULTI)) + { + DEBUGC("->ce-hit and option not multi!\n"); + config_errce = ce; + err = -ERRMULT; + goto cpf_error; + } + ce->hit++; + + switch (ce->type) { + case CONFIG_TYPE_STRING: + if (strlen(args) < + CONFIG_VAL_STRING_LEN ) { + strcpy(ce->u.string, args); + /* FIXME: what if not ? */ + } + break; + case CONFIG_TYPE_INT: + ce->u.value = atoi(args); + break; + case CONFIG_TYPE_CALLBACK: + (ce->u.parser)(args); + break; + } + break; + } + DEBUGC("parse_file: exiting main loop\n"); + } + + + for (ce = keys; ce; ce = ce->next) { + DEBUGC("ce post loop, ce=%s\n", ce->key); + if ((ce->options & CONFIG_OPT_MANDATORY) && (ce->hit == 0)) { + DEBUGC("Mandatory config directive \"%s\" not found\n", + ce->key); + config_errce = ce; + err = -ERRMAND; + goto cpf_error; + } + + } + +cpf_error: + fclose(cfile); + return err; +} + diff --git a/config.guess b/config.guess new file mode 100755 index 0000000..0e30d56 --- /dev/null +++ b/config.guess @@ -0,0 +1,1407 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + +timestamp='2003-07-02' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Per Bothner . +# Please send patches to . Submit a context +# diff and a properly formatted ChangeLog entry. +# +# This script attempts to guess a canonical system name similar to +# config.sub. If it succeeds, it prints the system name on stdout, and +# exits with 0. Otherwise, it exits with 1. +# +# The plan is that this can be called by configure scripts if you +# don't specify an explicit build system type. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit 0 ;; + --version | -v ) + echo "$version" ; exit 0 ;; + --help | --h* | -h ) + echo "$usage"; exit 0 ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +trap 'exit 1' 1 2 15 + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# Portable tmp directory creation inspired by the Autoconf team. + +set_cc_for_build=' +trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +: ${TMPDIR=/tmp} ; + { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; +dummy=$tmp/dummy ; +tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; +case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int x;" > $dummy.c ; + for c in cc gcc c89 c99 ; do + if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then + CC_FOR_BUILD="$c"; break ; + fi ; + done ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +esac ;' + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + case "${UNAME_MACHINE_ARCH}" in + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently, or will in the future. + case "${UNAME_MACHINE_ARCH}" in + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + eval $set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep __ELF__ >/dev/null + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # The OS release + # Debian GNU/NetBSD machines have a different userland, and + # thus, need a distinct triplet. However, they do not need + # kernel version information, so it can be replaced with a + # suitable tag, in the style of linux-gnu. + case "${UNAME_VERSION}" in + Debian*) + release='-gnu' + ;; + *) + release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + ;; + esac + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit 0 ;; + amiga:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + arc:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + hp300:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mac68k:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + macppc:OpenBSD:*:*) + echo powerpc-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme68k:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme88k:OpenBSD:*:*) + echo m88k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvmeppc:OpenBSD:*:*) + echo powerpc-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + pmax:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + sgi:OpenBSD:*:*) + echo mipseb-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + sun3:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + wgrisc:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + *:OpenBSD:*:*) + echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + alpha:OSF1:*:*) + if test $UNAME_RELEASE = "V4.0"; then + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + fi + # According to Compaq, /usr/sbin/psrinfo has been available on + # OSF/1 and Tru64 systems produced since 1995. I hope that + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` + case "$ALPHA_CPU_TYPE" in + "EV4 (21064)") + UNAME_MACHINE="alpha" ;; + "EV4.5 (21064)") + UNAME_MACHINE="alpha" ;; + "LCA4 (21066/21068)") + UNAME_MACHINE="alpha" ;; + "EV5 (21164)") + UNAME_MACHINE="alphaev5" ;; + "EV5.6 (21164A)") + UNAME_MACHINE="alphaev56" ;; + "EV5.6 (21164PC)") + UNAME_MACHINE="alphapca56" ;; + "EV5.7 (21164PC)") + UNAME_MACHINE="alphapca57" ;; + "EV6 (21264)") + UNAME_MACHINE="alphaev6" ;; + "EV6.7 (21264A)") + UNAME_MACHINE="alphaev67" ;; + "EV6.8CB (21264C)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8AL (21264B)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8CX (21264D)") + UNAME_MACHINE="alphaev68" ;; + "EV6.9A (21264/EV69A)") + UNAME_MACHINE="alphaev69" ;; + "EV7 (21364)") + UNAME_MACHINE="alphaev7" ;; + "EV7.9 (21364A)") + UNAME_MACHINE="alphaev79" ;; + esac + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + exit 0 ;; + Alpha*:OpenVMS:*:*) + echo alpha-hp-vms + exit 0 ;; + Alpha\ *:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # Should we change UNAME_MACHINE based on the output of uname instead + # of the specific Alpha model? + echo alpha-pc-interix + exit 0 ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit 0 ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit 0;; + *:[Aa]miga[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-amigaos + exit 0 ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-morphos + exit 0 ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit 0 ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit 0;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit 0;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit 0 ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit 0 ;; + DRS?6000:unix:4.0:6*) + echo sparc-icl-nx6 + exit 0 ;; + DRS?6000:UNIX_SV:4.2*:7*) + case `/usr/bin/uname -p` in + sparc) echo sparc-icl-nx7 && exit 0 ;; + esac ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + i86pc:SunOS:5.*:*) + echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit 0 ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit 0 ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos${UNAME_RELEASE} + ;; + sun4) + echo sparc-sun-sunos${UNAME_RELEASE} + ;; + esac + exit 0 ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit 0 ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint${UNAME_RELEASE} + exit 0 ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint${UNAME_RELEASE} + exit 0 ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint${UNAME_RELEASE} + exit 0 ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit 0 ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit 0 ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix${UNAME_RELEASE} + exit 0 ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c \ + && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ + && exit 0 + echo mips-mips-riscos${UNAME_RELEASE} + exit 0 ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit 0 ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit 0 ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) + echo powerpc-harris-powermax + exit 0 ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit 0 ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit 0 ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit 0 ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit 0 ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ + [ ${TARGET_BINARY_INTERFACE}x = x ] + then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else + echo i586-dg-dgux${UNAME_RELEASE} + fi + exit 0 ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit 0 ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit 0 ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit 0 ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit 0 ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit 0 ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit 0 ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 + echo rs6000-ibm-aix3.2.5 + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit 0 ;; + *:AIX:*:[45]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit 0 ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit 0 ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit 0 ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit 0 ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit 0 ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit 0 ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit 0 ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; + '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "${HP_ARCH}" = "" ]; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac + if [ ${HP_ARCH} = "hppa2.0w" ] + then + # avoid double evaluation of $set_cc_for_build + test -n "$CC_FOR_BUILD" || eval $set_cc_for_build + if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null + then + HP_ARCH="hppa2.0w" + else + HP_ARCH="hppa64" + fi + fi + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit 0 ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux${HPUX_REV} + exit 0 ;; + 3050*:HI-UX:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 + echo unknown-hitachi-hiuxwe2 + exit 0 ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit 0 ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit 0 ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit 0 ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit 0 ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit 0 ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit 0 ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit 0 ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit 0 ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit 0 ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit 0 ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit 0 ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + *:UNICOS/mp:*:*) + echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit 0 ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit 0 ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi${UNAME_RELEASE} + exit 0 ;; + *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit 0 ;; + *:FreeBSD:*:*|*:GNU/FreeBSD:*:*) + # Determine whether the default compiler uses glibc. + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + #if __GLIBC__ >= 2 + LIBC=gnu + #else + LIBC= + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` + # GNU/FreeBSD systems have a "k" prefix to indicate we are using + # FreeBSD's kernel, but not the complete OS. + case ${LIBC} in gnu) kernel_only='k' ;; esac + echo ${UNAME_MACHINE}-unknown-${kernel_only}freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC} + exit 0 ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit 0 ;; + i*:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit 0 ;; + i*:PW*:*) + echo ${UNAME_MACHINE}-pc-pw32 + exit 0 ;; + x86:Interix*:[34]*) + echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//' + exit 0 ;; + [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) + echo i${UNAME_MACHINE}-pc-mks + exit 0 ;; + i*:Windows_NT*:* | Pentium*:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we + # UNAME_MACHINE based on the output of uname instead of i386? + echo i586-pc-interix + exit 0 ;; + i*:UWIN*:*) + echo ${UNAME_MACHINE}-pc-uwin + exit 0 ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin + exit 0 ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + *:GNU:*:*) + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit 0 ;; + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit 0 ;; + arm*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + cris:Linux:*:*) + echo cris-axis-linux-gnu + exit 0 ;; + ia64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + m68*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + mips:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef mips + #undef mipsel + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=mipsel + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=mips + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` + test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 + ;; + mips64:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef mips64 + #undef mips64el + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=mips64el + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=mips64 + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` + test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 + ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu + exit 0 ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu + exit 0 ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit 0 ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-gnu ;; + PA8*) echo hppa2.0-unknown-linux-gnu ;; + *) echo hppa-unknown-linux-gnu ;; + esac + exit 0 ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu + exit 0 ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo ${UNAME_MACHINE}-ibm-linux + exit 0 ;; + sh64*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + sh*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + x86_64:Linux:*:*) + echo x86_64-unknown-linux-gnu + exit 0 ;; + i*86:Linux:*:*) + # The BFD linker knows what the default object file format is, so + # first see if it will tell us. cd to the root directory to prevent + # problems with other programs or directories called `ld' in the path. + # Set LC_ALL=C to ensure ld outputs messages in English. + ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ + | sed -ne '/supported targets:/!d + s/[ ][ ]*/ /g + s/.*supported targets: *// + s/ .*// + p'` + case "$ld_supported_targets" in + elf32-i386) + TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" + ;; + a.out-i386-linux) + echo "${UNAME_MACHINE}-pc-linux-gnuaout" + exit 0 ;; + coff-i386) + echo "${UNAME_MACHINE}-pc-linux-gnucoff" + exit 0 ;; + "") + # Either a pre-BFD a.out linker (linux-gnuoldld) or + # one that does not give us useful --help. + echo "${UNAME_MACHINE}-pc-linux-gnuoldld" + exit 0 ;; + esac + # Determine whether the default compiler is a.out or elf + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + #ifdef __ELF__ + # ifdef __GLIBC__ + # if __GLIBC__ >= 2 + LIBC=gnu + # else + LIBC=gnulibc1 + # endif + # else + LIBC=gnulibc1 + # endif + #else + #ifdef __INTEL_COMPILER + LIBC=gnu + #else + LIBC=gnuaout + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` + test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0 + test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 + ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit 0 ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + exit 0 ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo ${UNAME_MACHINE}-pc-os2-emx + exit 0 ;; + i*86:XTS-300:*:STOP) + echo ${UNAME_MACHINE}-unknown-stop + exit 0 ;; + i*86:atheos:*:*) + echo ${UNAME_MACHINE}-unknown-atheos + exit 0 ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + i*86:*DOS:*:*) + echo ${UNAME_MACHINE}-pc-msdosdjgpp + exit 0 ;; + i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) + UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + fi + exit 0 ;; + i*86:*:5:[78]*) + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + exit 0 ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit 0 ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i386. + echo i386-pc-msdosdjgpp + exit 0 ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit 0 ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit 0 ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit 0 ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit 0 ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit 0 ;; + M680?0:D-NIX:5.3:*) + echo m68k-diab-dnix + exit 0 ;; + M68*:*:R3V[567]*:*) + test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; + 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4.3${OS_REL} && exit 0 + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4 && exit 0 ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit 0 ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + echo powerpc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit 0 ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit 0 ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit 0 ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit 0 ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit 0 ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit 0 ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit 0 ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit 0 ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit 0 ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit 0 ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit 0 ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit 0 ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit 0 ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux${UNAME_RELEASE} + exit 0 ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux${UNAME_RELEASE} + exit 0 ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; + *:Rhapsody:*:*) + echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; + *:Darwin:*:*) + case `uname -p` in + *86) UNAME_PROCESSOR=i686 ;; + powerpc) UNAME_PROCESSOR=powerpc ;; + esac + echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + exit 0 ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = "x86"; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + exit 0 ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit 0 ;; + NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk${UNAME_RELEASE} + exit 0 ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit 0 ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit 0 ;; + DS/*:UNIX_System_V:*:*) + echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + exit 0 ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + if test "$cputype" = "386"; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo ${UNAME_MACHINE}-unknown-plan9 + exit 0 ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit 0 ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit 0 ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit 0 ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit 0 ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit 0 ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit 0 ;; + SEI:*:*:SEIUX) + echo mips-sei-seiux${UNAME_RELEASE} + exit 0 ;; +esac + +#echo '(No uname command or uname output not recognized.)' 1>&2 +#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 + +eval $set_cc_for_build +cat >$dummy.c < +# include +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +# if !defined (ultrix) +# include +# if defined (BSD) +# if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +# else +# if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# endif +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# else + printf ("vax-dec-ultrix\n"); exit (0); +# endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0 + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit 0 ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + c34*) + echo c34-convex-bsd + exit 0 ;; + c38*) + echo c38-convex-bsd + exit 0 ;; + c4*) + echo c4-convex-bsd + exit 0 ;; + esac +fi + +cat >&2 < in order to provide the needed +information to handle your system. + +config.guess timestamp = $timestamp + +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = ${UNAME_MACHINE} +UNAME_RELEASE = ${UNAME_RELEASE} +UNAME_SYSTEM = ${UNAME_SYSTEM} +UNAME_VERSION = ${UNAME_VERSION} +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/config.sub b/config.sub new file mode 100755 index 0000000..6eea727 --- /dev/null +++ b/config.sub @@ -0,0 +1,1505 @@ +#! /bin/sh +# Configuration validation subroutine script. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + +timestamp='2003-07-17' + +# This file is (in principle) common to ALL GNU software. +# The presence of a machine in this file suggests that SOME GNU software +# can handle that machine. It does not imply ALL GNU software can. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Please send patches to . Submit a context +# diff and a properly formatted ChangeLog entry. +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS + $0 [OPTION] ALIAS + +Canonicalize a configuration name. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit 0 ;; + --version | -v ) + echo "$version" ; exit 0 ;; + --help | --h* | -h ) + echo "$usage"; exit 0 ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo $1 + exit 0;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + nto-qnx* | linux-gnu* | kfreebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple | -axis) + os= + basic_machine=$1 + ;; + -sim | -cisco | -oki | -wec | -winbond) + os= + basic_machine=$1 + ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco5) + os=-sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -udk*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ + | c4x | clipper \ + | d10v | d30v | dlx | dsp16xx \ + | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | i370 | i860 | i960 | ia64 \ + | ip2k | iq2000 \ + | m32r | m68000 | m68k | m88k | mcore \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ + | mips64vr | mips64vrel \ + | mips64orion | mips64orionel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ + | msp430 \ + | ns16k | ns32k \ + | openrisc | or32 \ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ + | pyramid \ + | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ + | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \ + | strongarm \ + | tahoe | thumb | tic4x | tic80 | tron \ + | v850 | v850e \ + | we32k \ + | x86 | xscale | xstormy16 | xtensa \ + | z8k) + basic_machine=$basic_machine-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12) + # Motorola 68HC11/12. + basic_machine=$basic_machine-unknown + os=-none + ;; + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + ;; + + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i*86 | x86_64) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* \ + | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ + | clipper-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | elxsi-* \ + | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* | iq2000-* \ + | m32r-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | mcore-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ + | mips64vr-* | mips64vrel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* \ + | mips64vr5000-* | mips64vr5000el-* \ + | mipsisa32-* | mipsisa32el-* \ + | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa64-* | mipsisa64el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipstx39-* | mipstx39el-* \ + | msp430-* \ + | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ + | pyramid-* \ + | romp-* | rs6000-* \ + | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ + | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ + | tahoe-* | thumb-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tron-* \ + | v850-* | v850e-* | vax-* \ + | we32k-* \ + | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ + | xtensa-* \ + | ymp-* \ + | z8k-*) + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-unknown + os=-bsd + ;; + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amd64) + basic_machine=x86_64-pc + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-unknown + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + c90) + basic_machine=c90-cray + os=-unicos + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | j90) + basic_machine=j90-cray + os=-unicos + ;; + crds | unos) + basic_machine=m68k-crds + ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + decsystem10* | dec10*) + basic_machine=pdp10-dec + os=-tops10 + ;; + decsystem20* | dec20*) + basic_machine=pdp10-dec + os=-tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + go32) + basic_machine=i386-pc + os=-go32 + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + basic_machine=hppa1.1-hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; +# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i*86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i*86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i*86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + i386-vsta | vsta) + basic_machine=i386-unknown + os=-vsta + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 + ;; + miniframe) + basic_machine=m68000-convergent + ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + mmix*) + basic_machine=mmix-knuth + os=-mmixware + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + morphos) + basic_machine=powerpc-unknown + os=-morphos + ;; + msdos) + basic_machine=i386-pc + os=-msdos + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + necv70) + basic_machine=v70-nec + os=-sysv + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; + np1) + basic_machine=np1-gould + ;; + nv1) + basic_machine=nv1-cray + os=-unicosmp + ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + op50n-* | op60c-*) + basic_machine=hppa1.1-oki + os=-proelf + ;; + or32 | or32-*) + basic_machine=or32-unknown + os=-coff + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pentium | p5 | k5 | k6 | nexgen | viac3) + basic_machine=i586-pc + ;; + pentiumpro | p6 | 6x86 | athlon | athlon_*) + basic_machine=i686-pc + ;; + pentiumii | pentium2 | pentiumiii | pentium3) + basic_machine=i686-pc + ;; + pentium4) + basic_machine=i786-pc + ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-* | 6x86-* | athlon-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentium4-*) + basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=power-ibm + ;; + ppc) basic_machine=powerpc-unknown + ;; + ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64) basic_machine=powerpc64-unknown + ;; + ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64le | powerpc64little | ppc64-le | powerpc64-little) + basic_machine=powerpc64le-unknown + ;; + ppc64le-* | powerpc64little-*) + basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + pw32) + basic_machine=i586-unknown + os=-pw32 + ;; + rom68k) + basic_machine=m68k-rom68k + os=-coff + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + s390 | s390-*) + basic_machine=s390-ibm + ;; + s390x | s390x-*) + basic_machine=s390x-ibm + ;; + sa29200) + basic_machine=a29k-amd + os=-udi + ;; + sb1) + basic_machine=mipsisa64sb1-unknown + ;; + sb1el) + basic_machine=mipsisa64sb1el-unknown + ;; + sei) + basic_machine=mips-sei + os=-seiux + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sh64) + basic_machine=sh64-unknown + ;; + sparclite-wrs | simso-wrs) + basic_machine=sparclite-wrs + os=-vxworks + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + st2000) + basic_machine=m68k-tandem + ;; + stratus) + basic_machine=i860-stratus + os=-sysv4 + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + sv1) + basic_machine=sv1-cray + os=-unicos + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + t3e) + basic_machine=alphaev5-cray + os=-unicos + ;; + t90) + basic_machine=t90-cray + os=-unicos + ;; + tic54x | c54x*) + basic_machine=tic54x-unknown + os=-coff + ;; + tic55x | c55x*) + basic_machine=tic55x-unknown + os=-coff + ;; + tic6x | c6x*) + basic_machine=tic6x-unknown + os=-coff + ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; + toad1) + basic_machine=pdp10-xkl + os=-tops20 + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=-none + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + w65*) + basic_machine=w65-wdc + os=-none + ;; + w89k-*) + basic_machine=hppa1.1-winbond + os=-proelf + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + ymp) + basic_machine=ymp-cray + os=-unicos + ;; + z8k-*-coff) + basic_machine=z8k-unknown + os=-sim + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + w89k) + basic_machine=hppa1.1-winbond + ;; + op50n) + basic_machine=hppa1.1-oki + ;; + op60c) + basic_machine=hppa1.1-oki + ;; + romp) + basic_machine=romp-ibm + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp10) + # there are many clones, so DEC is not a safe bet + basic_machine=pdp10-unknown + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele) + basic_machine=sh-unknown + ;; + sh64) + basic_machine=sh64-unknown + ;; + sparc | sparcv9 | sparcv9b) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + mac | mpw | mac-mpw) + basic_machine=m68k-apple + ;; + pmac | pmac-mpw) + basic_machine=powerpc-apple + ;; + *-unknown) + # Make sure to match an already-canonicalized machine name. + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -svr4*) + os=-sysv4 + ;; + -unixware*) + os=-sysv4.2uw + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -netbsd* | -openbsd* | -kfreebsd* | -freebsd* | -riscix* \ + | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* \ + | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ + | -powermax* | -dnix* | -nx6 | -nx7 | -sei*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -qnx*) + case $basic_machine in + x86-* | i*86-*) + ;; + *) + os=-nto$os + ;; + esac + ;; + -nto-qnx*) + ;; + -nto*) + os=`echo $os | sed -e 's|nto|nto-qnx|'` + ;; + -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo $os | sed -e 's|mac|macos|'` + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -opened*) + os=-openedition + ;; + -wince*) + os=-wince + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -atheos*) + os=-atheos + ;; + -386bsd) + os=-bsd + ;; + -ctix* | -uts*) + os=-sysv + ;; + -nova*) + os=-rtmk-nova + ;; + -ns2 ) + os=-nextstep2 + ;; + -nsk*) + os=-nsk + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -ose*) + os=-ose + ;; + -es1800*) + os=-ose + ;; + -xenix) + os=-xenix + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; + -aros*) + os=-aros + ;; + -kaos*) + os=-kaos + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + *-acorn) + os=-riscix1.2 + ;; + arm*-rebel) + os=-linux + ;; + arm*-semi) + os=-aout + ;; + c4x-* | tic4x-*) + os=-coff + ;; + # This must come before the *-dec entry. + pdp10-*) + os=-tops20 + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + # This also exists in the configure program, but was not the + # default. + # os=-sunos4 + ;; + m68*-cisco) + os=-aout + ;; + mips*-cisco) + os=-elf + ;; + mips*-*) + os=-elf + ;; + or32-*) + os=-coff + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-be) + os=-beos + ;; + *-ibm) + os=-aix + ;; + *-wec) + os=-proelf + ;; + *-winbond) + os=-proelf + ;; + *-oki) + os=-proelf + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigaos + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f30[01]-fujitsu | f700-fujitsu) + os=-uxpv + ;; + *-rom68k) + os=-coff + ;; + *-*bug) + os=-coff + ;; + *-apple) + os=-macos + ;; + *-atari*) + os=-mint + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -aix*) + vendor=ibm + ;; + -beos*) + vendor=be + ;; + -hpux*) + vendor=hp + ;; + -mpeix*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs* | -opened*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -vxsim* | -vxworks* | -windiss*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + -hms*) + vendor=hitachi + ;; + -mpw* | -macos*) + vendor=apple + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + vendor=atari + ;; + -vos*) + vendor=stratus + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os +exit 0 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/configure.in b/configure.in new file mode 100644 index 0000000..c9db6c2 --- /dev/null +++ b/configure.in @@ -0,0 +1,273 @@ +dnl Process this file with autoconf to produce a configure script. +AC_PREQ(2.50) +AC_INIT(ulogd.c) + +dnl Checks for programs. +AC_PROG_MAKE_SET +AC_PROG_CC +AC_CHECK_TOOL(LD, ld) +AC_PROG_INSTALL + +dnl Checks for libraries. +AC_CHECK_LIB(dl, dlopen) +AC_CHECK_HEADER(pcap.h,HAVE_PCAP_H=true) + +dnl Checks for header files. +AC_HEADER_DIRENT +AC_HEADER_STDC +AC_CHECK_HEADERS(fcntl.h unistd.h) + +dnl Checks for typedefs, structures, and compiler characteristics. +AC_C_CONST +AC_TYPE_SIZE_T +AC_STRUCT_TM +AC_SYS_LARGEFILE + +dnl Checks for library functions. +AC_FUNC_VPRINTF +AC_CHECK_FUNCS(socket strerror) + +DATABASE_DIR="" +DATABASE_LIB="" +DATABASE_LIB_DIR="" + +DATABASE_DRIVERS="" + +KERNEL64_USERSPACE32="" + +dnl +dnl test for MySQL +dnl +AC_ARG_WITH(mysql, + --with-mysql= mysql installed in ,[ +if test $withval != yes +then + dir=$withval +else + dir="/usr/local" +fi +mysqldir="" +AC_MSG_CHECKING(for MySQL files) +for d in $dir/bin /usr/bin /usr/local/bin /usr/local/mysql/bin /opt/mysql/bin /opt/packages/mysql/bin +do + if test -f $d/mysql_config + then + AC_MSG_RESULT(found mysql_config in $d) + mysqldir=$d + break + fi +done + +if test x$mysqldir = x +then + AC_MSG_WARN(MySQL backend not used) +else + AC_DEFINE(HAVE_MYSQL) + MYSQLINCLUDES=`$d/mysql_config --include` + + DATABASE_DIR="${DATABASE_DIR} mysql" + + MYSQL_LIB=`$d/mysql_config --libs` + DB_DEF="${DB_DEF} -DHAVE_MYSQL " + + + AC_SUBST(MYSQLINCLUDES) + AC_SUBST(MYSQL_LIB) + + dnl Here we check whether we have an old MySQL client library + dnl installed, which does not support the mysql_real_escape_string(), + dnl but the real_escape_string() function. + dnl Having a look in the libary itself should be more reliable than + dnl parsing the output of mysql --version. + + OLDLIBS="$LIBS" + LIBS="$MYSQL_LIB" + AC_CHECK_FUNCS([mysql_real_escape_string], [], [EXTRA_MYSQL_DEF="-DOLD_MYSQL=1 "]) + LIBS="$OLDLIBS" +fi +]) + + +dnl +dnl Check whether the user wants log IP-addresses as strings rather +dnl than as unsigned long-integers to his MySQL-database. Since this +dnl feature is only used in ulogd_MYSQL.c, there are no checks in any +dnl way. +dnl + +AC_ARG_WITH(mysql-log-ip-as-string, + --with-mysql-log-ip-as-string log IPs as string rather than as + unsigned long-integer. +,[ + EXTRA_MYSQL_DEF="${EXTRA_MYSQL_DEF} -DIP_AS_STRING=1" + AC_MSG_WARN(the use of --with-mysql-log-ip-as-string is discouraged) +]) + + +dnl +dnl test for PostgreSQL +dnl +AC_ARG_WITH(pgsql, + --with-pgsql= pgsql installed in ,[ +if test $withval != yes +then + dir=$withval +else + dir="/usr/local" +fi +pgsqldir="" +AC_MSG_CHECKING(for PGSQL files) +for d in $dir/bin /usr/bin /usr/local/bin /usr/local/pgsql/bin /opt/pgsql/bin /opt/packages/pgsql/bin +do + if test -x $d/pg_config + then + AC_MSG_RESULT(found pg_config in $d) + pgsqldir=$d + break + fi +done + +if test x$pgsqldir = x +then + AC_MSG_WARN(PGSQL backend not used) +else + AC_DEFINE(HAVE_PGSQL) + PGSQLINCLUDES=-I`$pgsqldir/pg_config --includedir` + PGSQLLIBS=-L`$pgsqldir/pg_config --libdir` + + DATABASE_DIR="${DATABASE_DIR} pgsql" + PGSQL_LIB="${PGSQLLIBS} -lpq " + + DB_DEF="${DB_DEF} -DHAVE_PGSQL " + + AC_SUBST(PGSQLINCLUDES) + AC_SUBST(PGSQL_LIB) + +fi +]) + +dnl +dnl Check whether the user wants to log IP-addresses as strings rather +dnl than integers to his pgsql-database. +dnl + +AC_ARG_WITH(pgsql-log-ip-as-string, + --with-pgsql-log-ip-as-string log IPs as string rather than as interger +,[ + EXTRA_PGSQL_DEF="-DIP_AS_STRING=1" +]) + + +dnl +dnl test for sqlite3 +dnl +AC_ARG_WITH(sqlite3, + --with-sqlite3= sqlite3 installed in ,[ +if test $withval != yes +then + dir=$withval +else + dir="/usr/local" +fi +sqlite3dir="" +AC_MSG_CHECKING(for sqlite3 files) +for d in $dir /usr /usr/local /usr/local/sqlite3 +do + if test -f $d/lib64/sqlite3/libsqlite3.so + then + AC_MSG_RESULT(found sqlite3 in $d) + sqlite3dir=$d + sqlite3dir_suffix=/sqlite3 + sqlite3dir_libdir=${sqlite3dir}/lib64 + break + elif test -f $d/lib/sqlite3/libsqlite3.so + then + AC_MSG_RESULT(found sqlite3 in $d) + sqlite3dir=$d + sqlite3dir_suffix=/sqlite3 + sqlite3dir_libdir=${sqlite3dir}/lib + break + elif test -f $d/lib64/libsqlite3.so + then + AC_MSG_RESULT(found sqlite3 in $d) + sqlite3dir=$d + sqlite3dir_suffix= + sqlite3dir_libdir=${sqlite3dir}/lib64 + break + elif test -f $d/lib/libsqlite3.so + then + AC_MSG_RESULT(found sqlite3 in $d) + sqlite3dir=$d + sqlite3dir_suffix= + sqlite3dir_libdir=${sqlite3dir}/lib + break + fi +done + +if test x$sqlite3dir = x +then + AC_MSG_WARN(sqlite3 backend not used) +else + AC_DEFINE(HAVE_SQLITE3) + SQLITE3INCLUDES=-I${sqlite3dir}/include${sqlite3dir_suffix} + SQLITE3LIBS=-L${sqlite3dir_libdir}${sqlite3dir_suffix} + + DATABASE_DIR="${DATABASE_DIR} sqlite3" + SQLITE3_LIB="${SQLITE3LIBS} -lsqlite3 " + + DB_DEF="${DB_DEF} -DHAVE_SQLITE3 " + + + AC_SUBST(SQLITE3INCLUDES) + AC_SUBST(SQLITE3_LIB) + +fi +]) + + +dnl +dnl Check whether the user wants log IP-addresses as strings rather +dnl than as unsigned long-integers to his sqlite3-database. Since this +dnl feature is only used in ulogd_SQLITE3.c, there are no checks in any +dnl way. +dnl + +AC_ARG_WITH(sqlite3-log-ip-as-string, + --with-sqlite3-log-ip-as-string log IPs as string rather than as + unsigned long-integer. +,[ + EXTRA_SQLITE3_DEF="${EXTRA_SQLITE3_DEF} -DIP_AS_STRING=1" + AC_MSG_WARN(the use of --with-sqlite3-log-ip-as-string is discouraged) +]) + +dnl +dnl Kernel 64 +dnl + +AC_ARG_WITH(kernel-64-user-32, + --with-kernel-64-user-32 Use this flag to compile on system where kernel is 64 bits + userspace is 32. +,[ + KERNEL64_USERSPACE32="-DKERNEL_64_USERSPACE_32" + AC_MSG_WARN(The use of the flag kernel-64-user-32 could interfere with kernel evolution. Use it at your own risk.) +]) + + +AC_SUBST(DATABASE_DIR) +AC_SUBST(DATABASE_LIB) +AC_SUBST(DATABASE_LIB_DIR) +AC_SUBST(DB_DEF) +AC_SUBST(EXTRA_MYSQL_DEF) +AC_SUBST(EXTRA_PGSQL_DEF) +AC_SUBST(EXTRA_SQLITE3_DEF) + +AC_SUBST(DATABASE_DRIVERS) +AC_SUBST(HAVE_PCAP_H) + +AC_SUBST(KERNEL64_USERSPACE32) + +AM_CONDITIONAL(HAVE_MYSQL, test x$mysqldir != x) +AM_CONDITIONAL(HAVE_PGSQL, test x$pgsqldir != x) +AM_CONDITIONAL(HAVE_SQLITE3, test x$sqlite3dir != x) + +AC_OUTPUT(extensions/Makefile doc/Makefile conffile/Makefile libipulog/Makefile mysql/Makefile pgsql/Makefile sqlite3/Makefile pcap/Makefile Makefile Rules.make) diff --git a/contrib/ulog_query.php.gz b/contrib/ulog_query.php.gz new file mode 100644 index 0000000..e57bc0b Binary files /dev/null and b/contrib/ulog_query.php.gz differ diff --git a/doc/Makefile.in b/doc/Makefile.in new file mode 100644 index 0000000..e6c71a9 --- /dev/null +++ b/doc/Makefile.in @@ -0,0 +1,51 @@ +#! /usr/bin/make +# this file is shamelessly stolen from the iptables CVS tree + +LANG_DIRS:= + +HOWTOS:=$(wildcard *.sgml) +HOWTOS+=$(foreach dir, $(LANG_DIRS), $(wildcard $(dir)/*.sgml)) + +TXT_HOWTOS:=$(HOWTOS:.sgml=.txt) +HTML_HOWTOS:=$(HOWTOS:.sgml=.html) +PSA4_HOWTOS:=$(HOWTOS:.sgml=.a4.ps) +PSUS_HOWTOS:=$(HOWTOS:.sgml=.letter.ps) + +HOWTO_FLAGS_it/=-c latin -l it +HOWTO_FLAGS_fr/=-c latin -l fr + +user_calls_make: + +distrib: $(TXT_HOWTOS) $(PSA4_HOWTOS) $(HTML_HOWTOS) + +HOWTOs: $(TXT_HOWTOS) $(HTML_HOWTOS) $(PSA4_HOWTOS) $(PSUS_HOWTOS) + +# Remake all if Makefile changes. +$(TXT_HOWTOS) $(HTML_HOWTOS) $(PSA4_HOWTOS) $(PSUS_HOWTOS): Makefile + +# Stupid sgml2* tools strip dirnames for output files. 8( +%.txt: %.sgml + @echo Making $@: && cd `dirname $<` && sgml2txt --filter $(HOWTO_FLAGS_$(dir $<)) `basename $<` 2>&1 | sed "s?^:\([0-9]*\):[^ ]* ?$<:\1:?" + +%.a4.dvi: %.sgml + @echo Making $@: && cd `dirname $<` && sgml2latex --papersize=a4 --output=dvi $(HOWTO_FLAGS_$(dir $<)) `basename $<` 2>&1 | sed "s?^:\([0-9]*\):[^ ]* ?$<:\1:?" && mv `basename $*.dvi` `basename $*.a4.dvi` + +%.a4.ps: %.a4.dvi + @dvips -t a4 -o $@ $< + +%.letter.dvi: %.sgml + @echo Making $@: && cd `dirname $<` && sgml2latex --papersize=letter --output=dvi $(HOWTO_FLAGS_$(dir $<)) `basename $<` 2>&1 | sed "s?^:\([0-9]*\):[^ ]* ?$<:\1:?" && mv `basename $*.dvi` `basename $*.letter.dvi` + +%.letter.ps: %.letter.dvi + @dvips -t letter -o $@ $< + +%.html: %.sgml + @echo Making $@: && cd `dirname $<` && sgml2html -s 0 $(HOWTO_FLAGS_$(dir $<)) `basename $<` 2>&1 | sed "s?^:\([0-9]*\):[^ ]* ?$<:\1:?" + +clean: +# for d in . $(LANG_DIRS); do rm -f $$d/*.html $$d/*.ps $$d/*.aux $$d/*.log $$d/*.txt $$d/*~; done + +distclean: + rm -f Makefile + +install: diff --git a/doc/mysql.table b/doc/mysql.table new file mode 100644 index 0000000..bdfee71 --- /dev/null +++ b/doc/mysql.table @@ -0,0 +1,55 @@ +CREATE TABLE ulog ( id INT UNSIGNED AUTO_INCREMENT UNIQUE, + + raw_mac VARCHAR(80), + + oob_time_sec INT UNSIGNED, + oob_time_usec INT UNSIGNED, + oob_prefix VARCHAR(32), + oob_mark INT UNSIGNED, + oob_in VARCHAR(32), + oob_out VARCHAR(32), + + ip_saddr INT UNSIGNED, + ip_daddr INT UNSIGNED, + ip_protocol TINYINT UNSIGNED, + ip_tos TINYINT UNSIGNED, + ip_ttl TINYINT UNSIGNED, + ip_totlen SMALLINT UNSIGNED, + ip_ihl TINYINT UNSIGNED, + ip_csum SMALLINT UNSIGNED, + ip_id SMALLINT UNSIGNED, + ip_fragoff SMALLINT UNSIGNED, + + tcp_sport SMALLINT UNSIGNED, + tcp_dport SMALLINT UNSIGNED, + tcp_seq INT UNSIGNED, + tcp_ackseq INT UNSIGNED, + tcp_window SMALLINT UNSIGNED, + tcp_urg TINYINT, + tcp_urgp SMALLINT UNSIGNED, + tcp_ack TINYINT, + tcp_psh TINYINT, + tcp_rst TINYINT, + tcp_syn TINYINT, + tcp_fin TINYINT, + + udp_sport SMALLINT UNSIGNED, + udp_dport SMALLINT UNSIGNED, + udp_len SMALLINT UNSIGNED, + + icmp_type TINYINT UNSIGNED, + icmp_code TINYINT UNSIGNED, + icmp_echoid SMALLINT UNSIGNED, + icmp_echoseq SMALLINT UNSIGNED, + icmp_gateway INT UNSIGNED, + icmp_fragmtu SMALLINT UNSIGNED, + + pwsniff_user VARCHAR(30), + pwsniff_pass VARCHAR(30), + + ahesp_spi INT UNSIGNED, + + KEY index_id (id) + ); + + diff --git a/doc/mysql.table.ipaddr-as-string b/doc/mysql.table.ipaddr-as-string new file mode 100644 index 0000000..4a9cecc --- /dev/null +++ b/doc/mysql.table.ipaddr-as-string @@ -0,0 +1,58 @@ +# MySQL dump 7.1 +# +# Host: localhost Database: ulogd +#-------------------------------------------------------- +# Server version 3.22.32 + +# This table is intended for use with older MySQL-Servers and +# the --with-mysql-log-ip-as-string feature. It will not work +# without that feature. +# +# Table structure for table 'ulog' +# +CREATE TABLE ulog ( + id int(10) unsigned NOT NULL auto_increment, + raw_mac varchar(80), + oob_time_sec int(10) unsigned, + oob_time_usec int(10) unsigned, + oob_prefix varchar(32), + oob_mark int(10) unsigned, + oob_in varchar(32), + oob_out varchar(32), + ip_saddr varchar(16), + ip_daddr varchar(16), + ip_protocol tinyint(3) unsigned, + ip_tos tinyint(3) unsigned, + ip_ttl tinyint(3) unsigned, + ip_totlen smallint(5) unsigned, + ip_ihl tinyint(3) unsigned, + ip_csum smallint(5) unsigned, + ip_id smallint(5) unsigned, + ip_fragoff smallint(5) unsigned, + tcp_sport smallint(5) unsigned, + tcp_dport smallint(5) unsigned, + tcp_seq int(10) unsigned, + tcp_ackseq int(10) unsigned, + tcp_window smallint(5) unsigned, + tcp_urg tinyint(4), + tcp_urgp smallint(5) unsigned, + tcp_ack tinyint(4), + tcp_psh tinyint(4), + tcp_rst tinyint(4), + tcp_syn tinyint(4), + tcp_fin tinyint(4), + udp_sport smallint(5) unsigned, + udp_dport smallint(5) unsigned, + udp_len smallint(5) unsigned, + icmp_type tinyint(3) unsigned, + icmp_code tinyint(3) unsigned, + icmp_echoid smallint(5) unsigned, + icmp_echoseq smallint(5) unsigned, + icmp_gateway int(10) unsigned, + icmp_fragmtu smallint(5) unsigned, + pwsniff_user varchar(30), + pwsniff_pass varchar(30), + ahesp_spi int(10) unsigned, + PRIMARY KEY (id) +); + diff --git a/doc/pgsql.table b/doc/pgsql.table new file mode 100644 index 0000000..193f747 --- /dev/null +++ b/doc/pgsql.table @@ -0,0 +1,81 @@ +/* ulogd.pgsql.table, Version 0.1 + * + * sample of a postgres table for ulogd + * + * All columns except "id" are optional! Comment all unwanted + * columns out, e.g. by prefixing them with '--' + * + * "raw_pkt" is not supported by ulogd_PGSQL + */ + +CREATE SEQUENCE "seq_ulog"; + +CREATE TABLE "ulog" ( + "id" integer DEFAULT nextval('seq_ulog') NOT NULL, + + "oob_prefix" character varying(32), + "oob_time_sec" integer, + "oob_time_usec" integer, + "oob_mark" bigint, + "oob_in" character varying(32), + "oob_out" character varying(32), + + "raw_mac" character varying(80), + "raw_pktlen" bigint, + + "ip_ihl" smallint, + "ip_tos" smallint, + "ip_totlen" integer, + "ip_id" integer, + "ip_fragoff" integer, + "ip_ttl" smallint, + "ip_protocol" smallint, + "ip_csum" integer, + +/* log IPs as unsigned int32 (default) */ + "ip_saddr" bigint, + "ip_daddr" bigint, + +/* log IPs as string (--with-pgsql-log-ip-as-string) */ +-- "ip_saddr" character varying(40), +-- "ip_daddr" character varying(40), + +/* log IPs as inet (--with-pgsql-log-ip-as-string) */ +-- "ip_saddr" inet, +-- "ip_daddr" inet, + + + "tcp_sport" integer, + "tcp_dport" integer, + "tcp_seq" bigint, + "tcp_ackseq" bigint, + "tcp_urg" boolean, + "tcp_ack" boolean, + "tcp_psh" boolean, + "tcp_rst" boolean, + "tcp_syn" boolean, + "tcp_fin" boolean, + "tcp_window" integer, + "tcp_urgp" integer, + + "udp_sport" integer, + "udp_dport" integer, + "udp_len" integer, + + "icmp_type" smallint, + "icmp_code" smallint, + "icmp_echoid" integer, + "icmp_echoseq" integer, + "icmp_gateway" bigint, + "icmp_fragmtu" integer, + + "pwsniff_user" character varying(30), + "pwsniff_pass" character varying(30), + + "ahesp_spi" smallint, + + "local_time" bigint, + "local_hostname" character varying(40) +); + + diff --git a/doc/sqlite3.table b/doc/sqlite3.table new file mode 100644 index 0000000..7b5e99a --- /dev/null +++ b/doc/sqlite3.table @@ -0,0 +1,22 @@ +CREATE TABLE ulog ( + raw_mac VARCHAR(80), + oob_time_sec INT UNSIGNED, + oob_time_usec INT UNSIGNED, + ip_saddr INT UNSIGNED, + ip_daddr INT UNSIGNED, + ip_protocol TINYINT UNSIGNED, + ip_totlen SMALLINT UNSIGNED, + tcp_sport SMALLINT UNSIGNED, + tcp_dport SMALLINT UNSIGNED, + udp_sport SMALLINT UNSIGNED, + udp_dport SMALLINT UNSIGNED, + udp_len SMALLINT UNSIGNED, + icmp_type TINYINT UNSIGNED, + icmp_code TINYINT UNSIGNED, + icmp_echoid SMALLINT UNSIGNED, + icmp_echoseq SMALLINT UNSIGNED, + icmp_gateway INT UNSIGNED, + icmp_fragmtu SMALLINT UNSIGNED + ); + + diff --git a/doc/ulogd.html b/doc/ulogd.html new file mode 100644 index 0000000..8bf7fed --- /dev/null +++ b/doc/ulogd.html @@ -0,0 +1,421 @@ + + + + + ULOGD - the Userspace Logging Daemon + + +

ULOGD - the Userspace Logging Daemon

+ +

Harald Welte <laforge@gnumonks.org>

Revision $Revision: 803 $, $Date: 2005-04-18 16:21:17 +0200 (Mon, 18 Apr 2005) $ +
+This is the documentation for ulogd, the Userspace logging daemon. +ulogd makes use of the Linux >= 2.4.x packet filter subsystem (iptables) and +the ULOG target for iptables. +
+

1. DESIGN

+ +

1.1 CONCEPT +

+ +

I want to provide a flexible, almost universal logging daemon for my netfilter +ULOG target. It is not optimized in any way, the goal is to keep as simple as +possible. These are my thoughts about how the architecture which is most +capable of doing that:

+

+

+
Interpreter lugins

It should be possible to add plugins / runtime modules for new protocols, etc. +For example the standard logging daemon provides source-ip, dest-ip, +source-port, dest-port, etc. Logging for variuos other protocols (GRE, +IPsec, ...) may be implemented as modules.

+ +
Output plugins

... describe how and where to put the information gained by logging plugins. +The easiest way is to build a line per packet and fprint it to a file. +Some people might want to log into a SQL database or want an output +conforming to the intrusion detection systems communication draft from the +IETF.

+ +
+

+ +

1.2 DETAILS +

+ +

The major clue is providing a framework which is as flexible as possible. +Nobody knows what strange network protocols are out there :) Flexibility +depends on the communication between the output of the logging plugins +and input of the output plugins.

+

Rusty advised me to use some kind of type-key-value triples, which is in fact +what I implemented.

+

One issue is, of course, performance. Up to ulogd 0.3, ulogd did several +linked list iterations and about 30 malloc() calls _per packet_. This +changed with the new >= 0.9 revisions: +

    +
  • Not a single dynamic allocation in the core during runtime. +Everything is pre-allocated at start of ulogd to provide the highest +possible throughput.
    • +
  • Hash tables in addition to the linked lists. Linked lists are only +traversed if we really want to access each element of the list.
    • +
+

+ +

2. INSTALLATION

+ + +

2.1 Linux kernel +

+ +

First you will need a recent 2.4.x kernel. If you have a kernel >= +2.4.18-pre8, it already has the kernel suport for ULOG (ipt_ULOG.o).

+

If you have an older kernel version (between 2.4.0 and 2.4.18-pre6), you +can use the patch-o-matic system of netfilter/iptables, as described in +the following section.

+ +

2.2 ipt_ULOG from netfilter/iptables patch-o-matic +

+ +

You only need to read this chapter if you have a 2.4.x kernel <= +2.4.18-pre6.

+

In order to put the ipt_ULOG module into your kernel source,you need the latest +iptables package, or even better: the latest CVS snapshot. A description how to +obtain this is provided on the netfilter +homepage +http://www.netfilter.org/.

+

To run patch-o-matic, just type +

+
+make patch-o-matic
+
+
+ +in the userspace directory of netfilter CVS.

+ +

2.3 ulogd +

+ +

Recompiling the source

+ +

Download the ulogd package from +http://ftp.netfilter.org/pub/ulogd/ and +untar it.

+

If you want to build ulogd with MySQL support, type './configure --with-mysql'. You may also have to specify the path of the mysql libraries using '--with-mysql=path'. To build ulogd without MySQL support, just use './configure'.

+

To compile and install the program, call 'make install'.

+ +

Using a precompiled package

+ +

I also provide a SRPM, which should compile on almost any rpm-based distribution. It is available at +http://ftp.netfilter.org/pub/ulogd/

+

Just download the package and do the usual 'rpm --rebuild <file>'.

+ +

3. Configuration

+ +

3.1 iptables ULOG target +

+ +

Quick Setup

+ +

Just add rules using the ULOG target to your firewalling chain. A very basic +example: +

+
+iptables -A FORWARD -j ULOG --ulog-nlgroup 32 --ulog-prefix foo 
+
+
+

+

To increase logging performance, try to use the +

+
+--ulog-qthreshold N
+
+
+ +option (where 1 < N <= 50). The number you specify is the amout of packets +batched together in one multipart netlink message. If you set this to 20, the +kernel schedules ulogd only once every 20 packets. All 20 packets are then +processed by ulogd. This reduces the number of context switches between kernel +and userspace.

+

Of course you can combine the ULOG target with the different netfilter match +modules. For a more detailed description, have a look at the netfilter +HOWTO's, available on the netfilter homepage.

+

ULOG target reference

+ +

+

+
--ulog-nlgroup N

The number of the netlink multicast group to which ULOG'ed packets are sent. +You will have to use the same group number in the ULOG target and ulogd in +order to make logging work.

+
--ulog-cprange N

Copyrange. This works like the 'snaplen' paramter of tcpdump. You can specify +a number of bytes up to which the packet is copied. If you say '40', you will +receive the first fourty bytes of every packet. Leave it to '0'

+
--ulog-qthreshold N

Queue threshold. If a packet is matched by the iptables rule, and already N +packets are in the queue, the queue is flushed to userspace. You can use this +to implement a policy like: Use a big queue in order to gain high performance, +but still have certain packets logged immediately to userspace.

+
--ulog-prefix STRING

A string that is associated with every packet logged by this rule. You can use +this option to later tell from which rule the packet was logged.

+
+

+ +

ipt_ULOG module parameters

+ +

The ipt_ULOG kernel module has a couple of module loadtime parameters which can +(and should) be tuned to accomodate the needs of the application: +

+
nlbufsiz N

Netlink buffer size. A buffer of the specified size N is allocated for every +netlink group that is used. Please note that due to restrictions of the kernel +memory allocator, we cannot have a buffer size > 128kBytes. Larger buffer +sizes increase the performance, since less kernel/userspace context switches +are needed for the same amount of packets. The backside of this performance +gain is a potentially larger delay. The default value is 4096 bytes, which is +quite small.

+
flushtimeout N

The flushtimeout determines, after how many clock ticks (on alpha: 1ms, on +x86 and most other platforms: 10ms time units) the buffer/queue is to be +flushed, even if it is not full. This can be used to have the advantage of a +large buffer, but still a finite maximum delay introduced. The default value +is set to 10 seconds.

+
+ +Example: +
+
+modprobe ipt_ULOG nlbufsiz=65535 flushtimeout=100
+
+
+ +This would use a buffer size of 64k and a flushtimeout of 100 clockticks (1 second on x86).

+ +

3.2 ulogd +

+ +

ulogd is what this is all about, so let's describe it's configuration...

+

ulogd configfile syntax reference

+ +

All configurable parameters of ulogd are in the configfile, typically located +at '/etc/ulogd.conf'.

+

The following configuration parameters are available: +

+
nlgroup

The netlink multicast group, which ulgogd should bind to. This is the same as +given with the '--ulog-nlgroup' option to iptables.

+
logfile

The main logfile, where ulogd reports any errors, warnings and other unexpected conditions. Apart from a regular filename, the following special values can be used; ``syslog'' to log via the unix syslog(3) mechanism. ``stdout'' to log to stdout.

+
loglevel

This specifies, how verbose the logging to logfile is. Currently defined +loglevels are: 1=debug information, 3=informational messages, 5=noticable +exceptional conditions, 7=error conditions, 8=fatal errors, program abort.

+
plugin

This option is followed by a filename of a ulogd plugin, which ulogd shold load +upon initialization. This option may appear more than once.

+
rmem

Size of the netlink socket receive memory. You should set this to at least the +size of the kernel buffer (nlbufsiz parameter of the ipt_ULOG module). Please +note that there is a maximum limit in /proc/sys/net/core/rmem_max which you +cannot exceed by increasing the ``rmem'' parameter. You may need to raise the +system-wide maximum limit before.

+
bufsize

Size of the receive buffer. You should set this to at least the socket receive buffer (rmem).

+
+

+

ulogd commandline option reference

+ +

Apart from the configfile, there are a couple of commandline options to ulogd: +

+
-h --help

Print a help message about the commandline options.

+
-V --version

Print version information about ulogd.

+
-d --daemon

For off into daemon mode. Unless you are debugging, you will want to use this +most of the time.

+
-c --configfile

Using this commandline option, an alternate config file can be used. This is +important if multiple instances of ulogd are to be run on a single machine.

+
+

+ +

4. Available plugins

+ +

It is important to understand that ulogd without plugins does nothing. It will receive packets, and do nothing with them.

+

There are two kinds of plugins, interpreter and output plugins. Interpreter +plugins parse the packet, output plugin write the interpreted information to +some logfile/database/...

+ +

4.1 Interpreter plugins +

+ +

ulogd comes with the following interpreter plugins:

+

ulogd_BASE.so

+ +

Basic interpreter plugin for nfmark, timestamp, mac address, ip header, tcp +header, udp header, icmp header, ah/esp header... Most people will want to load +this very important plugin.

+

ulogd_PWSNIFF.so

+ +

Example interpreter plugin to log plaintext passwords as used with FTP and +POP3. Don't blame me for writing this plugin! The protocols are inherently +insecure, and there are a lot of other tools for sniffing passwords... it's +just an example.

+

ulogd_LOCAL.so

+ +

This is a 'virtual interpreter'. It doesn't really return any information on +the packet itself, rather the local system time and hostname. Please note that +the time is the time at the time of logging, not the packets receive time.

+ +

4.2 Output plugins +

+ +

ulogd comes with the following output plugins:

+ +

ulogd_OPRINT.so

+ +

A very simple output module, dumping all packets in the format +

+
+===>PACKET BOUNDARY
+key=value
+key=value
+...
+===>PACKET BOUNDARY
+...
+
+
+ +to a file. The only useful application is debugging.

+

The module defines the following configuration directives: +

+
dumpfile

The filename where it should log to. The default is +/var/log/ulogd.pktlog

+
+

+ +

ulogd_LOGEMU.so

+ +

An output module which tries to emulate the old syslog-based LOG targed as far +as possible. Logging is done to a seperate textfile instead of syslog, though.

+

The module defines the following configuration directives: +

+
file

The filename where it should log to. The default is +/var/log/ulogd.syslogemu

+
sync

Set this to 1 if you want to have your logfile written +synchronously. This may reduce performance, but makes your log-lines appear +immediately. The default is 0

+
+

+ +

ulogd_MYSQL.so

+ +

An output plugin for logging into a mysql database. This is only compiled if +you have the mysql libraries installed, and the configure script was able to +detect them. (that is: --with-mysql was specified for ./configure)

+ +

The plugin automagically inserts the data into the configured table; It +connects to mysql during the startup phase of ulogd and obtains a list of the +columns in the table. Then it tries to resolve the column names against keys of +interpreter plugins. This way you can easly select which information you want +to log - just by the layout of the table.

+ +

If, for example, your table contains a field called 'ip_saddr', ulogd will +resolve this against the key 'ip.saddr' and put the ip address as 32bit +unsigned integer into the table.

+ +

You may want to have a look at the file 'doc/mysql.table' as an +example table including fields to log all keys from ulogd_BASE.so. Just delete +the fields you are not interested in, and create the table.

+ +

The module defines the following configuration directives: +

+
table

Name of the table to which ulogd should log

+
ldb

Name of the mysql database

+
host

Name of the mysql database host

+
port

TCP port number of mysql database server

+
user

Name of the mysql user

+
pass

Password for mysql

+
+

+ +

ulogd_PGSQL.so

+ +

An output plugin for logging into a postgresql database. This is only compiled +if you have the mysql libraries installed, and the configure script was able to +detect them. (that is: --with-pgsql was specified for ./configure)

+ +

The plugin automagically inserts the data into the configured table; It +connects to pgsql during the startup phase of ulogd and obtains a list of the +columns in the table. Then it tries to resolve the column names against keys of +interpreter plugins. This way you can easly select which information you want +to log - just by the layout of the table.

+ +

If, for example, your table contains a field called 'ip_saddr', ulogd will +resolve this against the key 'ip.saddr' and put the ip address as 32bit +unsigned integer into the table.

+ +

You may want to have a look at the file 'doc/mysql.table' as an +example table including fields to log all keys from ulogd_BASE.so. Just delete +the fields you are not interested in, and create the table.

+ +

The module defines the following configuration directives: +

+
table

Name of the table to which ulogd should log

+
db

Name of the database

+
host

Name of the mysql database host

+
port

TCP port number of database server

+
user

Name of the sql user

+
pass

Password for sql user

+
+

+ +

ulogd_PCAP.so

+ +

An output plugin that can be used to generate libpcap-style packet logfiles. +This can be useful for later analysing the packet log with tools like tcpdump +or ethereal.

+

The module defines the following configuration directives: +

+
file

The filename where it should log to. The default is: +/var/log/ulogd.pcap

+
sync

Set this to 1 if you want to have your pcap logfile written +synchronously. This may reduce performance, but makes your packets appear +immediately in the file on disk. The default is 0

+
+

+ +

ulogd_SQLITE3.so

+ +

An output plugin for logging into a SQLITE v3 database. This is only compiled +if you have the sqlite libraries installed, and the configure script was able to +detect them. (that is: --with-sqlite3 was specified for ./configure)

+ +

The plugin automagically inserts the data into the configured table; It +opens the sqlite db during the startup phase of ulogd and obtains a list of the +columns in the table. Then it tries to resolve the column names against keys of +interpreter plugins. This way you can easly select which information you want +to log - just by the layout of the table.

+ +

If, for example, your table contains a field called 'ip_saddr', ulogd will +resolve this against the key 'ip.saddr' and put the ip address as 32bit +unsigned integer into the table.

+ +

You may want to have a look at the file 'doc/sqlite3.table' as an +example table including fields to log all keys from ulogd_BASE.so. Just delete +the fields you are not interested in, and create the table.

+ +

The module defines the following configuration directives: +

+
table

Name of the table to which ulogd should log

+
db

Name of the database

+
buffer

Size of the sqlite buffer

+
+

+

ulogd_SYSLOG.so

+ +

An output plugin that really logs via syslogd. Lines will look exactly like printed with traditional LOG target.

+

The module defines the following configuration directives: +

+
facility

The syslog facility (LOG_DAEMON, LOG_KERN, LOG_LOCAL0 .. LOG_LOCAL7, LOG_USER)

+
level

The syslog level (LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR, LOG_WARNING, LOG_NOTICE, LOG_INFO, LOG_DEBUG)

+
+

+

5. QUESTIONS / COMMENTS

+ +

All comments / questions / ... are appreciated.

+

Just drop me a note to laforge@gnumonks.org

+

Please note also that there is now a mailinglist, ulogd@lists.gnumonks.org. +You can subscribe at +http://lists.gnumonks.org/mailman/listinfo/ulogd/

+

+The preferred method for reporting bugs is the netfilter bugzilla system, +available at +http://bugzilla.netfilter.org/.

+ + + diff --git a/doc/ulogd.sgml b/doc/ulogd.sgml new file mode 100644 index 0000000..c019c63 --- /dev/null +++ b/doc/ulogd.sgml @@ -0,0 +1,449 @@ + + + + +
+ +ULOGD - the Userspace Logging Daemon +Harald Welte <laforge@gnumonks.org> +Revision $Revision$, $Date$ + + +This is the documentation for ulogd, the Userspace logging daemon. +ulogd makes use of the Linux >= 2.4.x packet filter subsystem (iptables) and +the ULOG target for iptables. + + + + +DESIGN + +CONCEPT +

+I want to provide a flexible, almost universal logging daemon for my netfilter +ULOG target. It is not optimized in any way, the goal is to keep as simple as +possible. These are my thoughts about how the architecture which is most +capable of doing that: +

+ +Interpreter plugins +It should be possible to add plugins / runtime modules for new protocols, etc. +For example the standard logging daemon provides source-ip, dest-ip, +source-port, dest-port, etc. Logging for various other protocols (GRE, +IPsec, ...) may be implemented as modules. + +Output plugins +... describe how and where to put the information gained by logging plugins. +The easiest way is to build a line per packet and fprint it to a file. +Some people might want to log into a SQL database or want an output +conforming to the intrusion detection systems communication draft from the +IETF. + + + +DETAILS +

+The major clue is providing a framework which is as flexible as possible. +Nobody knows what strange network protocols are out there :) Flexibility +depends on the communication between the output of the logging plugins +and input of the output plugins. +

+Rusty advised me to use some kind of type-key-value triples, which is in fact +what I implemented. +

+One issue is, of course, performance. Up to ulogd 0.3, ulogd did several +linked list iterations and about 30 malloc() calls _per packet_. This +changed with the new >= 0.9 revisions: + +Not a single dynamic allocation in the core during runtime. +Everything is pre-allocated at start of ulogd to provide the highest +possible throughput. +Hash tables in addition to the linked lists. Linked lists are only +traversed if we really want to access each element of the list. + + +INSTALLATION +

+Linux kernel +

+First you will need a recent 2.4.x kernel. If you have a kernel >= +2.4.18-pre8, it already has the kernel support for ULOG (ipt_ULOG.o). +

+If you have an older kernel version (between 2.4.0 and 2.4.18-pre6), you +can use the patch-o-matic system of netfilter/iptables, as described in +the following section. + +ipt_ULOG from netfilter/iptables patch-o-matic +

+You only need to read this chapter if you have a 2.4.x kernel <= +2.4.18-pre6. +

+In order to put the ipt_ULOG module into your kernel source,you need the latest +iptables package, or even better: the latest CVS snapshot. A description how to +obtain this is provided on the netfilter +homepage . +

+To run patch-o-matic, just type + +make patch-o-matic + +in the userspace directory of netfilter CVS. + +ulogd +Recompiling the source +

+Download the ulogd package from and +untar it. +

+If you want to build ulogd with MySQL support, type './configure --with-mysql'. You may also have to specify the path of the mysql libraries using '--with-mysql=path'. To build ulogd without MySQL support, just use './configure'. +

+To compile and install the program, call 'make install'. + +Using a precompiled package +

+I also provide a SRPM, which should compile on almost any rpm-based distribution. It is available at +

+Just download the package and do the usual 'rpm --rebuild <file>'. + +Configuration +iptables ULOG target +Quick Setup +

+Just add rules using the ULOG target to your firewalling chain. A very basic +example: + +iptables -A FORWARD -j ULOG --ulog-nlgroup 32 --ulog-prefix foo + +

+To increase logging performance, try to use the + +--ulog-qthreshold N + +option (where 1 < N <= 50). The number you specify is the amount of packets +batched together in one multipart netlink message. If you set this to 20, the +kernel schedules ulogd only once every 20 packets. All 20 packets are then +processed by ulogd. This reduces the number of context switches between kernel +and userspace. +

+Of course you can combine the ULOG target with the different netfilter match +modules. For a more detailed description, have a look at the netfilter +HOWTO's, available on the netfilter homepage. +ULOG target reference +

+ +--ulog-nlgroup N +The number of the netlink multicast group to which ULOG'ed packets are sent. +You will have to use the same group number in the ULOG target and ulogd in +order to make logging work. +--ulog-cprange N +Copyrange. This works like the 'snaplen' parameter of tcpdump. You can specify +a number of bytes up to which the packet is copied. If you say '40', you will +receive the first fourty bytes of every packet. Leave it to 0 +--ulog-qthreshold N +Queue threshold. If a packet is matched by the iptables rule, and already N +packets are in the queue, the queue is flushed to userspace. You can use this +to implement a policy like: Use a big queue in order to gain high performance, +but still have certain packets logged immediately to userspace. +--ulog-prefix STRING +A string that is associated with every packet logged by this rule. You can use +this option to later tell from which rule the packet was logged. + + +ipt_ULOG module parameters +

+The ipt_ULOG kernel module has a couple of module loadtime parameters which can +(and should) be tuned to accomodate the needs of the application: + +nlbufsiz N +Netlink buffer size. A buffer of the specified size N is allocated for every +netlink group that is used. Please note that due to restrictions of the kernel +memory allocator, we cannot have a buffer size > 128kBytes. Larger buffer +sizes increase the performance, since less kernel/userspace context switches +are needed for the same amount of packets. The backside of this performance +gain is a potentially larger delay. The default value is 4096 bytes, which is +quite small. +flushtimeout N +The flushtimeout determines, after how many clock ticks (on alpha: 1ms, on +x86 and most other platforms: 10ms time units) the buffer/queue is to be +flushed, even if it is not full. This can be used to have the advantage of a +large buffer, but still a finite maximum delay introduced. The default value +is set to 10 seconds. + +Example: + +modprobe ipt_ULOG nlbufsiz=65535 flushtimeout=100 + +This would use a buffer size of 64k and a flushtimeout of 100 clockticks (1 second on x86). + +ulogd +

+ulogd is what this is all about, so let's describe it's configuration... +ulogd configfile syntax reference +

+All configurable parameters of ulogd are in the configfile, typically located +at '/etc/ulogd.conf'. +

+The following configuration parameters are available: + +nlgroup +The netlink multicast group, which ulgogd should bind to. This is the same as +given with the '--ulog-nlgroup' option to iptables. +logfile +The main logfile, where ulogd reports any errors, warnings and other unexpected conditions. Apart from a regular filename, the following special values can be used; ``syslog'' to log via the unix syslog(3) mechanism. ``stdout'' to log to stdout. +loglevel +This specifies, how verbose the logging to logfile is. Currently defined +loglevels are: 1=debug information, 3=informational messages, 5=noticable +exceptional conditions, 7=error conditions, 8=fatal errors, program abort. +plugin +This option is followed by a filename of a ulogd plugin, which ulogd shold load +upon initialization. This option may appear more than once. +rmem +Size of the netlink socket receive memory. You should set this to at least the +size of the kernel buffer (nlbufsiz parameter of the ipt_ULOG module). Please +note that there is a maximum limit in /proc/sys/net/core/rmem_max which you +cannot exceed by increasing the ``rmem'' parameter. You may need to raise the +system-wide maximum limit before. +bufsize +Size of the receive buffer. You should set this to at least the socket receive buffer (rmem). + +ulogd commandline option reference +

+Apart from the configfile, there are a couple of commandline options to ulogd: + +-h --help +Print a help message about the commandline options. +-V --version +Print version information about ulogd. +-d --daemon +For off into daemon mode. Unless you are debugging, you will want to use this +most of the time. +-c --configfile +Using this commandline option, an alternate config file can be used. This is +important if multiple instances of ulogd are to be run on a single machine. + + +Available plugins +

+It is important to understand that ulogd without plugins does nothing. It will receive packets, and do nothing with them. +

+There are two kinds of plugins, interpreter and output plugins. Interpreter +plugins parse the packet, output plugins write the interpreted information to +some logfile/database/... + +Interpreter plugins +

+ulogd comes with the following interpreter plugins: +ulogd_BASE.so +

+Basic interpreter plugin for nfmark, timestamp, mac address, ip header, tcp +header, udp header, icmp header, ah/esp header... Most people will want to load +this very important plugin. +ulogd_PWSNIFF.so +

+Example interpreter plugin to log plaintext passwords as used with FTP and +POP3. Don't blame me for writing this plugin! The protocols are inherently +insecure, and there are a lot of other tools for sniffing passwords... it's +just an example. +ulogd_LOCAL.so +

+This is a 'virtual interpreter'. It doesn't really return any information on +the packet itself, rather the local system time and hostname. Please note that +the time is the time at the time of logging, not the packets receive time. + +Output plugins +

+ulogd comes with the following output plugins: + +ulogd_OPRINT.so +

+A very simple output module, dumping all packets in the format + +===>PACKET BOUNDARY +key=value +key=value +... +===>PACKET BOUNDARY +... + +to a file. The only useful application is debugging. +

The module defines the following configuration directives: + +dumpfile +The filename where it should log to. The default is +/var/log/ulogd.pktlog + + +ulogd_LOGEMU.so +

+An output module which tries to emulate the old syslog-based LOG targed as far +as possible. Logging is done to a seperate textfile instead of syslog, though. +

+The module defines the following configuration directives: + +fileThe filename where it should log to. The default is +/var/log/ulogd.syslogemu +syncSet this to 1 if you want to have your logfile written +synchronously. This may reduce performance, but makes your log-lines appear +immediately. The default is 0 + + +ulogd_MYSQL.so +

+An output plugin for logging into a mysql database. This is only compiled if +you have the mysql libraries installed, and the configure script was able to +detect them. (that is: --with-mysql was specified for ./configure) + +

+The plugin automagically inserts the data into the configured table; It +connects to mysql during the startup phase of ulogd and obtains a list of the +columns in the table. Then it tries to resolve the column names against keys of +interpreter plugins. This way you can easily select which information you want +to log - just by the layout of the table. + +

+If, for example, your table contains a field called 'ip_saddr', ulogd will +resolve this against the key 'ip.saddr' and put the ip address as 32bit +unsigned integer into the table. + +

+You may want to have a look at the file 'doc/mysql.table' as an +example table including fields to log all keys from ulogd_BASE.so. Just delete +the fields you are not interested in, and create the table. + +

+The module defines the following configuration directives: + +table +Name of the table to which ulogd should log. +ldb +Name of the mysql database. +host +Name of the mysql database host. +port +TCP port number of mysql database server. +user +Name of the mysql user. +pass +Password for mysql. + + +ulogd_PGSQL.so +

+An output plugin for logging into a postgresql database. This is only compiled +if you have the mysql libraries installed, and the configure script was able to +detect them. (that is: --with-pgsql was specified for ./configure) + +

+The plugin automagically inserts the data into the configured table; It +connects to pgsql during the startup phase of ulogd and obtains a list of the +columns in the table. Then it tries to resolve the column names against keys of +interpreter plugins. This way you can easily select which information you want +to log - just by the layout of the table. + +

+If, for example, your table contains a field called 'ip_saddr', ulogd will +resolve this against the key 'ip.saddr' and put the ip address as 32bit +unsigned integer into the table. + +

+You may want to have a look at the file 'doc/mysql.table' as an +example table including fields to log all keys from ulogd_BASE.so. Just delete +the fields you are not interested in, and create the table. + +

+The module defines the following configuration directives: + +table +Name of the table to which ulogd should log. +db +Name of the database. +host +Name of the mysql database host. +port +TCP port number of database server. +user +Name of the sql user. +pass +Password for sql user. + + +ulogd_PCAP.so +

+An output plugin that can be used to generate libpcap-style packet logfiles. +This can be useful for later analysing the packet log with tools like tcpdump +or ethereal. + +The module defines the following configuration directives: + +file +The filename where it should log to. The default is: +/var/log/ulogd.pcap +sync +Set this to 1 if you want to have your pcap logfile written +synchronously. This may reduce performance, but makes your packets appear +immediately in the file on disk. The default is 0 + + +ulogd_SQLITE3.so +

+An output plugin for logging into a SQLITE v3 database. This is only compiled +if you have the sqlite libraries installed, and the configure script was able to +detect them. (that is: --with-sqlite3 was specified for ./configure) + +

+The plugin automagically inserts the data into the configured table; It +opens the sqlite db during the startup phase of ulogd and obtains a list of the +columns in the table. Then it tries to resolve the column names against keys of +interpreter plugins. This way you can easily select which information you want +to log - just by the layout of the table. + +

+If, for example, your table contains a field called 'ip_saddr', ulogd will +resolve this against the key 'ip.saddr' and put the ip address as 32bit +unsigned integer into the table. + +

+You may want to have a look at the file 'doc/sqlite3.table' as an +example table including fields to log all keys from ulogd_BASE.so. Just delete +the fields you are not interested in, and create the table. + +

+The module defines the following configuration directives: + +table +Name of the table to which ulogd should log. +db +Name of the database. +buffer +Size of the sqlite buffer. + + + +ulogd_SYSLOG.so +

+An output plugin that really logs via syslogd. Lines will look exactly like printed with traditional LOG target. + +

+The module defines the following configuration directives: + +facility +The syslog facility (LOG_DAEMON, LOG_KERN, LOG_LOCAL0 .. LOG_LOCAL7, LOG_USER) +level +The syslog level (LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR, LOG_WARNING, LOG_NOTICE, LOG_INFO, LOG_DEBUG) + + + + QUESTIONS / COMMENTS +

+All comments / questions / ... are appreciated. +

+Just drop me a note to laforge@gnumonks.org +

+Please note also that there is now a mailinglist, ulogd@lists.gnumonks.org. +You can subscribe at +. +

+The preferred method for reporting bugs is the netfilter bugzilla system, +available at . + +

diff --git a/extensions/Makefile.in b/extensions/Makefile.in new file mode 100644 index 0000000..589bf7b --- /dev/null +++ b/extensions/Makefile.in @@ -0,0 +1,37 @@ +# + +# Normally You should not need to change anything below +# +include @top_srcdir@/Rules.make + +CFLAGS+=-I@top_srcdir@ -I@top_srcdir@/libipulog/include -I@top_srcdir@/include +SH_CFLAGS:=$(CFLAGS) -fPIC + +SHARED_LIBS+=$(foreach T,$(ULOGD_SL),ulogd_$(T).so) + + +all: $(SHARED_LIBS) + +distrib: + +printpkt.o: printpkt.c + $(CC) $(SH_CFLAGS) -o $@ -c $< + +$(SHARED_LIBS): %.so: %_sh.o + $(LD) -shared -o $@ $< -lc + +ulogd_SYSLOG.so: printpkt.o ulogd_SYSLOG_sh.o + $(LD) -shared -o $@ $^ -lc + +%_sh.o: %.c + $(CC) $(SH_CFLAGS) -o $@ -c $< + +clean: + $(RM) $(SHARED_LIBS) *.o + +distclean: + $(RM) Makefile + +install: all + $(INSTALL) -m 755 -d $(DESTDIR)$(ULOGD_LIB_PATH) + $(INSTALL) -m 755 *.so $(DESTDIR)$(ULOGD_LIB_PATH) diff --git a/extensions/chtons.h b/extensions/chtons.h new file mode 100644 index 0000000..4506e33 --- /dev/null +++ b/extensions/chtons.h @@ -0,0 +1,32 @@ +#ifndef _CHTONS_H_ +#define _CHTONS_H_ + +#include + +#if __BYTE_ORDER == __BIG_ENDIAN +# define BITNR(X) ((X)^31) +# if !defined(__constant_htonl) +# define __constant_htonl(x) (x) +# endif +# if !defined(__constant_htons) +# define __constant_htons(x) (x) +# endif +#elif __BYTE_ORDER == __LITTLE_ENDIAN +# define BITNR(X) ((X)^7) +# if !defined(__constant_htonl) +# define __constant_htonl(x) \ + ((unsigned long int)((((unsigned long int)(x) & 0x000000ffU) << 24) | \ + (((unsigned long int)(x) & 0x0000ff00U) << 8) | \ + (((unsigned long int)(x) & 0x00ff0000U) >> 8) | \ + (((unsigned long int)(x) & 0xff000000U) >> 24))) +# endif +# if !defined(__constant_htons) +# define __constant_htons(x) \ + ((unsigned short int)((((unsigned short int)(x) & 0x00ff) << 8) | \ + (((unsigned short int)(x) & 0xff00) >> 8))) +# endif +#else +# error "Don't know if bytes are big- or little-endian!" +#endif + +#endif diff --git a/extensions/printpkt.c b/extensions/printpkt.c new file mode 100644 index 0000000..a9e78d7 --- /dev/null +++ b/extensions/printpkt.c @@ -0,0 +1,276 @@ +/* printpkt.c + * + * build something looking like a iptables LOG message + * + * (C) 2000-2003 by Harald Welte + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * $Id$ + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef HOST_NAME_MAX +#warning this libc does not define HOST_NAME_MAX +#define HOST_NAME_MAX (255+1) +#endif + +#define NIPQUAD(addr) \ + ((unsigned char *)&addr)[0], \ + ((unsigned char *)&addr)[1], \ + ((unsigned char *)&addr)[2], \ + ((unsigned char *)&addr)[3] + +struct intr_id { + char* name; + unsigned int id; +}; + +static char hostname[HOST_NAME_MAX+1]; + +#define INTR_IDS 35 +static struct intr_id intr_ids[INTR_IDS] = { + { "oob.time.sec", 0 }, + { "oob.prefix", 0 }, + { "oob.in", 0 }, + { "oob.out", 0 }, + { "raw.mac", 0 }, + { "ip.saddr", 0 }, + { "ip.daddr", 0 }, + { "ip.totlen", 0 }, + { "ip.tos", 0 }, + { "ip.ttl", 0 }, + { "ip.id", 0 }, + { "ip.fragoff", 0 }, + { "ip.protocol", 0 }, + { "tcp.sport", 0 }, + { "tcp.dport", 0 }, + { "tcp.seq", 0 }, + { "tcp.ackseq", 0 }, + { "tcp.window", 0 }, + { "tcp.urg", 0 }, + { "tcp.ack", 0 }, + { "tcp.psh", 0 }, + { "tcp.rst", 0 }, + { "tcp.syn", 0 }, + { "tcp.fin", 0 }, + { "tcp.urgp", 0 }, + { "udp.sport", 0 }, + { "udp.dport", 0 }, + { "udp.len", 0 }, + { "icmp.type", 0 }, + { "icmp.code", 0 }, + { "icmp.echoid", 0 }, + { "icmp.echoseq", 0 }, + { "icmp.gateway", 0 }, + { "icmp.fragmtu", 0 }, + { "ahesp.spi", 0 }, +}; + +#define GET_VALUE(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].value +#define GET_FLAGS(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].flags + +int printpkt_print(ulog_iret_t *res, char *buf, int prefix) +{ + char *timestr; + char *tmp; + time_t now; + + char *buf_cur = buf; + + if (prefix) { + now = (time_t) GET_VALUE(0).ui32; + timestr = ctime(&now) + 4; + + /* truncate time */ + if ((tmp = strchr(timestr, '\n'))) + *tmp = '\0'; + + /* truncate hostname */ + if ((tmp = strchr(hostname, '.'))) + *tmp = '\0'; + + /* print time and hostname */ + buf_cur += sprintf(buf_cur, "%.15s %s", timestr, hostname); + } + + if (*(char *) GET_VALUE(1).ptr) + buf_cur += sprintf(buf_cur, " %s", (char *) GET_VALUE(1).ptr); + + buf_cur += sprintf(buf_cur," IN=%s OUT=%s ", + (char *) GET_VALUE(2).ptr, + (char *) GET_VALUE(3).ptr); + + /* FIXME: configurable */ + buf_cur += sprintf(buf_cur, "MAC=%s ", + (GET_FLAGS(4) & ULOGD_RETF_VALID) ? (char *) GET_VALUE(4).ptr : ""); + + buf_cur += sprintf(buf_cur, "SRC=%s ", + inet_ntoa((struct in_addr) {htonl(GET_VALUE(5).ui32)})); + buf_cur += sprintf(buf_cur, "DST=%s ", + inet_ntoa((struct in_addr) {htonl(GET_VALUE(6).ui32)})); + + buf_cur += sprintf(buf_cur,"LEN=%u TOS=%02X PREC=0x%02X TTL=%u ID=%u ", + GET_VALUE(7).ui16, GET_VALUE(8).ui8 & IPTOS_TOS_MASK, + GET_VALUE(8).ui8 & IPTOS_PREC_MASK, GET_VALUE(9).ui8, + GET_VALUE(10).ui16); + + if (GET_VALUE(10).ui16 & IP_RF) + buf_cur += sprintf(buf_cur, "CE "); + + if (GET_VALUE(11).ui16 & IP_DF) + buf_cur += sprintf(buf_cur, "DF "); + + if (GET_VALUE(11).ui16 & IP_MF) + buf_cur += sprintf(buf_cur, "MF "); + + if (GET_VALUE(11).ui16 & IP_OFFMASK) + buf_cur += sprintf(buf_cur, "FRAG:%u ", + GET_VALUE(11).ui16 & IP_OFFMASK); + + switch (GET_VALUE(12).ui8) { + + case IPPROTO_TCP: + buf_cur += sprintf(buf_cur, "PROTO=TCP "); + buf_cur += sprintf(buf_cur, "SPT=%u DPT=%u ", + GET_VALUE(13).ui16, GET_VALUE(14).ui16); + /* FIXME: config */ + buf_cur += sprintf(buf_cur, "SEQ=%u ACK=%u ", + GET_VALUE(15).ui32, GET_VALUE(16).ui32); + + buf_cur += sprintf(buf_cur, "WINDOW=%u ", GET_VALUE(17).ui16); + +// buf_cur += sprintf(buf_cur, "RES=0x%02x ", + + if (GET_VALUE(18).b) + buf_cur += sprintf(buf_cur, "URG "); + + if (GET_VALUE(19).b) + buf_cur += sprintf(buf_cur, "ACK "); + + if (GET_VALUE(20).b) + buf_cur += sprintf(buf_cur, "PSH "); + + if (GET_VALUE(21).b) + buf_cur += sprintf(buf_cur, "RST "); + + if (GET_VALUE(22).b) + buf_cur += sprintf(buf_cur, "SYN "); + + if (GET_VALUE(23).b) + buf_cur += sprintf(buf_cur, "FIN "); + + buf_cur += sprintf(buf_cur, "URGP=%u ", GET_VALUE(24).ui16); + + break; + case IPPROTO_UDP: + + buf_cur += sprintf(buf_cur, "PROTO=UDP "); + + buf_cur += sprintf(buf_cur, "SPT=%u DPT=%u LEN=%u ", + GET_VALUE(25).ui16, GET_VALUE(26).ui16, + GET_VALUE(27).ui16); + break; + case IPPROTO_ICMP: + + buf_cur += sprintf(buf_cur, "PROTO=ICMP "); + + buf_cur += sprintf(buf_cur, "TYPE=%u CODE=%u ", + GET_VALUE(28).ui8, GET_VALUE(29).ui8); + + switch (GET_VALUE(28).ui8) { + case ICMP_ECHO: + case ICMP_ECHOREPLY: + buf_cur += sprintf(buf_cur, "ID=%u SEQ=%u ", + GET_VALUE(30).ui16, + GET_VALUE(31).ui16); + break; + case ICMP_PARAMETERPROB: + buf_cur += sprintf(buf_cur, "PARAMETER=%u ", + GET_VALUE(32).ui32 >> 24); + break; + case ICMP_REDIRECT: + buf_cur += sprintf(buf_cur, "GATEWAY=%s ", inet_ntoa((struct in_addr) {htonl(GET_VALUE(32).ui32)})); + break; + case ICMP_DEST_UNREACH: + if (GET_VALUE(29).ui8 == ICMP_FRAG_NEEDED) + buf_cur += sprintf(buf_cur, "MTU=%u ", + GET_VALUE(33).ui16); + break; + } + break; + case IPPROTO_ESP: + case IPPROTO_AH: + buf_cur += sprintf(buf_cur, "PROTO=%s ", GET_VALUE(12).ui8 == IPPROTO_ESP ? "ESP" : "AH"); + /* FIXME: "INCOMPLETE [%u bytes]" in case of short pkt */ + if (intr_ids[34].id > 0) { + buf_cur += sprintf(buf_cur, "SPI=0x%x ", GET_VALUE(34).ui32); + } + break; + default: + + buf_cur += sprintf(buf_cur, "PROTO=%u ", GET_VALUE(12).ui8); + } + strcat(buf_cur, "\n"); + + return 0; +} + +/* get all key id's for the keys we are intrested in */ +static int get_ids(void) +{ + int i; + struct intr_id *cur_id; + + for (i = 0; i < INTR_IDS; i++) { + cur_id = &intr_ids[i]; + cur_id->id = keyh_getid(cur_id->name); + if (!cur_id->id) { + ulogd_log(ULOGD_ERROR, + "Cannot resolve keyhash id for %s\n", + cur_id->name); + return 1; + } + } + return 0; +} + +int printpkt_init(void) +{ + if (gethostname(hostname, sizeof(hostname)) < 0) { + ulogd_log(ULOGD_FATAL, "can't gethostname(): %s\n", + strerror(errno)); + exit(2); + } + hostname[sizeof(hostname)-1] = '\0'; + + if (get_ids()) + return 1; + + return 0; +} diff --git a/extensions/printpkt.h b/extensions/printpkt.h new file mode 100644 index 0000000..ce42de4 --- /dev/null +++ b/extensions/printpkt.h @@ -0,0 +1,7 @@ +#ifndef _PRINTPKT_H +#define _PRINTPKT_H + +int printpkt_print(ulog_iret_t *res, char *buf, int prefix); +int printpkt_init(void); + +#endif diff --git a/extensions/ulogd_BASE.c b/extensions/ulogd_BASE.c new file mode 100644 index 0000000..61bad21 --- /dev/null +++ b/extensions/ulogd_BASE.c @@ -0,0 +1,569 @@ +/* ulogd_MAC.c, Version $Revision$ + * + * ulogd interpreter plugin for + * o MAC addresses + * o NFMARK field + * o TIME + * o Interface names + * o IP header + * o TCP header + * o UDP header + * o ICMP header + * o AH/ESP header + * + * (C) 2000-2001 by Harald Welte + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + * $Id$ + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/*********************************************************************** + * Raw header + ***********************************************************************/ +static ulog_iret_t raw_rets[] = { + { .type = ULOGD_RET_STRING, + .flags = ULOGD_RETF_FREE, + .key = "raw.mac", + }, + { .type = ULOGD_RET_RAW, + .flags = ULOGD_RETF_NONE, + .key = "raw.pkt", + }, + { .type = ULOGD_RET_UINT32, + .flags = ULOGD_RETF_NONE, + .key = "raw.pktlen", + }, +}; + +static ulog_iret_t *_interp_raw(ulog_interpreter_t *ip, + ulog_packet_msg_t *pkt) +{ + unsigned char *p; + int i, tmp, len = 0; + char *buf, *ptr = NULL; + ulog_iret_t *ret = ip->result; + size_t siz; + + if (pkt->mac_len) { + siz = 3 * pkt->mac_len + 1; + buf = (char *) malloc(siz); + if (!buf) { + ulogd_log(ULOGD_ERROR, "OOM!!!\n"); + return NULL; + } + *buf = '\0'; + + p = pkt->mac; + ptr = buf; + for (i = 0; i < pkt->mac_len; i++, p++) { + tmp = snprintf(ptr+len, siz-len, "%02x%s", + *p, i==pkt->mac_len-1 ? "":":"); + if (tmp < 0) + break; + if (tmp >= siz-len) { + buf[siz] = '\0'; + break; + } + len += tmp; + } + ret[0].value.ptr = buf; + ret[0].flags |= ULOGD_RETF_VALID; + } + + /* include pointer to raw ipv4 packet */ + ret[1].value.ptr = pkt->payload; + ret[1].flags |= ULOGD_RETF_VALID; + ret[2].value.ui32 = pkt->data_len; + ret[2].flags |= ULOGD_RETF_VALID; + + return ret; +} + +/*********************************************************************** + * OUT OF BAND + ***********************************************************************/ + +static ulog_iret_t oob_rets[] = { + { .type = ULOGD_RET_STRING, + .flags = ULOGD_RETF_NONE, + .key = "oob.prefix", + }, + { .type = ULOGD_RET_UINT32, + .flags = ULOGD_RETF_NONE, + .key = "oob.time.sec", + }, + { .type = ULOGD_RET_UINT32, + .flags = ULOGD_RETF_NONE, + .key = "oob.time.usec", + }, + { .type = ULOGD_RET_UINT32, + .flags = ULOGD_RETF_NONE, + .key = "oob.mark", + }, + { .type = ULOGD_RET_STRING, + .flags = ULOGD_RETF_NONE, + .key = "oob.in", + }, + { .type = ULOGD_RET_STRING, + .flags = ULOGD_RETF_NONE, + .key = "oob.out", + }, +}; + +static ulog_iret_t *_interp_oob(struct ulog_interpreter *ip, + ulog_packet_msg_t *pkt) +{ + ulog_iret_t *ret = ip->result; + + ret[0].value.ptr = pkt->prefix; + ret[0].flags |= ULOGD_RETF_VALID; + + /* god knows why timestamp_usec contains crap if timestamp_sec == 0 + * if (pkt->timestamp_sec || pkt->timestamp_usec) { */ + if (pkt->timestamp_sec) { + ret[1].value.ui32 = pkt->timestamp_sec; + ret[1].flags |= ULOGD_RETF_VALID; + ret[2].value.ui32 = pkt->timestamp_usec; + ret[2].flags |= ULOGD_RETF_VALID; + } else { + ret[1].flags &= ~ULOGD_RETF_VALID; + ret[2].flags &= ~ULOGD_RETF_VALID; + } + + ret[3].value.ui32 = pkt->mark; + ret[3].flags |= ULOGD_RETF_VALID; + ret[4].value.ptr = pkt->indev_name; + ret[4].flags |= ULOGD_RETF_VALID; + ret[5].value.ptr = pkt->outdev_name; + ret[5].flags |= ULOGD_RETF_VALID; + + return ret; +} + +/*********************************************************************** + * IP HEADER + ***********************************************************************/ + +static ulog_iret_t iphdr_rets[] = { + { .type = ULOGD_RET_IPADDR, + .flags = ULOGD_RETF_NONE, + .key = "ip.saddr", + }, + { .type = ULOGD_RET_IPADDR, + .flags = ULOGD_RETF_NONE, + .key = "ip.daddr", + }, + { .type = ULOGD_RET_UINT8, + .flags = ULOGD_RETF_NONE, + .key = "ip.protocol", + }, + { .type = ULOGD_RET_UINT8, + .flags = ULOGD_RETF_NONE, + .key = "ip.tos", + }, + { .type = ULOGD_RET_UINT8, + .flags = ULOGD_RETF_NONE, + .key = "ip.ttl", + }, + { .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "ip.totlen", + }, + { .type = ULOGD_RET_UINT8, + .flags = ULOGD_RETF_NONE, + .key = "ip.ihl", + }, + { .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "ip.csum", + }, + { .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "ip.id", + }, + { .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "ip.fragoff", + }, +}; + +static ulog_iret_t *_interp_iphdr(struct ulog_interpreter *ip, + ulog_packet_msg_t *pkt) +{ + ulog_iret_t *ret = ip->result; + struct iphdr *iph = (struct iphdr *) pkt->payload; + + ret[0].value.ui32 = ntohl(iph->saddr); + ret[0].flags |= ULOGD_RETF_VALID; + ret[1].value.ui32 = ntohl(iph->daddr); + ret[1].flags |= ULOGD_RETF_VALID; + ret[2].value.ui8 = iph->protocol; + ret[2].flags |= ULOGD_RETF_VALID; + ret[3].value.ui8 = iph->tos; + ret[3].flags |= ULOGD_RETF_VALID; + ret[4].value.ui8 = iph->ttl; + ret[4].flags |= ULOGD_RETF_VALID; + ret[5].value.ui16 = ntohs(iph->tot_len); + ret[5].flags |= ULOGD_RETF_VALID; + ret[6].value.ui8 = iph->ihl; + ret[6].flags |= ULOGD_RETF_VALID; + ret[7].value.ui16 = ntohs(iph->check); + ret[7].flags |= ULOGD_RETF_VALID; + ret[8].value.ui16 = ntohs(iph->id); + ret[8].flags |= ULOGD_RETF_VALID; + ret[9].value.ui16 = ntohs(iph->frag_off); + ret[9].flags |= ULOGD_RETF_VALID; + + return ret; +} + +/*********************************************************************** + * TCP HEADER + ***********************************************************************/ +static ulog_iret_t tcphdr_rets[] = { + { .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "tcp.sport", + }, + { .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "tcp.dport", + }, + { .type = ULOGD_RET_UINT32, + .flags = ULOGD_RETF_NONE, + .key = "tcp.seq", + }, + { .type = ULOGD_RET_UINT32, + .flags = ULOGD_RETF_NONE, + .key = "tcp.ackseq", + }, + { .type = ULOGD_RET_UINT8, + .flags = ULOGD_RETF_NONE, + .key = "tcp.offset", + }, + { .type = ULOGD_RET_UINT8, + .flags = ULOGD_RETF_NONE, + .key = "tcp.reserved", + }, + { .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "tcp.window", + }, + { .type = ULOGD_RET_BOOL, + .flags = ULOGD_RETF_NONE, + .key = "tcp.urg", + }, + { .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "tcp.urgp", + }, + { .type = ULOGD_RET_BOOL, + .flags = ULOGD_RETF_NONE, + .key = "tcp.ack", + }, + { .type = ULOGD_RET_BOOL, + .flags = ULOGD_RETF_NONE, + .key = "tcp.psh", + }, + { .type = ULOGD_RET_BOOL, + .flags = ULOGD_RETF_NONE, + .key = "tcp.rst", + }, + { .type = ULOGD_RET_BOOL, + .flags = ULOGD_RETF_NONE, + .key = "tcp.syn", + }, + { .type = ULOGD_RET_BOOL, + .flags = ULOGD_RETF_NONE, + .key = "tcp.fin", + }, + { .type = ULOGD_RET_BOOL, + .flags = ULOGD_RETF_NONE, + .key = "tcp.res1", + }, + { .type = ULOGD_RET_BOOL, + .flags = ULOGD_RETF_NONE, + .key = "tcp.res2", + }, + { .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "tcp.csum", + }, +}; + +static ulog_iret_t *_interp_tcphdr(struct ulog_interpreter *ip, + ulog_packet_msg_t *pkt) +{ + struct iphdr *iph = (struct iphdr *) pkt->payload; + void *protoh = (u_int32_t *)iph + iph->ihl; + struct tcphdr *tcph = (struct tcphdr *) protoh; + ulog_iret_t *ret = ip->result; + + if (iph->protocol != IPPROTO_TCP) + return NULL; + + ret[0].value.ui16 = ntohs(tcph->source); + ret[0].flags |= ULOGD_RETF_VALID; + ret[1].value.ui16 = ntohs(tcph->dest); + ret[1].flags |= ULOGD_RETF_VALID; + ret[2].value.ui32 = ntohl(tcph->seq); + ret[2].flags |= ULOGD_RETF_VALID; + ret[3].value.ui32 = ntohl(tcph->ack_seq); + ret[3].flags |= ULOGD_RETF_VALID; + ret[4].value.ui8 = ntohs(tcph->doff); + ret[4].flags |= ULOGD_RETF_VALID; + ret[5].value.ui8 = ntohs(tcph->res1); + ret[5].flags |= ULOGD_RETF_VALID; + ret[6].value.ui16 = ntohs(tcph->window); + ret[6].flags |= ULOGD_RETF_VALID; + + ret[7].value.b = tcph->urg; + ret[7].flags |= ULOGD_RETF_VALID; + if (tcph->urg) { + ret[8].value.ui16 = ntohs(tcph->urg_ptr); + ret[8].flags |= ULOGD_RETF_VALID; + } + ret[9].value.b = tcph->ack; + ret[9].flags |= ULOGD_RETF_VALID; + ret[10].value.b = tcph->psh; + ret[10].flags |= ULOGD_RETF_VALID; + ret[11].value.b = tcph->rst; + ret[11].flags |= ULOGD_RETF_VALID; + ret[12].value.b = tcph->syn; + ret[12].flags |= ULOGD_RETF_VALID; + ret[13].value.b = tcph->fin; + ret[13].flags |= ULOGD_RETF_VALID; + ret[14].value.b = tcph->res1; + ret[14].flags |= ULOGD_RETF_VALID; + ret[15].value.b = tcph->res2; + ret[15].flags |= ULOGD_RETF_VALID; + ret[16].value.ui16 = ntohs(tcph->check); + ret[16].value.ui16 = ULOGD_RETF_VALID; + + return ret; +} + +/*********************************************************************** + * UDP HEADER + ***********************************************************************/ +static ulog_iret_t udphdr_rets[] = { + { .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "udp.sport", + }, + { .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "udp.dport", + }, + { .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "udp.len", + }, + { .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "udp.csum", + }, +}; + +static ulog_iret_t *_interp_udp(struct ulog_interpreter *ip, + ulog_packet_msg_t *pkt) +{ + struct iphdr *iph = (struct iphdr *) pkt->payload; + void *protoh = (u_int32_t *)iph + iph->ihl; + struct udphdr *udph = protoh; + ulog_iret_t *ret = ip->result; + + if (iph->protocol != IPPROTO_UDP) + return NULL; + + ret[0].value.ui16 = ntohs(udph->source); + ret[0].flags |= ULOGD_RETF_VALID; + ret[1].value.ui16 = ntohs(udph->dest); + ret[1].flags |= ULOGD_RETF_VALID; + ret[2].value.ui16 = ntohs(udph->len); + ret[2].flags |= ULOGD_RETF_VALID; + ret[3].value.ui16 = ntohs(udph->check); + ret[3].flags |= ULOGD_RETF_VALID; + + return ret; +} + +/*********************************************************************** + * ICMP HEADER + ***********************************************************************/ + +static ulog_iret_t icmphdr_rets[] = { + { .type = ULOGD_RET_UINT8, + .flags = ULOGD_RETF_NONE, + .key = "icmp.type", + }, + { .type = ULOGD_RET_UINT8, + .flags = ULOGD_RETF_NONE, + .key = "icmp.code", + }, + { .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "icmp.echoid", + }, + { .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "icmp.echoseq", + }, + { .type = ULOGD_RET_IPADDR, + .flags = ULOGD_RETF_NONE, + .key = "icmp.gateway", + }, + { .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "icmp.fragmtu", + }, + { .type = ULOGD_RET_UINT16, + .flags = ULOGD_RETF_NONE, + .key = "icmp.csum", + }, +}; + +static ulog_iret_t *_interp_icmp(struct ulog_interpreter *ip, + ulog_packet_msg_t *pkt) +{ + struct iphdr *iph = (struct iphdr *) pkt->payload; + void *protoh = (u_int32_t *)iph + iph->ihl; + struct icmphdr *icmph = protoh; + ulog_iret_t *ret = ip->result; + + if (iph->protocol != IPPROTO_ICMP) + return NULL; + + ret[0].value.ui8 = icmph->type; + ret[0].flags |= ULOGD_RETF_VALID; + ret[1].value.ui8 = icmph->code; + ret[1].flags |= ULOGD_RETF_VALID; + + switch(icmph->type) { + case ICMP_ECHO: + case ICMP_ECHOREPLY: + ret[2].value.ui16 = ntohs(icmph->un.echo.id); + ret[2].flags |= ULOGD_RETF_VALID; + ret[3].value.ui16 = ntohs(icmph->un.echo.sequence); + ret[3].flags |= ULOGD_RETF_VALID; + break; + case ICMP_REDIRECT: + case ICMP_PARAMETERPROB: + ret[4].value.ui32 = ntohl(icmph->un.gateway); + ret[4].flags |= ULOGD_RETF_VALID; + break; + case ICMP_DEST_UNREACH: + if (icmph->code == ICMP_FRAG_NEEDED) { + ret[5].value.ui16 = ntohs(icmph->un.frag.mtu); + ret[5].flags |= ULOGD_RETF_VALID; + } + break; + } + ret[6].value.ui16 = icmph->checksum; + ret[6].flags |= ULOGD_RETF_VALID; + + return ret; +} + +/*********************************************************************** + * IPSEC HEADER + ***********************************************************************/ + +static ulog_iret_t ahesphdr_rets[] = { + { .type = ULOGD_RET_UINT32, + .flags = ULOGD_RETF_NONE, + .key = "ahesp.spi", + }, +}; + +static ulog_iret_t *_interp_ahesp(struct ulog_interpreter *ip, + ulog_packet_msg_t *pkt) +{ + + ulog_iret_t *ret = ip->result; +#if 0 + struct iphdr *iph = (struct iphdr *) pkt->payload; + void *protoh = (u_int32_t *) (iph + iph->ihl); + struct esphdr *esph = protoh; + + if (iph->protocol != IPPROTO_ESP) + return NULL; + + ret[0].value.ui32 = ntohl(esph->spi); + ret[0].flags |= ULOGD_RETF_VALID; +#endif + + return ret; +} + + +static ulog_interpreter_t base_ip[] = { + { .name = "raw", + .interp = &_interp_raw, + .key_num = 3, + .result = raw_rets }, + { .name = "oob", + .interp = &_interp_oob, + .key_num = 6, + .result = oob_rets }, + { .name = "ip", + .interp = &_interp_iphdr, + .key_num = 10, + .result = iphdr_rets }, + { .name = "tcp", + .interp = &_interp_tcphdr, + .key_num = 17, + .result = tcphdr_rets }, + { .name = "icmp", + .interp = &_interp_icmp, + .key_num = 7, + .result = icmphdr_rets }, + { .name = "udp", + .interp = &_interp_udp, + .key_num = 4, + .result = udphdr_rets }, + { .name = "ahesp", + .interp = &_interp_ahesp, + .key_num = 1, + .result = ahesphdr_rets }, + { NULL, "", 0, NULL, 0, NULL }, +}; + +void _base_reg_ip(void) +{ + ulog_interpreter_t *ip = base_ip; + ulog_interpreter_t *p; + + for (p = ip; p->interp; p++) { + register_interpreter(p); + } +} + +void _init(void) +{ + _base_reg_ip(); +} diff --git a/extensions/ulogd_LOCAL.c b/extensions/ulogd_LOCAL.c new file mode 100644 index 0000000..6504ec6 --- /dev/null +++ b/extensions/ulogd_LOCAL.c @@ -0,0 +1,102 @@ +/* ulogd_LOCAL.c, Version 0.3 + * + * ulogd interpreter plugin for: - local time of packet + * - hostname of localhost + * + * (C) 2001-2002 by Florent AIDE + * with the help of Moez MKADMI + * shamelessly ripped from Harald Welte + * + * 2002 extended by Martin Kaehmer + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * + */ + +#include +#include +#include +#include +#include + +#ifdef DEBUG_LOCAL +#define DEBUGP(x) ulogd_log(ULOGD_DEBUG, x) +#else +#define DEBUGP(format, args...) +#endif + + +static char hostname[255]; + +static ulog_iret_t *_interp_local(ulog_interpreter_t *ip, + ulog_packet_msg_t *pkt) +{ + struct timeval tv; + ulog_iret_t *ret = ip->result; + + /* Get date */ + gettimeofday(&tv, NULL); + + /* put date */ + ret[0].value.ui32 = (unsigned long) tv.tv_sec; + ret[0].flags |= ULOGD_RETF_VALID; + + ret[1].value.ptr = hostname; + ret[1].flags |= ULOGD_RETF_VALID; + + return ret; +} + +static ulog_iret_t local_rets[] = { + { .type = ULOGD_RET_UINT32, + .flags = ULOGD_RETF_NONE, + .key = "local.time", + }, + { .type = ULOGD_RET_STRING, + .flags = ULOGD_RETF_NONE, + .key = "local.hostname", + }, +}; + +static ulog_interpreter_t local_ip[] = { + { NULL, "local", 0, &_interp_local, 2, local_rets }, + { NULL, "", 0, NULL, 0, NULL }, +}; + +static void _local_reg_ip(void) +{ + ulog_interpreter_t *ip = local_ip; + ulog_interpreter_t *p; + + for (p = ip; p->interp; p++) + register_interpreter(p); +} + +void _init(void) +{ + /* get hostname */ + char *tmp; + if (gethostname(hostname, sizeof(hostname)) < 0) { + ulogd_log(ULOGD_FATAL, "can't gethostname(): %s\n", + strerror(errno)); + exit(2); + } + hostname[sizeof(hostname)-1] = '\0'; + /* strip off everything after first '.' */ + if ((tmp = strchr(hostname, '.'))) + *tmp = '\0'; + + _local_reg_ip(); +} diff --git a/extensions/ulogd_LOCALTIME.c b/extensions/ulogd_LOCALTIME.c new file mode 100644 index 0000000..e69de29 diff --git a/extensions/ulogd_LOGEMU.c b/extensions/ulogd_LOGEMU.c new file mode 100644 index 0000000..5473668 --- /dev/null +++ b/extensions/ulogd_LOGEMU.c @@ -0,0 +1,139 @@ +/* ulogd_LOGEMU.c, Version $Revision$ + * + * ulogd output target for syslog logging emulation + * + * This target produces a file which looks the same like the syslog-entries + * of the LOG target. + * + * (C) 2000-2001 by Harald Welte + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * $Id$ + * + */ + +#include +#include +#include +#include +#include +#include +#include "printpkt.c" + +#ifndef ULOGD_LOGEMU_DEFAULT +#define ULOGD_LOGEMU_DEFAULT "/var/log/ulogd.syslogemu" +#endif + +#ifndef ULOGD_LOGEMU_SYNC_DEFAULT +#define ULOGD_LOGEMU_SYNC_DEFAULT 0 +#endif + +#define NIPQUAD(addr) \ + ((unsigned char *)&addr)[0], \ + ((unsigned char *)&addr)[1], \ + ((unsigned char *)&addr)[2], \ + ((unsigned char *)&addr)[3] + +static config_entry_t syslogf_ce = { + .key = "file", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_NONE, + .u = { .string = ULOGD_LOGEMU_DEFAULT } +}; + +static config_entry_t syslsync_ce = { + .next = &syslogf_ce, + .key = "sync", + .type = CONFIG_TYPE_INT, + .options = CONFIG_OPT_NONE, + .u = { .value = ULOGD_LOGEMU_SYNC_DEFAULT } +}; + +static FILE *of = NULL; + +static int _output_logemu(ulog_iret_t *res) +{ + static char buf[4096]; + + printpkt_print(res, buf, 1); + + fprintf(of, "%s", buf); + + if (syslsync_ce.u.value) + fflush(of); + + return 0; +} + +static void signal_handler_logemu(int signal) +{ + FILE *old=of; + + switch (signal) { + case SIGHUP: + ulogd_log(ULOGD_NOTICE, "syslogemu: reopening logfile\n"); + of = fopen(syslogf_ce.u.string, "a"); + if (!of) { + ulogd_log(ULOGD_FATAL, "can't open syslogemu: %s\n", + strerror(errno)); + of=old; + } else { + fclose(old); + } + break; + default: + break; + } +} + + +static int init_logemu(void) { + /* FIXME: error handling */ + config_parse_file("LOGEMU", &syslsync_ce); + +#ifdef DEBUG_LOGEMU + of = stdout; +#else + of = fopen(syslogf_ce.u.string, "a"); + if (!of) { + ulogd_log(ULOGD_FATAL, "can't open syslogemu: %s\n", + strerror(errno)); + exit(2); + } +#endif + if (printpkt_init()) { + ulogd_log(ULOGD_ERROR, "can't resolve all keyhash id's\n"); + } + + return 1; +} + +static void fini_logemu(void) { + if (of != stdout) + fclose(of); +} + +static ulog_output_t logemu_op = { + .name = "syslogemu", + .init = &init_logemu, + .fini = &fini_logemu, + .output = &_output_logemu, + .signal = &signal_handler_logemu, +}; + +void _init(void) +{ + register_output(&logemu_op); +} diff --git a/extensions/ulogd_OPRINT.c b/extensions/ulogd_OPRINT.c new file mode 100644 index 0000000..ed34382 --- /dev/null +++ b/extensions/ulogd_OPRINT.c @@ -0,0 +1,149 @@ +/* ulogd_MAC.c, Version $Revision$ + * + * ulogd output target for logging to a file + * + * (C) 2000-2001 by Harald Welte + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * $Id$ + * + */ + +#include +#include +#include +#include +#include + +#ifndef ULOGD_OPRINT_DEFAULT +#define ULOGD_OPRINT_DEFAULT "/var/log/ulogd.pktlog" +#endif + +#define NIPQUAD(addr) \ + ((unsigned char *)&addr)[0], \ + ((unsigned char *)&addr)[1], \ + ((unsigned char *)&addr)[2], \ + ((unsigned char *)&addr)[3] + +#define HIPQUAD(addr) \ + ((unsigned char *)&addr)[3], \ + ((unsigned char *)&addr)[2], \ + ((unsigned char *)&addr)[1], \ + ((unsigned char *)&addr)[0] + +static FILE *of = NULL; + +static int _output_print(ulog_iret_t *res) +{ + ulog_iret_t *ret; + + fprintf(of, "===>PACKET BOUNDARY\n"); + for (ret = res; ret; ret = ret->cur_next) { + fprintf(of,"%s=", ret->key); + switch (ret->type) { + case ULOGD_RET_STRING: + fprintf(of, "%s\n", (char *) ret->value.ptr); + break; + case ULOGD_RET_BOOL: + case ULOGD_RET_INT8: + case ULOGD_RET_INT16: + case ULOGD_RET_INT32: + fprintf(of, "%d\n", ret->value.i32); + break; + case ULOGD_RET_UINT8: + case ULOGD_RET_UINT16: + case ULOGD_RET_UINT32: + fprintf(of, "%u\n", ret->value.ui32); + break; + case ULOGD_RET_IPADDR: + fprintf(of, "%u.%u.%u.%u\n", + HIPQUAD(ret->value.ui32)); + break; + case ULOGD_RET_NONE: + fprintf(of, "\n"); + break; + default: + fprintf(of, "\n"); + break; + } + } + return 0; +} + +static config_entry_t outf_ce = { + .key = "file", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_NONE, + .u = { .string = ULOGD_OPRINT_DEFAULT } +}; + +static void sighup_handler_print(int signal) +{ + FILE *old=of; + + switch (signal) { + case SIGHUP: + ulogd_log(ULOGD_NOTICE, "PKTLOG: reopening logfile\n"); + of = fopen(outf_ce.u.string, "a"); + if (!of) { + ulogd_log(ULOGD_FATAL, "can't open PKTLOG: %s\n", + strerror(errno)); + of=old; + } else { + fclose(old); + } + break; + default: + break; + } +} + +static int oprint_init(void) +{ +#ifdef DEBUG + of = stdout; +#else + config_parse_file("OPRINT", &outf_ce); + + of = fopen(outf_ce.u.string, "a"); + if (!of) { + ulogd_log(ULOGD_FATAL, "can't open PKTLOG: %s\n", + strerror(errno)); + exit(2); + } +#endif + return 0; +} + +static void oprint_fini(void) +{ + if (of != stdout) + fclose(of); + + return; +} + +static ulog_output_t oprint_op = { + .name = "oprint", + .output = &_output_print, + .signal = &sighup_handler_print, + .init = &oprint_init, + .fini = &oprint_fini, +}; + +void _init(void) +{ + register_output(&oprint_op); +} diff --git a/extensions/ulogd_PWSNIFF.c b/extensions/ulogd_PWSNIFF.c new file mode 100644 index 0000000..d205cdd --- /dev/null +++ b/extensions/ulogd_PWSNIFF.c @@ -0,0 +1,167 @@ +/* ulogd_PWSNIFF.c, Version $Revision$ + * + * ulogd logging interpreter for POP3 / FTP like plaintext passwords. + * + * (C) 2000-2003 by Harald Welte + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * $Id$ + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include "chtons.h" +#include + +#ifdef DEBUG_PWSNIFF +#define DEBUGP(x) ulogd_log(ULOGD_DEBUG, x) +#else +#define DEBUGP(format, args...) +#endif + + +#define PORT_POP3 110 +#define PORT_FTP 21 + +static u_int16_t pwsniff_ports[] = { + __constant_htons(PORT_POP3), + __constant_htons(PORT_FTP), + /* feel free to include any other ports here, provided that their + * user/password syntax is the same */ +}; + +#define PWSNIFF_MAX_PORTS 2 + +static char *_get_next_blank(char* begp, char *endp) +{ + char *ptr; + + for (ptr = begp; ptr < endp; ptr++) { + if (*ptr == ' ' || *ptr == '\n' || *ptr == '\r') { + return ptr-1; + } + } + return NULL; +} + +static ulog_iret_t *_interp_pwsniff(ulog_interpreter_t *ip, ulog_packet_msg_t *pkt) +{ + struct iphdr *iph = (struct iphdr *) pkt->payload; + void *protoh = (u_int32_t *)iph + iph->ihl; + struct tcphdr *tcph = protoh; + u_int32_t tcplen = ntohs(iph->tot_len) - iph->ihl * 4; + unsigned char *ptr, *begp, *pw_begp, *endp, *pw_endp; + ulog_iret_t *ret = ip->result; + int len, pw_len, i, cont = 0; + + len = pw_len = 0; + begp = pw_begp = NULL; + + if (iph->protocol != IPPROTO_TCP) + return NULL; + + for (i = 0; i < PWSNIFF_MAX_PORTS; i++) + { + if (tcph->dest == pwsniff_ports[i]) { + cont = 1; + break; + } + } + if (!cont) + return NULL; + + DEBUGP("----> pwsniff detected, tcplen=%d, struct=%d, iphtotlen=%d, ihl=%d\n", tcplen, sizeof(struct tcphdr), ntohs(iph->tot_len), iph->ihl); + + for (ptr = (unsigned char *) tcph + sizeof(struct tcphdr); + ptr < (unsigned char *) tcph + tcplen; ptr++) + { + if (!strncasecmp((char *)ptr, "USER ", 5)) { + begp = ptr+5; + endp = (unsigned char *)_get_next_blank((char *)begp, (char *)tcph + tcplen); + if (endp) + len = endp - begp + 1; + } + if (!strncasecmp((char *)ptr, "PASS ", 5)) { + pw_begp = ptr+5; + pw_endp = (unsigned char *)_get_next_blank((char *)pw_begp, + (char *)tcph + tcplen); + if (pw_endp) + pw_len = pw_endp - pw_begp + 1; + } + } + + if (len) { + ret[0].value.ptr = (char *) malloc(len+1); + ret[0].flags |= ULOGD_RETF_VALID; + if (!ret[0].value.ptr) { + ulogd_log(ULOGD_ERROR, "OOM (size=%u)\n", len); + return NULL; + } + strncpy(ret[0].value.ptr, (char *)begp, len); + *((char *)ret[0].value.ptr + len) = '\0'; + } + if (pw_len) { + ret[1].value.ptr = (char *) malloc(pw_len+1); + ret[1].flags |= ULOGD_RETF_VALID; + if (!ret[1].value.ptr){ + ulogd_log(ULOGD_ERROR, "OOM (size=%u)\n", pw_len); + return NULL; + } + strncpy(ret[1].value.ptr, (char *)pw_begp, pw_len); + *((char *)ret[1].value.ptr + pw_len) = '\0'; + + } + return ret; +} + +static ulog_iret_t pwsniff_rets[] = { + { .type = ULOGD_RET_STRING, + .flags = ULOGD_RETF_FREE, + .key = "pwsniff.user", + }, + { .type = ULOGD_RET_STRING, + .flags = ULOGD_RETF_FREE, + .key = "pwsniff.pass", + }, +}; + +static ulog_interpreter_t base_ip[] = { + { .name = "pwsniff", + .interp = &_interp_pwsniff, + .key_num = 2, + .result = pwsniff_rets }, + { NULL, "", 0, NULL, 0, NULL }, +}; + +static void _base_reg_ip(void) +{ + ulog_interpreter_t *ip = base_ip; + ulog_interpreter_t *p; + + for (p = ip; p->interp; p++) + register_interpreter(p); +} + + +void _init(void) +{ + _base_reg_ip(); +} diff --git a/extensions/ulogd_SYSLOG.c b/extensions/ulogd_SYSLOG.c new file mode 100644 index 0000000..3b8dd44 --- /dev/null +++ b/extensions/ulogd_SYSLOG.c @@ -0,0 +1,149 @@ +/* ulogd_SYSLOG.c, Version $Revision$ + * + * ulogd output target for real syslog() logging + * + * This target produces a syslog entries identical to the LOG target. + * + * (C) 2003 by Harald Welte + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * $Id$ + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include "printpkt.h" + +#ifndef SYSLOG_FACILITY_DEFAULT +#define SYSLOG_FACILITY_DEFAULT "LOG_KERN" +#endif + +#ifndef SYSLOG_LEVEL_DEFAULT +#define SYSLOG_LEVEL_DEFAULT "LOG_NOTICE" +#endif + +static config_entry_t facility_ce = { + .key = "facility", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_NONE, + .u = { .string = SYSLOG_FACILITY_DEFAULT } +}; + +static config_entry_t level_ce = { + .next = &facility_ce, + .key = "level", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_NONE, + .u = { .string = SYSLOG_LEVEL_DEFAULT } +}; + +static int syslog_level, syslog_facility; + +static int _output_syslog(ulog_iret_t *res) +{ + static char buf[4096]; + + printpkt_print(res, buf, 0); + syslog(syslog_level|syslog_facility, buf); + + return 0; +} + +static int syslog_init(void) +{ + /* FIXME: error handling */ + config_parse_file("SYSLOG", &level_ce); + + if (!strcmp(facility_ce.u.string, "LOG_DAEMON")) + syslog_facility = LOG_DAEMON; + else if (!strcmp(facility_ce.u.string, "LOG_KERN")) + syslog_facility = LOG_KERN; + else if (!strcmp(facility_ce.u.string, "LOG_LOCAL0")) + syslog_facility = LOG_LOCAL0; + else if (!strcmp(facility_ce.u.string, "LOG_LOCAL1")) + syslog_facility = LOG_LOCAL1; + else if (!strcmp(facility_ce.u.string, "LOG_LOCAL2")) + syslog_facility = LOG_LOCAL2; + else if (!strcmp(facility_ce.u.string, "LOG_LOCAL3")) + syslog_facility = LOG_LOCAL3; + else if (!strcmp(facility_ce.u.string, "LOG_LOCAL4")) + syslog_facility = LOG_LOCAL4; + else if (!strcmp(facility_ce.u.string, "LOG_LOCAL5")) + syslog_facility = LOG_LOCAL5; + else if (!strcmp(facility_ce.u.string, "LOG_LOCAL6")) + syslog_facility = LOG_LOCAL6; + else if (!strcmp(facility_ce.u.string, "LOG_LOCAL7")) + syslog_facility = LOG_LOCAL7; + else if (!strcmp(facility_ce.u.string, "LOG_USER")) + syslog_facility = LOG_USER; + else { + ulogd_log(ULOGD_FATAL, "unknown facility '%s'\n", + facility_ce.u.string); + exit(2); + } + + if (!strcmp(level_ce.u.string, "LOG_EMERG")) + syslog_level = LOG_EMERG; + else if (!strcmp(level_ce.u.string, "LOG_ALERT")) + syslog_level = LOG_ALERT; + else if (!strcmp(level_ce.u.string, "LOG_CRIT")) + syslog_level = LOG_CRIT; + else if (!strcmp(level_ce.u.string, "LOG_ERR")) + syslog_level = LOG_ERR; + else if (!strcmp(level_ce.u.string, "LOG_WARNING")) + syslog_level = LOG_WARNING; + else if (!strcmp(level_ce.u.string, "LOG_NOTICE")) + syslog_level = LOG_NOTICE; + else if (!strcmp(level_ce.u.string, "LOG_INFO")) + syslog_level = LOG_INFO; + else if (!strcmp(level_ce.u.string, "LOG_DEBUG")) + syslog_level = LOG_DEBUG; + else { + ulogd_log(ULOGD_FATAL, "unknown level '%s'\n", + level_ce.u.string); + exit(2); + } + + openlog("ulogd", LOG_NDELAY|LOG_PID, syslog_facility); + + return 0; +} + +static void syslog_fini(void) +{ + closelog(); +} + +static ulog_output_t syslog_op = { + .name = "syslog", + .init = &syslog_init, + .fini = &syslog_fini, + .output = &_output_syslog, +}; + + +void _init(void) +{ + if (printpkt_init()) + ulogd_log(ULOGD_ERROR, "can't resolve all keyhash id's\n"); + + register_output(&syslog_op); +} diff --git a/include/ulogd/conffile.h b/include/ulogd/conffile.h new file mode 100644 index 0000000..4a390d2 --- /dev/null +++ b/include/ulogd/conffile.h @@ -0,0 +1,66 @@ +/* config file parser functions + * + * (C) 2000 by Harald Welte + * + * $Id: conffile.h,v 1.2 2001/05/26 23:19:28 laforge Exp $ + * + * This code is distributed under the terms of GNU GPL */ + +#ifndef _CONFFILE_H +#define _CONFFILE_H + +#include + +/* errors returned by config functions */ +enum { + ERRNONE = 0, + ERROPEN, /* unable to open config file */ + ERROOM, /* out of memory */ + ERRMULT, /* non-multiple option occured more than once */ + ERRMAND, /* mandatory option not found */ + ERRUNKN, /* unknown config key */ + ERRSECTION, /* section not found */ +}; + +/* maximum line lenght of config file entries */ +#define LINE_LEN 255 + +/* maximum lenght of config key name */ +#define CONFIG_KEY_LEN 30 + +/* maximum lenght of string config value */ +#define CONFIG_VAL_STRING_LEN 225 + +/* valid config types */ +#define CONFIG_TYPE_INT 0x0001 +#define CONFIG_TYPE_STRING 0x0002 +#define CONFIG_TYPE_CALLBACK 0x0003 + +/* valid config options */ +#define CONFIG_OPT_NONE 0x0000 +#define CONFIG_OPT_MANDATORY 0x0001 +#define CONFIG_OPT_MULTI 0x0002 + +typedef struct config_entry { + struct config_entry *next; /* the next one in linked list */ + char key[CONFIG_KEY_LEN]; /* name of config directive */ + u_int8_t type; /* type; see above */ + u_int8_t options; /* options; see above */ + u_int8_t hit; /* found? */ + union { + char string[CONFIG_VAL_STRING_LEN]; + int value; + int (*parser)(char *argstr); + } u; +} config_entry_t; + +/* if an error occurs, config_errce is set to the erroneous ce */ +extern config_entry_t *config_errce; + +/* tell us the name of the config file */ +int config_register_file(const char *file); + +/* parse the config file */ +int config_parse_file(const char *section, config_entry_t *keys); + +#endif /* ifndef _CONFFILE_H */ diff --git a/include/ulogd/ulogd.h b/include/ulogd/ulogd.h new file mode 100644 index 0000000..36816dc --- /dev/null +++ b/include/ulogd/ulogd.h @@ -0,0 +1,162 @@ +#ifndef _ULOGD_H +#define _ULOGD_H +/* ulogd, Version $Revision$ + * + * userspace logging daemon for netfilter ULOG target + * of the linux 2.4 netfilter subsystem. + * + * (C) 2000 by Harald Welte + * + * this code is released under the terms of GNU GPL + * + * $Id$ + */ + +#include +#include +#include /* need this because of extension-sighandler */ + +/* All types with MSB = 1 make use of value.ptr + * other types use one of the union's member */ + +/* types without length */ +#define ULOGD_RET_NONE 0x0000 + +#define ULOGD_RET_INT8 0x0001 +#define ULOGD_RET_INT16 0x0002 +#define ULOGD_RET_INT32 0x0003 +#define ULOGD_RET_INT64 0x0004 + +#define ULOGD_RET_UINT8 0x0011 +#define ULOGD_RET_UINT16 0x0012 +#define ULOGD_RET_UINT32 0x0013 +#define ULOGD_RET_UINT64 0x0014 + +#define ULOGD_RET_BOOL 0x0050 + +#define ULOGD_RET_IPADDR 0x0100 + +/* types with length field */ +#define ULOGD_RET_STRING 0x8020 +#define ULOGD_RET_RAW 0x8030 + + +/* FLAGS */ +#define ULOGD_RETF_NONE 0x0000 +#define ULOGD_RETF_VALID 0x0001 /* contains a valid result */ +#define ULOGD_RETF_FREE 0x0002 /* ptr needs to be free()d */ + + +/* maximum length of ulogd key */ +#define ULOGD_MAX_KEYLEN 32 + +#define ULOGD_DEBUG 1 /* debugging information */ +#define ULOGD_INFO 3 +#define ULOGD_NOTICE 5 /* abnormal/unexpected condition */ +#define ULOGD_ERROR 7 /* error condition, requires user action */ +#define ULOGD_FATAL 8 /* fatal, program aborted */ + +typedef struct ulog_iret { + /* next interpreter return (key) in the global list */ + struct ulog_iret *next; + /* next interpreter in linked list for current result */ + struct ulog_iret *cur_next; + /* length of the returned value (only for lengthed types */ + u_int32_t len; + /* type of the returned value (ULOGD_IRET_...) */ + u_int16_t type; + /* flags (i.e. free, ...) */ + u_int16_t flags; + /* name of this key */ + char key[ULOGD_MAX_KEYLEN]; + /* and finally the returned value */ + union { + u_int8_t b; + u_int8_t ui8; + u_int16_t ui16; + u_int32_t ui32; + u_int64_t ui64; + int8_t i8; + int16_t i16; + int32_t i32; + int64_t i64; + void *ptr; + } value; +} ulog_iret_t; + +typedef struct ulog_interpreter { + /* next interpreter in old-style linked list */ + struct ulog_interpreter *next; + /* name of this interpreter (predefined by plugin) */ + char name[ULOGD_MAX_KEYLEN]; + /* ID for this interpreter (dynamically assigned) */ + unsigned int id; + /* function to call for each packet */ + ulog_iret_t* (*interp)(struct ulog_interpreter *ip, + ulog_packet_msg_t *pkt); + /* number of keys this interpreter has */ + unsigned int key_num; + /* keys of this particular interpreter */ + ulog_iret_t *result; +} ulog_interpreter_t; + +typedef struct ulog_output { + /* next output in the linked list */ + struct ulog_output *next; + /* name of this ouput plugin */ + char name[ULOGD_MAX_KEYLEN]; + /* callback for initialization */ + int (*init)(void); + /* callback for de-initialization */ + void (*fini)(void); + /* callback function */ + int (*output)(ulog_iret_t *ret); + /* callback function for signals (SIGHUP, ..) */ + void (*signal)(int signal); +} ulog_output_t; + +/* entries of the key hash */ +struct ulogd_keyh_entry { + ulog_interpreter_t *interp; /* interpreter for this key */ + unsigned int offset; /* offset within interpreter */ + const char *name; /* name of this particular key */ +}; + +/*********************************************************************** + * PUBLIC INTERFACE + ***********************************************************************/ + +/* register a new interpreter plugin */ +void register_interpreter(ulog_interpreter_t *me); + +/* register a new output target */ +void register_output(ulog_output_t *me); + +/* allocate a new ulog_iret_t */ +ulog_iret_t *alloc_ret(const u_int16_t type, const char*); + +/* write a message to the daemons' logfile */ +void __ulogd_log(int level, char *file, int line, const char *message, ...); +/* macro for logging including filename and line number */ +#define ulogd_log(level, format, args...) \ + __ulogd_log(level, __FILE__, __LINE__, format, ## args) +/* backwards compatibility */ +#define ulogd_error(format, args...) ulogd_log(ULOGD_ERROR, format, ## args) + +/* get an interpreter hash id by name */ +unsigned int interh_getid(const char *name); + +/* get a key id if you have the name */ +unsigned int keyh_getid(const char *name); + +/* get a result for a given key id */ +ulog_iret_t *keyh_getres(unsigned int id); + +/* the key hash itself */ +extern struct ulogd_keyh_entry *ulogd_keyh; + +#define IS_VALID(x) (x.flags & ULOGD_RETF_VALID) + +#define SET_VALID(x) (x.flags |= ULOGD_RETF_VALID) + +#endif /* _ULOGD_H */ diff --git a/install-sh b/install-sh new file mode 100755 index 0000000..e9de238 --- /dev/null +++ b/install-sh @@ -0,0 +1,251 @@ +#!/bin/sh +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. It can only install one file at a time, a restriction +# shared with many OS's install programs. + + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +transformbasename="" +transform_arg="" +instcmd="$mvprog" +chmodcmd="$chmodprog 0755" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src="" +dst="" +dir_arg="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + -t=*) transformarg=`echo $1 | sed 's/-t=//'` + shift + continue;; + + -b=*) transformbasename=`echo $1 | sed 's/-b=//'` + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + # this colon is to work around a 386BSD /bin/sh bug + : + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +else + true +fi + +if [ x"$dir_arg" != x ]; then + dst=$src + src="" + + if [ -d $dst ]; then + instcmd=: + chmodcmd="" + else + instcmd=mkdir + fi +else + +# Waiting for this to be detected by the "$instcmd $src $dsttmp" command +# might cause directories to be created, which would be especially bad +# if $src (and thus $dsttmp) contains '*'. + + if [ -f $src -o -d $src ] + then + true + else + echo "install: $src does not exist" + exit 1 + fi + + if [ x"$dst" = x ] + then + echo "install: no destination specified" + exit 1 + else + true + fi + +# If destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + + if [ -d $dst ] + then + dst="$dst"/`basename $src` + else + true + fi +fi + +## this sed command emulates the dirname command +dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` + +# Make sure that the destination directory exists. +# this part is taken from Noah Friedman's mkinstalldirs script + +# Skip lots of stat calls in the usual case. +if [ ! -d "$dstdir" ]; then +defaultIFS=' +' +IFS="${IFS-${defaultIFS}}" + +oIFS="${IFS}" +# Some sh's can't handle IFS=/ for some reason. +IFS='%' +set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` +IFS="${oIFS}" + +pathcomp='' + +while [ $# -ne 0 ] ; do + pathcomp="${pathcomp}${1}" + shift + + if [ ! -d "${pathcomp}" ] ; + then + $mkdirprog "${pathcomp}" + else + true + fi + + pathcomp="${pathcomp}/" +done +fi + +if [ x"$dir_arg" != x ] +then + $doit $instcmd $dst && + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi +else + +# If we're going to rename the final executable, determine the name now. + + if [ x"$transformarg" = x ] + then + dstfile=`basename $dst` + else + dstfile=`basename $dst $transformbasename | + sed $transformarg`$transformbasename + fi + +# don't allow the sed command to completely eliminate the filename + + if [ x"$dstfile" = x ] + then + dstfile=`basename $dst` + else + true + fi + +# Make a temp file name in the proper directory. + + dsttmp=$dstdir/#inst.$$# + +# Move or copy the file name to the temp name + + $doit $instcmd $src $dsttmp && + + trap "rm -f ${dsttmp}" 0 && + +# and set any options; do chmod last to preserve setuid bits + +# If any of these fail, we abort the whole thing. If we want to +# ignore errors from any of these, just make sure not to ignore +# errors from the above "$doit $instcmd $src $dsttmp" command. + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && + +# Now rename the file to the real destination. + + $doit $rmcmd -f $dstdir/$dstfile && + $doit $mvcmd $dsttmp $dstdir/$dstfile + +fi && + + +exit 0 diff --git a/iptables/Makefile b/iptables/Makefile deleted file mode 100644 index 64a6b73..0000000 --- a/iptables/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -CFLAGS = -DNETFILTER_VERSION=\"1.1.1\" -fPIC - -libipt_ULOG.so: libipt_ULOG_sh.o - ld -shared libipt_ULOG_sh.o -o libipt_ULOG.so - -libipt_ULOG_sh.o: libipt_ULOG.c - gcc $(CFLAGS) -include ../kernel/ipt_ULOG.h -c libipt_ULOG.c -o libipt_ULOG_sh.o - -clean: - rm -f libipt_ULOG_sh.o libipt_ULOG.so diff --git a/iptables/libipt_ULOG.c b/iptables/libipt_ULOG.c deleted file mode 100644 index fd44a50..0000000 --- a/iptables/libipt_ULOG.c +++ /dev/null @@ -1,207 +0,0 @@ -/* Shared library add-on to iptables to add ULOG support. - * - * (C) 2000 by Harald Welte - * - * multipart netlink support based on ideas by Sebastian Zander - * - * - * This software is released under the terms of GNU GPL - * - * $Id: libipt_ULOG.c,v 1.6 2001/01/30 11:17:26 laforge Exp $ - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define ULOG_DEFAULT_NLGROUP 1 -#define ULOG_DEFAULT_QTHRESHOLD 1 - - -void print_groups(unsigned int gmask) -{ - int b; - unsigned int test; - - for (b = 31; b >= 0; b--) { - test = (1 << b); - if (gmask & test) - printf("%d ", b + 1); - } -} - -/* Function which prints out usage message. */ -static void help(void) -{ - printf("ULOG v%s options:\n" - " --ulog-nlgroup nlgroup NETLINK group used for logging\n" - " --ulog-cprange size Bytes of each packet to be passed\n" - " --ulog-qthreshold Threshold of in-kernel queue\n" - " --ulog-prefix prefix Prefix log messages with this prefix.\n\n", - NETFILTER_VERSION); -} - -static struct option opts[] = { - {"ulog-nlgroup", 1, 0, '!'}, - {"ulog-prefix", 1, 0, '#'}, - {"ulog-cprange", 1, 0, 'A'}, - {"ulog-qthreshold", 1, 0, 'B'}, - {0} -}; - -/* Initialize the target. */ -static void init(struct ipt_entry_target *t, unsigned int *nfcache) -{ - struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) t->data; - - loginfo->nl_group = ULOG_DEFAULT_NLGROUP; - loginfo->qthreshold = ULOG_DEFAULT_QTHRESHOLD; - - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; -} - -#define IPT_LOG_OPT_NLGROUP 0x01 -#define IPT_LOG_OPT_PREFIX 0x02 -#define IPT_LOG_OPT_CPRANGE 0x04 -#define IPT_LOG_OPT_QTHRESHOLD 0x08 - -/* Function which parses command options; returns true if it - ate an option */ -static int parse(int c, char **argv, int invert, unsigned int *flags, - const struct ipt_entry *entry, - struct ipt_entry_target **target) -{ - struct ipt_ulog_info *loginfo = - (struct ipt_ulog_info *) (*target)->data; - int group_d; - - switch (c) { - case '!': - if (*flags & IPT_LOG_OPT_NLGROUP) - exit_error(PARAMETER_PROBLEM, - "Can't specify --ulog-nlgroup twice"); - - if (check_inverse(optarg, &invert)) - exit_error(PARAMETER_PROBLEM, - "Unexpected `!' after --ulog-nlgroup"); - group_d = atoi(optarg); - if (group_d > 32 || group_d < 1) - exit_error(PARAMETER_PROBLEM, - "--ulog-nlgroup has to be between 1 and 32"); - - loginfo->nl_group = (1 << (group_d - 1)); - - *flags |= IPT_LOG_OPT_NLGROUP; - break; - - case '#': - if (*flags & IPT_LOG_OPT_PREFIX) - exit_error(PARAMETER_PROBLEM, - "Can't specify --ulog-prefix twice"); - - if (check_inverse(optarg, &invert)) - exit_error(PARAMETER_PROBLEM, - "Unexpected `!' after --ulog-prefix"); - - if (strlen(optarg) > sizeof(loginfo->prefix) - 1) - exit_error(PARAMETER_PROBLEM, - "Maximum prefix length %u for --ulog-prefix", - sizeof(loginfo->prefix) - 1); - - strcpy(loginfo->prefix, optarg); - *flags |= IPT_LOG_OPT_PREFIX; - break; - case 'A': - if (*flags & IPT_LOG_OPT_CPRANGE) - exit_error(PARAMETER_PROBLEM, - "Can't specify --ulog-cprange twice"); - if (atoi(optarg) < 0) - exit_error(PARAMETER_PROBLEM, - "Negative copy range?"); - loginfo->copy_range = atoi(optarg); - *flags |= IPT_LOG_OPT_CPRANGE; - break; - case 'B': - if (*flags & IPT_LOG_OPT_QTHRESHOLD) - exit_error(PARAMETER_PROBLEM, - "Can't specify --ulog-qthreshold twice"); - if (atoi(optarg) < 1) - exit_error(PARAMETER_PROBLEM, - "Negative or zero queue threshold ?"); - if (atoi(optarg) > ULOG_MAX_QLEN) - exit_error(PARAMETER_PROBLEM, - "Maximum queue length exceeded"); - loginfo->qthreshold = atoi(optarg); - *flags |= IPT_LOG_OPT_QTHRESHOLD; - break; - } - return 1; -} - -/* Final check; nothing. */ -static void final_check(unsigned int flags) -{ -} - -/* Saves the union ipt_targinfo in parsable form to stdout. */ -static void save(const struct ipt_ip *ip, - const struct ipt_entry_target *target) -{ - const struct ipt_ulog_info *loginfo - = (const struct ipt_ulog_info *) target->data; - - if (strcmp(loginfo->prefix, "") != 0) - printf("--ulog-prefix %s ", loginfo->prefix); - - if (loginfo->nl_group != ULOG_DEFAULT_NLGROUP) { - printf("--ulog-nlgroup "); - print_groups(loginfo->nl_group); - printf("\n"); - } - if (loginfo->copy_range) - printf("--ulog-cprange %d ", loginfo->copy_range); - - if (loginfo->qthreshold != ULOG_DEFAULT_QTHRESHOLD) - printf("--ulog-qthreshold %d ", loginfo->qthreshold); -} - -/* Prints out the targinfo. */ -static void -print(const struct ipt_ip *ip, - const struct ipt_entry_target *target, int numeric) -{ - const struct ipt_ulog_info *loginfo - = (const struct ipt_ulog_info *) target->data; - - printf("ULOG "); - printf("copy_range %d nlgroup ", loginfo->copy_range); - print_groups(loginfo->nl_group); - if (strcmp(loginfo->prefix, "") != 0) - printf("prefix `%s' ", loginfo->prefix); - printf("queue_threshold %d ", loginfo->qthreshold); -} - -struct iptables_target ulog = { NULL, - "ULOG", - NETFILTER_VERSION, - IPT_ALIGN(sizeof(struct ipt_ulog_info)), - IPT_ALIGN(sizeof(struct ipt_ulog_info)), - &help, - &init, - &parse, - &final_check, - &print, - &save, - opts -}; - -void _init(void) -{ - register_target(&ulog); -} diff --git a/kernel-ULOG-2.4.0-test4.diff b/kernel-ULOG-2.4.0-test4.diff deleted file mode 100644 index f4a5501..0000000 --- a/kernel-ULOG-2.4.0-test4.diff +++ /dev/null @@ -1,229 +0,0 @@ -diff -Nru linux-2.4.0-test4-plain/Documentation/Configure.help linux-2.4.0-test4-work/Documentation/Configure.help ---- linux-2.4.0-test4-plain/Documentation/Configure.help Thu Jul 13 18:42:51 2000 -+++ linux-2.4.0-test4-work/Documentation/Configure.help Sun Jul 30 21:56:01 2000 -@@ -2010,6 +2010,16 @@ - If you want to compile it as a module, say M here and read - Documentation/modules.txt. If unsure, say `N'. - -+ULOG target support -+CONFIG_IP_NF_TARGET_ULOG -+ This option adds a `ULOG' target, which allows you to create rules in -+ any iptables table. The packet is passed to one or more userspace logging -+ daemon using netlink multicast sockets. Logging is no longer forced to -+ be in syslog, but can be done by any userspace process. -+ -+ If you want to compile it as a module, say M here and read -+ Documentation/modules.txt. If unsure, say `N'. -+ - ipchains (2.2-style) support - CONFIG_IP_NF_COMPAT_IPCHAINS - This option places ipchains (with masquerading and redirection -diff -Nru linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h ---- linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h Thu Jan 1 01:00:00 1970 -+++ linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h Sun Jul 30 22:11:07 2000 -@@ -0,0 +1,36 @@ -+#ifndef _IPT_ULOG_H -+#define _IPT_ULOG_H -+ -+#ifdef __KERNEL__ -+#include -+#endif -+ -+#define ULOG_MAC_LEN 80 -+ -+ -+/* just until this is in netfilter.h */ -+#ifndef NETLINK_NFLOG -+#define NETLINK_NFLOG 25 -+#endif -+ -+struct ipt_ulog_info { -+ unsigned char logflags; -+ unsigned int nl_group; -+ char prefix[30]; -+}; -+ -+typedef struct ulog_packet_msg { -+ unsigned long mark; -+ long timestamp_sec; -+ long timestamp_usec; -+ unsigned int hook; -+ char indev_name[IFNAMSIZ]; -+ char outdev_name[IFNAMSIZ]; -+ size_t data_len; -+ char prefix[30]; -+ unsigned char mac_len; -+ unsigned char mac[ULOG_MAC_LEN]; -+ unsigned char payload[0]; -+} ulog_packet_msg_t; -+ -+#endif /*_IPT_ULOG_H*/ -diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in ---- linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in Mon Mar 27 20:35:56 2000 -+++ linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in Sun Jul 30 21:47:35 2000 -@@ -51,6 +51,7 @@ - dep_tristate ' MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE - fi - dep_tristate ' LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES -+ dep_tristate ' ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES - fi - - # Backwards compatibility modules: only if you don't build in the others. -diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile ---- linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile Mon Mar 27 20:35:56 2000 -+++ linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile Sun Jul 30 22:02:16 2000 -@@ -197,6 +197,14 @@ - endif - endif - -+ifeq ($(CONFIG_IP_NF_TARGET_ULOG),y) -+O_OBJS += ipt_ULOG.o -+else -+ ifeq ($(CONFIG_IP_NF_TARGET_ULOG),m) -+ M_OBJS += ipt_ULOG.o -+ endif -+endif -+ - ifeq ($(CONFIG_IP_NF_COMPAT_IPCHAINS),y) - O_OBJS += ipchains_core.o $(IP_NF_COMPAT_LAYER) - else -diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c ---- linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c Thu Jan 1 01:00:00 1970 -+++ linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c Sun Jul 30 21:45:44 2000 -@@ -0,0 +1,136 @@ -+/* -+ * netfilter module for userspace packet logging daemons -+ * -+ * (C) 2000 by Harald Welte -+ * -+ * Released under the terms of the GPL -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#define NETLINK_NFLOG 25 -+#define ULOG_NL_EVENT 111 -+ -+#if 1 -+#define DEBUGP printk -+#else -+#define DEBUGP(format, args ...) -+#endif -+ -+struct sock *nflognl; -+ -+static void nflog_rcv(struct sock *sk, int len) -+{ -+ printk("nflog_rcv: did receive netlink message ?!?\n"); -+} -+ -+static unsigned int ipt_ulog_target( -+ struct sk_buff **pskb, -+ unsigned int hooknum, -+ const struct net_device *in, -+ const struct net_device *out, -+ const void *targinfo, -+ void *userinfo) -+{ -+ ulog_packet_msg_t *pm; -+ size_t size; -+ struct sk_buff *nlskb; -+ unsigned char *old_tail; -+ struct nlmsghdr *nlh; -+ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *)targinfo; -+ -+ /* calculate the size of the skb needed */ -+ -+ size = NLMSG_SPACE(sizeof(*pm) + (*pskb)->len); -+ nlskb = alloc_skb(size, GFP_ATOMIC); -+ if (!nlskb) -+ goto nlmsg_failure; -+ -+ old_tail = nlskb->tail; -+ nlh = NLMSG_PUT(nlskb, 0, 0, ULOG_NL_EVENT, size - sizeof(*nlh)); -+ pm = NLMSG_DATA(nlh); -+ -+ /* copy hook, prefix, timestamp, payload, etc. */ -+ -+ pm->data_len = (*pskb)->len; -+ pm->timestamp_sec = (*pskb)->stamp.tv_sec; -+ pm->timestamp_usec = (*pskb)->stamp.tv_usec; -+ pm->mark = (*pskb)->nfmark; -+ pm->hook = hooknum; -+ if (loginfo->prefix) -+ strcpy(pm->prefix, loginfo->prefix); -+ -+ if (in && !out) -+ { -+ if ((*pskb)->dev && (*pskb)->dev->hard_header_len > 0 -+ && (*pskb)->dev->hard_header_len <= ULOG_MAC_LEN) -+ { -+ memcpy(pm->mac, (*pskb)->mac.raw, (*pskb)->dev->hard_header_len); -+ pm->mac_len = (*pskb)->dev->hard_header_len; -+ } -+ -+ } -+/* -+ if (in) strcpy(pm->indev_name, in->name); -+ else pm->indev_name[0] = '\0'; -+*/ -+ if ((*pskb)->len) -+ memcpy(pm->payload, (*pskb)->data, (*pskb)->len); -+ nlh->nlmsg_len = nlskb->tail - old_tail; -+ NETLINK_CB(nlskb).dst_groups = loginfo->nl_group; -+ DEBUGP("ipt_ULOG: going to throw out a packet to netlink groupmask %u\n", loginfo->nl_group); -+ netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group, GFP_ATOMIC); -+ -+ return IPT_CONTINUE; -+ -+nlmsg_failure: -+ if (nlskb) -+ kfree(nlskb); -+ printk("ipt_ULOG: Error building netlink message\n"); -+ return IPT_CONTINUE; -+ -+} -+ -+static int ipt_ulog_checkentry( -+ const char *tablename, -+ const struct ipt_entry *e, -+ void *targinfo, -+ unsigned int targinfosize, -+ unsigned int hookmask) -+{ -+ return 1; -+} -+ -+ -+static struct ipt_target ipt_ulog_reg = -+ { { NULL, NULL }, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL, -+ THIS_MODULE }; -+ -+static int __init init(void) -+{ -+ DEBUGP("ipt_ULOG: init module\n"); -+ nflognl = netlink_kernel_create(NETLINK_NFLOG, nflog_rcv); -+ if (ipt_register_target(&ipt_ulog_reg)) -+ return -EINVAL; -+ -+ return 0; -+} -+ -+static void __exit fini(void) -+{ -+ DEBUGP("ipt_ULOG: cleanup_module\n"); -+ ipt_unregister_target(&ipt_ulog_reg); -+} -+ -+module_init(init); -+module_exit(fini); diff --git a/kernel-ULOG1-to-ULOG2.diff b/kernel-ULOG1-to-ULOG2.diff deleted file mode 100644 index a690e05..0000000 --- a/kernel-ULOG1-to-ULOG2.diff +++ /dev/null @@ -1,210 +0,0 @@ -diff -Nru linux-2.4.0-test4-ulog1/include/linux/netfilter_ipv4/ipt_ULOG.h linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h ---- linux-2.4.0-test4-ulog1/include/linux/netfilter_ipv4/ipt_ULOG.h Mon Jul 31 13:31:51 2000 -+++ linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h Mon Jul 31 17:17:04 2000 -@@ -7,6 +7,7 @@ - struct ipt_ulog_info - { - unsigned int nl_group; -+ size_t copy_range; - char prefix[ULOG_PREFIX_LEN]; - }; - -diff -Nru linux-2.4.0-test4-ulog1/net/ipv4/netfilter/ipt_ULOG.c linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c ---- linux-2.4.0-test4-ulog1/net/ipv4/netfilter/ipt_ULOG.c Mon Jul 31 13:31:51 2000 -+++ linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c Mon Jul 31 13:41:57 2000 -@@ -4,6 +4,8 @@ - * (C) 2000 by Harald Welte - * - * Released under the terms of the GPL -+ * -+ * ipt_ULOG.c,v 1.4 2000/07/31 11:41:06 laforge Exp - */ - - #include -@@ -15,15 +17,17 @@ - #include - #include - #include -+#include - #include - #include -+#include - --#define ULOG_NL_EVENT 111 /* Harald's favorite number */ -+#define ULOG_NL_EVENT 111 /* Harald's favorite number */ - - #if 0 - #define DEBUGP printk - #else --#define DEBUGP(format, args ...) -+#define DEBUGP(format, args...) - #endif - - static struct sock *nflognl; -@@ -33,35 +37,38 @@ - printk("nflog_rcv: did receive netlink message ?!?\n"); - } - --static unsigned int ipt_ulog_target( -- struct sk_buff **pskb, -- unsigned int hooknum, -- const struct net_device *in, -- const struct net_device *out, -- const void *targinfo, -- void *userinfo) -+static unsigned int ipt_ulog_target(struct sk_buff **pskb, -+ unsigned int hooknum, -+ const struct net_device *in, -+ const struct net_device *out, -+ const void *targinfo, void *userinfo) - { - ulog_packet_msg_t *pm; -- size_t size; -+ size_t size, copy_len; - struct sk_buff *nlskb; - unsigned char *old_tail; - struct nlmsghdr *nlh; -- struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *)targinfo; -+ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; - - /* calculate the size of the skb needed */ -- -- size = NLMSG_SPACE(sizeof(*pm) + (*pskb)->len); -+ if ((loginfo->copy_range == 0) || -+ (loginfo->copy_range > (*pskb)->len)) { -+ copy_len = (*pskb)->len; -+ } else { -+ copy_len = loginfo->copy_range; -+ } -+ size = NLMSG_SPACE(sizeof(*pm) + copy_len); - nlskb = alloc_skb(size, GFP_ATOMIC); - if (!nlskb) - goto nlmsg_failure; -- -+ - old_tail = nlskb->tail; - nlh = NLMSG_PUT(nlskb, 0, 0, ULOG_NL_EVENT, size - sizeof(*nlh)); - pm = NLMSG_DATA(nlh); -- -+ - /* copy hook, prefix, timestamp, payload, etc. */ - -- pm->data_len = (*pskb)->len; -+ pm->data_len = copy_len; - pm->timestamp_sec = (*pskb)->stamp.tv_sec; - pm->timestamp_usec = (*pskb)->stamp.tv_usec; - pm->mark = (*pskb)->nfmark; -@@ -70,52 +77,57 @@ - strcpy(pm->prefix, loginfo->prefix); - - if (in && in->hard_header_len > 0 -- && (*pskb)->mac.raw != (*pskb)->nh.iph -+ && (*pskb)->mac.raw != (void *) (*pskb)->nh.iph - && in->hard_header_len <= ULOG_MAC_LEN) { - memcpy(pm->mac, (*pskb)->mac.raw, in->hard_header_len); - pm->mac_len = in->hard_header_len; - } - -- if (in) strcpy(pm->indev_name, in->name); -- else pm->indev_name[0] = '\0'; -+ if (in) -+ strcpy(pm->indev_name, in->name); -+ else -+ pm->indev_name[0] = '\0'; -+ -+ if (out) -+ strcpy(pm->outdev_name, out->name); -+ else -+ pm->outdev_name[0] = '\0'; - -- if (out) strcpy(pm->outdev_name, out->name); -- else pm->outdev_name[0] = '\0'; -- -- if ((*pskb)->len) -- memcpy(pm->payload, (*pskb)->data, (*pskb)->len); -+ if (copy_len) -+ memcpy(pm->payload, (*pskb)->data, copy_len); - nlh->nlmsg_len = nlskb->tail - old_tail; - NETLINK_CB(nlskb).dst_groups = loginfo->nl_group; -- DEBUGP("ipt_ULOG: going to throw a packet to netlink groupmask %u\n", -- loginfo->nl_group); -- netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group, GFP_ATOMIC); -+ DEBUGP -+ ("ipt_ULOG: going to throw a packet to netlink groupmask %u\n", -+ loginfo->nl_group); -+ netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group, -+ GFP_ATOMIC); - - return IPT_CONTINUE; - --nlmsg_failure: -+ nlmsg_failure: - if (nlskb) -- kfree(nlskb); -+ kfree(nlskb); - printk("ipt_ULOG: Error building netlink message\n"); - return IPT_CONTINUE; - } - --static int ipt_ulog_checkentry( -- const char *tablename, -- const struct ipt_entry *e, -- void *targinfo, -- unsigned int targinfosize, -- unsigned int hookmask) -+static int ipt_ulog_checkentry(const char *tablename, -+ const struct ipt_entry *e, -+ void *targinfo, -+ unsigned int targinfosize, -+ unsigned int hookmask) - { -- struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *)targinfo; -+ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; - -- if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ulog_info))) { -- DEBUGP("ULOG: targinfosize %u != 0\n", targinfosize); -- return 0; -- } -+ if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ulog_info))) { -+ DEBUGP("ULOG: targinfosize %u != 0\n", targinfosize); -+ return 0; -+ } - -- if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') { -+ if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { - DEBUGP("ULOG: prefix term %i\n", -- loginfo->prefix[sizeof(loginfo->prefix)-1]); -+ loginfo->prefix[sizeof(loginfo->prefix) - 1]); - return 0; - } - -@@ -123,8 +135,9 @@ - } - - static struct ipt_target ipt_ulog_reg = -- { { NULL, NULL }, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL, -- THIS_MODULE }; -+ { {NULL, NULL}, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL, -+THIS_MODULE -+}; - - static int __init init(void) - { -@@ -134,7 +147,7 @@ - return -ENOMEM; - - if (ipt_register_target(&ipt_ulog_reg) != 0) { -- sock_release(nflognl->socket); -+ sock_release(nflognl->socket); - return -EINVAL; - } - -@@ -144,7 +157,7 @@ - static void __exit fini(void) - { - DEBUGP("ipt_ULOG: cleanup_module\n"); -- -+ - ipt_unregister_target(&ipt_ulog_reg); - sock_release(nflognl->socket); - } diff --git a/kernel/Makefile b/kernel/Makefile deleted file mode 100644 index 801561c..0000000 --- a/kernel/Makefile +++ /dev/null @@ -1,8 +0,0 @@ -CFLAGS = -D__KERNEL__ -march=i586 -DMODULE -DMODVERSIONS -include /usr/src/linux/include/linux/modversions.h -include ./ipt_ULOG.h -I/usr/src/linux/include -Wall -O2 -fomit-frame-pointer - - -ipt_ULOG.o: ipt_ULOG.c Makefile - gcc $(CFLAGS) -c ipt_ULOG.c - -clean: - rm -f *.o diff --git a/kernel/ipt_ULOG.c b/kernel/ipt_ULOG.c deleted file mode 100644 index 90b5a8e..0000000 --- a/kernel/ipt_ULOG.c +++ /dev/null @@ -1,370 +0,0 @@ -/* - * netfilter module for userspace packet logging daemons - * - * (C) 2000-2002 by Harald Welte - * - * 2000/09/22 ulog-cprange feature added - * 2001/01/04 in-kernel queue as proposed by Sebastian Zander - * - * 2001/01/30 per-rule nlgroup conflicts with global queue. - * nlgroup now global (sysctl) - * 2001/04/19 ulog-queue reworked, now fixed buffer size specified at - * module loadtime -HW - * 2002/07/07 remove broken nflog_rcv() function -HW - * 2002/08/29 fix shifted/unshifted nlgroup bug -HW - * 2002/10/30 fix uninitialized mac_len field - - * - * Released under the terms of the GPL - * - * This module accepts two parameters: - * - * nlbufsiz: - * The parameter specifies how big the buffer for each netlink multicast - * group is. e.g. If you say nlbufsiz=8192, up to eight kb of packets will - * get accumulated in the kernel until they are sent to userspace. It is - * NOT possible to allocate more than 128kB, and it is strongly discouraged, - * because atomically allocating 128kB inside the network rx softirq is not - * reliable. Please also keep in mind that this buffer size is allocated for - * each nlgroup you are using, so the total kernel memory usage increases - * by that factor. - * - * flushtimeout: - * Specify, after how many clock ticks (intel: 100 per second) the queue - * should be flushed even if it is not full yet. - * - * $Id: ipt_ULOG.c,v 1.21 2002/08/29 10:54:34 laforge Exp $ - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Harald Welte "); -MODULE_DESCRIPTION("IP tables userspace logging module"); - -#define ULOG_NL_EVENT 111 /* Harald's favorite number */ -#define ULOG_MAXNLGROUPS 32 /* numer of nlgroups */ - -#if 0 -#define DEBUGP(format, args...) printk(__FILE__ ":" __FUNCTION__ ":" \ - format, ## args) -#else -#define DEBUGP(format, args...) -#endif - -#define PRINTR(format, args...) do { if (net_ratelimit()) printk(format, ## args); } while (0) - -static unsigned int nlbufsiz = 4096; -MODULE_PARM(nlbufsiz, "i"); -MODULE_PARM_DESC(nlbufsiz, "netlink buffer size"); - -static unsigned int flushtimeout = 10 * HZ; -MODULE_PARM(flushtimeout, "i"); -MODULE_PARM_DESC(flushtimeout, "buffer flush timeout"); - -/* global data structures */ - -typedef struct { - unsigned int qlen; /* number of nlmsgs' in the skb */ - struct nlmsghdr *lastnlh; /* netlink header of last msg in skb */ - struct sk_buff *skb; /* the pre-allocated skb */ - struct timer_list timer; /* the timer function */ -} ulog_buff_t; - -static ulog_buff_t ulog_buffers[ULOG_MAXNLGROUPS]; /* array of buffers */ - -static struct sock *nflognl; /* our socket */ -static size_t qlen; /* current length of multipart-nlmsg */ -DECLARE_LOCK(ulog_lock); /* spinlock */ - -/* send one ulog_buff_t to userspace */ -static void ulog_send(unsigned int nlgroupnum) -{ - ulog_buff_t *ub = &ulog_buffers[nlgroupnum]; - - if (timer_pending(&ub->timer)) { - DEBUGP("ipt_ULOG: ulog_send: timer was pending, deleting\n"); - del_timer(&ub->timer); - } - - /* last nlmsg needs NLMSG_DONE */ - if (ub->qlen > 1) - ub->lastnlh->nlmsg_type = NLMSG_DONE; - - NETLINK_CB(ub->skb).dst_groups = (1 << nlgroupnum); - DEBUGP("ipt_ULOG: throwing %d packets to netlink mask %u\n", - ub->qlen, nlgroup); - netlink_broadcast(nflognl, ub->skb, 0, (1 << nlgroupnum), GFP_ATOMIC); - - ub->qlen = 0; - ub->skb = NULL; - ub->lastnlh = NULL; - -} - - -/* timer function to flush queue in ULOG_FLUSH_INTERVAL time */ -static void ulog_timer(unsigned long data) -{ - DEBUGP("ipt_ULOG: timer function called, calling ulog_send\n"); - - /* lock to protect against somebody modifying our structure - * from ipt_ulog_target at the same time */ - LOCK_BH(&ulog_lock); - ulog_send(data); - UNLOCK_BH(&ulog_lock); -} - -struct sk_buff *ulog_alloc_skb(unsigned int size) -{ - struct sk_buff *skb; - - /* alloc skb which should be big enough for a whole - * multipart message. WARNING: has to be <= 131000 - * due to slab allocator restrictions */ - - skb = alloc_skb(nlbufsiz, GFP_ATOMIC); - if (!skb) { - PRINTR("ipt_ULOG: can't alloc whole buffer %ub!\n", - nlbufsiz); - - /* try to allocate only as much as we need for - * current packet */ - - skb = alloc_skb(size, GFP_ATOMIC); - if (!skb) - PRINTR("ipt_ULOG: can't even allocate %ub\n", size); - } - - return skb; -} - -static unsigned int ipt_ulog_target(struct sk_buff **pskb, - unsigned int hooknum, - const struct net_device *in, - const struct net_device *out, - const void *targinfo, void *userinfo) -{ - ulog_buff_t *ub; - ulog_packet_msg_t *pm; - size_t size, copy_len; - struct nlmsghdr *nlh; - struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; - - /* ffs == find first bit set, necessary because userspace - * is already shifting groupnumber, but we need unshifted. - * ffs() returns [1..32], we need [0..31] */ - unsigned int groupnum = ffs(loginfo->nl_group) - 1; - - /* calculate the size of the skb needed */ - if ((loginfo->copy_range == 0) || - (loginfo->copy_range > (*pskb)->len)) { - copy_len = (*pskb)->len; - } else { - copy_len = loginfo->copy_range; - } - - size = NLMSG_SPACE(sizeof(*pm) + copy_len); - - ub = &ulog_buffers[groupnum]; - - LOCK_BH(&ulog_lock); - - if (!ub->skb) { - if (!(ub->skb = ulog_alloc_skb(size))) - goto alloc_failure; - } else if (ub->qlen >= loginfo->qthreshold || - size > skb_tailroom(ub->skb)) { - /* either the queue len is too high or we don't have - * enough room in nlskb left. send it to userspace. */ - - ulog_send(groupnum); - - if (!(ub->skb = ulog_alloc_skb(size))) - goto alloc_failure; - } - - DEBUGP("ipt_ULOG: qlen %d, qthreshold %d\n", ub->qlen, - loginfo->qthreshold); - - /* NLMSG_PUT contains a hidden goto nlmsg_failure !!! */ - nlh = NLMSG_PUT(ub->skb, 0, ub->qlen, ULOG_NL_EVENT, - size - sizeof(*nlh)); - ub->qlen++; - - pm = NLMSG_DATA(nlh); - - /* copy hook, prefix, timestamp, payload, etc. */ - pm->data_len = copy_len; - pm->timestamp_sec = (*pskb)->stamp.tv_sec; - pm->timestamp_usec = (*pskb)->stamp.tv_usec; - pm->mark = (*pskb)->nfmark; - pm->hook = hooknum; - if (loginfo->prefix[0] != '\0') - strncpy(pm->prefix, loginfo->prefix, sizeof(pm->prefix)); - else - *(pm->prefix) = '\0'; - - if (in && in->hard_header_len > 0 - && (*pskb)->mac.raw != (void *) (*pskb)->nh.iph - && in->hard_header_len <= ULOG_MAC_LEN) { - memcpy(pm->mac, (*pskb)->mac.raw, in->hard_header_len); - pm->mac_len = in->hard_header_len; - } else - pm->mac_len = 0; - - if (in) - strncpy(pm->indev_name, in->name, sizeof(pm->indev_name)); - else - pm->indev_name[0] = '\0'; - - if (out) - strncpy(pm->outdev_name, out->name, sizeof(pm->outdev_name)); - else - pm->outdev_name[0] = '\0'; - - if (copy_len) - memcpy(pm->payload, (*pskb)->data, copy_len); - - /* check if we are building multi-part messages */ - if (ub->qlen > 1) { - ub->lastnlh->nlmsg_flags |= NLM_F_MULTI; - } - - /* if threshold is reached, send message to userspace */ - if (qlen >= loginfo->qthreshold) { - if (loginfo->qthreshold > 1) - nlh->nlmsg_type = NLMSG_DONE; - } - - ub->lastnlh = nlh; - - /* if timer isn't already running, start it */ - if (!timer_pending(&ub->timer)) { - ub->timer.expires = jiffies + flushtimeout; - add_timer(&ub->timer); - } - - UNLOCK_BH(&ulog_lock); - - return IPT_CONTINUE; - - -nlmsg_failure: - PRINTR("ipt_ULOG: error during NLMSG_PUT\n"); - -alloc_failure: - PRINTR("ipt_ULOG: Error building netlink message\n"); - - UNLOCK_BH(&ulog_lock); - - return IPT_CONTINUE; -} - -static int ipt_ulog_checkentry(const char *tablename, - const struct ipt_entry *e, - void *targinfo, - unsigned int targinfosize, - unsigned int hookmask) -{ - struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; - - if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ulog_info))) { - DEBUGP("ipt_ULOG: targinfosize %u != 0\n", targinfosize); - return 0; - } - - if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { - DEBUGP("ipt_ULOG: prefix term %i\n", - loginfo->prefix[sizeof(loginfo->prefix) - 1]); - return 0; - } - - if (loginfo->qthreshold > ULOG_MAX_QLEN) { - DEBUGP("ipt_ULOG: queue threshold %i > MAX_QLEN\n", - loginfo->qthreshold); - return 0; - } - - return 1; -} - -static struct ipt_target ipt_ulog_reg = - { {NULL, NULL}, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL, -THIS_MODULE -}; - -static int __init init(void) -{ - int i; - - DEBUGP("ipt_ULOG: init module\n"); - - if (nlbufsiz >= 128*1024) { - printk("Netlink buffer has to be <= 128kB\n"); - return -EINVAL; - } - - /* initialize ulog_buffers */ - for (i = 0; i < ULOG_MAXNLGROUPS; i++) { - memset(&ulog_buffers[i], 0, sizeof(ulog_buff_t)); - init_timer(&ulog_buffers[i].timer); - ulog_buffers[i].timer.function = ulog_timer; - ulog_buffers[i].timer.data = i; - } - - nflognl = netlink_kernel_create(NETLINK_NFLOG, NULL); - if (!nflognl) - return -ENOMEM; - - if (ipt_register_target(&ipt_ulog_reg) != 0) { - sock_release(nflognl->socket); - return -EINVAL; - } - - return 0; -} - -static void __exit fini(void) -{ - ulog_buff_t *ub; - int i; - - DEBUGP("ipt_ULOG: cleanup_module\n"); - - ipt_unregister_target(&ipt_ulog_reg); - sock_release(nflognl->socket); - - /* remove pending timers and free allocated skb's */ - for (i = 0; i < ULOG_MAXNLGROUPS; i++) { - ub = &ulog_buffers[i]; - if (timer_pending(&ub->timer)) { - DEBUGP("timer was pending, deleting\n"); - del_timer(&ub->timer); - } - - if (ub->skb) { - kfree_skb(ub->skb); - ub->skb = NULL; - } - } - -} - -module_init(init); -module_exit(fini); diff --git a/kernel/ipt_ULOG.h b/kernel/ipt_ULOG.h deleted file mode 100644 index a4d8b01..0000000 --- a/kernel/ipt_ULOG.h +++ /dev/null @@ -1,46 +0,0 @@ -/* Header file for IP tables userspace logging, Version $Revision: 1.8 $ - * - * (C) 2000-2002 by Harald Welte - * - * Distributed under the terms of GNU GPL */ - -#ifndef _IPT_ULOG_H -#define _IPT_ULOG_H - -#ifndef NETLINK_NFLOG -#define NETLINK_NFLOG 5 -#endif - -#define ULOG_MAC_LEN 80 -#define ULOG_PREFIX_LEN 32 - -#define ULOG_MAX_QLEN 50 -/* Why 50? Well... there is a limit imposed by the slab cache 131000 - * bytes. So the multipart netlink-message has to be < 131000 bytes. - * Assuming a standard ethernet-mtu of 1500, we could define this up - * to 80... but even 50 seems to be big enough. */ - -/* private data structure for each rule with a ULOG target */ -struct ipt_ulog_info { - unsigned int nl_group; - size_t copy_range; - size_t qthreshold; - char prefix[ULOG_PREFIX_LEN]; -}; - -/* Format of the ULOG packets passed through netlink */ -typedef struct ulog_packet_msg { - unsigned long mark; - long timestamp_sec; - long timestamp_usec; - unsigned int hook; - char indev_name[IFNAMSIZ]; - char outdev_name[IFNAMSIZ]; - size_t data_len; - char prefix[ULOG_PREFIX_LEN]; - unsigned char mac_len; - unsigned char mac[ULOG_MAC_LEN]; - unsigned char payload[0]; -} ulog_packet_msg_t; - -#endif /*_IPT_ULOG_H*/ diff --git a/libipulog/Makefile.in b/libipulog/Makefile.in new file mode 100644 index 0000000..52a3394 --- /dev/null +++ b/libipulog/Makefile.in @@ -0,0 +1,23 @@ +# + +include @top_srcdir@/Rules.make +CFLAGS+=-Iinclude -I/usr/src/linux/include + +libipulog.a: libipulog.o + $(LD) -i $< -o $@ + +distrib: + +ulog_test: ulog_test.c libipulog.a + $(CC) $(CFLAGS) ulog_test.c libipulog.a -o ulog_test + +libipulog.o: libipulog.c + $(CC) $(CFLAGS) -c $< -o $@ + +clean: + $(RM) ulog_test libipulog.o libipulog.a + +distclean: clean + $(RM) Makefile + +install: libipulog.a diff --git a/libipulog/include/libipulog/libipulog.h b/libipulog/include/libipulog/libipulog.h new file mode 100644 index 0000000..b3805d7 --- /dev/null +++ b/libipulog/include/libipulog/libipulog.h @@ -0,0 +1,58 @@ +#ifndef _LIBIPULOG_H +#define _LIBIPULOG_H + +/* $Id$ */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "linux/netfilter_ipv4/ipt_ULOG.h" + +/* FIXME: glibc sucks */ +#ifndef MSG_TRUNC +#define MSG_TRUNC 0x20 +#endif + +struct ipulog_handle; +extern int ipulog_errno; + +u_int32_t ipulog_group2gmask(u_int32_t group); + +struct ipulog_handle *ipulog_create_handle(u_int32_t gmask, u_int32_t rmem); + +void ipulog_destroy_handle(struct ipulog_handle *h); + +ssize_t ipulog_read(struct ipulog_handle *h, + unsigned char *buf, size_t len, int timeout); + +ulog_packet_msg_t *ipulog_get_packet(struct ipulog_handle *h, + const unsigned char *buf, + size_t len); + +char *ipulog_strerror(int errcode); + +void ipulog_perror(const char *s); + +enum +{ + IPULOG_ERR_NONE = 0, + IPULOG_ERR_IMPL, + IPULOG_ERR_HANDLE, + IPULOG_ERR_SOCKET, + IPULOG_ERR_BIND, + IPULOG_ERR_RECVBUF, + IPULOG_ERR_RECV, + IPULOG_ERR_NLEOF, + IPULOG_ERR_TRUNC, + IPULOG_ERR_INVGR, + IPULOG_ERR_INVNL, +}; +#define IPULOG_MAXERR IPULOG_ERR_INVNL + +#endif /* _LIBULOG_H */ diff --git a/libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h b/libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h new file mode 100644 index 0000000..de062cd --- /dev/null +++ b/libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h @@ -0,0 +1,62 @@ +/* Header file for IP tables userspace logging, Version 1.8 + * + * (C) 2000-2002 by Harald Welte + * + * Distributed under the terms of GNU GPL */ +#ifndef _IPT_ULOG_H +#define _IPT_ULOG_H + +#ifndef NETLINK_NFLOG +#define NETLINK_NFLOG 5 +#endif + +#define ULOG_DEFAULT_NLGROUP 1 +#define ULOG_DEFAULT_QTHRESHOLD 1 + +#define ULOG_MAC_LEN 80 +#define ULOG_PREFIX_LEN 32 + +#define ULOG_MAX_QLEN 50 +/* Why 50? Well... there is a limit imposed by the slab cache 131000 + * bytes. So the multipart netlink-message has to be < 131000 bytes. + * Assuming a standard ethernet-mtu of 1500, we could define this up + * to 80... but even 50 seems to be big enough. */ + +/* private data structure for each rule with a ULOG target */ +struct ipt_ulog_info { + unsigned int nl_group; +#ifdef KERNEL_64_USERSPACE_32 + unsigned long long copy_range; + unsigned long long qthreshold; +#else + size_t copy_range; + size_t qthreshold; +#endif + char prefix[ULOG_PREFIX_LEN]; +}; + +/* Format of the ULOG packets passed through netlink */ +typedef struct ulog_packet_msg { + unsigned long mark; +#ifdef KERNEL_64_USERSPACE_32 + long long timestamp_sec; + long long timestamp_usec; +#else + long timestamp_sec; + long timestamp_usec; +#endif + unsigned int hook; + char indev_name[IFNAMSIZ]; + char outdev_name[IFNAMSIZ]; +#ifdef KERNEL_64_USERSPACE_32 + unsigned long long data_len; +#else + size_t data_len; +#endif + char prefix[ULOG_PREFIX_LEN]; + unsigned char mac_len; + unsigned char mac[ULOG_MAC_LEN]; + unsigned char payload[0]; +} ulog_packet_msg_t; + +#endif /*_IPT_ULOG_H*/ diff --git a/libipulog/libipulog.c b/libipulog/libipulog.c new file mode 100644 index 0000000..415b712 --- /dev/null +++ b/libipulog/libipulog.c @@ -0,0 +1,256 @@ +/* + * libipulog.c, $Revision$ + * + * netfilter ULOG userspace library. + * + * (C) 2000-2001 by Harald Welte + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * This library is still under development, so be aware of sudden interface + * changes + * + * $Id$ + */ + +#include +#include +#include +#include +#include +#include + +struct ipulog_handle +{ + int fd; + u_int8_t blocking; + struct sockaddr_nl local; + struct sockaddr_nl peer; + struct nlmsghdr* last_nlhdr; +}; + +/* internal */ + + +int ipulog_errno = IPULOG_ERR_NONE; + +struct ipulog_errmap_t +{ + int errcode; + char *message; +} ipulog_errmap[] = +{ + { IPULOG_ERR_NONE, "No error" }, + { IPULOG_ERR_IMPL, "Not implemented yet" }, + { IPULOG_ERR_HANDLE, "Unable to create netlink handle" }, + { IPULOG_ERR_SOCKET, "Unable to create netlink socket" }, + { IPULOG_ERR_BIND, "Unable to bind netlink socket" }, + { IPULOG_ERR_RECVBUF, "Receive buffer size invalid" }, + { IPULOG_ERR_RECV, "Error during netlink receive" }, + { IPULOG_ERR_NLEOF, "Received EOF on netlink socket" }, + { IPULOG_ERR_TRUNC, "Receive message truncated" }, + { IPULOG_ERR_INVGR, "Invalid group specified" }, + { IPULOG_ERR_INVNL, "Invalid netlink message" }, +}; + +static ssize_t +ipulog_netlink_recvfrom(const struct ipulog_handle *h, + unsigned char *buf, size_t len) +{ + socklen_t addrlen; + int status; + struct nlmsghdr *nlh; + + if (len < sizeof(struct nlmsgerr)) { + ipulog_errno = IPULOG_ERR_RECVBUF; + return -1; + } + addrlen = sizeof(h->peer); + status = recvfrom(h->fd, buf, len, 0, (struct sockaddr *)&h->peer, + &addrlen); + if (status < 0) { + ipulog_errno = IPULOG_ERR_RECV; + return status; + } + if (addrlen != sizeof (h->peer)) { + ipulog_errno = IPULOG_ERR_RECV; + return -1; + } + if (h->peer.nl_pid != 0) { + ipulog_errno = IPULOG_ERR_RECV; + return -1; + } + if (status == 0) { + ipulog_errno = IPULOG_ERR_NLEOF; + return -1; + } + nlh = (struct nlmsghdr *)buf; + if (nlh->nlmsg_flags & MSG_TRUNC || status > len) { + ipulog_errno = IPULOG_ERR_TRUNC; + return -1; + } + return status; +} + +/* public */ + +char *ipulog_strerror(int errcode) +{ + if (errcode < 0 || errcode > IPULOG_MAXERR) + errcode = IPULOG_ERR_IMPL; + return ipulog_errmap[errcode].message; +} + +/* convert a netlink group (1-32) to a group_mask suitable for create_handle */ +u_int32_t ipulog_group2gmask(u_int32_t group) +{ + if (group < 1 || group > 32) + { + ipulog_errno = IPULOG_ERR_INVGR; + return 0; + } + return (1 << (group - 1)); +} + +/* create a ipulog handle for the reception of packets sent to gmask */ +struct ipulog_handle *ipulog_create_handle(u_int32_t gmask, + u_int32_t rcvbufsize) +{ + struct ipulog_handle *h; + int status; + + h = (struct ipulog_handle *) malloc(sizeof(struct ipulog_handle)); + if (h == NULL) + { + ipulog_errno = IPULOG_ERR_HANDLE; + return NULL; + } + memset(h, 0, sizeof(struct ipulog_handle)); + h->fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_NFLOG); + if (h->fd == -1) + { + ipulog_errno = IPULOG_ERR_SOCKET; + close(h->fd); + free(h); + return NULL; + } + memset(&h->local, 0, sizeof(struct sockaddr_nl)); + h->local.nl_family = AF_NETLINK; + h->local.nl_pid = getpid(); + h->local.nl_groups = gmask; + status = bind(h->fd, (struct sockaddr *)&h->local, sizeof(h->local)); + if (status == -1) + { + ipulog_errno = IPULOG_ERR_BIND; + close(h->fd); + free(h); + return NULL; + } + memset(&h->peer, 0, sizeof(struct sockaddr_nl)); + h->peer.nl_family = AF_NETLINK; + h->peer.nl_pid = 0; + h->peer.nl_groups = gmask; + + status = setsockopt(h->fd, SOL_SOCKET, SO_RCVBUF, &rcvbufsize, + sizeof(rcvbufsize)); + if (status == -1) + { + ipulog_errno = IPULOG_ERR_RECVBUF; + close(h->fd); + free(h); + return NULL; + } + + return h; +} + +/* destroy a ipulog handle */ +void ipulog_destroy_handle(struct ipulog_handle *h) +{ + close(h->fd); + free(h); +} + +#if 0 +int ipulog_set_mode() +{ +} +#endif + +/* do a BLOCKING read on an ipulog handle */ +ssize_t ipulog_read(struct ipulog_handle *h, unsigned char *buf, + size_t len, int timeout) +{ + return ipulog_netlink_recvfrom(h, buf, len); +} + +/* get a pointer to the actual start of the ipulog packet, + use this to strip netlink header */ +ulog_packet_msg_t *ipulog_get_packet(struct ipulog_handle *h, + const unsigned char *buf, + size_t len) +{ + struct nlmsghdr *nlh; + size_t remain_len; + + /* if last header in handle not inside this buffer, + * drop reference to last header */ + if ((unsigned char *)h->last_nlhdr > (buf + len) || + (unsigned char *)h->last_nlhdr < buf) { + h->last_nlhdr = NULL; + } + + if (!h->last_nlhdr) { + /* fist message in buffer */ + nlh = (struct nlmsghdr *) buf; + if (!NLMSG_OK(nlh, len)) { + /* ERROR */ + ipulog_errno = IPULOG_ERR_INVNL; + return NULL; + } + } else { + /* we are in n-th part of multilink message */ + if (h->last_nlhdr->nlmsg_type == NLMSG_DONE || + !(h->last_nlhdr->nlmsg_flags & NLM_F_MULTI)) { + /* if last part in multilink message, + * or no multipart message at all: return */ + h->last_nlhdr = NULL; + return NULL; + } + + /* calculate remaining lenght from lasthdr to end of buffer */ + remain_len = (len - + ((unsigned char *)h->last_nlhdr - buf)); + nlh = NLMSG_NEXT(h->last_nlhdr, remain_len); + } + + h->last_nlhdr = nlh; + + return NLMSG_DATA(nlh); +} + +/* print a human readable description of the last error to stderr */ +void ipulog_perror(const char *s) +{ + if (s) + fputs(s, stderr); + else + fputs("ERROR", stderr); + if (ipulog_errno) + fprintf(stderr, ": %s", ipulog_strerror(ipulog_errno)); + if (errno) + fprintf(stderr, ": %s", strerror(errno)); + fputc('\n', stderr); +} + diff --git a/libipulog/ulog_test.c b/libipulog/ulog_test.c new file mode 100644 index 0000000..792a793 --- /dev/null +++ b/libipulog/ulog_test.c @@ -0,0 +1,84 @@ +/* ulog_test, $Revision$ + * + * small testing program for libipulog, part of the netfilter ULOG target + * for the linux 2.4 netfilter subsystem. + * + * (C) 2000-2005 by Harald Welte + * + * this code is released under the terms of GNU GPL + * + * $Id$ + */ + +#include +#include +#include + +#define MYBUFSIZ 2048 + +/* prints some logging about a single packet */ +void handle_packet(ulog_packet_msg_t *pkt) +{ + unsigned char *p; + int i; + + printf("Hook=%u Mark=%lu len=%d ", + pkt->hook, pkt->mark, pkt->data_len); + if (strlen(pkt->prefix)) + printf("Prefix=%s ", pkt->prefix); + + if (pkt->mac_len) + { + printf("mac="); + p = pkt->mac; + for (i = 0; i < pkt->mac_len; i++, p++) + printf("%02x%c", *p, i==pkt->mac_len-1 ? ' ':':'); + } + printf("\n"); + +} + +int main(int argc, char *argv[]) +{ + struct ipulog_handle *h; + unsigned char* buf; + int len; + ulog_packet_msg_t *upkt; + int i; + + if (argc != 4) { + fprintf(stderr, "Usage: %s count group timeout\n", argv[0]); + exit(1); + } + + /* allocate a receive buffer */ + buf = (unsigned char *) malloc(MYBUFSIZ); + + /* create ipulog handle */ + h = ipulog_create_handle(ipulog_group2gmask(atoi(argv[2])),150000); + if (!h) + { + /* if some error occurrs, print it to stderr */ + ipulog_perror(NULL); + exit(1); + } + + alarm(atoi(argv[3])); + + /* loop receiving packets and handling them over to handle_packet */ + for (i = 0; i < atoi(argv[1]); i++) { + len = ipulog_read(h, buf, MYBUFSIZ, 1); + if (len <= 0) { + ipulog_perror("ulog_test: short read"); + exit(1); + } + printf("%d bytes received\n", len); + while (upkt = ipulog_get_packet(h, buf, len)) { + handle_packet(upkt); + } + } + + /* just to give it a cleaner look */ + ipulog_destroy_handle(h); + return 0; +} diff --git a/mysql/Makefile.in b/mysql/Makefile.in new file mode 100644 index 0000000..cbab843 --- /dev/null +++ b/mysql/Makefile.in @@ -0,0 +1,30 @@ +# + +# Normally You should not need to change anything below +# +include @top_srcdir@/Rules.make + +CFLAGS+=-I@top_srcdir@ -I@top_srcdir@/libipulog/include -I@top_srcdir@/include +SH_CFLAGS:=$(CFLAGS) -fPIC + +SHARED_LIBS=ulogd_MYSQL.so + +all: $(SHARED_LIBS) + +distrib: + +$(SHARED_LIBS): %.so: %_sh.o + $(LD) -shared $(MYSQL_LDFLAGS) -o $@ $< -lc + +%_sh.o: %.c + $(CC) $(MYSQL_CFLAGS) $(SH_CFLAGS) -o $@ -c $< + +clean: + $(RM) $(SHARED_LIBS) *.o + +distclean: + $(RM) Makefile + +install: all + $(INSTALL) -m 755 -d $(DESTDIR)$(ULOGD_LIB_PATH) + $(INSTALL) -m 755 *.so $(DESTDIR)$(ULOGD_LIB_PATH) diff --git a/mysql/ulogd_MYSQL.c b/mysql/ulogd_MYSQL.c new file mode 100644 index 0000000..b917ffa --- /dev/null +++ b/mysql/ulogd_MYSQL.c @@ -0,0 +1,525 @@ +/* ulogd_MYSQL.c, Version $Revision$ + * + * ulogd output plugin for logging to a MySQL database + * + * (C) 2000-2001 by Harald Welte + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * $Id$ + * + * 15 May 2001, Alex Janssen : + * Added a compability option for older MySQL-servers, which + * don't support mysql_real_escape_string + * + * 17 May 2001, Alex Janssen : + * Added the --with-mysql-log-ip-as-string feature. This will log + * IP's as string rather than an unsigned long integer to the database. + * See ulogd/doc/mysql.table.ipaddr-as-string as an example. + * BE WARNED: This has _WAY_ less performance during table searches. + * + * 09 Feb 2005, Sven Schuster : + * Added the "port" parameter to specify ports different from 3306 + * + * 12 May 2005, Jozsef Kadlecsik + * Added reconnecting to lost mysql server. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef DEBUG_MYSQL +#define DEBUGP(x, args...) fprintf(stderr, x, ## args) +#else +#define DEBUGP(x, args...) +#endif + +struct _field { + char name[ULOGD_MAX_KEYLEN]; + unsigned int id; + unsigned int str; + struct _field *next; +}; + +/* The plugin handler */ +static ulog_output_t mysql_plugin; + +/* the database handle we are using */ +static MYSQL *dbh; + +/* a linked list of the fields the table has */ +static struct _field *fields; + +/* buffer for our insert statement */ +static char *stmt; + +/* size of our insert statement buffer */ +static size_t stmt_siz; + +/* pointer to the beginning of the "VALUES" part */ +static char *stmt_val; + +/* pointer to current inser position in statement */ +static char *stmt_ins; + +#define STMT_ADD(pos, fmt...) \ + do { \ + if ((pos) >= stmt && stmt_siz > (pos) - stmt) \ + snprintf((pos), stmt_siz-((pos)-stmt), ##fmt); \ + } while(0) + +/* Attempt to reconnect if connection is lost */ +time_t reconnect = 0; +#define TIME_ERR ((time_t)-1) /* Be paranoid */ + +/* our configuration directives */ +static config_entry_t db_ce = { + .key = "db", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_MANDATORY, +}; + +static config_entry_t host_ce = { + .next = &db_ce, + .key = "host", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_MANDATORY, +}; + +static config_entry_t user_ce = { + .next = &host_ce, + .key = "user", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_MANDATORY, +}; + +static config_entry_t pass_ce = { + .next = &user_ce, + .key = "pass", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_MANDATORY, +}; + +static config_entry_t table_ce = { + .next = &pass_ce, + .key = "table", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_MANDATORY, +}; + +static config_entry_t port_ce = { + .next = &table_ce, + .key = "port", + .type = CONFIG_TYPE_INT, +}; + +static config_entry_t reconnect_ce = { + .next = &port_ce, + .key = "reconnect", + .type = CONFIG_TYPE_INT, +}; + +static config_entry_t connect_timeout_ce = { + .next = &reconnect_ce, + .key = "connect_timeout", + .type = CONFIG_TYPE_INT, +}; + +static int _mysql_init_db(ulog_iret_t *result); +static void _mysql_fini(void); + +/* our main output function, called by ulogd */ +static int mysql_output(ulog_iret_t *result) +{ + struct _field *f; + ulog_iret_t *res; +#ifdef IP_AS_STRING + char *tmpstr; /* need this for --log-ip-as-string */ + struct in_addr addr; +#endif + size_t esclen; + + if (stmt_val == NULL) { + _mysql_fini(); + return _mysql_init_db(result); + } + + stmt_ins = stmt_val; + + for (f = fields; f; f = f->next) { + res = keyh_getres(f->id); + + if (!res) { + ulogd_log(ULOGD_NOTICE, + "no result for %s ?!?\n", f->name); + } + + if (!res || !IS_VALID((*res))) { + /* no result, we have to fake something */ + STMT_ADD(stmt_ins,"NULL,"); + stmt_ins = stmt + strlen(stmt); + continue; + } + + switch (res->type) { + case ULOGD_RET_INT8: + STMT_ADD(stmt_ins,"%d,", res->value.i8); + break; + case ULOGD_RET_INT16: + STMT_ADD(stmt_ins,"%d,", res->value.i16); + break; + case ULOGD_RET_INT32: + STMT_ADD(stmt_ins,"%d,", res->value.i32); + break; + case ULOGD_RET_INT64: + STMT_ADD(stmt_ins,"%"PRId64",", res->value.i64); + break; + case ULOGD_RET_UINT8: + STMT_ADD(stmt_ins,"%u,", res->value.ui8); + break; + case ULOGD_RET_UINT16: + STMT_ADD(stmt_ins,"%u,", res->value.ui16); + break; + case ULOGD_RET_IPADDR: +#ifdef IP_AS_STRING + if (f->str) { + addr.s_addr = ntohl(res->value.ui32); + tmpstr = inet_ntoa(addr); + esclen = (strlen(tmpstr)*2) + 4; + if (stmt_siz <= (stmt_ins-stmt)+esclen){ + STMT_ADD(stmt_ins,"'',"); + break; + } + + *stmt_ins++ = '\''; +#ifdef OLD_MYSQL + mysql_escape_string(stmt_ins, + tmpstr, + strlen(tmpstr)); +#else + mysql_real_escape_string(dbh, + stmt_ins, + tmpstr, + strlen(tmpstr)); +#endif /* OLD_MYSQL */ + stmt_ins = stmt + strlen(stmt); + STMT_ADD(stmt_ins, "',"); + break; + } +#endif /* IP_AS_STRING */ + /* EVIL: fallthrough when logging IP as + * u_int32_t */ + case ULOGD_RET_UINT32: + STMT_ADD(stmt_ins, "%u,", res->value.ui32); + break; + case ULOGD_RET_UINT64: + STMT_ADD(stmt_ins,"%"PRIu64",",res->value.ui64); + break; + case ULOGD_RET_BOOL: + STMT_ADD(stmt_ins, "'%d',", res->value.b); + break; + case ULOGD_RET_STRING: + esclen = (strlen(res->value.ptr)*2) + 4; + if (stmt_siz <= (stmt_ins-stmt) + esclen) { + STMT_ADD(stmt_ins, "'',"); + break; + } + *stmt_ins++ = '\''; +#ifdef OLD_MYSQL + mysql_escape_string(stmt_ins, res->value.ptr, + strlen(res->value.ptr)); +#else + mysql_real_escape_string(dbh, stmt_ins, + res->value.ptr, strlen(res->value.ptr)); +#endif + stmt_ins = stmt + strlen(stmt); + STMT_ADD(stmt_ins,"',"); + break; + case ULOGD_RET_RAW: + ulogd_log(ULOGD_NOTICE, + "%s: type RAW not supported by MySQL\n", + res->key); + break; + default: + ulogd_log(ULOGD_NOTICE, + "unknown type %d for %s\n", + res->type, res->key); + break; + } + stmt_ins = stmt + strlen(stmt); + } + *(stmt_ins - 1) = ')'; + *stmt_ins = '\0'; + + DEBUGP("stmt=#%s#\n", stmt); + + /* now we have created our statement, insert it */ + + if (mysql_real_query(dbh, stmt, strlen(stmt))) { + ulogd_log(ULOGD_ERROR, "sql error during insert: %s\n", + mysql_error(dbh)); + _mysql_fini(); + return _mysql_init_db(result); + } + + return 0; +} + +/* no connection, plugin disabled */ +static int mysql_output_disabled(ulog_iret_t *result) +{ + return 0; +} + +#define MYSQL_INSERTTEMPL "insert into X (Y) values (Z)" +#define MYSQL_VALSIZE 100 + +/* create the static part of our insert statement */ +static int mysql_createstmt(void) +{ + struct _field *f; + char buf[ULOGD_MAX_KEYLEN]; + char *underscore; + + if (stmt) + free(stmt); + + /* caclulate the size for the insert statement */ + stmt_siz = strlen(MYSQL_INSERTTEMPL) + strlen(table_ce.u.string) + 1; + + for (f = fields; f; f = f->next) { + /* we need space for the key and a comma, as well as + * enough space for the values */ + stmt_siz += strlen(f->name) + 1 + MYSQL_VALSIZE; + } + + ulogd_log(ULOGD_DEBUG, "allocating %zu bytes for statement\n", + stmt_siz); + + stmt = (char *) malloc(stmt_siz); + + if (!stmt) { + stmt_val = NULL; + stmt_siz = 0; + ulogd_log(ULOGD_ERROR, "OOM!\n"); + return -1; + } + + snprintf(stmt, stmt_siz, "insert into %s (", table_ce.u.string); + stmt_val = stmt + strlen(stmt); + + for (f = fields; f; f = f->next) { + strncpy(buf, f->name, ULOGD_MAX_KEYLEN-1); + buf[ULOGD_MAX_KEYLEN-1] = '\0'; + while ((underscore = strchr(buf, '.'))) + *underscore = '_'; + STMT_ADD(stmt_val,"%s,", buf); + stmt_val = stmt + strlen(stmt); + } + *(stmt_val - 1) = ')'; + + STMT_ADD(stmt_val," values ("); + stmt_val = stmt + strlen(stmt); + + ulogd_log(ULOGD_DEBUG, "stmt='%s'\n", stmt); + + return 0; +} + +/* find out which columns the table has */ +static int mysql_get_columns(const char *table) +{ + MYSQL_RES *result; + MYSQL_FIELD *field; + char buf[ULOGD_MAX_KEYLEN]; + char *underscore; + struct _field *f; + int id; + + if (!dbh) + return -1; + + result = mysql_list_fields(dbh, table, NULL); + if (!result) + return -1; + + /* Cleanup before reconnect */ + while (fields) { + f = fields; + fields = f->next; + free(f); + } + + while ((field = mysql_fetch_field(result))) { + + /* replace all underscores with dots */ + strncpy(buf, field->name, ULOGD_MAX_KEYLEN-1); + buf[ULOGD_MAX_KEYLEN-1] = '\0'; + + while ((underscore = strchr(buf, '_'))) + *underscore = '.'; + + DEBUGP("field '%s' found: ", buf); + + if (!(id = keyh_getid(buf))) { + DEBUGP(" no keyid!\n"); + continue; + } + + DEBUGP("keyid %u\n", id); + + /* prepend it to the linked list */ + f = (struct _field *) malloc(sizeof *f); + if (!f) { + ulogd_log(ULOGD_ERROR, "OOM!\n"); + return -1; + } + strncpy(f->name, buf, ULOGD_MAX_KEYLEN-1); + f->name[ULOGD_MAX_KEYLEN-1] = '\0'; + f->id = id; + f->str = !IS_NUM(field->type); + f->next = fields; + fields = f; + } + + mysql_free_result(result); + return 0; +} + +/* make connection and select database */ +static int mysql_open_db(char *server, int port, char *user, char *pass, + char *db) +{ +#ifdef MYSQL_OPT_RECONNECT + my_bool trueval = 1; +#endif + dbh = mysql_init(NULL); + if (!dbh) + return -1; + + if (connect_timeout_ce.u.value) + mysql_options(dbh, MYSQL_OPT_CONNECT_TIMEOUT, + (const char *) &connect_timeout_ce.u.value); + +#ifdef MYSQL_OPT_RECONNECT +# if defined(MYSQL_VERSION_ID) && (MYSQL_VERSION_ID >= 50019) + mysql_options(dbh, MYSQL_OPT_RECONNECT, &trueval); +# endif +#endif + + + if (!mysql_real_connect(dbh, server, user, pass, db, port, NULL, 0)) + { + _mysql_fini(); + return -1; + } + +#ifdef MYSQL_OPT_RECONNECT +# if defined(MYSQL_VERSION_ID) && (MYSQL_VERSION_ID < 50019) + mysql_options(dbh, MYSQL_OPT_RECONNECT, &trueval); +# endif +#endif + + return 0; +} + +static int init_reconnect(void) +{ + if (reconnect_ce.u.value) { + reconnect = time(NULL); + if (reconnect != TIME_ERR) { + ulogd_log(ULOGD_ERROR, "no connection to database, " + "attempting to reconnect " + "after %u seconds\n", + reconnect_ce.u.value); + reconnect += reconnect_ce.u.value; + mysql_plugin.output = &_mysql_init_db; + return -1; + } + } + /* Disable plugin permanently */ + mysql_plugin.output = &mysql_output_disabled; + + return 0; +} + +static int _mysql_init_db(ulog_iret_t *result) +{ + if (reconnect && reconnect > time(NULL)) + return 0; + + if (mysql_open_db(host_ce.u.string, port_ce.u.value, user_ce.u.string, + pass_ce.u.string, db_ce.u.string)) { + ulogd_log(ULOGD_ERROR, "can't establish database connection\n"); + return init_reconnect(); + } + + /* read the fieldnames to know which values to insert */ + if (mysql_get_columns(table_ce.u.string)) { + ulogd_log(ULOGD_ERROR, "unable to get mysql columns\n"); + _mysql_fini(); + return init_reconnect(); + } + + if (mysql_createstmt()) + { + ulogd_log(ULOGD_ERROR, "unable to create mysql statement\n"); + _mysql_fini(); + return init_reconnect(); + } + + /* enable plugin */ + mysql_plugin.output = &mysql_output; + + reconnect = 0; + + if (result) + return mysql_output(result); + + return 0; +} + +static int _mysql_init(void) +{ + /* have the opts parsed */ + config_parse_file("MYSQL", &connect_timeout_ce); + + return _mysql_init_db(NULL); +} + +static void _mysql_fini(void) +{ + if (dbh) { + mysql_close(dbh); + dbh = NULL; + } +} + +static ulog_output_t mysql_plugin = { + .name = "mysql", + .output = &mysql_output, + .init = &_mysql_init, + .fini = &_mysql_fini, +}; + +void _init(void) +{ + register_output(&mysql_plugin); +} diff --git a/pcap/Makefile.in b/pcap/Makefile.in new file mode 100644 index 0000000..d469c2b --- /dev/null +++ b/pcap/Makefile.in @@ -0,0 +1,30 @@ +# +include @top_srcdir@/Rules.make + +CFLAGS+=-I@top_srcdir@ -I@top_srcdir@/libipulog/include -I@top_srcdir@/include +SH_CFLAGS:=$(CFLAGS) -fPIC + +# Normally You should not need to change anything below +# + +SHARED_LIBS=ulogd_PCAP.so + +all: $(SHARED_LIBS) + +distrib: + +$(SHARED_LIBS): %.so: %_sh.o + $(LD) -shared -o $@ $< -lc -lpcap + +%_sh.o: %.c + $(CC) $(SH_CFLAGS) -o $@ -c $< + +clean: + $(RM) $(SHARED_LIBS) *.o + +distclean: + $(RM) Makefile + +install: all + $(INSTALL) -m 755 -d $(DESTDIR)$(ULOGD_LIB_PATH) + $(INSTALL) -m 755 *.so $(DESTDIR)$(ULOGD_LIB_PATH) diff --git a/pcap/ulogd_PCAP.c b/pcap/ulogd_PCAP.c new file mode 100644 index 0000000..686fe47 --- /dev/null +++ b/pcap/ulogd_PCAP.c @@ -0,0 +1,286 @@ +/* ulogd_PCAP.c, Version $Revision$ + * + * ulogd output target for writing pcap-style files (like tcpdump) + * + * FIXME: descr. + * + * + * (C) 2002 by Harald Welte + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * $Id$ + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* + * This is a timeval as stored in disk in a dumpfile. + * It has to use the same types everywhere, independent of the actual + * `struct timeval' + */ + +struct pcap_timeval { + int32_t tv_sec; /* seconds */ + int32_t tv_usec; /* microseconds */ +}; + +/* + * How a `pcap_pkthdr' is actually stored in the dumpfile. + * + * Do not change the format of this structure, in any way (this includes + * changes that only affect the length of fields in this structure), + * and do not make the time stamp anything other than seconds and + * microseconds (e.g., seconds and nanoseconds). Instead: + * + * introduce a new structure for the new format; + * + * send mail to "tcpdump-workers@tcpdump.org", requesting a new + * magic number for your new capture file format, and, when + * you get the new magic number, put it in "savefile.c"; + * + * use that magic number for save files with the changed record + * header; + * + * make the code in "savefile.c" capable of reading files with + * the old record header as well as files with the new record header + * (using the magic number to determine the header format). + * + * Then supply the changes to "patches@tcpdump.org", so that future + * versions of libpcap and programs that use it (such as tcpdump) will + * be able to read your new capture file format. + */ + +struct pcap_sf_pkthdr { + struct pcap_timeval ts; /* time stamp */ + uint32_t caplen; /* length of portion present */ + uint32_t len; /* length this packet (off wire) */ +}; + +#ifndef ULOGD_PCAP_DEFAULT +#define ULOGD_PCAP_DEFAULT "/var/log/ulogd.pcap" +#endif + +#ifndef ULOGD_PCAP_SYNC_DEFAULT +#define ULOGD_PCAP_SYNC_DEFAULT 0 +#endif + +#define NIPQUAD(addr) \ + ((unsigned char *)&addr)[0], \ + ((unsigned char *)&addr)[1], \ + ((unsigned char *)&addr)[2], \ + ((unsigned char *)&addr)[3] + +static config_entry_t pcapf_ce = { + .key = "file", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_NONE, + .u = { .string = ULOGD_PCAP_DEFAULT } +}; + +static config_entry_t pcapsync_ce = { + .next = &pcapf_ce, + .key = "sync", + .type = CONFIG_TYPE_INT, + .options = CONFIG_OPT_NONE, + .u = { .value = ULOGD_PCAP_SYNC_DEFAULT } +}; + +static FILE *of = NULL; + +struct intr_id { + char* name; + unsigned int id; +}; + +#define INTR_IDS 5 +static struct intr_id intr_ids[INTR_IDS] = { + { "raw.pkt", 0 }, + { "raw.pktlen", 0 }, + { "ip.totlen", 0 }, + { "oob.time.sec", 0 }, + { "oob.time.usec", 0 }, +}; + +#define GET_VALUE(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].value +#define GET_FLAGS(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].flags + +static int pcap_output(ulog_iret_t *res) +{ + struct pcap_sf_pkthdr pchdr; + + pchdr.caplen = GET_VALUE(1).ui32; + pchdr.len = GET_VALUE(2).ui32; + + if (GET_FLAGS(3) & ULOGD_RETF_VALID + && GET_FLAGS(4) & ULOGD_RETF_VALID) { + pchdr.ts.tv_sec = GET_VALUE(3).ui32; + pchdr.ts.tv_usec = GET_VALUE(4).ui32; + } else { + /* use current system time */ + struct timeval tv; + gettimeofday(&tv, NULL); + + pchdr.ts.tv_sec = tv.tv_sec; + pchdr.ts.tv_usec = tv.tv_usec; + } + + if (fwrite(&pchdr, sizeof(pchdr), 1, of) != 1) { + ulogd_log(ULOGD_ERROR, "Error during write: %s\n", + strerror(errno)); + return 1; + } + if (fwrite(GET_VALUE(0).ptr, pchdr.caplen, 1, of) != 1) { + ulogd_log(ULOGD_ERROR, "Error during write: %s\n", + strerror(errno)); + return 1; + } + + if (pcapsync_ce.u.value) + fflush(of); + + return 0; +} + +/* stolen from libpcap savefile.c */ +#define LINKTYPE_RAW 101 +#define TCPDUMP_MAGIC 0xa1b2c3d4 + +static int write_pcap_header(void) +{ + struct pcap_file_header pcfh; + int ret; + + pcfh.magic = TCPDUMP_MAGIC; + pcfh.version_major = PCAP_VERSION_MAJOR; + pcfh.version_minor = PCAP_VERSION_MINOR; + pcfh.thiszone = timezone; + pcfh.sigfigs = 0; + pcfh.snaplen = 65535; /* we don't know the length in advance */ + pcfh.linktype = LINKTYPE_RAW; + + ret = fwrite(&pcfh, sizeof(pcfh), 1, of); + fflush(of); + + return ret; +} + +/* get all key id's for the keys we are intrested in */ +static int get_ids(void) +{ + int i; + struct intr_id *cur_id; + + for (i = 0; i < INTR_IDS; i++) { + cur_id = &intr_ids[i]; + cur_id->id = keyh_getid(cur_id->name); + if (!cur_id->id) { + ulogd_log(ULOGD_ERROR, + "Cannot resolve keyhash id for %s\n", + cur_id->name); + return 1; + } + } + return 0; +} + +void append_create_outfile(void) { + struct stat st_dummy; + int exist = 0; + + if (stat(pcapf_ce.u.string, &st_dummy) == 0 && st_dummy.st_size > 0) { + exist = 1; + } + + if (!exist) { + of = fopen(pcapf_ce.u.string, "w"); + if (!of) { + ulogd_log(ULOGD_FATAL, "can't open pcap file %s: %s\n", + pcapf_ce.u.string, strerror(errno)); + exit(2); + } + if (!write_pcap_header()) { + ulogd_log(ULOGD_FATAL, "can't write pcap header: %s\n", + strerror(errno)); + exit(2); + } + } else { + of = fopen(pcapf_ce.u.string, "a"); + if (!of) { + ulogd_log(ULOGD_FATAL, "can't open pcap file: %s\n", + strerror(errno)); + exit(2); + } + } +} + +static void pcap_signal_handler(int signal) +{ + switch (signal) { + case SIGHUP: + ulogd_log(ULOGD_NOTICE, "pcap: reopening capture file\n"); + fclose(of); + append_create_outfile(); + break; + default: + break; + } +} + +static int pcap_init(void) +{ + /* FIXME: error handling */ + config_parse_file("PCAP", &pcapsync_ce); + +#ifdef DEBUG_PCAP + of = stdout; +#else + append_create_outfile(); +#endif + return 0; +} + +static void pcap_fini(void) +{ + if (of) + fclose(of); +} + +static ulog_output_t pcap_op = { + .name = "pcap", + .init = &pcap_init, + .fini = &pcap_fini, + .output = &pcap_output, + .signal = &pcap_signal_handler, +}; + +void _init(void) +{ + if (get_ids()) { + ulogd_log(ULOGD_ERROR, "can't resolve all keyhash id's\n"); + } + + register_output(&pcap_op); +} diff --git a/pgsql/Makefile.in b/pgsql/Makefile.in new file mode 100644 index 0000000..a242e0d --- /dev/null +++ b/pgsql/Makefile.in @@ -0,0 +1,30 @@ +# + +# Normally You should not need to change anything below +# +include @top_srcdir@/Rules.make + +CFLAGS+=-I@top_srcdir@ -I@top_srcdir@/libipulog/include -I@top_srcdir@/include +SH_CFLAGS:=$(CFLAGS) -fPIC + +SHARED_LIBS=ulogd_PGSQL.so + +all: $(SHARED_LIBS) + +distrib: + +$(SHARED_LIBS): %.so: %_sh.o + $(LD) -shared $(PGSQL_LDFLAGS) -o $@ $< -lc + +%_sh.o: %.c + $(CC) $(PGSQL_CFLAGS) $(SH_CFLAGS) -o $@ -c $< + +clean: + $(RM) $(SHARED_LIBS) *.o + +distclean: + $(RM) Makefile + +install: all + $(INSTALL) -m 755 -d $(DESTDIR)$(ULOGD_LIB_PATH) + $(INSTALL) -m 755 *.so $(DESTDIR)$(ULOGD_LIB_PATH) diff --git a/pgsql/ulogd_PGSQL.c b/pgsql/ulogd_PGSQL.c new file mode 100644 index 0000000..695482a --- /dev/null +++ b/pgsql/ulogd_PGSQL.c @@ -0,0 +1,543 @@ +/* ulogd_PGSQL.c, Version $Revision$ + * + * ulogd output plugin for logging to a PGSQL database + * + * (C) 2000-2005 by Harald Welte + * This software is distributed under the terms of GNU GPL + * + * This plugin is based on the MySQL plugin made by Harald Welte. + * The support PostgreSQL were made by Jakab Laszlo. + * + */ + +#include +#include +#include +#include +#include +#include +#include + +#ifdef DEBUG_PGSQL +#define DEBUGP(x, args...) fprintf(stderr, x, ## args) +#else +#define DEBUGP(x, args...) +#endif + +struct _field { + char name[ULOGD_MAX_KEYLEN]; + unsigned int id; + unsigned int str; + struct _field *next; +}; + +/* the database handle we are using */ +static PGconn *dbh; + +/* a linked list of the fields the table has */ +static struct _field *fields; + +/* buffer for our insert statement */ +static char *stmt; + +/* size of our insert statement buffer */ +static size_t stmt_siz; + +/* pointer to the beginning of the "VALUES" part */ +static char *stmt_val; + +/* pointer to current inser position in statement */ +static char *stmt_ins; + +/* our configuration directives */ +static config_entry_t db_ce = { + .key = "db", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_MANDATORY, +}; + +static config_entry_t host_ce = { + .next = &db_ce, + .key = "host", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_NONE, +}; + +static config_entry_t user_ce = { + .next = &host_ce, + .key = "user", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_MANDATORY, +}; + +static config_entry_t pass_ce = { + .next = &user_ce, + .key = "pass", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_NONE, +}; + +static config_entry_t table_ce = { + .next = &pass_ce, + .key = "table", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_MANDATORY, +}; + +static config_entry_t schema_ce = { + .next = &table_ce, + .key = "schema", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_NONE, + .u = { .string = "public" }, +}; + +static config_entry_t port_ce = { + .next = &schema_ce, + .key = "port", + .type = CONFIG_TYPE_INT, + .options = CONFIG_OPT_NONE, +}; + +static unsigned char pgsql_have_schemas; + +#define STMT_ADD(pos,fmt...) \ + do { \ + if ((pos) >= stmt && stmt_siz > (pos) - stmt) \ + snprintf((pos), stmt_siz-((pos)-stmt), ##fmt); \ + } while(0) + +/* our main output function, called by ulogd */ +static int pgsql_output(ulog_iret_t *result) +{ + struct _field *f; + ulog_iret_t *res; + PGresult *pgres; +#ifdef IP_AS_STRING + char *tmpstr; /* need this for --log-ip-as-string */ + struct in_addr addr; +#endif + size_t esclen; + + if( stmt_val == NULL) + return 1; + + stmt_ins = stmt_val; + + for (f = fields; f; f = f->next) { + res = keyh_getres(f->id); + + if (!res) { + ulogd_log(ULOGD_NOTICE, + "no result for %s ?!?\n", f->name); + } + + if (!res || !IS_VALID((*res))) { + /* no result, we have to fake something */ + STMT_ADD(stmt_ins, "NULL,"); + stmt_ins = stmt + strlen(stmt); + continue; + } + + switch (res->type) { + case ULOGD_RET_INT8: + STMT_ADD(stmt_ins, "%d,", res->value.i8); + break; + case ULOGD_RET_INT16: + STMT_ADD(stmt_ins, "%d,", res->value.i16); + break; + case ULOGD_RET_INT32: + STMT_ADD(stmt_ins, "%d,", res->value.i32); + break; + case ULOGD_RET_INT64: + STMT_ADD(stmt_ins, "%"PRId64",",res->value.i64); + break; + case ULOGD_RET_UINT8: + STMT_ADD(stmt_ins, "%u,", res->value.ui8); + break; + case ULOGD_RET_UINT16: + STMT_ADD(stmt_ins, "%u,", res->value.ui16); + break; + case ULOGD_RET_IPADDR: +#ifdef IP_AS_STRING + if (f->str) { + addr.s_addr = ntohl(res->value.ui32); + tmpstr = (char *)inet_ntoa(addr); + esclen = (strlen(tmpstr)*2) + 4; + if (stmt_siz <= (stmt_ins-stmt)+esclen) + { + STMT_ADD(stmt_ins,"'',"); + break; + } + *stmt_ins++ = '\''; + PQescapeString(stmt_ins,tmpstr, + strlen(tmpstr)); + stmt_ins = stmt + strlen(stmt); + STMT_ADD(stmt_ins, "',"); + break; + } +#endif /* IP_AS_STRING */ + /* EVIL: fallthrough when logging IP as + * u_int32_t */ + + case ULOGD_RET_UINT32: + STMT_ADD(stmt_ins, "%u,", res->value.ui32); + break; + case ULOGD_RET_UINT64: + STMT_ADD(stmt_ins,"%"PRIu64",",res->value.ui64); + break; + case ULOGD_RET_BOOL: + STMT_ADD(stmt_ins, "'%d',", res->value.b); + break; + case ULOGD_RET_STRING: + esclen = (strlen(res->value.ptr)*2) + 4; + if (stmt_siz <= (stmt_ins-stmt) + esclen) { + STMT_ADD(stmt_ins, "'',"); + break; + } + *stmt_ins++ = '\''; + PQescapeString(stmt_ins,res->value.ptr, + strlen(res->value.ptr)); + stmt_ins = stmt + strlen(stmt); + STMT_ADD(stmt_ins, "',"); + break; + case ULOGD_RET_RAW: + ulogd_log(ULOGD_NOTICE, + "%s: pgsql doesn't support type RAW\n", + res->key); + STMT_ADD(stmt_ins, "NULL,"); + break; + default: + ulogd_log(ULOGD_NOTICE, + "unknown type %d for %s\n", + res->type, res->key); + break; + } + stmt_ins = stmt + strlen(stmt); + } + *(stmt_ins - 1) = ')'; + + DEBUGP("stmt=#%s#\n", stmt); + + /* now we have created our statement, insert it */ + /* Added code by Jaki */ + pgres = PQexec(dbh, stmt); + if(!pgres || PQresultStatus(pgres) != PGRES_COMMAND_OK) { + ulogd_log(ULOGD_ERROR, "sql error during insert: %s\n", + PQresultErrorMessage(pgres)); + return 1; + } + + PQclear(pgres); + + return 0; +} + +#define PGSQL_HAVE_NAMESPACE_TEMPLATE \ + "SELECT nspname FROM pg_namespace n WHERE n.nspname='%s'" + +/* Determine if server support schemas */ +static int pgsql_namespace(void) { + PGresult *result; + char pgbuf[strlen(PGSQL_HAVE_NAMESPACE_TEMPLATE)+ + strlen(schema_ce.u.string)+1]; + + if (!dbh) + return 1; + + snprintf(pgbuf, sizeof(pgbuf), PGSQL_HAVE_NAMESPACE_TEMPLATE, + schema_ce.u.string); + ulogd_log(ULOGD_DEBUG, "%s\n", pgbuf); + + result = PQexec(dbh, pgbuf); + if (!result) { + ulogd_log(ULOGD_DEBUG, "\n result false"); + return 1; + } + + if (PQresultStatus(result) == PGRES_TUPLES_OK) { + ulogd_log(ULOGD_DEBUG, "using schema %s\n", schema_ce.u.string); + pgsql_have_schemas = 1; + } else { + pgsql_have_schemas = 0; + } + + PQclear(result); + + return 0; +} + +#define PGSQL_INSERTTEMPL "insert into X (Y) values (Z)" +#define PGSQL_VALSIZE 100 + +/* create the static part of our insert statement */ +static int pgsql_createstmt(void) +{ + struct _field *f; + char buf[ULOGD_MAX_KEYLEN]; + char *underscore; + + if (stmt) { + ulogd_log(ULOGD_NOTICE, "createstmt called, but stmt" + " already existing\n"); + return 1; + } + + /* caclulate the size for the insert statement */ + stmt_siz = strlen(PGSQL_INSERTTEMPL) + + strlen(table_ce.u.string) + + strlen(schema_ce.u.string) + 1; + + for (f = fields; f; f = f->next) { + /* we need space for the key and a comma, as well as + * enough space for the values */ + stmt_siz += strlen(f->name) + 1 + PGSQL_VALSIZE; + } + + ulogd_log(ULOGD_DEBUG, "allocating %u bytes for statement\n", stmt_siz); + + stmt = (char *) malloc(stmt_siz); + + if (!stmt) { + stmt_siz = 0; + ulogd_log(ULOGD_ERROR, "OOM!\n"); + return 1; + } + + if (pgsql_have_schemas) { + snprintf(stmt, stmt_siz, "insert into %s.%s (", + schema_ce.u.string, table_ce.u.string); + } else { + snprintf(stmt, stmt_siz, "insert into %s (", + table_ce.u.string); + } + + stmt_val = stmt + strlen(stmt); + + for (f = fields; f; f = f->next) { + strncpy(buf, f->name, ULOGD_MAX_KEYLEN-1); + buf[ULOGD_MAX_KEYLEN-1] = '\0'; + while ((underscore = strchr(buf, '.'))) + *underscore = '_'; + STMT_ADD(stmt_val, "%s,", buf); + stmt_val = stmt + strlen(stmt); + } + *(stmt_val - 1) = ')'; + + STMT_ADD(stmt_val, " values ("); + stmt_val = stmt + strlen(stmt); + + ulogd_log(ULOGD_DEBUG, "stmt='%s'\n", stmt); + + return 0; +} + +#define PGSQL_GETCOLUMN_TEMPLATE \ + "SELECT a.attname,t.typname FROM pg_class c, pg_attribute a, "\ + "pg_type t WHERE c.relname ='%s' AND a.attnum>0 AND a.attrelid="\ + "c.oid AND a.atttypid=t.oid ORDER BY a.attnum" + +#define PGSQL_GETCOLUMN_TEMPLATE_SCHEMA "SELECT a.attname,t.typname FROM "\ + "pg_attribute a, pg_type t, pg_class c LEFT JOIN pg_namespace n ON "\ + "c.relnamespace=n.oid WHERE c.relname ='%s' AND n.nspname='%s' AND "\ + "a.attnum>0 AND a.attrelid=c.oid AND a.atttypid=t.oid AND "\ + "a.attisdropped=FALSE ORDER BY a.attnum" + +/* find out which columns the table has */ +static int pgsql_get_columns(const char *table) +{ + PGresult *result; + char buf[ULOGD_MAX_KEYLEN]; + char pgbuf[strlen(PGSQL_GETCOLUMN_TEMPLATE_SCHEMA)+ + strlen(table)+strlen(schema_ce.u.string)+2]; + char *underscore; + struct _field *f; + int id; + int intaux; + char *typename; + + if (!dbh) + return 1; + + if (pgsql_have_schemas) { + snprintf(pgbuf, sizeof(pgbuf)-1, + PGSQL_GETCOLUMN_TEMPLATE_SCHEMA, + table, schema_ce.u.string); + } else { + snprintf(pgbuf, sizeof(pgbuf)-1, + PGSQL_GETCOLUMN_TEMPLATE, table); + } + + ulogd_log(ULOGD_DEBUG, "%s\n", pgbuf); + + result = PQexec(dbh, pgbuf); + if (!result) { + ulogd_log(ULOGD_DEBUG, "\n result false"); + return 1; + } + + if (PQresultStatus(result) != PGRES_TUPLES_OK) { + ulogd_log(ULOGD_DEBUG, "\n pres_command_not_ok"); + return 1; + } + + for (intaux=0; intauxname, buf, ULOGD_MAX_KEYLEN-1); + f->name[ULOGD_MAX_KEYLEN-1] = '\0'; + f->id = id; + f->str = 0; + if( (typename = PQgetvalue(result, intaux, 1)) != NULL) + { + if(strcmp(typename, "inet") == 0 || + strstr(typename, "char") != NULL) + f->str = 1; + } + f->next = fields; + fields = f; + } + + PQclear(result); + return 0; +} + +static int exit_nicely(PGconn *conn) +{ + PQfinish(conn); + return 0;; +} + +/* make connection and select database */ +static int pgsql_open_db(char *server, int port, char *user, char *pass, + char *db) +{ + int len; + char *connstr; + + /* 80 is more than what we need for the fixed parts below */ + len = 80 + strlen(user) + strlen(db); + + /* hostname and and password are the only optionals */ + if (server) + len += strlen(server); + if (pass) + len += strlen(pass); + if (port) + len += 20; + + connstr = (char *) malloc(len+1); + if (!connstr) + return 1; + *connstr = '\0'; + + if (server) { + strncat(connstr, " host=", len-strlen(connstr)); + strncat(connstr, server, len-strlen(connstr)); + } + + if (port) { + char portbuf[20]; + snprintf(portbuf, sizeof(portbuf), " port=%u", port); + strncat(connstr, portbuf, len-strlen(connstr)); + } + + strncat(connstr, " dbname=", len-strlen(connstr)); + strncat(connstr, db, len-strlen(connstr)); + strncat(connstr, " user=", len-strlen(connstr)); + strncat(connstr, user, len-strlen(connstr)); + + if (pass) { + strncat(connstr, " password=", len-strlen(connstr)); + strncat(connstr, pass, len-strlen(connstr)); + } + + dbh = PQconnectdb(connstr); + free(connstr); + if (PQstatus(dbh)!=CONNECTION_OK) { + exit_nicely(dbh); + dbh = NULL; + return 1; + } + + return 0; +} + +static int pgsql_init(void) +{ + /* have the opts parsed */ + config_parse_file("PGSQL", &port_ce); + + if (pgsql_open_db(host_ce.u.string, port_ce.u.value, user_ce.u.string, + pass_ce.u.string, db_ce.u.string)) { + ulogd_log(ULOGD_ERROR, "can't establish database connection\n"); + return 1; + } + + if (pgsql_namespace()) { + PQfinish(dbh); + dbh = NULL; + ulogd_log(ULOGD_ERROR, "unable to test for pgsql schemas\n"); + return 1; + } + + /* read the fieldnames to know which values to insert */ + if (pgsql_get_columns(table_ce.u.string)) { + PQfinish(dbh); + dbh = NULL; + ulogd_log(ULOGD_ERROR, "unable to get pgsql columns\n"); + return 1; + } + + if (pgsql_createstmt()) { + PQfinish(dbh); + dbh = NULL; + return 1; + } + + return 0; +} + +static void pgsql_fini(void) +{ + if (dbh) + PQfinish(dbh); + if (stmt) + { + free(stmt); + stmt = NULL; + stmt_val = NULL; + } +} + +static ulog_output_t pgsql_plugin = { + .name = "pgsql", + .output = &pgsql_output, + .init = &pgsql_init, + .fini = &pgsql_fini, +}; + +void _init(void) +{ + register_output(&pgsql_plugin); +} diff --git a/plain-2.4.0-to-ulog2.diff b/plain-2.4.0-to-ulog2.diff deleted file mode 100644 index ab858ea..0000000 --- a/plain-2.4.0-to-ulog2.diff +++ /dev/null @@ -1,263 +0,0 @@ -diff -Nru linux-2.4.0-test4-plain/Documentation/Configure.help linux-2.4.0-test4-work/Documentation/Configure.help ---- linux-2.4.0-test4-plain/Documentation/Configure.help Thu Jul 13 18:42:51 2000 -+++ linux-2.4.0-test4-work/Documentation/Configure.help Mon Jul 31 17:23:30 2000 -@@ -2010,6 +2010,16 @@ - If you want to compile it as a module, say M here and read - Documentation/modules.txt. If unsure, say `N'. - -+ULOG target support -+CONFIG_IP_NF_TARGET_ULOG -+ This option adds a `ULOG' target, which allows you to create rules in -+ any iptables table. The packet is passed to a userspace logging -+ daemon using netlink multicast sockets; unlike the LOG target -+ which can only be viewed through syslog. -+ -+ If you want to compile it as a module, say M here and read -+ Documentation/modules.txt. If unsure, say `N'. -+ - ipchains (2.2-style) support - CONFIG_IP_NF_COMPAT_IPCHAINS - This option places ipchains (with masquerading and redirection -diff -Nru linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h ---- linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h Thu Jan 1 01:00:00 1970 -+++ linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h Mon Jul 31 17:23:31 2000 -@@ -0,0 +1,29 @@ -+#ifndef _IPT_ULOG_H -+#define _IPT_ULOG_H -+ -+#define ULOG_MAC_LEN 80 -+#define ULOG_PREFIX_LEN 32 -+ -+struct ipt_ulog_info -+{ -+ unsigned int nl_group; -+ size_t copy_range; -+ char prefix[ULOG_PREFIX_LEN]; -+}; -+ -+typedef struct ulog_packet_msg -+{ -+ unsigned long mark; -+ long timestamp_sec; -+ long timestamp_usec; -+ unsigned int hook; -+ char indev_name[IFNAMSIZ]; -+ char outdev_name[IFNAMSIZ]; -+ size_t data_len; -+ char prefix[ULOG_PREFIX_LEN]; -+ unsigned char mac_len; -+ unsigned char mac[ULOG_MAC_LEN]; -+ unsigned char payload[0]; -+} ulog_packet_msg_t; -+ -+#endif /*_IPT_ULOG_H*/ -diff -Nru linux-2.4.0-test4-plain/include/linux/netlink.h linux-2.4.0-test4-work/include/linux/netlink.h ---- linux-2.4.0-test4-plain/include/linux/netlink.h Fri Aug 28 04:33:08 1998 -+++ linux-2.4.0-test4-work/include/linux/netlink.h Mon Jul 31 17:23:30 2000 -@@ -5,6 +5,7 @@ - #define NETLINK_SKIP 1 /* Reserved for ENskip */ - #define NETLINK_USERSOCK 2 /* Reserved for user mode socket protocols */ - #define NETLINK_FIREWALL 3 /* Firewalling hook */ -+#define NETLINK_NFLOG 4 /* Firewall logging */ - #define NETLINK_ARPD 8 - #define NETLINK_ROUTE6 11 /* af_inet6 route comm channel */ - #define NETLINK_IP6_FW 13 -diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in ---- linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in Mon Mar 27 20:35:56 2000 -+++ linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in Mon Jul 31 17:23:30 2000 -@@ -51,6 +51,7 @@ - dep_tristate ' MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE - fi - dep_tristate ' LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES -+ dep_tristate ' ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES - fi - - # Backwards compatibility modules: only if you don't build in the others. -diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile ---- linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile Mon Mar 27 20:35:56 2000 -+++ linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile Mon Jul 31 17:23:30 2000 -@@ -197,6 +197,14 @@ - endif - endif - -+ifeq ($(CONFIG_IP_NF_TARGET_ULOG),y) -+O_OBJS += ipt_ULOG.o -+else -+ ifeq ($(CONFIG_IP_NF_TARGET_ULOG),m) -+ M_OBJS += ipt_ULOG.o -+ endif -+endif -+ - ifeq ($(CONFIG_IP_NF_COMPAT_IPCHAINS),y) - O_OBJS += ipchains_core.o $(IP_NF_COMPAT_LAYER) - else -diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c ---- linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c Thu Jan 1 01:00:00 1970 -+++ linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c Mon Jul 31 17:23:31 2000 -@@ -0,0 +1,166 @@ -+/* -+ * netfilter module for userspace packet logging daemons -+ * -+ * (C) 2000 by Harald Welte -+ * -+ * Released under the terms of the GPL -+ * -+ * ipt_ULOG.c,v 1.4 2000/07/31 11:41:06 laforge Exp -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#define ULOG_NL_EVENT 111 /* Harald's favorite number */ -+ -+#if 0 -+#define DEBUGP printk -+#else -+#define DEBUGP(format, args...) -+#endif -+ -+static struct sock *nflognl; -+ -+static void nflog_rcv(struct sock *sk, int len) -+{ -+ printk("nflog_rcv: did receive netlink message ?!?\n"); -+} -+ -+static unsigned int ipt_ulog_target(struct sk_buff **pskb, -+ unsigned int hooknum, -+ const struct net_device *in, -+ const struct net_device *out, -+ const void *targinfo, void *userinfo) -+{ -+ ulog_packet_msg_t *pm; -+ size_t size, copy_len; -+ struct sk_buff *nlskb; -+ unsigned char *old_tail; -+ struct nlmsghdr *nlh; -+ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; -+ -+ /* calculate the size of the skb needed */ -+ if ((loginfo->copy_range == 0) || -+ (loginfo->copy_range > (*pskb)->len)) { -+ copy_len = (*pskb)->len; -+ } else { -+ copy_len = loginfo->copy_range; -+ } -+ size = NLMSG_SPACE(sizeof(*pm) + copy_len); -+ nlskb = alloc_skb(size, GFP_ATOMIC); -+ if (!nlskb) -+ goto nlmsg_failure; -+ -+ old_tail = nlskb->tail; -+ nlh = NLMSG_PUT(nlskb, 0, 0, ULOG_NL_EVENT, size - sizeof(*nlh)); -+ pm = NLMSG_DATA(nlh); -+ -+ /* copy hook, prefix, timestamp, payload, etc. */ -+ -+ pm->data_len = copy_len; -+ pm->timestamp_sec = (*pskb)->stamp.tv_sec; -+ pm->timestamp_usec = (*pskb)->stamp.tv_usec; -+ pm->mark = (*pskb)->nfmark; -+ pm->hook = hooknum; -+ if (loginfo->prefix) -+ strcpy(pm->prefix, loginfo->prefix); -+ -+ if (in && in->hard_header_len > 0 -+ && (*pskb)->mac.raw != (void *) (*pskb)->nh.iph -+ && in->hard_header_len <= ULOG_MAC_LEN) { -+ memcpy(pm->mac, (*pskb)->mac.raw, in->hard_header_len); -+ pm->mac_len = in->hard_header_len; -+ } -+ -+ if (in) -+ strcpy(pm->indev_name, in->name); -+ else -+ pm->indev_name[0] = '\0'; -+ -+ if (out) -+ strcpy(pm->outdev_name, out->name); -+ else -+ pm->outdev_name[0] = '\0'; -+ -+ if (copy_len) -+ memcpy(pm->payload, (*pskb)->data, copy_len); -+ nlh->nlmsg_len = nlskb->tail - old_tail; -+ NETLINK_CB(nlskb).dst_groups = loginfo->nl_group; -+ DEBUGP -+ ("ipt_ULOG: going to throw a packet to netlink groupmask %u\n", -+ loginfo->nl_group); -+ netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group, -+ GFP_ATOMIC); -+ -+ return IPT_CONTINUE; -+ -+ nlmsg_failure: -+ if (nlskb) -+ kfree(nlskb); -+ printk("ipt_ULOG: Error building netlink message\n"); -+ return IPT_CONTINUE; -+} -+ -+static int ipt_ulog_checkentry(const char *tablename, -+ const struct ipt_entry *e, -+ void *targinfo, -+ unsigned int targinfosize, -+ unsigned int hookmask) -+{ -+ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; -+ -+ if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ulog_info))) { -+ DEBUGP("ULOG: targinfosize %u != 0\n", targinfosize); -+ return 0; -+ } -+ -+ if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { -+ DEBUGP("ULOG: prefix term %i\n", -+ loginfo->prefix[sizeof(loginfo->prefix) - 1]); -+ return 0; -+ } -+ -+ return 1; -+} -+ -+static struct ipt_target ipt_ulog_reg = -+ { {NULL, NULL}, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL, -+THIS_MODULE -+}; -+ -+static int __init init(void) -+{ -+ DEBUGP("ipt_ULOG: init module\n"); -+ nflognl = netlink_kernel_create(NETLINK_NFLOG, nflog_rcv); -+ if (!nflognl) -+ return -ENOMEM; -+ -+ if (ipt_register_target(&ipt_ulog_reg) != 0) { -+ sock_release(nflognl->socket); -+ return -EINVAL; -+ } -+ -+ return 0; -+} -+ -+static void __exit fini(void) -+{ -+ DEBUGP("ipt_ULOG: cleanup_module\n"); -+ -+ ipt_unregister_target(&ipt_ulog_reg); -+ sock_release(nflognl->socket); -+} -+ -+module_init(init); -+module_exit(fini); diff --git a/sqlite3/Makefile.in b/sqlite3/Makefile.in new file mode 100644 index 0000000..5c0e1f1 --- /dev/null +++ b/sqlite3/Makefile.in @@ -0,0 +1,29 @@ +# +# Normally You should not need to change anything below +# +include @top_srcdir@/Rules.make + +CFLAGS+=-I@top_srcdir@ -I@top_srcdir@/libipulog/include -I@top_srcdir@/include +SH_CFLAGS:=$(CFLAGS) -fPIC + +SHARED_LIBS=ulogd_SQLITE3.so + +all: $(SHARED_LIBS) + +distrib: + +$(SHARED_LIBS): %.so: %_sh.o + $(LD) -shared $(SQLITE3_LDFLAGS) -o $@ $< -lc + +%_sh.o: %.c + $(CC) $(SQLITE3_CFLAGS) $(SH_CFLAGS) -o $@ -c $< + +clean: + $(RM) $(SHARED_LIBS) *.o + +distclean: + $(RM) Makefile + +install: all + $(INSTALL) -m 755 -d $(DESTDIR)$(ULOGD_LIB_PATH) + $(INSTALL) -m 755 *.so $(DESTDIR)$(ULOGD_LIB_PATH) diff --git a/sqlite3/ulogd_SQLITE3.c b/sqlite3/ulogd_SQLITE3.c new file mode 100644 index 0000000..7854f2b --- /dev/null +++ b/sqlite3/ulogd_SQLITE3.c @@ -0,0 +1,435 @@ +/* + * ulogd output plugin for logging to a SQLITE database + * + * (C) 2005 by Ben La Monica + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * This module has been adapted from the ulogd_MYSQL.c written by + * Harald Welte + * Alex Janssen + * + * You can see benchmarks and an explanation of the testing + * at http://www.pojo.us/ulogd/ + * + * 2005-02-09 Harald Welte : + * - port to ulogd-1.20 + */ + +#include +#include +#include +#include +#include +#include + +#ifdef DEBUG_SQLITE3 +#define DEBUGP(x, args...) fprintf(stderr, x, ## args) +#else +#define DEBUGP(x, args...) +#endif + +struct _field { + char name[ULOGD_MAX_KEYLEN]; + unsigned int id; + struct _field *next; +}; + +/* the database handle we are using */ +static sqlite3 *dbh; + +/* a linked list of the fields the table has */ +static struct _field *fields; + +/* buffer for our insert statement */ +static char *stmt; + +/* size of our insert statement buffer */ +static size_t stmt_siz; + +/* pointer to the final prepared statement */ +static sqlite3_stmt *p_stmt; + +/* number of statements to buffer before we commit */ +static int buffer_size; + +/* number of statements currently in the buffer */ +static int buffer_ctr; + +/* our configuration directives */ +static config_entry_t db_ce = { + .key = "db", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_MANDATORY, +}; + +static config_entry_t table_ce = { + .next = &db_ce, + .key = "table", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_MANDATORY, +}; + +static config_entry_t buffer_ce = { + .next = &table_ce, + .key = "buffer", + .type = CONFIG_TYPE_INT, + .options = CONFIG_OPT_MANDATORY, +}; + +#define STMT_ADD(pos,beg,siz,fmt...) \ + do { \ + if((pos) >= (beg) && (siz) > (pos) - (beg)) \ + snprintf((pos), (siz)-((pos)-(beg)), ##fmt); \ + } while(0) + +/* our main output function, called by ulogd */ +static int _sqlite3_output(ulog_iret_t *result) +{ + struct _field *f; + ulog_iret_t *res; + int col_counter; +#ifdef IP_AS_STRING + char *ipaddr; + struct in_addr addr; +#endif + + if (p_stmt == NULL || dbh == NULL) + return 1; + + col_counter = 1; + for (f = fields; f; f = f->next) { + res = keyh_getres(f->id); + + if (!res) { + ulogd_log(ULOGD_NOTICE, + "no result for %s ?!?\n", f->name); + } + + if (!res || !IS_VALID((*res))) { + /* no result, pass a null */ + sqlite3_bind_null(p_stmt, col_counter); + col_counter++; + continue; + } + + switch (res->type) { + case ULOGD_RET_INT8: + sqlite3_bind_int(p_stmt,col_counter,res->value.i8); + break; + case ULOGD_RET_INT16: + sqlite3_bind_int(p_stmt,col_counter,res->value.i16); + break; + case ULOGD_RET_INT32: + sqlite3_bind_int(p_stmt,col_counter,res->value.i32); + break; + case ULOGD_RET_INT64: + sqlite3_bind_int64(p_stmt,col_counter,res->value.i64); + break; + case ULOGD_RET_UINT8: + sqlite3_bind_int(p_stmt,col_counter,res->value.ui8); + break; + case ULOGD_RET_UINT16: + sqlite3_bind_int(p_stmt,col_counter,res->value.ui16); + break; + case ULOGD_RET_IPADDR: +#ifdef IP_AS_STRING + memset(&addr, 0, sizeof(addr)); + addr.s_addr = ntohl(res->value.ui32); + ipaddr = inet_ntoa(addr); + sqlite3_bind_text(p_stmt,col_counter,ipaddr,strlen(ipaddr),SQLITE_STATIC); + break; +#endif /* IP_AS_STRING */ + /* EVIL: fallthrough when logging IP as u_int32_t */ + case ULOGD_RET_UINT32: + sqlite3_bind_int(p_stmt,col_counter,res->value.ui32); + break; + case ULOGD_RET_UINT64: + sqlite3_bind_int64(p_stmt,col_counter,res->value.ui64); + break; + case ULOGD_RET_BOOL: + sqlite3_bind_int(p_stmt,col_counter,res->value.b); + break; + case ULOGD_RET_STRING: + sqlite3_bind_text(p_stmt,col_counter,res->value.ptr,strlen(res->value.ptr),SQLITE_STATIC); + break; + default: + ulogd_log(ULOGD_NOTICE, + "unknown type %d for %s\n", + res->type, res->key); + break; + } + + col_counter++; + } + + /* now we have created our statement, insert it */ + + if (sqlite3_step(p_stmt) == SQLITE_DONE) { + sqlite3_reset(p_stmt); + buffer_ctr++; + } else { + ulogd_log(ULOGD_ERROR, "sql error during insert: %s\n", + sqlite3_errmsg(dbh)); + return 1; + } + + /* commit all of the inserts to the database, ie flush buffer */ + if (buffer_ctr >= buffer_size) { + if (sqlite3_exec(dbh,"commit",NULL,NULL,NULL) != SQLITE_OK) + ulogd_log(ULOGD_ERROR,"unable to commit records to db."); + + if (sqlite3_exec(dbh,"begin deferred",NULL,NULL,NULL) != SQLITE_OK) + ulogd_log(ULOGD_ERROR,"unable to begin a new transaction."); + + buffer_ctr = 0; + DEBUGP("committing.\n"); + } + + return 0; +} + +#define _SQLITE3_INSERTTEMPL "insert into X (Y) values (Z)" + +/* create the static part of our insert statement */ +static int _sqlite3_createstmt(void) +{ + struct _field *f; + char buf[ULOGD_MAX_KEYLEN]; + char *underscore; + char *stmt_pos; + int col_count; + int i; + + if (stmt) { + ulogd_log(ULOGD_NOTICE, "createstmt called, but stmt" + " already existing\n"); + return 1; + } + + /* caclulate the size for the insert statement */ + stmt_siz = strlen(_SQLITE3_INSERTTEMPL) + strlen(table_ce.u.string); + + DEBUGP("initial size: %zu\n", stmt_siz); + + col_count = 0; + for (f = fields; f; f = f->next) { + /* we need space for the key and a comma, and a ? */ + stmt_siz += strlen(f->name) + 3; + DEBUGP("size is now %zu since adding %s\n",stmt_siz,f->name); + col_count++; + } + + DEBUGP("there were %d columns\n",col_count); + DEBUGP("after calc name length: %zu\n",stmt_siz); + + ulogd_log(ULOGD_DEBUG, "allocating %zu bytes for statement\n", stmt_siz); + + stmt = (char *) malloc(stmt_siz); + + if (!stmt) { + stmt_siz = 0; + ulogd_log(ULOGD_ERROR, "OOM!\n"); + return 1; + } + + snprintf(stmt, stmt_siz, "insert into %s (", table_ce.u.string); + stmt_pos = stmt + strlen(stmt); + + for (f = fields; f; f = f->next) { + strncpy(buf, f->name, ULOGD_MAX_KEYLEN-1); + buf[ULOGD_MAX_KEYLEN-1] = '\0'; + while ((underscore = strchr(buf, '.'))) + *underscore = '_'; + STMT_ADD(stmt_pos,stmt,stmt_siz, "%s,", buf); + stmt_pos = stmt + strlen(stmt); + } + + *(stmt_pos - 1) = ')'; + + STMT_ADD(stmt_pos,stmt,stmt_siz, " values ("); + stmt_pos = stmt + strlen(stmt); + + for (i = 0; i < col_count - 1; i++) { + STMT_ADD(stmt_pos,stmt,stmt_siz, "?,"); + stmt_pos += 2; + } + + STMT_ADD(stmt_pos,stmt,stmt_siz, "?)"); + ulogd_log(ULOGD_DEBUG, "stmt='%s'\n", stmt); + + DEBUGP("about to prepare statement.\n"); + + if (sqlite3_prepare(dbh,stmt,-1,&p_stmt,0) != SQLITE_OK) { + p_stmt = NULL; + free( stmt); + stmt = stmt_pos = NULL; + ulogd_log(ULOGD_ERROR,"unable to prepare statement"); + return 1; + } + + DEBUGP("statement prepared.\n"); + + return 0; +} + + +/* length of "select * from \0" */ +#define SQLITE_SELECT_LEN 15 + +/* find out which columns the table has */ +static int _sqlite3_get_columns(const char *table) +{ + char buf[ULOGD_MAX_KEYLEN]; + char query[SQLITE_SELECT_LEN + CONFIG_VAL_STRING_LEN + 1] = "select * from \0"; + char *underscore; + struct _field *f; + sqlite3_stmt *schema_stmt; + int column; + int result; + int id; + + if (!dbh) + return 1; + + strncat(query,table,sizeof(query)-strlen(query)-1); + + result = sqlite3_prepare(dbh,query,-1,&schema_stmt,0); + + if (result != SQLITE_OK) + return 1; + + for (column = 0; column < sqlite3_column_count(schema_stmt); column++) { + /* replace all underscores with dots */ + strncpy(buf, sqlite3_column_name(schema_stmt,column), ULOGD_MAX_KEYLEN-1); + buf[ULOGD_MAX_KEYLEN-1] = '\0'; + while ((underscore = strchr(buf, '_'))) + *underscore = '.'; + + DEBUGP("field '%s' found: ", buf); + + if (!(id = keyh_getid(buf))) { + DEBUGP(" no keyid!\n"); + continue; + } + + DEBUGP("keyid %u\n", id); + + /* prepend it to the linked list */ + f = (struct _field *) malloc(sizeof *f); + if (!f) { + ulogd_log(ULOGD_ERROR, "OOM!\n"); + return 1; + } + strncpy(f->name, buf, ULOGD_MAX_KEYLEN-1); + f->name[ULOGD_MAX_KEYLEN-1] = '\0'; + f->id = id; + f->next = fields; + fields = f; + } + + sqlite3_finalize(schema_stmt); + return 0; +} + +/** + * make connection and select database + * returns 0 if database failed to open. + */ +static int _sqlite3_open_db(char *db_file) +{ + DEBUGP("opening database.\n"); + return sqlite3_open(db_file,&dbh); +} + +/* give us an opportunity to close the database down properly */ +static void _sqlite3_fini(void) +{ + DEBUGP("cleaning up db connection\n"); + + /* free up our prepared statements so we can close the db */ + if (p_stmt) { + sqlite3_finalize(p_stmt); + DEBUGP("prepared statement finalized\n"); + } + + if (dbh) { + int result; + /* flush the remaining insert statements to the database. */ + result = sqlite3_exec(dbh,"commit",NULL,NULL,NULL); + + if (result != SQLITE_OK) + ulogd_log(ULOGD_ERROR,"unable to commit remaining records to db."); + + sqlite3_close(dbh); + dbh = NULL; + DEBUGP("database file closed\n"); + } +} + +#define _SQLITE3_BUSY_TIMEOUT 300 + +static int _sqlite3_init(void) +{ + /* have the opts parsed */ + config_parse_file("SQLITE3", &buffer_ce); + + if (_sqlite3_open_db(db_ce.u.string)) { + ulogd_log(ULOGD_ERROR, "can't open the database file\n"); + return 1; + } + + /* set the timeout so that we don't automatically fail + * if the table is busy. */ + sqlite3_busy_timeout(dbh, _SQLITE3_BUSY_TIMEOUT); + + /* read the fieldnames to know which values to insert */ + if (_sqlite3_get_columns(table_ce.u.string)) { + sqlite3_close(dbh); + dbh = NULL; + ulogd_log(ULOGD_ERROR, "unable to get sqlite columns\n"); + return 1; + } + + /* initialize our buffer size and counter */ + buffer_size = buffer_ce.u.value; + buffer_ctr = 0; + + DEBUGP("Have a buffer size of : %d\n", buffer_size); + + if (sqlite3_exec(dbh,"begin deferred",NULL,NULL,NULL) != SQLITE_OK) + ulogd_log(ULOGD_ERROR,"can't create a new transaction\n"); + + /* create and prepare the actual insert statement */ + if(_sqlite3_createstmt()) { + sqlite3_close(dbh); + dbh = NULL; + return 1; + } + + return 0; +} + +static ulog_output_t _sqlite3_plugin = { + .name = "sqlite3", + .output = &_sqlite3_output, + .init = &_sqlite3_init, + .fini = &_sqlite3_fini, +}; + +void _init(void) +{ + register_output(&_sqlite3_plugin); +} + diff --git a/ulogd.8 b/ulogd.8 new file mode 100644 index 0000000..7dfb2e9 --- /dev/null +++ b/ulogd.8 @@ -0,0 +1,64 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH ULOGD 8 "November 05, 2002" "Linux Netfilter" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +ulogd \- netfilter/iptables ULOG daemon +.SH SYNOPSIS +.B ulogd [options] +.SH DESCRIPTION +.B ulogd +connects to the netlink device of the Linux kernel and reads messages +from the netfilter that get queued with the iptables ULOG target. For +this to work you have to compile the ULOG target into your kernel or +load the respective module. +.PP +The received messages can be logged into files or into a mySQL or +PostgreSQL database. +.SH OPTIONS +.TP +.B -d, --daemon +fork ulogd into background (start as daemon) +.TP +.B -c , --configfile +use as configuration file instead of +.I /etc/ulogd.conf +.TP +.B -h, --help +show usage information +.TP +.B -V, --version +show version information and copyright +.SH FILES +.I /etc/ulogd.conf +.br +.I /var/log/ulogd.log +.SH SEE ALSO +There is more documentation about the daemon and the database plugins +(including examples) in the directories +.nf +.br +.I /usr/share/doc/ulogd +.br +.fi +.I /usr/share/doc/ulogd-mysql +and +.nf +.br +.I /usr/share/doc/ulogd-pgsql +.SH AUTHOR +This manual page was written by Joerg Wendland , +for the Debian GNU/Linux system (but may be used by others). diff --git a/ulogd.c b/ulogd.c new file mode 100644 index 0000000..5707ef8 --- /dev/null +++ b/ulogd.c @@ -0,0 +1,826 @@ +/* ulogd, Version $LastChangedRevision$ + * + * $Id$ + * + * userspace logging daemon for the iptables ULOG target + * of the linux 2.4 netfilter subsystem. + * + * (C) 2000-2003 by Harald Welte + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * $Id$ + * + * Modifications: + * 14 Jun 2001 Martin Josefsson + * - added SIGHUP handler for logfile cycling + * + * 10 Feb 2002 Alessandro Bono + * - added support for non-fork mode + * - added support for logging to stdout + * + * 09 Sep 2003 Magnus Boden + * - added support for more flexible multi-section conffile + * + * 20 Apr 2004 Nicolas Pougetoux + * - added suppurt for seteuid() + */ + +#define ULOGD_VERSION "1.23" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* Size of the socket recevive memory. Should be at least the same size as the + * 'nlbufsiz' module loadtime parameter of ipt_ULOG.o + * If you have _big_ in-kernel queues, you may have to increase this number. ( + * --qthreshold 100 * 1500 bytes/packet = 150kB */ +#define ULOGD_RMEM_DEFAULT 131071 + +/* Size of the receive buffer for the netlink socket. Should be at least of + * RMEM_DEFAULT size. */ +#define ULOGD_BUFSIZE_DEFAULT 150000 + +#ifdef DEBUG +#define DEBUGP(format, args...) fprintf(stderr, format, ## args) +#else +#define DEBUGP(format, args...) +#endif + +/* default config parameters, if not changed in configfile */ +#ifndef ULOGD_LOGFILE_DEFAULT +#define ULOGD_LOGFILE_DEFAULT "/var/log/ulogd.log" +#endif +#ifndef ULOGD_NLGROUP_DEFAULT +#define ULOGD_NLGROUP_DEFAULT 32 +#endif + +/* where to look for the config file */ +#ifndef ULOGD_CONFIGFILE +#define ULOGD_CONFIGFILE "/etc/ulogd.conf" +#endif + +/* global variables */ +static struct ipulog_handle *libulog_h; /* our libipulog handle */ +static unsigned char* libulog_buf; /* the receive buffer */ +static FILE *logfile = NULL; /* logfile pointer */ +static char *ulogd_configfile = ULOGD_CONFIGFILE; + +/* linked list for all registered interpreters */ +static ulog_interpreter_t *ulogd_interpreters; + +/* linked list for all registered output targets */ +static ulog_output_t *ulogd_outputs; + +/*********************************************************************** + * INTERPRETER AND KEY HASH FUNCTIONS (new in 0.9) + ***********************************************************************/ + +/* We keep hashtables of interpreters and registered keys. The hash-tables + * are allocated dynamically at program load time. You may control the + * allocation granularity of both hashes (i.e. the amount of hashtable + * entries are allocated at one time) through modification of the constants + * INTERH_ALLOC_GRAN and KEYH_ALLOC_GRAN + */ + +/* allocation granularith */ +#define INTERH_ALLOC_GRAN 5 + +/* hashtable for all registered interpreters */ +static ulog_interpreter_t **ulogd_interh; + +/* current hashtable size */ +static unsigned int ulogd_interh_ids_alloc; + +/* total number of registered ids */ +static unsigned int ulogd_interh_ids; + +/* allocate a new interpreter id and write it into the interpreter struct */ +static unsigned int interh_allocid(ulog_interpreter_t *ip) +{ + unsigned int id; + + id = ++ulogd_interh_ids; + + if (id >= ulogd_interh_ids_alloc) { + if (!ulogd_interh) + ulogd_interh = (ulog_interpreter_t **) + malloc(INTERH_ALLOC_GRAN * + sizeof(ulog_interpreter_t)); + else + ulogd_interh = (ulog_interpreter_t **) + realloc(ulogd_interh, + (INTERH_ALLOC_GRAN + + ulogd_interh_ids_alloc) * + sizeof(ulog_interpreter_t)); + + ulogd_interh_ids_alloc += INTERH_ALLOC_GRAN; + } + + ip->id = id; + ulogd_interh[id] = ip; + return id; +} + +/* get interpreter id by name */ +unsigned int interh_getid(const char *name) +{ + unsigned int i; + for (i = 1; i <= ulogd_interh_ids; i++) + if (!strcmp(name, (ulogd_interh[i])->name)) + return i; + + return 0; +} + +#ifdef DEBUG +/* dump out the contents of the interpreter hash */ +static void interh_dump(void) +{ + unsigned int i; + + for (i = 1; i <= ulogd_interh_ids; i++) + ulogd_log(ULOGD_DEBUG, "ulogd_interh[%d] = %s\n", + i, (ulogd_interh[i])->name); + +} +#endif + +/* key hash allocation granularity */ +#define KEYH_ALLOC_GRAN 20 + +/* hash table for key ids */ +struct ulogd_keyh_entry *ulogd_keyh; + +/* current size of the hashtable */ +static unsigned int ulogd_keyh_ids_alloc; + +/* total number of registered keys */ +static unsigned int ulogd_keyh_ids; + +/* allocate a new key_id */ +static unsigned int keyh_allocid(ulog_interpreter_t *ip, unsigned int offset, + const char *name) +{ + unsigned int id; + + id = ++ulogd_keyh_ids; + + if (id >= ulogd_keyh_ids_alloc) { + if (!ulogd_keyh) { + ulogd_keyh = (struct ulogd_keyh_entry *) + malloc(KEYH_ALLOC_GRAN * + sizeof(struct ulogd_keyh_entry)); + if (!ulogd_keyh) { + ulogd_log(ULOGD_ERROR, "OOM!\n"); + return 0; + } + } else { + ulogd_keyh = (struct ulogd_keyh_entry *) + realloc(ulogd_keyh, (KEYH_ALLOC_GRAN + +ulogd_keyh_ids_alloc) * + sizeof(struct ulogd_keyh_entry)); + + if (!ulogd_keyh) { + ulogd_log(ULOGD_ERROR, "OOM!\n"); + return 0; + } + } + + ulogd_keyh_ids_alloc += KEYH_ALLOC_GRAN; + } + + ulogd_keyh[id].interp = ip; + ulogd_keyh[id].offset = offset; + ulogd_keyh[id].name = name; + + return id; +} + +#ifdef DEBUG +/* dump the keyhash to standard output */ +static void keyh_dump(void) +{ + unsigned int i; + + printf("dumping keyh\n"); + for (i = 1; i <= ulogd_keyh_ids; i++) + printf("ulogd_keyh[%lu] = %s:%u\n", i, + ulogd_keyh[i].interp->name, ulogd_keyh[i].offset); +} +#endif + +/* get keyid by name */ +unsigned int keyh_getid(const char *name) +{ + unsigned int i; + for (i = 1; i <= ulogd_keyh_ids; i++) + if (!strcmp(name, ulogd_keyh[i].name)) + return i; + + return 0; +} + +/* get key name by keyid */ +char *keyh_getname(unsigned int id) +{ + if (id > ulogd_keyh_ids) { + ulogd_log(ULOGD_NOTICE, + "keyh_getname called with invalid id%u\n", id); + return NULL; + } + + return ulogd_keyh[id].interp->name; +} + +/* get result for given key id. does not check if result valid */ +ulog_iret_t *keyh_getres(unsigned int id) +{ + ulog_iret_t *ret; + + if (id > ulogd_keyh_ids) { + ulogd_log(ULOGD_NOTICE, + "keyh_getres called with invalid id %d\n", id); + return NULL; + } + + ret = &ulogd_keyh[id].interp->result[ulogd_keyh[id].offset]; + + return ret; +} + +/*********************************************************************** + * INTERPRETER MANAGEMENT + ***********************************************************************/ + +/* try to lookup a registered interpreter for a given name */ +static ulog_interpreter_t *find_interpreter(const char *name) +{ + unsigned int id; + + id = interh_getid(name); + if (!id) + return NULL; + + return ulogd_interh[id]; +} + +/* the function called by all interpreter plugins for registering their + * target. */ +void register_interpreter(ulog_interpreter_t *me) +{ + unsigned int i; + + /* check if we already have an interpreter with this name */ + if (find_interpreter(me->name)) { + ulogd_log(ULOGD_NOTICE, + "interpreter `%s' already registered\n", me->name); + return; + } + + ulogd_log(ULOGD_INFO, "registering interpreter `%s'\n", me->name); + + /* allocate a new interpreter id for it */ + if (!interh_allocid(me)) { + ulogd_log(ULOGD_ERROR, "unable to obtain interh_id for " + "interpreter '%s'\n", me->name); + return; + } + + /* - allocate one keyh_id for each result of this interpreter + * - link the elements to each other */ + for (i = 0; i < me->key_num; i++) { + if (!keyh_allocid(me, i, me->result[i].key)) { + ulogd_log(ULOGD_ERROR, "unable to obtain keyh_id " + "for interpreter %s, key %d", me->name, + me->result[i].key); + continue; + } + if (i != me->key_num - 1) + me->result[i].next = &me->result[i+1]; + } + + /* all work done, we can prepend the new interpreter to the list */ + if (ulogd_interpreters) + me->result[me->key_num - 1].next = + &ulogd_interpreters->result[0]; + me->next = ulogd_interpreters; + ulogd_interpreters = me; +} + +/*********************************************************************** + * OUTPUT MANAGEMENT + ***********************************************************************/ + +/* try to lookup a registered output plugin for a given name */ +static ulog_output_t *find_output(const char *name) +{ + ulog_output_t *ptr; + + for (ptr = ulogd_outputs; ptr; ptr = ptr->next) { + if (strcmp(name, ptr->name) == 0) + return ptr; + } + + return NULL; +} + +/* the function called by all output plugins for registering themselves */ +void register_output(ulog_output_t *me) +{ + if (find_output(me->name)) { + ulogd_log(ULOGD_NOTICE, "output `%s' already registered\n", + me->name); + exit(EXIT_FAILURE); + } + ulogd_log(ULOGD_INFO, "registering output `%s'\n", me->name); + me->next = ulogd_outputs; + ulogd_outputs = me; +} + +/*********************************************************************** + * MAIN PROGRAM + ***********************************************************************/ + +static FILE syslog_dummy; + +static inline int ulogd2syslog_level(int level) +{ + int syslog_level = LOG_WARNING; + + switch (level) { + case ULOGD_DEBUG: + syslog_level = LOG_DEBUG; + break; + case ULOGD_INFO: + syslog_level = LOG_INFO; + break; + case ULOGD_NOTICE: + syslog_level = LOG_NOTICE; + break; + case ULOGD_ERROR: + syslog_level = LOG_ERR; + break; + case ULOGD_FATAL: + syslog_level = LOG_CRIT; + break; + } + return syslog_level; +} +/* propagate results to all registered output plugins */ +static void propagate_results(ulog_iret_t *ret) +{ + ulog_output_t *p; + + for (p = ulogd_outputs; p; p = p->next) { + (*p->output)(ret); + } +} + +/* clean results (set all values to 0 and free pointers) */ +static void clean_results(ulog_iret_t *ret) +{ + ulog_iret_t *r; + + for (r = ret; r; r = r->next) { + if (r->flags & ULOGD_RETF_FREE) { + free(r->value.ptr); + r->value.ptr = NULL; + } + memset(&r->value, 0, sizeof(r->value)); + r->flags &= ~ULOGD_RETF_VALID; + } +} + +/* call all registered interpreters and hand the results over to + * propagate_results */ +static void handle_packet(ulog_packet_msg_t *pkt) +{ + ulog_iret_t *ret; + ulog_iret_t *allret = NULL; + ulog_interpreter_t *ip; + + unsigned int i,j; + + /* If there are no interpreters registered yet, + * ignore this packet */ + if (!ulogd_interh_ids) { + ulogd_log(ULOGD_NOTICE, + "packet received, but no interpreters found\n"); + return; + } + + for (i = 1; i <= ulogd_interh_ids; i++) { + ip = ulogd_interh[i]; + /* call interpreter */ + if ((ret = ((ip)->interp)(ip, pkt))) { + /* create references for result linked-list */ + for (j = 0; j < ip->key_num; j++) { + if (IS_VALID(ip->result[j])) { + ip->result[j].cur_next = allret; + allret = &ip->result[j]; + } + } + } + } + propagate_results(allret); + clean_results(ulogd_interpreters->result); +} + +/* plugin loader to dlopen() a plugins */ +static int load_plugin(char *file) +{ + if (!dlopen(file, RTLD_NOW)) { + ulogd_log(ULOGD_ERROR, "load_plugins: '%s': %s\n", file, + dlerror()); + return 1; + } + return 0; +} + +/* open the logfile */ +static int logfile_open(const char *name) +{ + if (!strcmp(name, "syslog")) { + openlog("ulogd", LOG_PID, LOG_DAEMON); + logfile = &syslog_dummy; + } else if (!strcmp(name,"stdout")) + logfile = stdout; + else { + logfile = fopen(name, "a"); + if (!logfile) { + fprintf(stderr, "ERROR: can't open logfile %s: %s\n", + name, strerror(errno)); + exit(2); + } + } + ulogd_log(ULOGD_INFO, "ulogd Version %s starting\n", ULOGD_VERSION); + return 0; +} + +/* wrapper to handle conffile error codes */ +static int parse_conffile(const char *section, config_entry_t *ce) +{ + int err; + + err = config_parse_file(section, ce); + + switch(err) { + case 0: + return 0; + break; + case -ERROPEN: + ulogd_log(ULOGD_ERROR, + "unable to open configfile: %s\n", + ulogd_configfile); + break; + case -ERRMAND: + ulogd_log(ULOGD_ERROR, + "mandatory option \"%s\" not found\n", + config_errce->key); + break; + case -ERRMULT: + ulogd_log(ULOGD_ERROR, + "option \"%s\" occurred more than once\n", + config_errce->key); + break; + case -ERRUNKN: + ulogd_log(ULOGD_ERROR, + "unknown config key \"%s\"\n", + config_errce->key); + break; + case -ERRSECTION: + ulogd_log(ULOGD_ERROR, + "section \"%s\" not found\n", section); + break; + } + return 1; + +} + +/* configuration directives of the main program */ +static config_entry_t logf_ce = { NULL, "logfile", CONFIG_TYPE_STRING, + CONFIG_OPT_NONE, 0, + { string: ULOGD_LOGFILE_DEFAULT } }; + +static config_entry_t bufsiz_ce = { &logf_ce, "bufsize", CONFIG_TYPE_INT, + CONFIG_OPT_NONE, 0, + { value: ULOGD_BUFSIZE_DEFAULT } }; + +static config_entry_t plugin_ce = { &bufsiz_ce, "plugin", CONFIG_TYPE_CALLBACK, + CONFIG_OPT_MULTI, 0, + { parser: &load_plugin } }; + +static config_entry_t nlgroup_ce = { &plugin_ce, "nlgroup", CONFIG_TYPE_INT, + CONFIG_OPT_NONE, 0, + { value: ULOGD_NLGROUP_DEFAULT } }; + +static config_entry_t loglevel_ce = { &nlgroup_ce, "loglevel", CONFIG_TYPE_INT, + CONFIG_OPT_NONE, 0, + { value: ULOGD_NOTICE } }; +static config_entry_t rmem_ce = { &loglevel_ce, "rmem", CONFIG_TYPE_INT, + CONFIG_OPT_NONE, 0, + { value: ULOGD_RMEM_DEFAULT } }; + +/* log message to the logfile */ +void __ulogd_log(int level, char *file, int line, const char *format, ...) +{ + char *timestr; + va_list ap; + time_t tm; + FILE *outfd; + + /* log only messages which have level at least as high as loglevel */ + if (level < loglevel_ce.u.value) + return; + + if (logfile == &syslog_dummy) { + /* FIXME: this omit's the 'file' string */ + va_start(ap, format); + vsyslog(ulogd2syslog_level(level), format, ap); + va_end(ap); + } else { + if (logfile) + outfd = logfile; + else + outfd = stderr; + + va_start(ap, format); + + tm = time(NULL); + timestr = ctime(&tm); + timestr[strlen(timestr)-1] = '\0'; + fprintf(outfd, "%s <%1.1d> %s:%d ", timestr, level, file, line); + + vfprintf(outfd, format, ap); + va_end(ap); + + /* flush glibc's buffer */ + fflush(outfd); + } +} + +static void sigterm_handler(int signal) +{ + ulog_output_t *p; + + ulogd_log(ULOGD_NOTICE, "sigterm received, exiting\n"); + + ipulog_destroy_handle(libulog_h); + free(libulog_buf); + + for (p = ulogd_outputs; p; p = p->next) { + if (p->fini) + (*p->fini)(); + } + + if (logfile != stdout && logfile != &syslog_dummy) + fclose(logfile); + + exit(0); +} + +static void sighup_handler(int signal) +{ + ulog_output_t *p; + + if (logfile != stdout && logfile != &syslog_dummy) { + fclose(logfile); + logfile = fopen(logf_ce.u.string, "a"); + if (!logfile) + sigterm_handler(signal); + } + + ulogd_log(ULOGD_NOTICE, "sighup received, calling plugin handlers\n"); + + for (p = ulogd_outputs; p; p = p->next) { + if (p->signal) + (*p->signal)(SIGHUP); + } +} + +static void print_usage(void) +{ + /* FIXME */ + printf("ulogd Version %s\n", ULOGD_VERSION); + printf("Copyright (C) 2000-2005 Harald Welte " + "\n"); + printf("This is free software with ABSOLUTELY NO WARRANTY.\n\n"); + printf("Parameters:\n"); + printf("\t-h --help\tThis help page\n"); + printf("\t-V --version\tPrint version information\n"); + printf("\t-d --daemon\tDaemonize (fork into background)\n"); + printf("\t-c --configfile\tUse alternative Configfile\n"); + printf("\t-u --uid\tChange UID/GID\n"); +} + +static struct option opts[] = { + { "version", 0, NULL, 'V' }, + { "daemon", 0, NULL, 'd' }, + { "help", 0, NULL, 'h' }, + { "configfile", 1, NULL, 'c'}, + { "uid", 1, NULL, 'u' }, + { 0 } +}; + +int main(int argc, char* argv[]) +{ + int len; + int argch; + int daemonize = 0; + int change_uid = 0; + char *user = NULL; + struct passwd *pw; + uid_t uid = 0; + gid_t gid = 0; + ulog_packet_msg_t *upkt; + ulog_output_t *p; + + + while ((argch = getopt_long(argc, argv, "c:dh::Vu:", opts, NULL)) != -1) { + switch (argch) { + default: + case '?': + if (isprint(optopt)) + fprintf(stderr, "Unknown option `-%c'.\n", optopt); + else + fprintf(stderr, "Unknown option character `\\x%x'.\n", optopt); + + print_usage(); + exit(1); + break; + case 'h': + print_usage(); + exit(0); + break; + case 'd': + daemonize = 1; + break; + case 'V': + printf("ulogd Version %s\n", ULOGD_VERSION); + printf("Copyright (C) 2000-2005 Harald Welte " + "\n"); + exit(0); + break; + case 'c': + ulogd_configfile = optarg; + break; + case 'u': + change_uid = 1; + user = strdup(optarg); + pw = getpwnam(user); + if (!pw) { + printf("Unknown user %s.\n", user); + free(user); + exit(1); + } + uid = pw->pw_uid; + gid = pw->pw_gid; + break; + } + } + + if (config_register_file(ulogd_configfile)) { + ulogd_log(ULOGD_FATAL, "error registering configfile \"%s\"\n", + ulogd_configfile); + exit(1); + } + + /* parse config file */ + if (parse_conffile("global", &rmem_ce)) { + ulogd_log(ULOGD_FATAL, "parse_conffile\n"); + exit(1); + } + + /* allocate a receive buffer */ + libulog_buf = (unsigned char *) malloc(bufsiz_ce.u.value); + + if (!libulog_buf) { + ulogd_log(ULOGD_FATAL, "unable to allocate receive buffer" + "of %d bytes\n", bufsiz_ce.u.value); + ipulog_perror(NULL); + exit(1); + } + + /* create ipulog handle */ + libulog_h = ipulog_create_handle(ipulog_group2gmask(nlgroup_ce.u.value), + rmem_ce.u.value); + + if (!libulog_h) { + /* if some error occurrs, print it to stderr */ + ulogd_log(ULOGD_FATAL, "unable to create ipulogd handle\n"); + ipulog_perror(NULL); + exit(1); + } + + + if (change_uid) { + ulogd_log(ULOGD_NOTICE, "Changing UID / GID\n"); + if (setgid(gid)) { + ulogd_log(ULOGD_FATAL, "can't set GID\n"); + ipulog_perror(NULL); + exit(1); + } + if (setegid(gid)) { + ulogd_log(ULOGD_FATAL, "can't sett effective GID\n"); + ipulog_perror(NULL); + exit(1); + } + if (initgroups(user, gid)) { + ulogd_log(ULOGD_FATAL, "can't set user secondary GID\n"); + ipulog_perror(NULL); + exit(1); + } + if (setuid(uid)) { + ulogd_log(ULOGD_FATAL, "can't set UID\n"); + ipulog_perror(NULL); + exit(1); + } + if (seteuid(uid)) { + ulogd_log(ULOGD_FATAL, "can't set effective UID\n"); + ipulog_perror(NULL); + exit(1); + } + } + + logfile_open(logf_ce.u.string); + + for (p = ulogd_outputs; p; p = p->next) { + if (p->init) + (*p->init)(); + } + +#ifdef DEBUG + /* dump key and interpreter hash */ + interh_dump(); + keyh_dump(); +#endif + if (daemonize){ + if (fork()) { + exit(0); + } + if (logfile != stdout) + fclose(stdout); + fclose(stderr); + fclose(stdin); + setsid(); + } + + /* send SIGINT to the term handler, since they hit CTRL-C */ + signal(SIGINT, &sigterm_handler); + signal(SIGHUP, &sighup_handler); + signal(SIGTERM, &sigterm_handler); + + ulogd_log(ULOGD_INFO, + "initialization finished, entering main loop\n"); + + /* endless loop receiving packets and handling them over to + * handle_packet */ + while ((len = ipulog_read(libulog_h, libulog_buf, + bufsiz_ce.u.value, 1))) { + + if (len <= 0) { + /* this is not supposed to happen */ + ulogd_log(ULOGD_ERROR, "ipulog_read == %d! " + "ipulog_errno == %d, errno = %d\n", + len, ipulog_errno, errno); + } else { + while ((upkt = ipulog_get_packet(libulog_h, + libulog_buf, len))) { + DEBUGP("==> packet received\n"); + handle_packet(upkt); + } + } + } + + /* hackish, but result is the same */ + sigterm_handler(SIGTERM); + return(0); +} diff --git a/ulogd.conf.in b/ulogd.conf.in new file mode 100644 index 0000000..e0c873a --- /dev/null +++ b/ulogd.conf.in @@ -0,0 +1,82 @@ +# Example configuration for ulogd +# $Id$ +# + +[global] +###################################################################### +# GLOBAL OPTIONS +###################################################################### + +# netlink multicast group (the same as the iptables --ulog-nlgroup param) +nlgroup=1 + +# logfile for status messages +logfile="/var/log/ulogd.log" + +# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) +loglevel=5 + +# socket receive buffer size (should be at least the size of the +# in-kernel buffer (ipt_ULOG.o 'nlbufsiz' parameter) +rmem=131071 + +# libipulog/ulogd receive buffer size, should be > rmem +bufsize=150000 + +###################################################################### +# PLUGIN OPTIONS +###################################################################### + +# We have to configure and load all the plugins we want to use + +# general rules: +# 1. load the plugins _first_ from the global section +# 2. options for each plugin in seperate section below + + +# +# ulogd_BASE.so - interpreter plugin for basic IPv4 header fields +# you will always need this +plugin="@libdir@/ulogd_BASE.so" + + +# output plugins. +plugin="@libdir@/ulogd_LOGEMU.so" +#plugin="@libdir@/ulogd_OPRINT.so" +#plugin="@libdir@/ulogd_MYSQL.so" +#plugin="@libdir@/ulogd_PGSQL.so" +#plugin="@libdir@/ulogd_SQLITE3.so" +#plugin="@libdir@/ulogd_PCAP.so" + + +[LOGEMU] +file="/var/log/ulogd.syslogemu" +sync=1 + +[OPRINT] +file="/var/log/ulogd.pktlog" + +[MYSQL] +table="ulog" +pass="changeme" +user="laforge" +db="ulogd" +host="localhost" + +[PGSQL] +table="ulog" +schema="public" +pass="changeme" +user="postgres" +db="ulogd" +host="localhost" + +[SQLITE3] +table="ulog" +db="/var/log/ulogd.sqlite3db" +buffer=200 + +[PCAP] +file="/var/log/ulogd.pcap" +sync=1 + diff --git a/ulogd.init b/ulogd.init new file mode 100755 index 0000000..b678652 --- /dev/null +++ b/ulogd.init @@ -0,0 +1,61 @@ +#!/bin/sh +# +# chkconfig: 345 81 19 +# description: ulogd is the userspace logging daemon for netfilter/iptables +# + + +. /etc/rc.d/init.d/functions + + +function start() +{ + printf "Starting %s: " "ulogd" + daemon /usr/sbin/ulogd -d + echo + touch /var/lock/subsys/ulogd +} + + +function stop() +{ + printf "Stopping %s: " "ulogd" + killproc ulogd + echo + rm -f /var/lock/subsys/ulogd +} + + +function reload() +{ + pid=`pidof ulogd` + if [ "x$pid" != "x" ]; then + kill -HUP $pid 2>/dev/null + fi + touch /var/lock/subsys/ulogd +} + + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + stop + start + ;; + reload) + reload + ;; + status) + status ulogd + ;; + *) + printf "Usage: %s {start|stop|status|restart|reload}\n" "ulogd" + exit 1 +esac + +exit 0 diff --git a/ulogd.logrotate b/ulogd.logrotate new file mode 100644 index 0000000..b3fb6d1 --- /dev/null +++ b/ulogd.logrotate @@ -0,0 +1,7 @@ +/var/log/ulogd.log /var/log/ulogd.syslogemu /var/log/ulogd.pktlog /var/log/ulogd.pcap { + missingok + sharedscripts + postrotate + /bin/killall -HUP ulogd 2> /dev/null || true + endscript +} diff --git a/ulogd.spec b/ulogd.spec new file mode 100644 index 0000000..8afc4c4 --- /dev/null +++ b/ulogd.spec @@ -0,0 +1,143 @@ +Summary: ulogd - The userspace logging daemon for netfilter +Name: ulogd +Version: 1.22 +Release: 1gm +License: GPL +Group: Network +Source: ftp://ftp.netfilter.org/pub/ulogd/%{name}-%{version}.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-root +Packager: Harald Welte +BuildRequires: MySQL-devel postgresql-devel libpcap-devel libsqlite3-devel +#BuildRequires: mysql-devel + +%package mysql +Summary: MySQL output plugin for ulogd +Group: Network + +%package pgsql +Summary: PostgreSQL output plugin for ulogd +Group: Network + +%package sqlite +Summary: SQLITE3 output plugin for ulogd +Group: Network + +%package pcap +Summary: PCAP output plugin for ulogd +Group: Network + + +%description +ulogd is an universal logging daemon for the ULOG target of netfilter, the +Linux 2.4 firewalling subsystem. ulogd is able to log packets in variuos +formats to different targets (text files, databases, etc..). It has an +easy-to-use plugin interface to add new protocols and new output targets. + +%description mysql +ulogd-mysql is a MySQL output plugin for ulogd. It enables logging of +firewall information into a MySQL database. + +%description pgsql +ulogd-mysql is a PostgreSQL output plugin for ulogd. It enables logging of +firewall information into a PostgreSQL database. + +%description sqlite3 +ulogd-sqlite3 is a SQLITE3 output plugin for ulogd. It enables logging of +firewall information into a SQLITE3 database. + +%description pcap +ulogd-pcap is a output plugin for ulogd that saves packet logs as PCAP file. +PCAP is a standard format that can be later analyzed by a lot of tools such as +tcpdump and ethereal. + +%prep +%setup + +%build +%configure --with-mysql=/usr/lib/mysql --with-pgsql=/usr/lib/postgresql --with-sqlite3 +make + +%install +rm -rf %{buildroot} +mkdir -p %{buildroot}/%{_sysconfdir} +mkdir -p %{buildroot}/%{_libdir}/ulogd +mkdir -p %{buildroot}/%{_sbindir}/sbin +mkdir -p %{buildroot}/%{_mandir}/man8 +make DESTDIR=%{buildroot} install + +mkdir -p %{buildroot}/%{_sysconfdir}/rc.d/init.d +install ulogd.init %{buildroot}/%{_sysconfdir}/rc.d/init.d/ulogd +install ulogd.8 %{buildroot}/%{_mandir}/man8/ulogd.8 + +%clean +rm -rf %{buildroot} + +%files +%defattr(0644,root,root,0755) +%attr(0755,root,root) %{_sbindir}/ulogd +%{_sysconfdir}/ulogd.conf +%{_sysconfdir}/rc.d/init.d/ulogd +%{_mandir}/man8/* +%dir %{_libdir}/ulogd +%{_libdir}/ulogd/ulogd_BASE.so +%{_libdir}/ulogd/ulogd_LOCAL.so +%{_libdir}/ulogd/ulogd_LOGEMU.so +%{_libdir}/ulogd/ulogd_OPRINT.so +%{_libdir}/ulogd/ulogd_PWSNIFF.so +%{_libdir}/ulogd/ulogd_SYSLOG.so +%doc COPYING AUTHORS README +%doc doc/ulogd.txt doc/ulogd.a4.ps doc/ulogd.html + +%files mysql +%defattr(0644,root,root,0755) +%{_libdir}/ulogd/ulogd_MYSQL.so + +%files pgsql +%defattr(0644,root,root,0755) +%{_libdir}/ulogd/ulogd_PGSQL.so + +%files sqlite3 +%defattr(0644,root,root,0755) +%{_libdir}/ulogd/ulogd_SQLITE3.so + +%files pcap +%defattr(0644,root,root,0755) +%{_libdir}/ulogd/ulogd_PCAP.so + +%changelog +* Wed Feb 16 2005 Harald Welte ++ ulogd-1.21-1gm +- updated to 1.21 release +- separate sqlite3 and pcap sub-pacakges + +* Sat Feb 12 2005 Harald Welte ++ ulogd-1.20-1gm +- updated to 1.20 release +- add ulogd.8 manpage + +* Sat Aug 25 2003 Harald Welte ++ ulogd-1.00-1gm +- updated to 1.01 release +- add ulogd.8 manpage + +* Wed Mar 05 2003 Harald Welte ++ ulogd-1.00-1gm +- updated to 1.00 release + +* Mon Sep 24 2001 Harald Welte ++ ulogd-0.97-1cl +- updatd to 0.97 release (to fix endless-one-packet-loop bug) + +* Sun Jun 17 2001 Harald Welte ++ ulogd-0.96-2cl +- updated to 0.96 final release +- use ulogd.init from within source tgz + +* Sun May 20 2001 Harald Welte ++ ulogd-0.96-1cl +- Initial conectiva package +- cleaned up SPEC file +- created mysql subpackage + +* Sun Nov 19 2000 Harald Welte +- Initial RPM package for ulogd-0.9. diff --git a/ulogd/AUTHORS b/ulogd/AUTHORS deleted file mode 100644 index dcc5998..0000000 --- a/ulogd/AUTHORS +++ /dev/null @@ -1 +0,0 @@ -Harald Welte diff --git a/ulogd/COPYING b/ulogd/COPYING deleted file mode 100644 index eeb586b..0000000 --- a/ulogd/COPYING +++ /dev/null @@ -1,340 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Library General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) 19yy - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) 19yy name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - , 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Library General -Public License instead of this License. diff --git a/ulogd/Changes b/ulogd/Changes deleted file mode 100644 index 95bc457..0000000 --- a/ulogd/Changes +++ /dev/null @@ -1,129 +0,0 @@ -Version 1.24 (2006-01-25) -- Fix memory leak in postgresql plugin -- Fix printing of "PROTO=XX" for XX != (TCP,UDP,ICMP,ESP) -- Fix parsing of syslog log level -- Add support for 'mysql_config' and 'pg_config' programs -- Add support for 'lib64' to sqlite3 autoconf macros -- Fix some gcc-4 warnings -- Add reconnect support to mysql plugin -- Fix pcap header on some architectures -- Fix off-by-one-column error in sqlite3 plugin - -Version 1.23 (2005-04-18) -- Add supprt for ulogd logging in syslog (the daemon log, not packet log) - -Version 1.22 (2005-03-07) -- Fix postgresql endless loop (Jani Averbach) -- Add postgrsql schema support (Bob Hockney) - -Version 1.21 (2005-02-16) -- Fix compilation on certain gcc versions (Roberto Nibali) -- Fix --log-ip-as-string for mysql, pgsql and sqlite3 (Jani Averbach) - -Version 1.20 (2005-02-12) -- Add SQLITE3 Plugin -- Add 'port' option (for tcp port number) to mysql and postgresql plugins -- Cosmetic changes (c99 initializers, coding style) - -Version 1.10 (2003-Oct-xx) -- Change format of configuration file. Now every plugin has it's own section - in the config file, making the whole parsing procedure easier - and - eliminating multiple loading of .so plugins. (Magnus Boden) -- Make the config file format completely syntax compatible with .ini style files -- Add a new 'SYSLOG' plugin for real syslogging - -Version 1.02 (2003-Oct-08) -- fix printout of time information in ulogd_LOGEMU.c - -Version 1.01 (2003-Aug-23) -- use $(LD) macro in order to provide cross-compiling/linking support -- add 'rmem' configuration key to set the netlink socket rmem buffsize -- don't use kernel header files for IP/TCP header definitions -- various cosmetic cleanup to compile with -Wall -- fix usage of libmysqlclient: call mysql_init() before mysql_real_connect -- don't have LOGEMU read the system time, ulogd_LOCAL.so does this already - -Version 1.00 (2003-Mar-06) -- update documentation to reflect recent additions -- renamed LOCALTIME plugin to LOCAL plugin, since it now also returns - the hostname -- cleanup #include statements -- tcp.window is a 16bit value -- always return tcp flags, even if they are not set [to not cause NULL entries - in the database table -- cosmetic fixes to acommodate most compiler warnings -- moved location of conffile.h and ulog.h -- big update to ulogd_PGSQL.c -- more verbose error reporting when unable to load plugin -- print usage information -- add '--configfile' directive to allow multiple instances with multiple - configfiles - -Version 0.98 -- Fix MAC address printing if there is none (by Andrej Ota) -- Add PostgreSQL support by Jakab Laszlo -- Add Version Number (-V) commandline option -- Make MYBUFSIZ a runtime config directive (Bogdan Dobrota) -- Fix daemonize function (call setsid() and close stdin) -- Add ulogd_PCAP output plugin (to use ethereal/tcpdump/... on the logs) -- Update documentation to reflect kernel inclusion of ipt_ULOG module -- Add ulogd_LOCALTIME 'interpreter' for providing the timestamp at the - time of logging (Florent Aide) -- Fix ulogd_LOGEMU 'PROTO=' printing in case of unknown l4 protocol -- Add support for non-forking mode and logging to stderr (Alessandro Bono) - -Version 0.97 -- added error handling after ipulog_read() to prevent endless loops - -Version 0.96 -- support for old mysql versions (Alexander Janssen) -- support for dotted-quad IP addresses in MySQL (Alexander Janssen) -- added support for synchronous write to LOGEMU (Michael Stolovitzsky) -- autoconf now checks for mysql .so libraries instead of static .a -- autoconf now includes /usr/src/linux/include, because most distros - now have a glibc-provided /usr/include/linux :( -- removed ./configure from CVS tree as it may cause inconsistencies -- better commented example configuration file -- Makefiles now know DESTDIR (for RPM packaging) -- documentation now built at release-time, not compile time -- support for logfile-rotating, using new SIGHUP handler - -Version 0.95 -- libipulog problems of 0.94 fixed -- 1.0 now really soon - -Version 0.94 -- fixed stupid build problem because of missing libipulog - (i'll never try to be intelligent again ;)) - -Version 0.93 -- fixes logfile bug: wrong filename and line numbers printed -- fixes config file parsing, new generic get_word() in conffile.c -- fixes bug in ulogd_LOGEMU.c on big-endian systems -- fixes segfault when packet received but no interpreters registered - (reported by Drori Ghiora) -- sigterm handler installed for clean shutdown -- logfile now fflush()ed after each line printed -- ulogd_LOGEMU now prints date and hostname, just as syslog does - -Version 0.92 -- fixes libipulog loop-bug (reported by Drori Ghiora) - -Version 0.91 -- changes for new kernel ULOG. Includes support for multilink netlink - messages. - -Version 0.9 -- configuration file routines -- plugins are able to register new configfile keys -- new MYSQL output plugin -- new syslog compatibility output plugin - -Version 0.3 - -- new PWSNIFF interpreter plugin -- verbose error reporting - -Version 0.2 - -- real daemon, we are forking now diff --git a/ulogd/Makefile.in b/ulogd/Makefile.in deleted file mode 100644 index 0f1845c..0000000 --- a/ulogd/Makefile.in +++ /dev/null @@ -1,85 +0,0 @@ -RELEASE_DIR:=/tmp - -include @top_srcdir@/Rules.make -CFLAGS+=-I@top_srcdir@/libipulog/include -I@top_srcdir@/include - -SUBDIRS=conffile libipulog extensions doc - -ifeq (x@MYSQLINCLUDES@,x) -else -SUBDIRS+=mysql -endif - -ifeq (x@PGSQLINCLUDES@,x) -else -SUBDIRS+=pgsql -endif - -ifeq (x@HAVE_PCAP_H@,x) -else -SUBDIRS+=pcap -endif - - -ULOGD_VERSION=1.23 -OLD_ULOGD_VERSION=1.22 - -ifeq (x@SQLITE3INCLUDES@,x) -else -SUBDIRS+=sqlite3 -endif - -# Normally You should not need to change anything below - -all: recurse ulogd - -.PHONY: distclean -distclean: clean - @for d in $(SUBDIRS); do if ! make -C $$d $@; then exit 1; fi; done - rm -f Makefile config.cache config.log config.status Rules.make - -.PHONY: docbuild -docbuild: - make -C doc distrib - -.PHONY: distrib -distrib: docbuild distclean delrelease $(RELEASE_DIR)/ulogd-$(ULOGD_VERSION).tar.bz2 diff - -.PHONY: delrelease -delrelease: - rm -f $(RELEASE_DIR)/ulogd-$(ULOGD_VERSION).tar.bz2 - -$(RELEASE_DIR)/ulogd-$(ULOGD_VERSION).tar.bz2: - cd .. && ln -sf ulogd ulogd-$(ULOGD_VERSION) && tar cvf - --exclude CVS --exclude .svn ulogd-$(ULOGD_VERSION)/. | bzip2 -9 > $@ && rm ulogd-$(ULOGD_VERSION) - -.PHONY: diff -diff: $(RELEASE_DIR)/ulogd-$(ULOGD_VERSION).tar.bz2 - @mkdir /tmp/diffdir - @cd /tmp/diffdir && tar -x --bzip2 -f $(RELEASE_DIR)/ulogd-$(ULOGD_VERSION).tar.bz2 - @set -e; cd /tmp/diffdir; tar -x --bzip2 -f $(RELEASE_DIR)/ulogd-$(OLD_ULOGD_VERSION).tar.bz2; echo Creating patch-ulogd-$(OLD_ULOGD_VERSION)-$(ULOGD_VERSION).bz2; diff -urN ulogd-$(OLD_ULOGD_VERSION) ulogd-$(ULOGD_VERSION) | bzip2 -9 > $(RELEASE_DIR)/patch-ulogd-$(OLD_ULOGD_VERSION)-$(ULOGD_VERSION).bz2 - -recurse: - @for d in $(SUBDIRS); do if ! make -C $$d; then exit 1; fi; done - -ulogd: ulogd.c $(LIBIPULOG) include/ulogd/ulogd.h conffile/conffile.o $(LIBIPULOG)/libipulog.a ulogd.conf - $(CC) $(CFLAGS) $(LDFLAGS) -rdynamic $< conffile/conffile.o $(LIBIPULOG)/libipulog.a -o $@ $(LIBS) - -edit = sed -e 's,@libdir\@,$(ULOGD_LIB_PATH),g' - -ulogd.conf: ulogd.conf.in - $(edit) ulogd.conf.in > ulogd.conf - -clean: -# rm -f ulogd *.o extensions/*.o extensions/*.so conffile/*.o - rm -f ulogd ulogd.o ulogd.conf - @for d in $(SUBDIRS); do if ! make -C $$d $@; then exit 1; fi; done - -install: all - @for d in $(SUBDIRS); do if ! make -C $$d $@; then exit 1; fi; done - @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) - @INSTALL@ -D -m 755 ulogd $(DESTDIR)$(BINDIR)/ulogd - @[ -d $(DESTDIR)$(ETCDIR) ] || mkdir -p $(DESTDIR)$(ETCDIR) - @[ -f $(DESTDIR)$(ETCDIR)/ulogd.conf ] || @INSTALL@ -D -m 600 ulogd.conf $(DESTDIR)$(ETCDIR)/ulogd.conf - -doc: - $(MAKE) -C $@ diff --git a/ulogd/README b/ulogd/README deleted file mode 100644 index 3510007..0000000 --- a/ulogd/README +++ /dev/null @@ -1,97 +0,0 @@ -Userspace logging facility for iptables / linux 2.4 -$Id: README,v 1.7 2002/04/16 12:44:41 laforge Exp $ - -Project Homepage: http://www.gnumonks.org/projects/ulogd -Mailinglist: http://lists.gnumonks.org/mailman/listinfo/ulogd/ - -This is just a short README, pleaes see the more extensive documentation -in the doc/ subdirectory. - -===> IDEA - -This packages is intended for passing packets from the kernel to userspace -to do some logging there. It should work like that: - -- Register a target called ULOG with iptables -- if the target is hit: - - send the packet out using netlink multicast facility - - return NF_CONTINUE immediately - -New with ipt_ULOG 0.8 we can accumulate packets in userspace and send -them in small batches (1-50) to userspace. This reduces the amount of -expensive context switches. - -More than one logging daemon may listen to the netlink multicast address. - -===> CONTENTS - -= Ulog library (libipulog.a) -Just a little library like libipq.a which provides a convenient way to -write userspace logging daemons. The functions provided are described -in the source code, a small demo program (ulog_test) is also included. - -= ulogd daemon (ulogd) -A sophisticated logging daemon which uses libipulog. The daemon provides -an easy to use plugin interface to write additional packet interpreters and -output targets. Example plugins (interpreter: ip, tcp, icmp output: simple -logging to a file) are included. - -= documentation (doc) -A quite verbose documentation of this package and it's configuration exists, -please actually make use of it and read it :) - -===> USAGE - -The kernel part of the userspace logging facility (ipt_ULOG.o) is included -in kernels >= 2.4.18-pre8. If you are running older kernel versions, you MUST -install the ulog-patch from netfilter patch-o-matic FIRST !! - -Please go to the netfilter homepage (http://www.netfilter.org/) -and download the latest iptables package. There is a system called -patch-o-matic, which manages recent netfilter development, which has -not been included in the stock kernel yet. - -Just apply the ulog-patch from patch-o-matic (there is some documentation -included in the iptables package how to use patch-o-matic). - -Next you have to enable the kernel config option CONFIG_IP_NF_TARGET_ULOG in -the netfilter subsection of the network options. - -Then recompile the kernel or just recompile the netfilter modules using 'make -modules SUBDIRS=net/ipv4/netfilter'. Next step is installing the module using -'make modules_install' - -It is also a good idea to recompile and re-install the iptables package, -if you don't already have libipt_ULOG.so in /usr/local/lib/iptables or -/usr/lib/iptables - -Now You are ready to go. You may now insert logging rules to every chain. -To see the full syntax, type 'iptables -j ULOG -h' - -===> EXAMPLES - -At first a simple example, which passes every outgoing packet to the -userspace logging, using netlink multicast group 3. - -iptables -A OUTPUT -j ULOG --ulog-nlgroup 3 - -A more advanced one, passing all incoming tcp packets with destination -port 80 to the userspace logging daemon listening on netlink multicast -group 32. All packets get tagged with the ulog prefix "inp" - -iptables -A INPUT -j ULOG -p tcp --dport 80 --ulog-nlgroup 32 --ulog-prefix inp - -Since version 0.2, I added another parameter (--ulog-cprange). -Using this parameter You are able to specify how much octets of the -packet should be copied from the kernel to userspace. -Setting --ulog-cprange to 0 does always copy the whole packet. Default is 0 - -===> COPYRIGHT + CREDITS - -The code is (C) 2000-2003 by Harald Welte - -Thanks also to the valuable Contributions of Daniel Stone, Alexander -Janssen and Michael Stolovitzsky. - -Credits to Rusty Russel, James Morris, Marc Boucher and all the other -netfilter hackers. diff --git a/ulogd/Rules.make.in b/ulogd/Rules.make.in deleted file mode 100644 index 4a161a4..0000000 --- a/ulogd/Rules.make.in +++ /dev/null @@ -1,50 +0,0 @@ -# - -prefix=@prefix@ -exec_prefix=@exec_prefix@ -ETCDIR=@sysconfdir@ -BINDIR=@sbindir@ - -ULOGD_CONFIGFILE=@sysconfdir@/ulogd.conf - -ULOGD_LIB_PATH=@libdir@/ulogd - -# Path of libipulog (from iptables) -LIBIPULOG=@top_srcdir@/libipulog -INCIPULOG=-I@top_srcdir@/libipulog/include -INCCONFFILE=-I@top_srcdir@/conffile - -CC=@CC@ -LD=@LD@ -INSTALL=@INSTALL@ - -CFLAGS=@CFLAGS@ @CPPFLAGS@ -Wall -CFLAGS+=-DULOGD_CONFIGFILE=\"$(ULOGD_CONFIGFILE)\" -CFLAGS+=@KERNEL64_USERSPACE32@ -# doesn't work for subdirs -CFLAGS+=$(INCIPULOG) -#CFLAGS+=-I/lib/modules/`uname -r`/build/include -CFLAGS+=@DEFS@ -#CFLAGS+=-g -DDEBUG -DDEBUG_MYSQL -DDEBUG_PGSQL - -LIBS=@LIBS@ - - -# Names of the plugins to be compiled -ULOGD_SL:=BASE OPRINT PWSNIFF LOGEMU LOCAL SYSLOG - -# mysql output support -#ULOGD_SL+=MYSQL -MYSQL_CFLAGS=@MYSQLINCLUDES@ @EXTRA_MYSQL_DEF@ -MYSQL_LDFLAGS=$(LDFLAGS) @MYSQL_LIB@ - -# postgreSQL output support -#ULOGD_SL+=PGSQL -PGSQL_CFLAGS=@PGSQLINCLUDES@ @EXTRA_PGSQL_DEF@ -PGSQL_LDFLAGS=$(LDFLAGS) @PGSQL_LIB@ - -# mysql output support -#ULOGD_SL+=SQLITE3 -SQLITE3_CFLAGS=@SQLITE3INCLUDES@ @EXTRA_SQLITE3_DEF@ -SQLITE3_LDFLAGS=$(LDFLAGS) @SQLITE3_LIB@ - diff --git a/ulogd/TODO b/ulogd/TODO deleted file mode 100644 index 3ab6194..0000000 --- a/ulogd/TODO +++ /dev/null @@ -1,37 +0,0 @@ -libipulog: -X handle multi-part nlmsgs -- Error checking at netlink socket -- forward port my timeout enabled read-function from libipq to libipulog -- man pages - -kernel: -X queue the logging in the kernel and send multiple packets in one - multipart nlmsg -X add timer to flush queue in user-defineable time intervals -- IPv6 ULOG target - -ulogd: -X MYSQL output plugin -X syslog compatibility output plugin -- autoconf-detection of ipt_ULOG.h -X _fini() support for plugin destructors (needed for clean shutdown and - SIGHUP configfile reload -X commandline option for "to fork or not to fork" -X various command line options (we don't even have --version) -- add support for capabilities to run as non-root -X big endian fixes -X man pages -- IPv6 support (core and extensions) -X pcap output plugin (to use ethereal/tcpdump/... for the logs) -- enable user to specify directory where to look for kernel include files -- support for static linking -- make core maintain a list of keyid's that all the output plugins are - interested. The interpreters would be called with their respective - section of that list, and only compute those values that are actually - used by any of the running output plugins -- issues with ulogd_BASE and partially copied packets (--ulog-cprange) -- problem wrt. ulogd_BASE and fragments -- implement extension SIGHUP handlers (including config re-parse) - -conffile: -- rewrite parser. This stuff is a real mess. Anybody interested? diff --git a/ulogd/aclocal.m4 b/ulogd/aclocal.m4 deleted file mode 100644 index 368464b..0000000 --- a/ulogd/aclocal.m4 +++ /dev/null @@ -1,130 +0,0 @@ -dnl aclocal.m4 generated automatically by aclocal 1.4 - -dnl Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc. -dnl This file is free software; the Free Software Foundation -dnl gives unlimited permission to copy and/or distribute it, -dnl with or without modifications, as long as this notice is preserved. - -dnl This program is distributed in the hope that it will be useful, -dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without -dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A -dnl PARTICULAR PURPOSE. - -dnl aclocal.m4 generated automatically by aclocal 1.4 - -dnl Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc. -dnl This file is free software; the Free Software Foundation -dnl gives unlimited permission to copy and/or distribute it, -dnl with or without modifications, as long as this notice is preserved. - -dnl This program is distributed in the hope that it will be useful, -dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without -dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A -dnl PARTICULAR PURPOSE. - -# Do all the work for Automake. This macro actually does too much -- -# some checks are only needed if your package does certain things. -# But this isn't really a big deal. - -# serial 1 - -dnl Usage: -dnl AM_INIT_AUTOMAKE(package,version, [no-define]) - -AC_DEFUN(AM_INIT_AUTOMAKE, -[AC_REQUIRE([AC_PROG_INSTALL]) -PACKAGE=[$1] -AC_SUBST(PACKAGE) -VERSION=[$2] -AC_SUBST(VERSION) -dnl test to see if srcdir already configured -if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then - AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) -fi -ifelse([$3],, -AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) -AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])) -AC_REQUIRE([AM_SANITY_CHECK]) -AC_REQUIRE([AC_ARG_PROGRAM]) -dnl FIXME This is truly gross. -missing_dir=`cd $ac_aux_dir && pwd` -AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir) -AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir) -AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir) -AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir) -AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir) -AC_REQUIRE([AC_PROG_MAKE_SET])]) - -# -# Check to make sure that the build environment is sane. -# - -AC_DEFUN(AM_SANITY_CHECK, -[AC_MSG_CHECKING([whether build environment is sane]) -# Just in case -sleep 1 -echo timestamp > conftestfile -# Do `set' in a subshell so we don't clobber the current shell's -# arguments. Must try -L first in case configure is actually a -# symlink; some systems play weird games with the mod time of symlinks -# (eg FreeBSD returns the mod time of the symlink's containing -# directory). -if ( - set X `ls -Lt $srcdir/configure conftestfile 2> /dev/null` - if test "[$]*" = "X"; then - # -L didn't work. - set X `ls -t $srcdir/configure conftestfile` - fi - if test "[$]*" != "X $srcdir/configure conftestfile" \ - && test "[$]*" != "X conftestfile $srcdir/configure"; then - - # If neither matched, then we have a broken ls. This can happen - # if, for instance, CONFIG_SHELL is bash and it inherits a - # broken ls alias from the environment. This has actually - # happened. Such a system could not be considered "sane". - AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken -alias in your environment]) - fi - - test "[$]2" = conftestfile - ) -then - # Ok. - : -else - AC_MSG_ERROR([newly created file is older than distributed files! -Check your system clock]) -fi -rm -f conftest* -AC_MSG_RESULT(yes)]) - -dnl AM_MISSING_PROG(NAME, PROGRAM, DIRECTORY) -dnl The program must properly implement --version. -AC_DEFUN(AM_MISSING_PROG, -[AC_MSG_CHECKING(for working $2) -# Run test in a subshell; some versions of sh will print an error if -# an executable is not found, even if stderr is redirected. -# Redirect stdin to placate older versions of autoconf. Sigh. -if ($2 --version) < /dev/null > /dev/null 2>&1; then - $1=$2 - AC_MSG_RESULT(found) -else - $1="$3/missing $2" - AC_MSG_RESULT(missing) -fi -AC_SUBST($1)]) - - -# Define a conditional. - -AC_DEFUN(AM_CONDITIONAL, -[AC_SUBST($1_TRUE) -AC_SUBST($1_FALSE) -if $2; then - $1_TRUE= - $1_FALSE='#' -else - $1_TRUE='#' - $1_FALSE= -fi]) - diff --git a/ulogd/cftest/cftest.c b/ulogd/cftest/cftest.c deleted file mode 100644 index b99882b..0000000 --- a/ulogd/cftest/cftest.c +++ /dev/null @@ -1,30 +0,0 @@ -#include -#include -#include "conffile.h" - -int bla(char *args) -{ - printf("bla called: %s\n", args); - return 0; -} -int main() -{ - config_entry_t e,f; - memset(&e, 0, sizeof(config_entry_t)); - strcpy(e.key, "zeile"); - e.u.parser = bla; - e.type = CONFIG_TYPE_CALLBACK; - config_register_key(&e); - - strcpy(f.key, "spalte"); - f.type = CONFIG_TYPE_STRING; - f.options |= CONFIG_OPT_MANDATORY; - f.u.str.string = (char *) malloc(100); - f.u.str.maxlen = 99; - config_register_key(&f); - - config_parse_file("test.txt"); - printf("SPALTE: %s\n", f.u.str.string); - - exit(0); -} diff --git a/ulogd/cftest/test.txt b/ulogd/cftest/test.txt deleted file mode 100644 index 3c0b663..0000000 --- a/ulogd/cftest/test.txt +++ /dev/null @@ -1,3 +0,0 @@ -zeile zeile1 -spalte 0815 -asdfasf diff --git a/ulogd/conffile/Makefile.in b/ulogd/conffile/Makefile.in deleted file mode 100644 index 907e6a7..0000000 --- a/ulogd/conffile/Makefile.in +++ /dev/null @@ -1,21 +0,0 @@ -# - -include @top_srcdir@/Rules.make -CFLAGS+=-I@top_srcdir@/include/ulogd - -# Normally You should not need to change anything below - -all: conffile.o - -distrib: - -conffile.o: conffile.c - $(CC) $(CFLAGS) -c $< -o $@ - -clean: - rm -f conffile.o - -distclean: - rm -f Makefile - -install: all diff --git a/ulogd/conffile/conffile.c b/ulogd/conffile/conffile.c deleted file mode 100644 index d26c5ff..0000000 --- a/ulogd/conffile/conffile.c +++ /dev/null @@ -1,241 +0,0 @@ -/* config file parser functions - * - * (C) 2000 by Harald Welte - * - * $Id: conffile.c,v 1.4 2001/09/01 11:51:53 laforge Exp $ - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#include -#include -#include -#include "conffile.h" - -#ifdef DEBUG_CONF -#define DEBUGC(format, args...) fprintf(stderr, format, ## args) -#else -#define DEBUGC(format, args...) -#endif - -/* points to config entry with error */ -config_entry_t *config_errce = NULL; - -/* Filename of the config file */ -static char *fname = NULL; - -/* get_word() - Function to parse a line into words. - * Arguments: line line to parse - * delim possible word delimiters - * buf pointer to buffer where word is returned - * Return value: pointer to first char after word - * This function can deal with "" quotes - */ -static char *get_word(char *line, char *not, char *buf) -{ - char *p, *start = NULL, *stop = NULL; - int inquote = 0; - - for (p = line; *p; p++) { - if (*p == '"') { - start = p + 1; - inquote = 1; - break; - } - if (!strchr(not, *p)) { - start = p; - break; - } - } - if (!start) - return NULL; - - /* determine pointer to one char after word */ - for (p = start; *p; p++) { - if (inquote) { - if (*p == '"') { - stop = p; - break; - } - } else { - if (strchr(not, *p)) { - stop = p; - break; - } - } - } - if (!stop) - return NULL; - - strncpy(buf, start, (size_t) (stop-start)); - *(buf + (stop-start)) = '\0'; - - /* skip quote character */ - if (inquote) - /* yes, we can return stop + 1. If " was the last - * character in string, it now points to NULL-term */ - return (stop + 1); - - return stop; -} - -#if 0 -/* do we have a config directive for this name */ -static int config_iskey(char *name) -{ - config_entry_t *ce; - - for (ce = config; ce; ce = ce->next) { - if (!strcmp(name, ce->key)) - return 0; - } - - return 1; -} -#endif - -/*********************************************************************** - * PUBLIC INTERFACE - ***********************************************************************/ - -/* register config file with us */ -int config_register_file(const char *file) -{ - /* FIXME: stat of file */ - if (fname) - return 1; - - fname = (char *) malloc(strlen(file)+1); - if (!fname) - return -ERROOM; - - strcpy(fname, file); - - return 0; -} - -/* parse config file */ -int config_parse_file(const char *section, config_entry_t *keys) -{ - FILE *cfile; - char *args; - config_entry_t *ce; - int err = 0; - int found = 0; - char linebuf[LINE_LEN+1]; - char *line = linebuf; - - cfile = fopen(fname, "r"); - if (!cfile) - return -ERROPEN; - - DEBUGC("prasing section [%s]\n", section); - - /* Search for correct section */ - while (fgets(line, LINE_LEN, cfile)) { - char wordbuf[LINE_LEN]; - char *wordend; - - if (*line == '#') - continue; - - if (!(wordend = get_word(line, " \t\n[]", (char *) wordbuf))) - continue; - DEBUGC("word: \"%s\"\n", wordbuf); - if (!strcmp(wordbuf, section)) { - found = 1; - break; - } - } - - if (!found) { - fclose(cfile); - return -ERRSECTION; - } - - /* Parse this section until next section */ - while (fgets(line, LINE_LEN, cfile)) - { - char wordbuf[LINE_LEN]; - char *wordend; - - DEBUGC("line read: %s\n", line); - if (*line == '#') - continue; - - if (!(wordend = get_word(line, " =\t\n", (char *) &wordbuf))) - continue; - - if (wordbuf[0] == '[' ) { - DEBUGC("Next section '%s' encountered\n", wordbuf); - break; - } - - DEBUGC("parse_file: entering main loop\n"); - for (ce = keys; ce; ce = ce->next) { - DEBUGC("parse main loop, key: %s\n", ce->key); - if (strcmp(ce->key, (char *) &wordbuf)) { - continue; - } - - wordend = get_word(wordend, " =\t\n", (char *) &wordbuf); - args = (char *)&wordbuf; - - if (ce->hit && !(ce->options & CONFIG_OPT_MULTI)) - { - DEBUGC("->ce-hit and option not multi!\n"); - config_errce = ce; - err = -ERRMULT; - goto cpf_error; - } - ce->hit++; - - switch (ce->type) { - case CONFIG_TYPE_STRING: - if (strlen(args) < - CONFIG_VAL_STRING_LEN ) { - strcpy(ce->u.string, args); - /* FIXME: what if not ? */ - } - break; - case CONFIG_TYPE_INT: - ce->u.value = atoi(args); - break; - case CONFIG_TYPE_CALLBACK: - (ce->u.parser)(args); - break; - } - break; - } - DEBUGC("parse_file: exiting main loop\n"); - } - - - for (ce = keys; ce; ce = ce->next) { - DEBUGC("ce post loop, ce=%s\n", ce->key); - if ((ce->options & CONFIG_OPT_MANDATORY) && (ce->hit == 0)) { - DEBUGC("Mandatory config directive \"%s\" not found\n", - ce->key); - config_errce = ce; - err = -ERRMAND; - goto cpf_error; - } - - } - -cpf_error: - fclose(cfile); - return err; -} - diff --git a/ulogd/config.guess b/ulogd/config.guess deleted file mode 100755 index 0e30d56..0000000 --- a/ulogd/config.guess +++ /dev/null @@ -1,1407 +0,0 @@ -#! /bin/sh -# Attempt to guess a canonical system name. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. - -timestamp='2003-07-02' - -# This file is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - -# Originally written by Per Bothner . -# Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. -# -# This script attempts to guess a canonical system name similar to -# config.sub. If it succeeds, it prints the system name on stdout, and -# exits with 0. Otherwise, it exits with 1. -# -# The plan is that this can be called by configure scripts if you -# don't specify an explicit build system type. - -me=`echo "$0" | sed -e 's,.*/,,'` - -usage="\ -Usage: $0 [OPTION] - -Output the configuration name of the system \`$me' is run on. - -Operation modes: - -h, --help print this help, then exit - -t, --time-stamp print date of last modification, then exit - -v, --version print version number, then exit - -Report bugs and patches to ." - -version="\ -GNU config.guess ($timestamp) - -Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 -Free Software Foundation, Inc. - -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." - -help=" -Try \`$me --help' for more information." - -# Parse command line -while test $# -gt 0 ; do - case $1 in - --time-stamp | --time* | -t ) - echo "$timestamp" ; exit 0 ;; - --version | -v ) - echo "$version" ; exit 0 ;; - --help | --h* | -h ) - echo "$usage"; exit 0 ;; - -- ) # Stop option processing - shift; break ;; - - ) # Use stdin as input. - break ;; - -* ) - echo "$me: invalid option $1$help" >&2 - exit 1 ;; - * ) - break ;; - esac -done - -if test $# != 0; then - echo "$me: too many arguments$help" >&2 - exit 1 -fi - -trap 'exit 1' 1 2 15 - -# CC_FOR_BUILD -- compiler used by this script. Note that the use of a -# compiler to aid in system detection is discouraged as it requires -# temporary files to be created and, as you can see below, it is a -# headache to deal with in a portable fashion. - -# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still -# use `HOST_CC' if defined, but it is deprecated. - -# Portable tmp directory creation inspired by the Autoconf team. - -set_cc_for_build=' -trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; -trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; -: ${TMPDIR=/tmp} ; - { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || - { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || - { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || - { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; -dummy=$tmp/dummy ; -tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; -case $CC_FOR_BUILD,$HOST_CC,$CC in - ,,) echo "int x;" > $dummy.c ; - for c in cc gcc c89 c99 ; do - if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then - CC_FOR_BUILD="$c"; break ; - fi ; - done ; - if test x"$CC_FOR_BUILD" = x ; then - CC_FOR_BUILD=no_compiler_found ; - fi - ;; - ,,*) CC_FOR_BUILD=$CC ;; - ,*,*) CC_FOR_BUILD=$HOST_CC ;; -esac ;' - -# This is needed to find uname on a Pyramid OSx when run in the BSD universe. -# (ghazi@noc.rutgers.edu 1994-08-24) -if (test -f /.attbin/uname) >/dev/null 2>&1 ; then - PATH=$PATH:/.attbin ; export PATH -fi - -UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown -UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown -UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown -UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown - -# Note: order is significant - the case branches are not exclusive. - -case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in - *:NetBSD:*:*) - # NetBSD (nbsd) targets should (where applicable) match one or - # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, - # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently - # switched to ELF, *-*-netbsd* would select the old - # object file format. This provides both forward - # compatibility and a consistent mechanism for selecting the - # object file format. - # - # Note: NetBSD doesn't particularly care about the vendor - # portion of the name. We always set it to "unknown". - sysctl="sysctl -n hw.machine_arch" - UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || echo unknown)` - case "${UNAME_MACHINE_ARCH}" in - armeb) machine=armeb-unknown ;; - arm*) machine=arm-unknown ;; - sh3el) machine=shl-unknown ;; - sh3eb) machine=sh-unknown ;; - *) machine=${UNAME_MACHINE_ARCH}-unknown ;; - esac - # The Operating System including object format, if it has switched - # to ELF recently, or will in the future. - case "${UNAME_MACHINE_ARCH}" in - arm*|i386|m68k|ns32k|sh3*|sparc|vax) - eval $set_cc_for_build - if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep __ELF__ >/dev/null - then - # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). - # Return netbsd for either. FIX? - os=netbsd - else - os=netbsdelf - fi - ;; - *) - os=netbsd - ;; - esac - # The OS release - # Debian GNU/NetBSD machines have a different userland, and - # thus, need a distinct triplet. However, they do not need - # kernel version information, so it can be replaced with a - # suitable tag, in the style of linux-gnu. - case "${UNAME_VERSION}" in - Debian*) - release='-gnu' - ;; - *) - release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` - ;; - esac - # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: - # contains redundant information, the shorter form: - # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}" - exit 0 ;; - amiga:OpenBSD:*:*) - echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - arc:OpenBSD:*:*) - echo mipsel-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - hp300:OpenBSD:*:*) - echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - mac68k:OpenBSD:*:*) - echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - macppc:OpenBSD:*:*) - echo powerpc-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - mvme68k:OpenBSD:*:*) - echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - mvme88k:OpenBSD:*:*) - echo m88k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - mvmeppc:OpenBSD:*:*) - echo powerpc-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - pmax:OpenBSD:*:*) - echo mipsel-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - sgi:OpenBSD:*:*) - echo mipseb-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - sun3:OpenBSD:*:*) - echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - wgrisc:OpenBSD:*:*) - echo mipsel-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - *:OpenBSD:*:*) - echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - alpha:OSF1:*:*) - if test $UNAME_RELEASE = "V4.0"; then - UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` - fi - # According to Compaq, /usr/sbin/psrinfo has been available on - # OSF/1 and Tru64 systems produced since 1995. I hope that - # covers most systems running today. This code pipes the CPU - # types through head -n 1, so we only detect the type of CPU 0. - ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` - case "$ALPHA_CPU_TYPE" in - "EV4 (21064)") - UNAME_MACHINE="alpha" ;; - "EV4.5 (21064)") - UNAME_MACHINE="alpha" ;; - "LCA4 (21066/21068)") - UNAME_MACHINE="alpha" ;; - "EV5 (21164)") - UNAME_MACHINE="alphaev5" ;; - "EV5.6 (21164A)") - UNAME_MACHINE="alphaev56" ;; - "EV5.6 (21164PC)") - UNAME_MACHINE="alphapca56" ;; - "EV5.7 (21164PC)") - UNAME_MACHINE="alphapca57" ;; - "EV6 (21264)") - UNAME_MACHINE="alphaev6" ;; - "EV6.7 (21264A)") - UNAME_MACHINE="alphaev67" ;; - "EV6.8CB (21264C)") - UNAME_MACHINE="alphaev68" ;; - "EV6.8AL (21264B)") - UNAME_MACHINE="alphaev68" ;; - "EV6.8CX (21264D)") - UNAME_MACHINE="alphaev68" ;; - "EV6.9A (21264/EV69A)") - UNAME_MACHINE="alphaev69" ;; - "EV7 (21364)") - UNAME_MACHINE="alphaev7" ;; - "EV7.9 (21364A)") - UNAME_MACHINE="alphaev79" ;; - esac - # A Vn.n version is a released version. - # A Tn.n version is a released field test version. - # A Xn.n version is an unreleased experimental baselevel. - # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - exit 0 ;; - Alpha*:OpenVMS:*:*) - echo alpha-hp-vms - exit 0 ;; - Alpha\ *:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # Should we change UNAME_MACHINE based on the output of uname instead - # of the specific Alpha model? - echo alpha-pc-interix - exit 0 ;; - 21064:Windows_NT:50:3) - echo alpha-dec-winnt3.5 - exit 0 ;; - Amiga*:UNIX_System_V:4.0:*) - echo m68k-unknown-sysv4 - exit 0;; - *:[Aa]miga[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-amigaos - exit 0 ;; - *:[Mm]orph[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-morphos - exit 0 ;; - *:OS/390:*:*) - echo i370-ibm-openedition - exit 0 ;; - arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix${UNAME_RELEASE} - exit 0;; - SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) - echo hppa1.1-hitachi-hiuxmpp - exit 0;; - Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) - # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. - if test "`(/bin/universe) 2>/dev/null`" = att ; then - echo pyramid-pyramid-sysv3 - else - echo pyramid-pyramid-bsd - fi - exit 0 ;; - NILE*:*:*:dcosx) - echo pyramid-pyramid-svr4 - exit 0 ;; - DRS?6000:unix:4.0:6*) - echo sparc-icl-nx6 - exit 0 ;; - DRS?6000:UNIX_SV:4.2*:7*) - case `/usr/bin/uname -p` in - sparc) echo sparc-icl-nx7 && exit 0 ;; - esac ;; - sun4H:SunOS:5.*:*) - echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; - sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; - i86pc:SunOS:5.*:*) - echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; - sun4*:SunOS:6*:*) - # According to config.sub, this is the proper way to canonicalize - # SunOS6. Hard to guess exactly what SunOS6 will be like, but - # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; - sun4*:SunOS:*:*) - case "`/usr/bin/arch -k`" in - Series*|S4*) - UNAME_RELEASE=`uname -v` - ;; - esac - # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` - exit 0 ;; - sun3*:SunOS:*:*) - echo m68k-sun-sunos${UNAME_RELEASE} - exit 0 ;; - sun*:*:4.2BSD:*) - UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 - case "`/bin/arch`" in - sun3) - echo m68k-sun-sunos${UNAME_RELEASE} - ;; - sun4) - echo sparc-sun-sunos${UNAME_RELEASE} - ;; - esac - exit 0 ;; - aushp:SunOS:*:*) - echo sparc-auspex-sunos${UNAME_RELEASE} - exit 0 ;; - # The situation for MiNT is a little confusing. The machine name - # can be virtually everything (everything which is not - # "atarist" or "atariste" at least should have a processor - # > m68000). The system name ranges from "MiNT" over "FreeMiNT" - # to the lowercase version "mint" (or "freemint"). Finally - # the system name "TOS" denotes a system which is actually not - # MiNT. But MiNT is downward compatible to TOS, so this should - # be no problem. - atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} - exit 0 ;; - atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} - exit 0 ;; - *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} - exit 0 ;; - milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint${UNAME_RELEASE} - exit 0 ;; - hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint${UNAME_RELEASE} - exit 0 ;; - *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint${UNAME_RELEASE} - exit 0 ;; - powerpc:machten:*:*) - echo powerpc-apple-machten${UNAME_RELEASE} - exit 0 ;; - RISC*:Mach:*:*) - echo mips-dec-mach_bsd4.3 - exit 0 ;; - RISC*:ULTRIX:*:*) - echo mips-dec-ultrix${UNAME_RELEASE} - exit 0 ;; - VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix${UNAME_RELEASE} - exit 0 ;; - 2020:CLIX:*:* | 2430:CLIX:*:*) - echo clipper-intergraph-clix${UNAME_RELEASE} - exit 0 ;; - mips:*:*:UMIPS | mips:*:*:RISCos) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c -#ifdef __cplusplus -#include /* for printf() prototype */ - int main (int argc, char *argv[]) { -#else - int main (argc, argv) int argc; char *argv[]; { -#endif - #if defined (host_mips) && defined (MIPSEB) - #if defined (SYSTYPE_SYSV) - printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); - #endif - #if defined (SYSTYPE_SVR4) - printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); - #endif - #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) - printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); - #endif - #endif - exit (-1); - } -EOF - $CC_FOR_BUILD -o $dummy $dummy.c \ - && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ - && exit 0 - echo mips-mips-riscos${UNAME_RELEASE} - exit 0 ;; - Motorola:PowerMAX_OS:*:*) - echo powerpc-motorola-powermax - exit 0 ;; - Motorola:*:4.3:PL8-*) - echo powerpc-harris-powermax - exit 0 ;; - Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) - echo powerpc-harris-powermax - exit 0 ;; - Night_Hawk:Power_UNIX:*:*) - echo powerpc-harris-powerunix - exit 0 ;; - m88k:CX/UX:7*:*) - echo m88k-harris-cxux7 - exit 0 ;; - m88k:*:4*:R4*) - echo m88k-motorola-sysv4 - exit 0 ;; - m88k:*:3*:R3*) - echo m88k-motorola-sysv3 - exit 0 ;; - AViiON:dgux:*:*) - # DG/UX returns AViiON for all architectures - UNAME_PROCESSOR=`/usr/bin/uname -p` - if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] - then - if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ - [ ${TARGET_BINARY_INTERFACE}x = x ] - then - echo m88k-dg-dgux${UNAME_RELEASE} - else - echo m88k-dg-dguxbcs${UNAME_RELEASE} - fi - else - echo i586-dg-dgux${UNAME_RELEASE} - fi - exit 0 ;; - M88*:DolphinOS:*:*) # DolphinOS (SVR3) - echo m88k-dolphin-sysv3 - exit 0 ;; - M88*:*:R3*:*) - # Delta 88k system running SVR3 - echo m88k-motorola-sysv3 - exit 0 ;; - XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) - echo m88k-tektronix-sysv3 - exit 0 ;; - Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) - echo m68k-tektronix-bsd - exit 0 ;; - *:IRIX*:*:*) - echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` - exit 0 ;; - ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. - echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id - exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' - i*86:AIX:*:*) - echo i386-ibm-aix - exit 0 ;; - ia64:AIX:*:*) - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` - else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} - fi - echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} - exit 0 ;; - *:AIX:2:3) - if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - - main() - { - if (!__power_pc()) - exit(1); - puts("powerpc-ibm-aix3.2.5"); - exit(0); - } -EOF - $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 - echo rs6000-ibm-aix3.2.5 - elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then - echo rs6000-ibm-aix3.2.4 - else - echo rs6000-ibm-aix3.2 - fi - exit 0 ;; - *:AIX:*:[45]) - IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` - if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then - IBM_ARCH=rs6000 - else - IBM_ARCH=powerpc - fi - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` - else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} - fi - echo ${IBM_ARCH}-ibm-aix${IBM_REV} - exit 0 ;; - *:AIX:*:*) - echo rs6000-ibm-aix - exit 0 ;; - ibmrt:4.4BSD:*|romp-ibm:BSD:*) - echo romp-ibm-bsd4.4 - exit 0 ;; - ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and - echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to - exit 0 ;; # report: romp-ibm BSD 4.3 - *:BOSX:*:*) - echo rs6000-bull-bosx - exit 0 ;; - DPX/2?00:B.O.S.:*:*) - echo m68k-bull-sysv3 - exit 0 ;; - 9000/[34]??:4.3bsd:1.*:*) - echo m68k-hp-bsd - exit 0 ;; - hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) - echo m68k-hp-bsd4.4 - exit 0 ;; - 9000/[34678]??:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - case "${UNAME_MACHINE}" in - 9000/31? ) HP_ARCH=m68000 ;; - 9000/[34]?? ) HP_ARCH=m68k ;; - 9000/[678][0-9][0-9]) - if [ -x /usr/bin/getconf ]; then - sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` - sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 - 532) # CPU_PA_RISC2_0 - case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; - '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 - esac ;; - esac - fi - if [ "${HP_ARCH}" = "" ]; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - - #define _HPUX_SOURCE - #include - #include - - int main () - { - #if defined(_SC_KERNEL_BITS) - long bits = sysconf(_SC_KERNEL_BITS); - #endif - long cpu = sysconf (_SC_CPU_VERSION); - - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1"); break; - case CPU_PA_RISC2_0: - #if defined(_SC_KERNEL_BITS) - switch (bits) - { - case 64: puts ("hppa2.0w"); break; - case 32: puts ("hppa2.0n"); break; - default: puts ("hppa2.0"); break; - } break; - #else /* !defined(_SC_KERNEL_BITS) */ - puts ("hppa2.0"); break; - #endif - default: puts ("hppa1.0"); break; - } - exit (0); - } -EOF - (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` - test -z "$HP_ARCH" && HP_ARCH=hppa - fi ;; - esac - if [ ${HP_ARCH} = "hppa2.0w" ] - then - # avoid double evaluation of $set_cc_for_build - test -n "$CC_FOR_BUILD" || eval $set_cc_for_build - if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null - then - HP_ARCH="hppa2.0w" - else - HP_ARCH="hppa64" - fi - fi - echo ${HP_ARCH}-hp-hpux${HPUX_REV} - exit 0 ;; - ia64:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - echo ia64-hp-hpux${HPUX_REV} - exit 0 ;; - 3050*:HI-UX:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - int - main () - { - long cpu = sysconf (_SC_CPU_VERSION); - /* The order matters, because CPU_IS_HP_MC68K erroneously returns - true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct - results, however. */ - if (CPU_IS_PA_RISC (cpu)) - { - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; - case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; - default: puts ("hppa-hitachi-hiuxwe2"); break; - } - } - else if (CPU_IS_HP_MC68K (cpu)) - puts ("m68k-hitachi-hiuxwe2"); - else puts ("unknown-hitachi-hiuxwe2"); - exit (0); - } -EOF - $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 - echo unknown-hitachi-hiuxwe2 - exit 0 ;; - 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) - echo hppa1.1-hp-bsd - exit 0 ;; - 9000/8??:4.3bsd:*:*) - echo hppa1.0-hp-bsd - exit 0 ;; - *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) - echo hppa1.0-hp-mpeix - exit 0 ;; - hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) - echo hppa1.1-hp-osf - exit 0 ;; - hp8??:OSF1:*:*) - echo hppa1.0-hp-osf - exit 0 ;; - i*86:OSF1:*:*) - if [ -x /usr/sbin/sysversion ] ; then - echo ${UNAME_MACHINE}-unknown-osf1mk - else - echo ${UNAME_MACHINE}-unknown-osf1 - fi - exit 0 ;; - parisc*:Lites*:*:*) - echo hppa1.1-hp-lites - exit 0 ;; - C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) - echo c1-convex-bsd - exit 0 ;; - C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit 0 ;; - C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) - echo c34-convex-bsd - exit 0 ;; - C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) - echo c38-convex-bsd - exit 0 ;; - C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) - echo c4-convex-bsd - exit 0 ;; - CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; - CRAY*[A-Z]90:*:*:*) - echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ - | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ - -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ - -e 's/\.[^.]*$/.X/' - exit 0 ;; - CRAY*TS:*:*:*) - echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; - CRAY*T3E:*:*:*) - echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; - CRAY*SV1:*:*:*) - echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; - *:UNICOS/mp:*:*) - echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; - F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) - FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` - echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit 0 ;; - i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) - echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} - exit 0 ;; - sparc*:BSD/OS:*:*) - echo sparc-unknown-bsdi${UNAME_RELEASE} - exit 0 ;; - *:BSD/OS:*:*) - echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} - exit 0 ;; - *:FreeBSD:*:*|*:GNU/FreeBSD:*:*) - # Determine whether the default compiler uses glibc. - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - #if __GLIBC__ >= 2 - LIBC=gnu - #else - LIBC= - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` - # GNU/FreeBSD systems have a "k" prefix to indicate we are using - # FreeBSD's kernel, but not the complete OS. - case ${LIBC} in gnu) kernel_only='k' ;; esac - echo ${UNAME_MACHINE}-unknown-${kernel_only}freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC} - exit 0 ;; - i*:CYGWIN*:*) - echo ${UNAME_MACHINE}-pc-cygwin - exit 0 ;; - i*:MINGW*:*) - echo ${UNAME_MACHINE}-pc-mingw32 - exit 0 ;; - i*:PW*:*) - echo ${UNAME_MACHINE}-pc-pw32 - exit 0 ;; - x86:Interix*:[34]*) - echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//' - exit 0 ;; - [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) - echo i${UNAME_MACHINE}-pc-mks - exit 0 ;; - i*:Windows_NT*:* | Pentium*:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we - # UNAME_MACHINE based on the output of uname instead of i386? - echo i586-pc-interix - exit 0 ;; - i*:UWIN*:*) - echo ${UNAME_MACHINE}-pc-uwin - exit 0 ;; - p*:CYGWIN*:*) - echo powerpcle-unknown-cygwin - exit 0 ;; - prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; - *:GNU:*:*) - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` - exit 0 ;; - i*86:Minix:*:*) - echo ${UNAME_MACHINE}-pc-minix - exit 0 ;; - arm*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; - cris:Linux:*:*) - echo cris-axis-linux-gnu - exit 0 ;; - ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; - m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; - mips:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #undef CPU - #undef mips - #undef mipsel - #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=mipsel - #else - #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=mips - #else - CPU= - #endif - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` - test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 - ;; - mips64:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #undef CPU - #undef mips64 - #undef mips64el - #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=mips64el - #else - #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=mips64 - #else - CPU= - #endif - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` - test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 - ;; - ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu - exit 0 ;; - ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu - exit 0 ;; - alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in - EV5) UNAME_MACHINE=alphaev5 ;; - EV56) UNAME_MACHINE=alphaev56 ;; - PCA56) UNAME_MACHINE=alphapca56 ;; - PCA57) UNAME_MACHINE=alphapca56 ;; - EV6) UNAME_MACHINE=alphaev6 ;; - EV67) UNAME_MACHINE=alphaev67 ;; - EV68*) UNAME_MACHINE=alphaev68 ;; - esac - objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} - exit 0 ;; - parisc:Linux:*:* | hppa:Linux:*:*) - # Look for CPU level - case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-gnu ;; - PA8*) echo hppa2.0-unknown-linux-gnu ;; - *) echo hppa-unknown-linux-gnu ;; - esac - exit 0 ;; - parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu - exit 0 ;; - s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux - exit 0 ;; - sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; - sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; - sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; - x86_64:Linux:*:*) - echo x86_64-unknown-linux-gnu - exit 0 ;; - i*86:Linux:*:*) - # The BFD linker knows what the default object file format is, so - # first see if it will tell us. cd to the root directory to prevent - # problems with other programs or directories called `ld' in the path. - # Set LC_ALL=C to ensure ld outputs messages in English. - ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ - | sed -ne '/supported targets:/!d - s/[ ][ ]*/ /g - s/.*supported targets: *// - s/ .*// - p'` - case "$ld_supported_targets" in - elf32-i386) - TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" - ;; - a.out-i386-linux) - echo "${UNAME_MACHINE}-pc-linux-gnuaout" - exit 0 ;; - coff-i386) - echo "${UNAME_MACHINE}-pc-linux-gnucoff" - exit 0 ;; - "") - # Either a pre-BFD a.out linker (linux-gnuoldld) or - # one that does not give us useful --help. - echo "${UNAME_MACHINE}-pc-linux-gnuoldld" - exit 0 ;; - esac - # Determine whether the default compiler is a.out or elf - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - #ifdef __ELF__ - # ifdef __GLIBC__ - # if __GLIBC__ >= 2 - LIBC=gnu - # else - LIBC=gnulibc1 - # endif - # else - LIBC=gnulibc1 - # endif - #else - #ifdef __INTEL_COMPILER - LIBC=gnu - #else - LIBC=gnuaout - #endif - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` - test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0 - test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 - ;; - i*86:DYNIX/ptx:4*:*) - # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. - # earlier versions are messed up and put the nodename in both - # sysname and nodename. - echo i386-sequent-sysv4 - exit 0 ;; - i*86:UNIX_SV:4.2MP:2.*) - # Unixware is an offshoot of SVR4, but it has its own version - # number series starting with 2... - # I am not positive that other SVR4 systems won't match this, - # I just have to hope. -- rms. - # Use sysv4.2uw... so that sysv4* matches it. - echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} - exit 0 ;; - i*86:OS/2:*:*) - # If we were able to find `uname', then EMX Unix compatibility - # is probably installed. - echo ${UNAME_MACHINE}-pc-os2-emx - exit 0 ;; - i*86:XTS-300:*:STOP) - echo ${UNAME_MACHINE}-unknown-stop - exit 0 ;; - i*86:atheos:*:*) - echo ${UNAME_MACHINE}-unknown-atheos - exit 0 ;; - i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) - echo i386-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; - i*86:*DOS:*:*) - echo ${UNAME_MACHINE}-pc-msdosdjgpp - exit 0 ;; - i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) - UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` - if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then - echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} - else - echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} - fi - exit 0 ;; - i*86:*:5:[78]*) - case `/bin/uname -X | grep "^Machine"` in - *486*) UNAME_MACHINE=i486 ;; - *Pentium) UNAME_MACHINE=i586 ;; - *Pent*|*Celeron) UNAME_MACHINE=i686 ;; - esac - echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} - exit 0 ;; - i*86:*:3.2:*) - if test -f /usr/options/cb.name; then - UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then - UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` - (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 - (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ - && UNAME_MACHINE=i586 - (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ - && UNAME_MACHINE=i686 - (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ - && UNAME_MACHINE=i686 - echo ${UNAME_MACHINE}-pc-sco$UNAME_REL - else - echo ${UNAME_MACHINE}-pc-sysv32 - fi - exit 0 ;; - pc:*:*:*) - # Left here for compatibility: - # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i386. - echo i386-pc-msdosdjgpp - exit 0 ;; - Intel:Mach:3*:*) - echo i386-pc-mach3 - exit 0 ;; - paragon:*:*:*) - echo i860-intel-osf1 - exit 0 ;; - i860:*:4.*:*) # i860-SVR4 - if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 - else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 - fi - exit 0 ;; - mini*:CTIX:SYS*5:*) - # "miniframe" - echo m68010-convergent-sysv - exit 0 ;; - mc68k:UNIX:SYSTEM5:3.51m) - echo m68k-convergent-sysv - exit 0 ;; - M680?0:D-NIX:5.3:*) - echo m68k-diab-dnix - exit 0 ;; - M68*:*:R3V[567]*:*) - test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; - 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0) - OS_REL='' - test -r /etc/.relid \ - && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && echo i486-ncr-sysv4.3${OS_REL} && exit 0 - /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; - 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && echo i486-ncr-sysv4 && exit 0 ;; - m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) - echo m68k-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; - mc68030:UNIX_System_V:4.*:*) - echo m68k-atari-sysv4 - exit 0 ;; - TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; - rs6000:LynxOS:2.*:*) - echo rs6000-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; - PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) - echo powerpc-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; - SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv${UNAME_RELEASE} - exit 0 ;; - RM*:ReliantUNIX-*:*:*) - echo mips-sni-sysv4 - exit 0 ;; - RM*:SINIX-*:*:*) - echo mips-sni-sysv4 - exit 0 ;; - *:SINIX-*:*:*) - if uname -p 2>/dev/null >/dev/null ; then - UNAME_MACHINE=`(uname -p) 2>/dev/null` - echo ${UNAME_MACHINE}-sni-sysv4 - else - echo ns32k-sni-sysv - fi - exit 0 ;; - PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort - # says - echo i586-unisys-sysv4 - exit 0 ;; - *:UNIX_System_V:4*:FTX*) - # From Gerald Hewes . - # How about differentiating between stratus architectures? -djm - echo hppa1.1-stratus-sysv4 - exit 0 ;; - *:*:*:FTX*) - # From seanf@swdc.stratus.com. - echo i860-stratus-sysv4 - exit 0 ;; - *:VOS:*:*) - # From Paul.Green@stratus.com. - echo hppa1.1-stratus-vos - exit 0 ;; - mc68*:A/UX:*:*) - echo m68k-apple-aux${UNAME_RELEASE} - exit 0 ;; - news*:NEWS-OS:6*:*) - echo mips-sony-newsos6 - exit 0 ;; - R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) - if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} - else - echo mips-unknown-sysv${UNAME_RELEASE} - fi - exit 0 ;; - BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. - echo powerpc-be-beos - exit 0 ;; - BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. - echo powerpc-apple-beos - exit 0 ;; - BePC:BeOS:*:*) # BeOS running on Intel PC compatible. - echo i586-pc-beos - exit 0 ;; - SX-4:SUPER-UX:*:*) - echo sx4-nec-superux${UNAME_RELEASE} - exit 0 ;; - SX-5:SUPER-UX:*:*) - echo sx5-nec-superux${UNAME_RELEASE} - exit 0 ;; - SX-6:SUPER-UX:*:*) - echo sx6-nec-superux${UNAME_RELEASE} - exit 0 ;; - Power*:Rhapsody:*:*) - echo powerpc-apple-rhapsody${UNAME_RELEASE} - exit 0 ;; - *:Rhapsody:*:*) - echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} - exit 0 ;; - *:Darwin:*:*) - case `uname -p` in - *86) UNAME_PROCESSOR=i686 ;; - powerpc) UNAME_PROCESSOR=powerpc ;; - esac - echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} - exit 0 ;; - *:procnto*:*:* | *:QNX:[0123456789]*:*) - UNAME_PROCESSOR=`uname -p` - if test "$UNAME_PROCESSOR" = "x86"; then - UNAME_PROCESSOR=i386 - UNAME_MACHINE=pc - fi - echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} - exit 0 ;; - *:QNX:*:4*) - echo i386-pc-qnx - exit 0 ;; - NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*) - echo nsr-tandem-nsk${UNAME_RELEASE} - exit 0 ;; - *:NonStop-UX:*:*) - echo mips-compaq-nonstopux - exit 0 ;; - BS2000:POSIX*:*:*) - echo bs2000-siemens-sysv - exit 0 ;; - DS/*:UNIX_System_V:*:*) - echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} - exit 0 ;; - *:Plan9:*:*) - # "uname -m" is not consistent, so use $cputype instead. 386 - # is converted to i386 for consistency with other x86 - # operating systems. - if test "$cputype" = "386"; then - UNAME_MACHINE=i386 - else - UNAME_MACHINE="$cputype" - fi - echo ${UNAME_MACHINE}-unknown-plan9 - exit 0 ;; - *:TOPS-10:*:*) - echo pdp10-unknown-tops10 - exit 0 ;; - *:TENEX:*:*) - echo pdp10-unknown-tenex - exit 0 ;; - KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) - echo pdp10-dec-tops20 - exit 0 ;; - XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) - echo pdp10-xkl-tops20 - exit 0 ;; - *:TOPS-20:*:*) - echo pdp10-unknown-tops20 - exit 0 ;; - *:ITS:*:*) - echo pdp10-unknown-its - exit 0 ;; - SEI:*:*:SEIUX) - echo mips-sei-seiux${UNAME_RELEASE} - exit 0 ;; -esac - -#echo '(No uname command or uname output not recognized.)' 1>&2 -#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 - -eval $set_cc_for_build -cat >$dummy.c < -# include -#endif -main () -{ -#if defined (sony) -#if defined (MIPSEB) - /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, - I don't know.... */ - printf ("mips-sony-bsd\n"); exit (0); -#else -#include - printf ("m68k-sony-newsos%s\n", -#ifdef NEWSOS4 - "4" -#else - "" -#endif - ); exit (0); -#endif -#endif - -#if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix"); exit (0); -#endif - -#if defined (hp300) && !defined (hpux) - printf ("m68k-hp-bsd\n"); exit (0); -#endif - -#if defined (NeXT) -#if !defined (__ARCHITECTURE__) -#define __ARCHITECTURE__ "m68k" -#endif - int version; - version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; - if (version < 4) - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); - else - printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); - exit (0); -#endif - -#if defined (MULTIMAX) || defined (n16) -#if defined (UMAXV) - printf ("ns32k-encore-sysv\n"); exit (0); -#else -#if defined (CMU) - printf ("ns32k-encore-mach\n"); exit (0); -#else - printf ("ns32k-encore-bsd\n"); exit (0); -#endif -#endif -#endif - -#if defined (__386BSD__) - printf ("i386-pc-bsd\n"); exit (0); -#endif - -#if defined (sequent) -#if defined (i386) - printf ("i386-sequent-dynix\n"); exit (0); -#endif -#if defined (ns32000) - printf ("ns32k-sequent-dynix\n"); exit (0); -#endif -#endif - -#if defined (_SEQUENT_) - struct utsname un; - - uname(&un); - - if (strncmp(un.version, "V2", 2) == 0) { - printf ("i386-sequent-ptx2\n"); exit (0); - } - if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ - printf ("i386-sequent-ptx1\n"); exit (0); - } - printf ("i386-sequent-ptx\n"); exit (0); - -#endif - -#if defined (vax) -# if !defined (ultrix) -# include -# if defined (BSD) -# if BSD == 43 - printf ("vax-dec-bsd4.3\n"); exit (0); -# else -# if BSD == 199006 - printf ("vax-dec-bsd4.3reno\n"); exit (0); -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# endif -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# else - printf ("vax-dec-ultrix\n"); exit (0); -# endif -#endif - -#if defined (alliant) && defined (i860) - printf ("i860-alliant-bsd\n"); exit (0); -#endif - - exit (1); -} -EOF - -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0 - -# Apollos put the system type in the environment. - -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } - -# Convex versions that predate uname can use getsysinfo(1) - -if [ -x /usr/convex/getsysinfo ] -then - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd - exit 0 ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit 0 ;; - c34*) - echo c34-convex-bsd - exit 0 ;; - c38*) - echo c38-convex-bsd - exit 0 ;; - c4*) - echo c4-convex-bsd - exit 0 ;; - esac -fi - -cat >&2 < in order to provide the needed -information to handle your system. - -config.guess timestamp = $timestamp - -uname -m = `(uname -m) 2>/dev/null || echo unknown` -uname -r = `(uname -r) 2>/dev/null || echo unknown` -uname -s = `(uname -s) 2>/dev/null || echo unknown` -uname -v = `(uname -v) 2>/dev/null || echo unknown` - -/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` -/bin/uname -X = `(/bin/uname -X) 2>/dev/null` - -hostinfo = `(hostinfo) 2>/dev/null` -/bin/universe = `(/bin/universe) 2>/dev/null` -/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` -/bin/arch = `(/bin/arch) 2>/dev/null` -/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` -/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` - -UNAME_MACHINE = ${UNAME_MACHINE} -UNAME_RELEASE = ${UNAME_RELEASE} -UNAME_SYSTEM = ${UNAME_SYSTEM} -UNAME_VERSION = ${UNAME_VERSION} -EOF - -exit 1 - -# Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "timestamp='" -# time-stamp-format: "%:y-%02m-%02d" -# time-stamp-end: "'" -# End: diff --git a/ulogd/config.sub b/ulogd/config.sub deleted file mode 100755 index 6eea727..0000000 --- a/ulogd/config.sub +++ /dev/null @@ -1,1505 +0,0 @@ -#! /bin/sh -# Configuration validation subroutine script. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. - -timestamp='2003-07-17' - -# This file is (in principle) common to ALL GNU software. -# The presence of a machine in this file suggests that SOME GNU software -# can handle that machine. It does not imply ALL GNU software can. -# -# This file is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, -# Boston, MA 02111-1307, USA. - -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - -# Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. -# -# Configuration subroutine to validate and canonicalize a configuration type. -# Supply the specified configuration type as an argument. -# If it is invalid, we print an error message on stderr and exit with code 1. -# Otherwise, we print the canonical config type on stdout and succeed. - -# This file is supposed to be the same for all GNU packages -# and recognize all the CPU types, system types and aliases -# that are meaningful with *any* GNU software. -# Each package is responsible for reporting which valid configurations -# it does not support. The user should be able to distinguish -# a failure to support a valid configuration from a meaningless -# configuration. - -# The goal of this file is to map all the various variations of a given -# machine specification into a single specification in the form: -# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM -# or in some cases, the newer four-part form: -# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM -# It is wrong to echo any other type of specification. - -me=`echo "$0" | sed -e 's,.*/,,'` - -usage="\ -Usage: $0 [OPTION] CPU-MFR-OPSYS - $0 [OPTION] ALIAS - -Canonicalize a configuration name. - -Operation modes: - -h, --help print this help, then exit - -t, --time-stamp print date of last modification, then exit - -v, --version print version number, then exit - -Report bugs and patches to ." - -version="\ -GNU config.sub ($timestamp) - -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 -Free Software Foundation, Inc. - -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." - -help=" -Try \`$me --help' for more information." - -# Parse command line -while test $# -gt 0 ; do - case $1 in - --time-stamp | --time* | -t ) - echo "$timestamp" ; exit 0 ;; - --version | -v ) - echo "$version" ; exit 0 ;; - --help | --h* | -h ) - echo "$usage"; exit 0 ;; - -- ) # Stop option processing - shift; break ;; - - ) # Use stdin as input. - break ;; - -* ) - echo "$me: invalid option $1$help" - exit 1 ;; - - *local*) - # First pass through any local machine types. - echo $1 - exit 0;; - - * ) - break ;; - esac -done - -case $# in - 0) echo "$me: missing argument$help" >&2 - exit 1;; - 1) ;; - *) echo "$me: too many arguments$help" >&2 - exit 1;; -esac - -# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). -# Here we must recognize all the valid KERNEL-OS combinations. -maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` -case $maybe_os in - nto-qnx* | linux-gnu* | kfreebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) - os=-$maybe_os - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` - ;; - *) - basic_machine=`echo $1 | sed 's/-[^-]*$//'` - if [ $basic_machine != $1 ] - then os=`echo $1 | sed 's/.*-/-/'` - else os=; fi - ;; -esac - -### Let's recognize common machines as not being operating systems so -### that things like config.sub decstation-3100 work. We also -### recognize some manufacturers as not being operating systems, so we -### can provide default operating systems below. -case $os in - -sun*os*) - # Prevent following clause from handling this invalid input. - ;; - -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ - -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ - -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ - -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ - -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ - -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis) - os= - basic_machine=$1 - ;; - -sim | -cisco | -oki | -wec | -winbond) - os= - basic_machine=$1 - ;; - -scout) - ;; - -wrs) - os=-vxworks - basic_machine=$1 - ;; - -chorusos*) - os=-chorusos - basic_machine=$1 - ;; - -chorusrdb) - os=-chorusrdb - basic_machine=$1 - ;; - -hiux*) - os=-hiuxwe2 - ;; - -sco5) - os=-sco3.2v5 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco4) - os=-sco3.2v4 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2.[4-9]*) - os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2v[4-9]*) - # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco*) - os=-sco3.2v2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -udk*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -isc) - os=-isc2.2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -clix*) - basic_machine=clipper-intergraph - ;; - -isc*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -lynx*) - os=-lynxos - ;; - -ptx*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` - ;; - -windowsnt*) - os=`echo $os | sed -e 's/windowsnt/winnt/'` - ;; - -psos*) - os=-psos - ;; - -mint | -mint[0-9]*) - basic_machine=m68k-atari - os=-mint - ;; -esac - -# Decode aliases for certain CPU-COMPANY combinations. -case $basic_machine in - # Recognize the basic CPU types without company name. - # Some are omitted here because they have special meanings below. - 1750a | 580 \ - | a29k \ - | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ - | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ - | am33_2.0 \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ - | c4x | clipper \ - | d10v | d30v | dlx | dsp16xx \ - | fr30 | frv \ - | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ - | i370 | i860 | i960 | ia64 \ - | ip2k | iq2000 \ - | m32r | m68000 | m68k | m88k | mcore \ - | mips | mipsbe | mipseb | mipsel | mipsle \ - | mips16 \ - | mips64 | mips64el \ - | mips64vr | mips64vrel \ - | mips64orion | mips64orionel \ - | mips64vr4100 | mips64vr4100el \ - | mips64vr4300 | mips64vr4300el \ - | mips64vr5000 | mips64vr5000el \ - | mipsisa32 | mipsisa32el \ - | mipsisa32r2 | mipsisa32r2el \ - | mipsisa64 | mipsisa64el \ - | mipsisa64sb1 | mipsisa64sb1el \ - | mipsisa64sr71k | mipsisa64sr71kel \ - | mipstx39 | mipstx39el \ - | mn10200 | mn10300 \ - | msp430 \ - | ns16k | ns32k \ - | openrisc | or32 \ - | pdp10 | pdp11 | pj | pjl \ - | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ - | pyramid \ - | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ - | sh64 | sh64le \ - | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \ - | strongarm \ - | tahoe | thumb | tic4x | tic80 | tron \ - | v850 | v850e \ - | we32k \ - | x86 | xscale | xstormy16 | xtensa \ - | z8k) - basic_machine=$basic_machine-unknown - ;; - m6811 | m68hc11 | m6812 | m68hc12) - # Motorola 68HC11/12. - basic_machine=$basic_machine-unknown - os=-none - ;; - m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) - ;; - - # We use `pc' rather than `unknown' - # because (1) that's what they normally are, and - # (2) the word "unknown" tends to confuse beginning users. - i*86 | x86_64) - basic_machine=$basic_machine-pc - ;; - # Object if more than one company name word. - *-*-*) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 - exit 1 - ;; - # Recognize the basic CPU types with company name. - 580-* \ - | a29k-* \ - | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ - | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ - | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ - | avr-* \ - | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ - | clipper-* | cydra-* \ - | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ - | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ - | h8300-* | h8500-* \ - | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ - | i*86-* | i860-* | i960-* | ia64-* \ - | ip2k-* | iq2000-* \ - | m32r-* \ - | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | mcore-* \ - | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ - | mips16-* \ - | mips64-* | mips64el-* \ - | mips64vr-* | mips64vrel-* \ - | mips64orion-* | mips64orionel-* \ - | mips64vr4100-* | mips64vr4100el-* \ - | mips64vr4300-* | mips64vr4300el-* \ - | mips64vr5000-* | mips64vr5000el-* \ - | mipsisa32-* | mipsisa32el-* \ - | mipsisa32r2-* | mipsisa32r2el-* \ - | mipsisa64-* | mipsisa64el-* \ - | mipsisa64sb1-* | mipsisa64sb1el-* \ - | mipsisa64sr71k-* | mipsisa64sr71kel-* \ - | mipstx39-* | mipstx39el-* \ - | msp430-* \ - | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \ - | orion-* \ - | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ - | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ - | pyramid-* \ - | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \ - | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ - | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ - | tahoe-* | thumb-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ - | tron-* \ - | v850-* | v850e-* | vax-* \ - | we32k-* \ - | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ - | xtensa-* \ - | ymp-* \ - | z8k-*) - ;; - # Recognize the various machine names and aliases which stand - # for a CPU type and a company and sometimes even an OS. - 386bsd) - basic_machine=i386-unknown - os=-bsd - ;; - 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) - basic_machine=m68000-att - ;; - 3b*) - basic_machine=we32k-att - ;; - a29khif) - basic_machine=a29k-amd - os=-udi - ;; - adobe68k) - basic_machine=m68010-adobe - os=-scout - ;; - alliant | fx80) - basic_machine=fx80-alliant - ;; - altos | altos3068) - basic_machine=m68k-altos - ;; - am29k) - basic_machine=a29k-none - os=-bsd - ;; - amd64) - basic_machine=x86_64-pc - ;; - amdahl) - basic_machine=580-amdahl - os=-sysv - ;; - amiga | amiga-*) - basic_machine=m68k-unknown - ;; - amigaos | amigados) - basic_machine=m68k-unknown - os=-amigaos - ;; - amigaunix | amix) - basic_machine=m68k-unknown - os=-sysv4 - ;; - apollo68) - basic_machine=m68k-apollo - os=-sysv - ;; - apollo68bsd) - basic_machine=m68k-apollo - os=-bsd - ;; - aux) - basic_machine=m68k-apple - os=-aux - ;; - balance) - basic_machine=ns32k-sequent - os=-dynix - ;; - c90) - basic_machine=c90-cray - os=-unicos - ;; - convex-c1) - basic_machine=c1-convex - os=-bsd - ;; - convex-c2) - basic_machine=c2-convex - os=-bsd - ;; - convex-c32) - basic_machine=c32-convex - os=-bsd - ;; - convex-c34) - basic_machine=c34-convex - os=-bsd - ;; - convex-c38) - basic_machine=c38-convex - os=-bsd - ;; - cray | j90) - basic_machine=j90-cray - os=-unicos - ;; - crds | unos) - basic_machine=m68k-crds - ;; - cris | cris-* | etrax*) - basic_machine=cris-axis - ;; - da30 | da30-*) - basic_machine=m68k-da30 - ;; - decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) - basic_machine=mips-dec - ;; - decsystem10* | dec10*) - basic_machine=pdp10-dec - os=-tops10 - ;; - decsystem20* | dec20*) - basic_machine=pdp10-dec - os=-tops20 - ;; - delta | 3300 | motorola-3300 | motorola-delta \ - | 3300-motorola | delta-motorola) - basic_machine=m68k-motorola - ;; - delta88) - basic_machine=m88k-motorola - os=-sysv3 - ;; - dpx20 | dpx20-*) - basic_machine=rs6000-bull - os=-bosx - ;; - dpx2* | dpx2*-bull) - basic_machine=m68k-bull - os=-sysv3 - ;; - ebmon29k) - basic_machine=a29k-amd - os=-ebmon - ;; - elxsi) - basic_machine=elxsi-elxsi - os=-bsd - ;; - encore | umax | mmax) - basic_machine=ns32k-encore - ;; - es1800 | OSE68k | ose68k | ose | OSE) - basic_machine=m68k-ericsson - os=-ose - ;; - fx2800) - basic_machine=i860-alliant - ;; - genix) - basic_machine=ns32k-ns - ;; - gmicro) - basic_machine=tron-gmicro - os=-sysv - ;; - go32) - basic_machine=i386-pc - os=-go32 - ;; - h3050r* | hiux*) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - h8300hms) - basic_machine=h8300-hitachi - os=-hms - ;; - h8300xray) - basic_machine=h8300-hitachi - os=-xray - ;; - h8500hms) - basic_machine=h8500-hitachi - os=-hms - ;; - harris) - basic_machine=m88k-harris - os=-sysv3 - ;; - hp300-*) - basic_machine=m68k-hp - ;; - hp300bsd) - basic_machine=m68k-hp - os=-bsd - ;; - hp300hpux) - basic_machine=m68k-hp - os=-hpux - ;; - hp3k9[0-9][0-9] | hp9[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hp9k2[0-9][0-9] | hp9k31[0-9]) - basic_machine=m68000-hp - ;; - hp9k3[2-9][0-9]) - basic_machine=m68k-hp - ;; - hp9k6[0-9][0-9] | hp6[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hp9k7[0-79][0-9] | hp7[0-79][0-9]) - basic_machine=hppa1.1-hp - ;; - hp9k78[0-9] | hp78[0-9]) - # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp - ;; - hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) - # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp - ;; - hp9k8[0-9][13679] | hp8[0-9][13679]) - basic_machine=hppa1.1-hp - ;; - hp9k8[0-9][0-9] | hp8[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hppa-next) - os=-nextstep3 - ;; - hppaosf) - basic_machine=hppa1.1-hp - os=-osf - ;; - hppro) - basic_machine=hppa1.1-hp - os=-proelf - ;; - i370-ibm* | ibm*) - basic_machine=i370-ibm - ;; -# I'm not sure what "Sysv32" means. Should this be sysv3.2? - i*86v32) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv32 - ;; - i*86v4*) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv4 - ;; - i*86v) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv - ;; - i*86sol2) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-solaris2 - ;; - i386mach) - basic_machine=i386-mach - os=-mach - ;; - i386-vsta | vsta) - basic_machine=i386-unknown - os=-vsta - ;; - iris | iris4d) - basic_machine=mips-sgi - case $os in - -irix*) - ;; - *) - os=-irix4 - ;; - esac - ;; - isi68 | isi) - basic_machine=m68k-isi - os=-sysv - ;; - m88k-omron*) - basic_machine=m88k-omron - ;; - magnum | m3230) - basic_machine=mips-mips - os=-sysv - ;; - merlin) - basic_machine=ns32k-utek - os=-sysv - ;; - mingw32) - basic_machine=i386-pc - os=-mingw32 - ;; - miniframe) - basic_machine=m68000-convergent - ;; - *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) - basic_machine=m68k-atari - os=-mint - ;; - mips3*-*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` - ;; - mips3*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown - ;; - mmix*) - basic_machine=mmix-knuth - os=-mmixware - ;; - monitor) - basic_machine=m68k-rom68k - os=-coff - ;; - morphos) - basic_machine=powerpc-unknown - os=-morphos - ;; - msdos) - basic_machine=i386-pc - os=-msdos - ;; - mvs) - basic_machine=i370-ibm - os=-mvs - ;; - ncr3000) - basic_machine=i486-ncr - os=-sysv4 - ;; - netbsd386) - basic_machine=i386-unknown - os=-netbsd - ;; - netwinder) - basic_machine=armv4l-rebel - os=-linux - ;; - news | news700 | news800 | news900) - basic_machine=m68k-sony - os=-newsos - ;; - news1000) - basic_machine=m68030-sony - os=-newsos - ;; - news-3600 | risc-news) - basic_machine=mips-sony - os=-newsos - ;; - necv70) - basic_machine=v70-nec - os=-sysv - ;; - next | m*-next ) - basic_machine=m68k-next - case $os in - -nextstep* ) - ;; - -ns2*) - os=-nextstep2 - ;; - *) - os=-nextstep3 - ;; - esac - ;; - nh3000) - basic_machine=m68k-harris - os=-cxux - ;; - nh[45]000) - basic_machine=m88k-harris - os=-cxux - ;; - nindy960) - basic_machine=i960-intel - os=-nindy - ;; - mon960) - basic_machine=i960-intel - os=-mon960 - ;; - nonstopux) - basic_machine=mips-compaq - os=-nonstopux - ;; - np1) - basic_machine=np1-gould - ;; - nv1) - basic_machine=nv1-cray - os=-unicosmp - ;; - nsr-tandem) - basic_machine=nsr-tandem - ;; - op50n-* | op60c-*) - basic_machine=hppa1.1-oki - os=-proelf - ;; - or32 | or32-*) - basic_machine=or32-unknown - os=-coff - ;; - OSE68000 | ose68000) - basic_machine=m68000-ericsson - os=-ose - ;; - os68k) - basic_machine=m68k-none - os=-os68k - ;; - pa-hitachi) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - paragon) - basic_machine=i860-intel - os=-osf - ;; - pbd) - basic_machine=sparc-tti - ;; - pbb) - basic_machine=m68k-tti - ;; - pc532 | pc532-*) - basic_machine=ns32k-pc532 - ;; - pentium | p5 | k5 | k6 | nexgen | viac3) - basic_machine=i586-pc - ;; - pentiumpro | p6 | 6x86 | athlon | athlon_*) - basic_machine=i686-pc - ;; - pentiumii | pentium2 | pentiumiii | pentium3) - basic_machine=i686-pc - ;; - pentium4) - basic_machine=i786-pc - ;; - pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) - basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumpro-* | p6-* | 6x86-* | athlon-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentium4-*) - basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pn) - basic_machine=pn-gould - ;; - power) basic_machine=power-ibm - ;; - ppc) basic_machine=powerpc-unknown - ;; - ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppcle | powerpclittle | ppc-le | powerpc-little) - basic_machine=powerpcle-unknown - ;; - ppcle-* | powerpclittle-*) - basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppc64) basic_machine=powerpc64-unknown - ;; - ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppc64le | powerpc64little | ppc64-le | powerpc64-little) - basic_machine=powerpc64le-unknown - ;; - ppc64le-* | powerpc64little-*) - basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ps2) - basic_machine=i386-ibm - ;; - pw32) - basic_machine=i586-unknown - os=-pw32 - ;; - rom68k) - basic_machine=m68k-rom68k - os=-coff - ;; - rm[46]00) - basic_machine=mips-siemens - ;; - rtpc | rtpc-*) - basic_machine=romp-ibm - ;; - s390 | s390-*) - basic_machine=s390-ibm - ;; - s390x | s390x-*) - basic_machine=s390x-ibm - ;; - sa29200) - basic_machine=a29k-amd - os=-udi - ;; - sb1) - basic_machine=mipsisa64sb1-unknown - ;; - sb1el) - basic_machine=mipsisa64sb1el-unknown - ;; - sei) - basic_machine=mips-sei - os=-seiux - ;; - sequent) - basic_machine=i386-sequent - ;; - sh) - basic_machine=sh-hitachi - os=-hms - ;; - sh64) - basic_machine=sh64-unknown - ;; - sparclite-wrs | simso-wrs) - basic_machine=sparclite-wrs - os=-vxworks - ;; - sps7) - basic_machine=m68k-bull - os=-sysv2 - ;; - spur) - basic_machine=spur-unknown - ;; - st2000) - basic_machine=m68k-tandem - ;; - stratus) - basic_machine=i860-stratus - os=-sysv4 - ;; - sun2) - basic_machine=m68000-sun - ;; - sun2os3) - basic_machine=m68000-sun - os=-sunos3 - ;; - sun2os4) - basic_machine=m68000-sun - os=-sunos4 - ;; - sun3os3) - basic_machine=m68k-sun - os=-sunos3 - ;; - sun3os4) - basic_machine=m68k-sun - os=-sunos4 - ;; - sun4os3) - basic_machine=sparc-sun - os=-sunos3 - ;; - sun4os4) - basic_machine=sparc-sun - os=-sunos4 - ;; - sun4sol2) - basic_machine=sparc-sun - os=-solaris2 - ;; - sun3 | sun3-*) - basic_machine=m68k-sun - ;; - sun4) - basic_machine=sparc-sun - ;; - sun386 | sun386i | roadrunner) - basic_machine=i386-sun - ;; - sv1) - basic_machine=sv1-cray - os=-unicos - ;; - symmetry) - basic_machine=i386-sequent - os=-dynix - ;; - t3e) - basic_machine=alphaev5-cray - os=-unicos - ;; - t90) - basic_machine=t90-cray - os=-unicos - ;; - tic54x | c54x*) - basic_machine=tic54x-unknown - os=-coff - ;; - tic55x | c55x*) - basic_machine=tic55x-unknown - os=-coff - ;; - tic6x | c6x*) - basic_machine=tic6x-unknown - os=-coff - ;; - tx39) - basic_machine=mipstx39-unknown - ;; - tx39el) - basic_machine=mipstx39el-unknown - ;; - toad1) - basic_machine=pdp10-xkl - os=-tops20 - ;; - tower | tower-32) - basic_machine=m68k-ncr - ;; - udi29k) - basic_machine=a29k-amd - os=-udi - ;; - ultra3) - basic_machine=a29k-nyu - os=-sym1 - ;; - v810 | necv810) - basic_machine=v810-nec - os=-none - ;; - vaxv) - basic_machine=vax-dec - os=-sysv - ;; - vms) - basic_machine=vax-dec - os=-vms - ;; - vpp*|vx|vx-*) - basic_machine=f301-fujitsu - ;; - vxworks960) - basic_machine=i960-wrs - os=-vxworks - ;; - vxworks68) - basic_machine=m68k-wrs - os=-vxworks - ;; - vxworks29k) - basic_machine=a29k-wrs - os=-vxworks - ;; - w65*) - basic_machine=w65-wdc - os=-none - ;; - w89k-*) - basic_machine=hppa1.1-winbond - os=-proelf - ;; - xps | xps100) - basic_machine=xps100-honeywell - ;; - ymp) - basic_machine=ymp-cray - os=-unicos - ;; - z8k-*-coff) - basic_machine=z8k-unknown - os=-sim - ;; - none) - basic_machine=none-none - os=-none - ;; - -# Here we handle the default manufacturer of certain CPU types. It is in -# some cases the only manufacturer, in others, it is the most popular. - w89k) - basic_machine=hppa1.1-winbond - ;; - op50n) - basic_machine=hppa1.1-oki - ;; - op60c) - basic_machine=hppa1.1-oki - ;; - romp) - basic_machine=romp-ibm - ;; - rs6000) - basic_machine=rs6000-ibm - ;; - vax) - basic_machine=vax-dec - ;; - pdp10) - # there are many clones, so DEC is not a safe bet - basic_machine=pdp10-unknown - ;; - pdp11) - basic_machine=pdp11-dec - ;; - we32k) - basic_machine=we32k-att - ;; - sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele) - basic_machine=sh-unknown - ;; - sh64) - basic_machine=sh64-unknown - ;; - sparc | sparcv9 | sparcv9b) - basic_machine=sparc-sun - ;; - cydra) - basic_machine=cydra-cydrome - ;; - orion) - basic_machine=orion-highlevel - ;; - orion105) - basic_machine=clipper-highlevel - ;; - mac | mpw | mac-mpw) - basic_machine=m68k-apple - ;; - pmac | pmac-mpw) - basic_machine=powerpc-apple - ;; - *-unknown) - # Make sure to match an already-canonicalized machine name. - ;; - *) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 - exit 1 - ;; -esac - -# Here we canonicalize certain aliases for manufacturers. -case $basic_machine in - *-digital*) - basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` - ;; - *-commodore*) - basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` - ;; - *) - ;; -esac - -# Decode manufacturer-specific aliases for certain operating systems. - -if [ x"$os" != x"" ] -then -case $os in - # First match some system type aliases - # that might get confused with valid system types. - # -solaris* is a basic system type, with this one exception. - -solaris1 | -solaris1.*) - os=`echo $os | sed -e 's|solaris1|sunos4|'` - ;; - -solaris) - os=-solaris2 - ;; - -svr4*) - os=-sysv4 - ;; - -unixware*) - os=-sysv4.2uw - ;; - -gnu/linux*) - os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` - ;; - # First accept the basic system types. - # The portable systems comes first. - # Each alternative MUST END IN A *, to match a version number. - # -sysv* is not here because it comes later, after sysvr4. - -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ - | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ - | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ - | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* \ - | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ - | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -netbsd* | -openbsd* | -kfreebsd* | -freebsd* | -riscix* \ - | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ - | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ - | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* \ - | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ - | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ - | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ - | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ - | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ - | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ - | -powermax* | -dnix* | -nx6 | -nx7 | -sei*) - # Remember, each alternative MUST END IN *, to match a version number. - ;; - -qnx*) - case $basic_machine in - x86-* | i*86-*) - ;; - *) - os=-nto$os - ;; - esac - ;; - -nto-qnx*) - ;; - -nto*) - os=`echo $os | sed -e 's|nto|nto-qnx|'` - ;; - -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ - | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ - | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) - ;; - -mac*) - os=`echo $os | sed -e 's|mac|macos|'` - ;; - -linux*) - os=`echo $os | sed -e 's|linux|linux-gnu|'` - ;; - -sunos5*) - os=`echo $os | sed -e 's|sunos5|solaris2|'` - ;; - -sunos6*) - os=`echo $os | sed -e 's|sunos6|solaris3|'` - ;; - -opened*) - os=-openedition - ;; - -wince*) - os=-wince - ;; - -osfrose*) - os=-osfrose - ;; - -osf*) - os=-osf - ;; - -utek*) - os=-bsd - ;; - -dynix*) - os=-bsd - ;; - -acis*) - os=-aos - ;; - -atheos*) - os=-atheos - ;; - -386bsd) - os=-bsd - ;; - -ctix* | -uts*) - os=-sysv - ;; - -nova*) - os=-rtmk-nova - ;; - -ns2 ) - os=-nextstep2 - ;; - -nsk*) - os=-nsk - ;; - # Preserve the version number of sinix5. - -sinix5.*) - os=`echo $os | sed -e 's|sinix|sysv|'` - ;; - -sinix*) - os=-sysv4 - ;; - -triton*) - os=-sysv3 - ;; - -oss*) - os=-sysv3 - ;; - -svr4) - os=-sysv4 - ;; - -svr3) - os=-sysv3 - ;; - -sysvr4) - os=-sysv4 - ;; - # This must come after -sysvr4. - -sysv*) - ;; - -ose*) - os=-ose - ;; - -es1800*) - os=-ose - ;; - -xenix) - os=-xenix - ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - os=-mint - ;; - -aros*) - os=-aros - ;; - -kaos*) - os=-kaos - ;; - -none) - ;; - *) - # Get rid of the `-' at the beginning of $os. - os=`echo $os | sed 's/[^-]*-//'` - echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 - exit 1 - ;; -esac -else - -# Here we handle the default operating systems that come with various machines. -# The value should be what the vendor currently ships out the door with their -# machine or put another way, the most popular os provided with the machine. - -# Note that if you're going to try to match "-MANUFACTURER" here (say, -# "-sun"), then you have to tell the case statement up towards the top -# that MANUFACTURER isn't an operating system. Otherwise, code above -# will signal an error saying that MANUFACTURER isn't an operating -# system, and we'll never get to this point. - -case $basic_machine in - *-acorn) - os=-riscix1.2 - ;; - arm*-rebel) - os=-linux - ;; - arm*-semi) - os=-aout - ;; - c4x-* | tic4x-*) - os=-coff - ;; - # This must come before the *-dec entry. - pdp10-*) - os=-tops20 - ;; - pdp11-*) - os=-none - ;; - *-dec | vax-*) - os=-ultrix4.2 - ;; - m68*-apollo) - os=-domain - ;; - i386-sun) - os=-sunos4.0.2 - ;; - m68000-sun) - os=-sunos3 - # This also exists in the configure program, but was not the - # default. - # os=-sunos4 - ;; - m68*-cisco) - os=-aout - ;; - mips*-cisco) - os=-elf - ;; - mips*-*) - os=-elf - ;; - or32-*) - os=-coff - ;; - *-tti) # must be before sparc entry or we get the wrong os. - os=-sysv3 - ;; - sparc-* | *-sun) - os=-sunos4.1.1 - ;; - *-be) - os=-beos - ;; - *-ibm) - os=-aix - ;; - *-wec) - os=-proelf - ;; - *-winbond) - os=-proelf - ;; - *-oki) - os=-proelf - ;; - *-hp) - os=-hpux - ;; - *-hitachi) - os=-hiux - ;; - i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) - os=-sysv - ;; - *-cbm) - os=-amigaos - ;; - *-dg) - os=-dgux - ;; - *-dolphin) - os=-sysv3 - ;; - m68k-ccur) - os=-rtu - ;; - m88k-omron*) - os=-luna - ;; - *-next ) - os=-nextstep - ;; - *-sequent) - os=-ptx - ;; - *-crds) - os=-unos - ;; - *-ns) - os=-genix - ;; - i370-*) - os=-mvs - ;; - *-next) - os=-nextstep3 - ;; - *-gould) - os=-sysv - ;; - *-highlevel) - os=-bsd - ;; - *-encore) - os=-bsd - ;; - *-sgi) - os=-irix - ;; - *-siemens) - os=-sysv4 - ;; - *-masscomp) - os=-rtu - ;; - f30[01]-fujitsu | f700-fujitsu) - os=-uxpv - ;; - *-rom68k) - os=-coff - ;; - *-*bug) - os=-coff - ;; - *-apple) - os=-macos - ;; - *-atari*) - os=-mint - ;; - *) - os=-none - ;; -esac -fi - -# Here we handle the case where we know the os, and the CPU type, but not the -# manufacturer. We pick the logical manufacturer. -vendor=unknown -case $basic_machine in - *-unknown) - case $os in - -riscix*) - vendor=acorn - ;; - -sunos*) - vendor=sun - ;; - -aix*) - vendor=ibm - ;; - -beos*) - vendor=be - ;; - -hpux*) - vendor=hp - ;; - -mpeix*) - vendor=hp - ;; - -hiux*) - vendor=hitachi - ;; - -unos*) - vendor=crds - ;; - -dgux*) - vendor=dg - ;; - -luna*) - vendor=omron - ;; - -genix*) - vendor=ns - ;; - -mvs* | -opened*) - vendor=ibm - ;; - -ptx*) - vendor=sequent - ;; - -vxsim* | -vxworks* | -windiss*) - vendor=wrs - ;; - -aux*) - vendor=apple - ;; - -hms*) - vendor=hitachi - ;; - -mpw* | -macos*) - vendor=apple - ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - vendor=atari - ;; - -vos*) - vendor=stratus - ;; - esac - basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` - ;; -esac - -echo $basic_machine$os -exit 0 - -# Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "timestamp='" -# time-stamp-format: "%:y-%02m-%02d" -# time-stamp-end: "'" -# End: diff --git a/ulogd/configure.in b/ulogd/configure.in deleted file mode 100644 index c9db6c2..0000000 --- a/ulogd/configure.in +++ /dev/null @@ -1,273 +0,0 @@ -dnl Process this file with autoconf to produce a configure script. -AC_PREQ(2.50) -AC_INIT(ulogd.c) - -dnl Checks for programs. -AC_PROG_MAKE_SET -AC_PROG_CC -AC_CHECK_TOOL(LD, ld) -AC_PROG_INSTALL - -dnl Checks for libraries. -AC_CHECK_LIB(dl, dlopen) -AC_CHECK_HEADER(pcap.h,HAVE_PCAP_H=true) - -dnl Checks for header files. -AC_HEADER_DIRENT -AC_HEADER_STDC -AC_CHECK_HEADERS(fcntl.h unistd.h) - -dnl Checks for typedefs, structures, and compiler characteristics. -AC_C_CONST -AC_TYPE_SIZE_T -AC_STRUCT_TM -AC_SYS_LARGEFILE - -dnl Checks for library functions. -AC_FUNC_VPRINTF -AC_CHECK_FUNCS(socket strerror) - -DATABASE_DIR="" -DATABASE_LIB="" -DATABASE_LIB_DIR="" - -DATABASE_DRIVERS="" - -KERNEL64_USERSPACE32="" - -dnl -dnl test for MySQL -dnl -AC_ARG_WITH(mysql, - --with-mysql= mysql installed in ,[ -if test $withval != yes -then - dir=$withval -else - dir="/usr/local" -fi -mysqldir="" -AC_MSG_CHECKING(for MySQL files) -for d in $dir/bin /usr/bin /usr/local/bin /usr/local/mysql/bin /opt/mysql/bin /opt/packages/mysql/bin -do - if test -f $d/mysql_config - then - AC_MSG_RESULT(found mysql_config in $d) - mysqldir=$d - break - fi -done - -if test x$mysqldir = x -then - AC_MSG_WARN(MySQL backend not used) -else - AC_DEFINE(HAVE_MYSQL) - MYSQLINCLUDES=`$d/mysql_config --include` - - DATABASE_DIR="${DATABASE_DIR} mysql" - - MYSQL_LIB=`$d/mysql_config --libs` - DB_DEF="${DB_DEF} -DHAVE_MYSQL " - - - AC_SUBST(MYSQLINCLUDES) - AC_SUBST(MYSQL_LIB) - - dnl Here we check whether we have an old MySQL client library - dnl installed, which does not support the mysql_real_escape_string(), - dnl but the real_escape_string() function. - dnl Having a look in the libary itself should be more reliable than - dnl parsing the output of mysql --version. - - OLDLIBS="$LIBS" - LIBS="$MYSQL_LIB" - AC_CHECK_FUNCS([mysql_real_escape_string], [], [EXTRA_MYSQL_DEF="-DOLD_MYSQL=1 "]) - LIBS="$OLDLIBS" -fi -]) - - -dnl -dnl Check whether the user wants log IP-addresses as strings rather -dnl than as unsigned long-integers to his MySQL-database. Since this -dnl feature is only used in ulogd_MYSQL.c, there are no checks in any -dnl way. -dnl - -AC_ARG_WITH(mysql-log-ip-as-string, - --with-mysql-log-ip-as-string log IPs as string rather than as - unsigned long-integer. -,[ - EXTRA_MYSQL_DEF="${EXTRA_MYSQL_DEF} -DIP_AS_STRING=1" - AC_MSG_WARN(the use of --with-mysql-log-ip-as-string is discouraged) -]) - - -dnl -dnl test for PostgreSQL -dnl -AC_ARG_WITH(pgsql, - --with-pgsql= pgsql installed in ,[ -if test $withval != yes -then - dir=$withval -else - dir="/usr/local" -fi -pgsqldir="" -AC_MSG_CHECKING(for PGSQL files) -for d in $dir/bin /usr/bin /usr/local/bin /usr/local/pgsql/bin /opt/pgsql/bin /opt/packages/pgsql/bin -do - if test -x $d/pg_config - then - AC_MSG_RESULT(found pg_config in $d) - pgsqldir=$d - break - fi -done - -if test x$pgsqldir = x -then - AC_MSG_WARN(PGSQL backend not used) -else - AC_DEFINE(HAVE_PGSQL) - PGSQLINCLUDES=-I`$pgsqldir/pg_config --includedir` - PGSQLLIBS=-L`$pgsqldir/pg_config --libdir` - - DATABASE_DIR="${DATABASE_DIR} pgsql" - PGSQL_LIB="${PGSQLLIBS} -lpq " - - DB_DEF="${DB_DEF} -DHAVE_PGSQL " - - AC_SUBST(PGSQLINCLUDES) - AC_SUBST(PGSQL_LIB) - -fi -]) - -dnl -dnl Check whether the user wants to log IP-addresses as strings rather -dnl than integers to his pgsql-database. -dnl - -AC_ARG_WITH(pgsql-log-ip-as-string, - --with-pgsql-log-ip-as-string log IPs as string rather than as interger -,[ - EXTRA_PGSQL_DEF="-DIP_AS_STRING=1" -]) - - -dnl -dnl test for sqlite3 -dnl -AC_ARG_WITH(sqlite3, - --with-sqlite3= sqlite3 installed in ,[ -if test $withval != yes -then - dir=$withval -else - dir="/usr/local" -fi -sqlite3dir="" -AC_MSG_CHECKING(for sqlite3 files) -for d in $dir /usr /usr/local /usr/local/sqlite3 -do - if test -f $d/lib64/sqlite3/libsqlite3.so - then - AC_MSG_RESULT(found sqlite3 in $d) - sqlite3dir=$d - sqlite3dir_suffix=/sqlite3 - sqlite3dir_libdir=${sqlite3dir}/lib64 - break - elif test -f $d/lib/sqlite3/libsqlite3.so - then - AC_MSG_RESULT(found sqlite3 in $d) - sqlite3dir=$d - sqlite3dir_suffix=/sqlite3 - sqlite3dir_libdir=${sqlite3dir}/lib - break - elif test -f $d/lib64/libsqlite3.so - then - AC_MSG_RESULT(found sqlite3 in $d) - sqlite3dir=$d - sqlite3dir_suffix= - sqlite3dir_libdir=${sqlite3dir}/lib64 - break - elif test -f $d/lib/libsqlite3.so - then - AC_MSG_RESULT(found sqlite3 in $d) - sqlite3dir=$d - sqlite3dir_suffix= - sqlite3dir_libdir=${sqlite3dir}/lib - break - fi -done - -if test x$sqlite3dir = x -then - AC_MSG_WARN(sqlite3 backend not used) -else - AC_DEFINE(HAVE_SQLITE3) - SQLITE3INCLUDES=-I${sqlite3dir}/include${sqlite3dir_suffix} - SQLITE3LIBS=-L${sqlite3dir_libdir}${sqlite3dir_suffix} - - DATABASE_DIR="${DATABASE_DIR} sqlite3" - SQLITE3_LIB="${SQLITE3LIBS} -lsqlite3 " - - DB_DEF="${DB_DEF} -DHAVE_SQLITE3 " - - - AC_SUBST(SQLITE3INCLUDES) - AC_SUBST(SQLITE3_LIB) - -fi -]) - - -dnl -dnl Check whether the user wants log IP-addresses as strings rather -dnl than as unsigned long-integers to his sqlite3-database. Since this -dnl feature is only used in ulogd_SQLITE3.c, there are no checks in any -dnl way. -dnl - -AC_ARG_WITH(sqlite3-log-ip-as-string, - --with-sqlite3-log-ip-as-string log IPs as string rather than as - unsigned long-integer. -,[ - EXTRA_SQLITE3_DEF="${EXTRA_SQLITE3_DEF} -DIP_AS_STRING=1" - AC_MSG_WARN(the use of --with-sqlite3-log-ip-as-string is discouraged) -]) - -dnl -dnl Kernel 64 -dnl - -AC_ARG_WITH(kernel-64-user-32, - --with-kernel-64-user-32 Use this flag to compile on system where kernel is 64 bits - userspace is 32. -,[ - KERNEL64_USERSPACE32="-DKERNEL_64_USERSPACE_32" - AC_MSG_WARN(The use of the flag kernel-64-user-32 could interfere with kernel evolution. Use it at your own risk.) -]) - - -AC_SUBST(DATABASE_DIR) -AC_SUBST(DATABASE_LIB) -AC_SUBST(DATABASE_LIB_DIR) -AC_SUBST(DB_DEF) -AC_SUBST(EXTRA_MYSQL_DEF) -AC_SUBST(EXTRA_PGSQL_DEF) -AC_SUBST(EXTRA_SQLITE3_DEF) - -AC_SUBST(DATABASE_DRIVERS) -AC_SUBST(HAVE_PCAP_H) - -AC_SUBST(KERNEL64_USERSPACE32) - -AM_CONDITIONAL(HAVE_MYSQL, test x$mysqldir != x) -AM_CONDITIONAL(HAVE_PGSQL, test x$pgsqldir != x) -AM_CONDITIONAL(HAVE_SQLITE3, test x$sqlite3dir != x) - -AC_OUTPUT(extensions/Makefile doc/Makefile conffile/Makefile libipulog/Makefile mysql/Makefile pgsql/Makefile sqlite3/Makefile pcap/Makefile Makefile Rules.make) diff --git a/ulogd/contrib/ulog_query.php.gz b/ulogd/contrib/ulog_query.php.gz deleted file mode 100644 index e57bc0b..0000000 Binary files a/ulogd/contrib/ulog_query.php.gz and /dev/null differ diff --git a/ulogd/doc/Makefile.in b/ulogd/doc/Makefile.in deleted file mode 100644 index e6c71a9..0000000 --- a/ulogd/doc/Makefile.in +++ /dev/null @@ -1,51 +0,0 @@ -#! /usr/bin/make -# this file is shamelessly stolen from the iptables CVS tree - -LANG_DIRS:= - -HOWTOS:=$(wildcard *.sgml) -HOWTOS+=$(foreach dir, $(LANG_DIRS), $(wildcard $(dir)/*.sgml)) - -TXT_HOWTOS:=$(HOWTOS:.sgml=.txt) -HTML_HOWTOS:=$(HOWTOS:.sgml=.html) -PSA4_HOWTOS:=$(HOWTOS:.sgml=.a4.ps) -PSUS_HOWTOS:=$(HOWTOS:.sgml=.letter.ps) - -HOWTO_FLAGS_it/=-c latin -l it -HOWTO_FLAGS_fr/=-c latin -l fr - -user_calls_make: - -distrib: $(TXT_HOWTOS) $(PSA4_HOWTOS) $(HTML_HOWTOS) - -HOWTOs: $(TXT_HOWTOS) $(HTML_HOWTOS) $(PSA4_HOWTOS) $(PSUS_HOWTOS) - -# Remake all if Makefile changes. -$(TXT_HOWTOS) $(HTML_HOWTOS) $(PSA4_HOWTOS) $(PSUS_HOWTOS): Makefile - -# Stupid sgml2* tools strip dirnames for output files. 8( -%.txt: %.sgml - @echo Making $@: && cd `dirname $<` && sgml2txt --filter $(HOWTO_FLAGS_$(dir $<)) `basename $<` 2>&1 | sed "s?^:\([0-9]*\):[^ ]* ?$<:\1:?" - -%.a4.dvi: %.sgml - @echo Making $@: && cd `dirname $<` && sgml2latex --papersize=a4 --output=dvi $(HOWTO_FLAGS_$(dir $<)) `basename $<` 2>&1 | sed "s?^:\([0-9]*\):[^ ]* ?$<:\1:?" && mv `basename $*.dvi` `basename $*.a4.dvi` - -%.a4.ps: %.a4.dvi - @dvips -t a4 -o $@ $< - -%.letter.dvi: %.sgml - @echo Making $@: && cd `dirname $<` && sgml2latex --papersize=letter --output=dvi $(HOWTO_FLAGS_$(dir $<)) `basename $<` 2>&1 | sed "s?^:\([0-9]*\):[^ ]* ?$<:\1:?" && mv `basename $*.dvi` `basename $*.letter.dvi` - -%.letter.ps: %.letter.dvi - @dvips -t letter -o $@ $< - -%.html: %.sgml - @echo Making $@: && cd `dirname $<` && sgml2html -s 0 $(HOWTO_FLAGS_$(dir $<)) `basename $<` 2>&1 | sed "s?^:\([0-9]*\):[^ ]* ?$<:\1:?" - -clean: -# for d in . $(LANG_DIRS); do rm -f $$d/*.html $$d/*.ps $$d/*.aux $$d/*.log $$d/*.txt $$d/*~; done - -distclean: - rm -f Makefile - -install: diff --git a/ulogd/doc/mysql.table b/ulogd/doc/mysql.table deleted file mode 100644 index bdfee71..0000000 --- a/ulogd/doc/mysql.table +++ /dev/null @@ -1,55 +0,0 @@ -CREATE TABLE ulog ( id INT UNSIGNED AUTO_INCREMENT UNIQUE, - - raw_mac VARCHAR(80), - - oob_time_sec INT UNSIGNED, - oob_time_usec INT UNSIGNED, - oob_prefix VARCHAR(32), - oob_mark INT UNSIGNED, - oob_in VARCHAR(32), - oob_out VARCHAR(32), - - ip_saddr INT UNSIGNED, - ip_daddr INT UNSIGNED, - ip_protocol TINYINT UNSIGNED, - ip_tos TINYINT UNSIGNED, - ip_ttl TINYINT UNSIGNED, - ip_totlen SMALLINT UNSIGNED, - ip_ihl TINYINT UNSIGNED, - ip_csum SMALLINT UNSIGNED, - ip_id SMALLINT UNSIGNED, - ip_fragoff SMALLINT UNSIGNED, - - tcp_sport SMALLINT UNSIGNED, - tcp_dport SMALLINT UNSIGNED, - tcp_seq INT UNSIGNED, - tcp_ackseq INT UNSIGNED, - tcp_window SMALLINT UNSIGNED, - tcp_urg TINYINT, - tcp_urgp SMALLINT UNSIGNED, - tcp_ack TINYINT, - tcp_psh TINYINT, - tcp_rst TINYINT, - tcp_syn TINYINT, - tcp_fin TINYINT, - - udp_sport SMALLINT UNSIGNED, - udp_dport SMALLINT UNSIGNED, - udp_len SMALLINT UNSIGNED, - - icmp_type TINYINT UNSIGNED, - icmp_code TINYINT UNSIGNED, - icmp_echoid SMALLINT UNSIGNED, - icmp_echoseq SMALLINT UNSIGNED, - icmp_gateway INT UNSIGNED, - icmp_fragmtu SMALLINT UNSIGNED, - - pwsniff_user VARCHAR(30), - pwsniff_pass VARCHAR(30), - - ahesp_spi INT UNSIGNED, - - KEY index_id (id) - ); - - diff --git a/ulogd/doc/mysql.table.ipaddr-as-string b/ulogd/doc/mysql.table.ipaddr-as-string deleted file mode 100644 index 4a9cecc..0000000 --- a/ulogd/doc/mysql.table.ipaddr-as-string +++ /dev/null @@ -1,58 +0,0 @@ -# MySQL dump 7.1 -# -# Host: localhost Database: ulogd -#-------------------------------------------------------- -# Server version 3.22.32 - -# This table is intended for use with older MySQL-Servers and -# the --with-mysql-log-ip-as-string feature. It will not work -# without that feature. -# -# Table structure for table 'ulog' -# -CREATE TABLE ulog ( - id int(10) unsigned NOT NULL auto_increment, - raw_mac varchar(80), - oob_time_sec int(10) unsigned, - oob_time_usec int(10) unsigned, - oob_prefix varchar(32), - oob_mark int(10) unsigned, - oob_in varchar(32), - oob_out varchar(32), - ip_saddr varchar(16), - ip_daddr varchar(16), - ip_protocol tinyint(3) unsigned, - ip_tos tinyint(3) unsigned, - ip_ttl tinyint(3) unsigned, - ip_totlen smallint(5) unsigned, - ip_ihl tinyint(3) unsigned, - ip_csum smallint(5) unsigned, - ip_id smallint(5) unsigned, - ip_fragoff smallint(5) unsigned, - tcp_sport smallint(5) unsigned, - tcp_dport smallint(5) unsigned, - tcp_seq int(10) unsigned, - tcp_ackseq int(10) unsigned, - tcp_window smallint(5) unsigned, - tcp_urg tinyint(4), - tcp_urgp smallint(5) unsigned, - tcp_ack tinyint(4), - tcp_psh tinyint(4), - tcp_rst tinyint(4), - tcp_syn tinyint(4), - tcp_fin tinyint(4), - udp_sport smallint(5) unsigned, - udp_dport smallint(5) unsigned, - udp_len smallint(5) unsigned, - icmp_type tinyint(3) unsigned, - icmp_code tinyint(3) unsigned, - icmp_echoid smallint(5) unsigned, - icmp_echoseq smallint(5) unsigned, - icmp_gateway int(10) unsigned, - icmp_fragmtu smallint(5) unsigned, - pwsniff_user varchar(30), - pwsniff_pass varchar(30), - ahesp_spi int(10) unsigned, - PRIMARY KEY (id) -); - diff --git a/ulogd/doc/pgsql.table b/ulogd/doc/pgsql.table deleted file mode 100644 index 193f747..0000000 --- a/ulogd/doc/pgsql.table +++ /dev/null @@ -1,81 +0,0 @@ -/* ulogd.pgsql.table, Version 0.1 - * - * sample of a postgres table for ulogd - * - * All columns except "id" are optional! Comment all unwanted - * columns out, e.g. by prefixing them with '--' - * - * "raw_pkt" is not supported by ulogd_PGSQL - */ - -CREATE SEQUENCE "seq_ulog"; - -CREATE TABLE "ulog" ( - "id" integer DEFAULT nextval('seq_ulog') NOT NULL, - - "oob_prefix" character varying(32), - "oob_time_sec" integer, - "oob_time_usec" integer, - "oob_mark" bigint, - "oob_in" character varying(32), - "oob_out" character varying(32), - - "raw_mac" character varying(80), - "raw_pktlen" bigint, - - "ip_ihl" smallint, - "ip_tos" smallint, - "ip_totlen" integer, - "ip_id" integer, - "ip_fragoff" integer, - "ip_ttl" smallint, - "ip_protocol" smallint, - "ip_csum" integer, - -/* log IPs as unsigned int32 (default) */ - "ip_saddr" bigint, - "ip_daddr" bigint, - -/* log IPs as string (--with-pgsql-log-ip-as-string) */ --- "ip_saddr" character varying(40), --- "ip_daddr" character varying(40), - -/* log IPs as inet (--with-pgsql-log-ip-as-string) */ --- "ip_saddr" inet, --- "ip_daddr" inet, - - - "tcp_sport" integer, - "tcp_dport" integer, - "tcp_seq" bigint, - "tcp_ackseq" bigint, - "tcp_urg" boolean, - "tcp_ack" boolean, - "tcp_psh" boolean, - "tcp_rst" boolean, - "tcp_syn" boolean, - "tcp_fin" boolean, - "tcp_window" integer, - "tcp_urgp" integer, - - "udp_sport" integer, - "udp_dport" integer, - "udp_len" integer, - - "icmp_type" smallint, - "icmp_code" smallint, - "icmp_echoid" integer, - "icmp_echoseq" integer, - "icmp_gateway" bigint, - "icmp_fragmtu" integer, - - "pwsniff_user" character varying(30), - "pwsniff_pass" character varying(30), - - "ahesp_spi" smallint, - - "local_time" bigint, - "local_hostname" character varying(40) -); - - diff --git a/ulogd/doc/sqlite3.table b/ulogd/doc/sqlite3.table deleted file mode 100644 index 7b5e99a..0000000 --- a/ulogd/doc/sqlite3.table +++ /dev/null @@ -1,22 +0,0 @@ -CREATE TABLE ulog ( - raw_mac VARCHAR(80), - oob_time_sec INT UNSIGNED, - oob_time_usec INT UNSIGNED, - ip_saddr INT UNSIGNED, - ip_daddr INT UNSIGNED, - ip_protocol TINYINT UNSIGNED, - ip_totlen SMALLINT UNSIGNED, - tcp_sport SMALLINT UNSIGNED, - tcp_dport SMALLINT UNSIGNED, - udp_sport SMALLINT UNSIGNED, - udp_dport SMALLINT UNSIGNED, - udp_len SMALLINT UNSIGNED, - icmp_type TINYINT UNSIGNED, - icmp_code TINYINT UNSIGNED, - icmp_echoid SMALLINT UNSIGNED, - icmp_echoseq SMALLINT UNSIGNED, - icmp_gateway INT UNSIGNED, - icmp_fragmtu SMALLINT UNSIGNED - ); - - diff --git a/ulogd/doc/ulogd.html b/ulogd/doc/ulogd.html deleted file mode 100644 index 8bf7fed..0000000 --- a/ulogd/doc/ulogd.html +++ /dev/null @@ -1,421 +0,0 @@ - - - - - ULOGD - the Userspace Logging Daemon - - -

ULOGD - the Userspace Logging Daemon

- -

Harald Welte <laforge@gnumonks.org>

Revision $Revision: 803 $, $Date: 2005-04-18 16:21:17 +0200 (Mon, 18 Apr 2005) $ -
-This is the documentation for ulogd, the Userspace logging daemon. -ulogd makes use of the Linux >= 2.4.x packet filter subsystem (iptables) and -the ULOG target for iptables. -
-

1. DESIGN

- -

1.1 CONCEPT -

- -

I want to provide a flexible, almost universal logging daemon for my netfilter -ULOG target. It is not optimized in any way, the goal is to keep as simple as -possible. These are my thoughts about how the architecture which is most -capable of doing that:

-

-

-
Interpreter lugins

It should be possible to add plugins / runtime modules for new protocols, etc. -For example the standard logging daemon provides source-ip, dest-ip, -source-port, dest-port, etc. Logging for variuos other protocols (GRE, -IPsec, ...) may be implemented as modules.

- -
Output plugins

... describe how and where to put the information gained by logging plugins. -The easiest way is to build a line per packet and fprint it to a file. -Some people might want to log into a SQL database or want an output -conforming to the intrusion detection systems communication draft from the -IETF.

- -
-

- -

1.2 DETAILS -

- -

The major clue is providing a framework which is as flexible as possible. -Nobody knows what strange network protocols are out there :) Flexibility -depends on the communication between the output of the logging plugins -and input of the output plugins.

-

Rusty advised me to use some kind of type-key-value triples, which is in fact -what I implemented.

-

One issue is, of course, performance. Up to ulogd 0.3, ulogd did several -linked list iterations and about 30 malloc() calls _per packet_. This -changed with the new >= 0.9 revisions: -

    -
  • Not a single dynamic allocation in the core during runtime. -Everything is pre-allocated at start of ulogd to provide the highest -possible throughput.
    • -
  • Hash tables in addition to the linked lists. Linked lists are only -traversed if we really want to access each element of the list.
    • -
-

- -

2. INSTALLATION

- - -

2.1 Linux kernel -

- -

First you will need a recent 2.4.x kernel. If you have a kernel >= -2.4.18-pre8, it already has the kernel suport for ULOG (ipt_ULOG.o).

-

If you have an older kernel version (between 2.4.0 and 2.4.18-pre6), you -can use the patch-o-matic system of netfilter/iptables, as described in -the following section.

- -

2.2 ipt_ULOG from netfilter/iptables patch-o-matic -

- -

You only need to read this chapter if you have a 2.4.x kernel <= -2.4.18-pre6.

-

In order to put the ipt_ULOG module into your kernel source,you need the latest -iptables package, or even better: the latest CVS snapshot. A description how to -obtain this is provided on the netfilter -homepage -http://www.netfilter.org/.

-

To run patch-o-matic, just type -

-
-make patch-o-matic
-
-
- -in the userspace directory of netfilter CVS.

- -

2.3 ulogd -

- -

Recompiling the source

- -

Download the ulogd package from -http://ftp.netfilter.org/pub/ulogd/ and -untar it.

-

If you want to build ulogd with MySQL support, type './configure --with-mysql'. You may also have to specify the path of the mysql libraries using '--with-mysql=path'. To build ulogd without MySQL support, just use './configure'.

-

To compile and install the program, call 'make install'.

- -

Using a precompiled package

- -

I also provide a SRPM, which should compile on almost any rpm-based distribution. It is available at -http://ftp.netfilter.org/pub/ulogd/

-

Just download the package and do the usual 'rpm --rebuild <file>'.

- -

3. Configuration

- -

3.1 iptables ULOG target -

- -

Quick Setup

- -

Just add rules using the ULOG target to your firewalling chain. A very basic -example: -

-
-iptables -A FORWARD -j ULOG --ulog-nlgroup 32 --ulog-prefix foo 
-
-
-

-

To increase logging performance, try to use the -

-
---ulog-qthreshold N
-
-
- -option (where 1 < N <= 50). The number you specify is the amout of packets -batched together in one multipart netlink message. If you set this to 20, the -kernel schedules ulogd only once every 20 packets. All 20 packets are then -processed by ulogd. This reduces the number of context switches between kernel -and userspace.

-

Of course you can combine the ULOG target with the different netfilter match -modules. For a more detailed description, have a look at the netfilter -HOWTO's, available on the netfilter homepage.

-

ULOG target reference

- -

-

-
--ulog-nlgroup N

The number of the netlink multicast group to which ULOG'ed packets are sent. -You will have to use the same group number in the ULOG target and ulogd in -order to make logging work.

-
--ulog-cprange N

Copyrange. This works like the 'snaplen' paramter of tcpdump. You can specify -a number of bytes up to which the packet is copied. If you say '40', you will -receive the first fourty bytes of every packet. Leave it to '0'

-
--ulog-qthreshold N

Queue threshold. If a packet is matched by the iptables rule, and already N -packets are in the queue, the queue is flushed to userspace. You can use this -to implement a policy like: Use a big queue in order to gain high performance, -but still have certain packets logged immediately to userspace.

-
--ulog-prefix STRING

A string that is associated with every packet logged by this rule. You can use -this option to later tell from which rule the packet was logged.

-
-

- -

ipt_ULOG module parameters

- -

The ipt_ULOG kernel module has a couple of module loadtime parameters which can -(and should) be tuned to accomodate the needs of the application: -

-
nlbufsiz N

Netlink buffer size. A buffer of the specified size N is allocated for every -netlink group that is used. Please note that due to restrictions of the kernel -memory allocator, we cannot have a buffer size > 128kBytes. Larger buffer -sizes increase the performance, since less kernel/userspace context switches -are needed for the same amount of packets. The backside of this performance -gain is a potentially larger delay. The default value is 4096 bytes, which is -quite small.

-
flushtimeout N

The flushtimeout determines, after how many clock ticks (on alpha: 1ms, on -x86 and most other platforms: 10ms time units) the buffer/queue is to be -flushed, even if it is not full. This can be used to have the advantage of a -large buffer, but still a finite maximum delay introduced. The default value -is set to 10 seconds.

-
- -Example: -
-
-modprobe ipt_ULOG nlbufsiz=65535 flushtimeout=100
-
-
- -This would use a buffer size of 64k and a flushtimeout of 100 clockticks (1 second on x86).

- -

3.2 ulogd -

- -

ulogd is what this is all about, so let's describe it's configuration...

-

ulogd configfile syntax reference

- -

All configurable parameters of ulogd are in the configfile, typically located -at '/etc/ulogd.conf'.

-

The following configuration parameters are available: -

-
nlgroup

The netlink multicast group, which ulgogd should bind to. This is the same as -given with the '--ulog-nlgroup' option to iptables.

-
logfile

The main logfile, where ulogd reports any errors, warnings and other unexpected conditions. Apart from a regular filename, the following special values can be used; ``syslog'' to log via the unix syslog(3) mechanism. ``stdout'' to log to stdout.

-
loglevel

This specifies, how verbose the logging to logfile is. Currently defined -loglevels are: 1=debug information, 3=informational messages, 5=noticable -exceptional conditions, 7=error conditions, 8=fatal errors, program abort.

-
plugin

This option is followed by a filename of a ulogd plugin, which ulogd shold load -upon initialization. This option may appear more than once.

-
rmem

Size of the netlink socket receive memory. You should set this to at least the -size of the kernel buffer (nlbufsiz parameter of the ipt_ULOG module). Please -note that there is a maximum limit in /proc/sys/net/core/rmem_max which you -cannot exceed by increasing the ``rmem'' parameter. You may need to raise the -system-wide maximum limit before.

-
bufsize

Size of the receive buffer. You should set this to at least the socket receive buffer (rmem).

-
-

-

ulogd commandline option reference

- -

Apart from the configfile, there are a couple of commandline options to ulogd: -

-
-h --help

Print a help message about the commandline options.

-
-V --version

Print version information about ulogd.

-
-d --daemon

For off into daemon mode. Unless you are debugging, you will want to use this -most of the time.

-
-c --configfile

Using this commandline option, an alternate config file can be used. This is -important if multiple instances of ulogd are to be run on a single machine.

-
-

- -

4. Available plugins

- -

It is important to understand that ulogd without plugins does nothing. It will receive packets, and do nothing with them.

-

There are two kinds of plugins, interpreter and output plugins. Interpreter -plugins parse the packet, output plugin write the interpreted information to -some logfile/database/...

- -

4.1 Interpreter plugins -

- -

ulogd comes with the following interpreter plugins:

-

ulogd_BASE.so

- -

Basic interpreter plugin for nfmark, timestamp, mac address, ip header, tcp -header, udp header, icmp header, ah/esp header... Most people will want to load -this very important plugin.

-

ulogd_PWSNIFF.so

- -

Example interpreter plugin to log plaintext passwords as used with FTP and -POP3. Don't blame me for writing this plugin! The protocols are inherently -insecure, and there are a lot of other tools for sniffing passwords... it's -just an example.

-

ulogd_LOCAL.so

- -

This is a 'virtual interpreter'. It doesn't really return any information on -the packet itself, rather the local system time and hostname. Please note that -the time is the time at the time of logging, not the packets receive time.

- -

4.2 Output plugins -

- -

ulogd comes with the following output plugins:

- -

ulogd_OPRINT.so

- -

A very simple output module, dumping all packets in the format -

-
-===>PACKET BOUNDARY
-key=value
-key=value
-...
-===>PACKET BOUNDARY
-...
-
-
- -to a file. The only useful application is debugging.

-

The module defines the following configuration directives: -

-
dumpfile

The filename where it should log to. The default is -/var/log/ulogd.pktlog

-
-

- -

ulogd_LOGEMU.so

- -

An output module which tries to emulate the old syslog-based LOG targed as far -as possible. Logging is done to a seperate textfile instead of syslog, though.

-

The module defines the following configuration directives: -

-
file

The filename where it should log to. The default is -/var/log/ulogd.syslogemu

-
sync

Set this to 1 if you want to have your logfile written -synchronously. This may reduce performance, but makes your log-lines appear -immediately. The default is 0

-
-

- -

ulogd_MYSQL.so

- -

An output plugin for logging into a mysql database. This is only compiled if -you have the mysql libraries installed, and the configure script was able to -detect them. (that is: --with-mysql was specified for ./configure)

- -

The plugin automagically inserts the data into the configured table; It -connects to mysql during the startup phase of ulogd and obtains a list of the -columns in the table. Then it tries to resolve the column names against keys of -interpreter plugins. This way you can easly select which information you want -to log - just by the layout of the table.

- -

If, for example, your table contains a field called 'ip_saddr', ulogd will -resolve this against the key 'ip.saddr' and put the ip address as 32bit -unsigned integer into the table.

- -

You may want to have a look at the file 'doc/mysql.table' as an -example table including fields to log all keys from ulogd_BASE.so. Just delete -the fields you are not interested in, and create the table.

- -

The module defines the following configuration directives: -

-
table

Name of the table to which ulogd should log

-
ldb

Name of the mysql database

-
host

Name of the mysql database host

-
port

TCP port number of mysql database server

-
user

Name of the mysql user

-
pass

Password for mysql

-
-

- -

ulogd_PGSQL.so

- -

An output plugin for logging into a postgresql database. This is only compiled -if you have the mysql libraries installed, and the configure script was able to -detect them. (that is: --with-pgsql was specified for ./configure)

- -

The plugin automagically inserts the data into the configured table; It -connects to pgsql during the startup phase of ulogd and obtains a list of the -columns in the table. Then it tries to resolve the column names against keys of -interpreter plugins. This way you can easly select which information you want -to log - just by the layout of the table.

- -

If, for example, your table contains a field called 'ip_saddr', ulogd will -resolve this against the key 'ip.saddr' and put the ip address as 32bit -unsigned integer into the table.

- -

You may want to have a look at the file 'doc/mysql.table' as an -example table including fields to log all keys from ulogd_BASE.so. Just delete -the fields you are not interested in, and create the table.

- -

The module defines the following configuration directives: -

-
table

Name of the table to which ulogd should log

-
db

Name of the database

-
host

Name of the mysql database host

-
port

TCP port number of database server

-
user

Name of the sql user

-
pass

Password for sql user

-
-

- -

ulogd_PCAP.so

- -

An output plugin that can be used to generate libpcap-style packet logfiles. -This can be useful for later analysing the packet log with tools like tcpdump -or ethereal.

-

The module defines the following configuration directives: -

-
file

The filename where it should log to. The default is: -/var/log/ulogd.pcap

-
sync

Set this to 1 if you want to have your pcap logfile written -synchronously. This may reduce performance, but makes your packets appear -immediately in the file on disk. The default is 0

-
-

- -

ulogd_SQLITE3.so

- -

An output plugin for logging into a SQLITE v3 database. This is only compiled -if you have the sqlite libraries installed, and the configure script was able to -detect them. (that is: --with-sqlite3 was specified for ./configure)

- -

The plugin automagically inserts the data into the configured table; It -opens the sqlite db during the startup phase of ulogd and obtains a list of the -columns in the table. Then it tries to resolve the column names against keys of -interpreter plugins. This way you can easly select which information you want -to log - just by the layout of the table.

- -

If, for example, your table contains a field called 'ip_saddr', ulogd will -resolve this against the key 'ip.saddr' and put the ip address as 32bit -unsigned integer into the table.

- -

You may want to have a look at the file 'doc/sqlite3.table' as an -example table including fields to log all keys from ulogd_BASE.so. Just delete -the fields you are not interested in, and create the table.

- -

The module defines the following configuration directives: -

-
table

Name of the table to which ulogd should log

-
db

Name of the database

-
buffer

Size of the sqlite buffer

-
-

-

ulogd_SYSLOG.so

- -

An output plugin that really logs via syslogd. Lines will look exactly like printed with traditional LOG target.

-

The module defines the following configuration directives: -

-
facility

The syslog facility (LOG_DAEMON, LOG_KERN, LOG_LOCAL0 .. LOG_LOCAL7, LOG_USER)

-
level

The syslog level (LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR, LOG_WARNING, LOG_NOTICE, LOG_INFO, LOG_DEBUG)

-
-

-

5. QUESTIONS / COMMENTS

- -

All comments / questions / ... are appreciated.

-

Just drop me a note to laforge@gnumonks.org

-

Please note also that there is now a mailinglist, ulogd@lists.gnumonks.org. -You can subscribe at -http://lists.gnumonks.org/mailman/listinfo/ulogd/

-

-The preferred method for reporting bugs is the netfilter bugzilla system, -available at -http://bugzilla.netfilter.org/.

- - - diff --git a/ulogd/doc/ulogd.sgml b/ulogd/doc/ulogd.sgml deleted file mode 100644 index c019c63..0000000 --- a/ulogd/doc/ulogd.sgml +++ /dev/null @@ -1,449 +0,0 @@ - - - - -
- -ULOGD - the Userspace Logging Daemon -Harald Welte <laforge@gnumonks.org> -Revision $Revision$, $Date$ - - -This is the documentation for ulogd, the Userspace logging daemon. -ulogd makes use of the Linux >= 2.4.x packet filter subsystem (iptables) and -the ULOG target for iptables. - - - - -DESIGN - -CONCEPT -

-I want to provide a flexible, almost universal logging daemon for my netfilter -ULOG target. It is not optimized in any way, the goal is to keep as simple as -possible. These are my thoughts about how the architecture which is most -capable of doing that: -

- -Interpreter plugins -It should be possible to add plugins / runtime modules for new protocols, etc. -For example the standard logging daemon provides source-ip, dest-ip, -source-port, dest-port, etc. Logging for various other protocols (GRE, -IPsec, ...) may be implemented as modules. - -Output plugins -... describe how and where to put the information gained by logging plugins. -The easiest way is to build a line per packet and fprint it to a file. -Some people might want to log into a SQL database or want an output -conforming to the intrusion detection systems communication draft from the -IETF. - - - -DETAILS -

-The major clue is providing a framework which is as flexible as possible. -Nobody knows what strange network protocols are out there :) Flexibility -depends on the communication between the output of the logging plugins -and input of the output plugins. -

-Rusty advised me to use some kind of type-key-value triples, which is in fact -what I implemented. -

-One issue is, of course, performance. Up to ulogd 0.3, ulogd did several -linked list iterations and about 30 malloc() calls _per packet_. This -changed with the new >= 0.9 revisions: - -Not a single dynamic allocation in the core during runtime. -Everything is pre-allocated at start of ulogd to provide the highest -possible throughput. -Hash tables in addition to the linked lists. Linked lists are only -traversed if we really want to access each element of the list. - - -INSTALLATION -

-Linux kernel -

-First you will need a recent 2.4.x kernel. If you have a kernel >= -2.4.18-pre8, it already has the kernel support for ULOG (ipt_ULOG.o). -

-If you have an older kernel version (between 2.4.0 and 2.4.18-pre6), you -can use the patch-o-matic system of netfilter/iptables, as described in -the following section. - -ipt_ULOG from netfilter/iptables patch-o-matic -

-You only need to read this chapter if you have a 2.4.x kernel <= -2.4.18-pre6. -

-In order to put the ipt_ULOG module into your kernel source,you need the latest -iptables package, or even better: the latest CVS snapshot. A description how to -obtain this is provided on the netfilter -homepage . -

-To run patch-o-matic, just type - -make patch-o-matic - -in the userspace directory of netfilter CVS. - -ulogd -Recompiling the source -

-Download the ulogd package from and -untar it. -

-If you want to build ulogd with MySQL support, type './configure --with-mysql'. You may also have to specify the path of the mysql libraries using '--with-mysql=path'. To build ulogd without MySQL support, just use './configure'. -

-To compile and install the program, call 'make install'. - -Using a precompiled package -

-I also provide a SRPM, which should compile on almost any rpm-based distribution. It is available at -

-Just download the package and do the usual 'rpm --rebuild <file>'. - -Configuration -iptables ULOG target -Quick Setup -

-Just add rules using the ULOG target to your firewalling chain. A very basic -example: - -iptables -A FORWARD -j ULOG --ulog-nlgroup 32 --ulog-prefix foo - -

-To increase logging performance, try to use the - ---ulog-qthreshold N - -option (where 1 < N <= 50). The number you specify is the amount of packets -batched together in one multipart netlink message. If you set this to 20, the -kernel schedules ulogd only once every 20 packets. All 20 packets are then -processed by ulogd. This reduces the number of context switches between kernel -and userspace. -

-Of course you can combine the ULOG target with the different netfilter match -modules. For a more detailed description, have a look at the netfilter -HOWTO's, available on the netfilter homepage. -ULOG target reference -

- ---ulog-nlgroup N -The number of the netlink multicast group to which ULOG'ed packets are sent. -You will have to use the same group number in the ULOG target and ulogd in -order to make logging work. ---ulog-cprange N -Copyrange. This works like the 'snaplen' parameter of tcpdump. You can specify -a number of bytes up to which the packet is copied. If you say '40', you will -receive the first fourty bytes of every packet. Leave it to 0 ---ulog-qthreshold N -Queue threshold. If a packet is matched by the iptables rule, and already N -packets are in the queue, the queue is flushed to userspace. You can use this -to implement a policy like: Use a big queue in order to gain high performance, -but still have certain packets logged immediately to userspace. ---ulog-prefix STRING -A string that is associated with every packet logged by this rule. You can use -this option to later tell from which rule the packet was logged. - - -ipt_ULOG module parameters -

-The ipt_ULOG kernel module has a couple of module loadtime parameters which can -(and should) be tuned to accomodate the needs of the application: - -nlbufsiz N -Netlink buffer size. A buffer of the specified size N is allocated for every -netlink group that is used. Please note that due to restrictions of the kernel -memory allocator, we cannot have a buffer size > 128kBytes. Larger buffer -sizes increase the performance, since less kernel/userspace context switches -are needed for the same amount of packets. The backside of this performance -gain is a potentially larger delay. The default value is 4096 bytes, which is -quite small. -flushtimeout N -The flushtimeout determines, after how many clock ticks (on alpha: 1ms, on -x86 and most other platforms: 10ms time units) the buffer/queue is to be -flushed, even if it is not full. This can be used to have the advantage of a -large buffer, but still a finite maximum delay introduced. The default value -is set to 10 seconds. - -Example: - -modprobe ipt_ULOG nlbufsiz=65535 flushtimeout=100 - -This would use a buffer size of 64k and a flushtimeout of 100 clockticks (1 second on x86). - -ulogd -

-ulogd is what this is all about, so let's describe it's configuration... -ulogd configfile syntax reference -

-All configurable parameters of ulogd are in the configfile, typically located -at '/etc/ulogd.conf'. -

-The following configuration parameters are available: - -nlgroup -The netlink multicast group, which ulgogd should bind to. This is the same as -given with the '--ulog-nlgroup' option to iptables. -logfile -The main logfile, where ulogd reports any errors, warnings and other unexpected conditions. Apart from a regular filename, the following special values can be used; ``syslog'' to log via the unix syslog(3) mechanism. ``stdout'' to log to stdout. -loglevel -This specifies, how verbose the logging to logfile is. Currently defined -loglevels are: 1=debug information, 3=informational messages, 5=noticable -exceptional conditions, 7=error conditions, 8=fatal errors, program abort. -plugin -This option is followed by a filename of a ulogd plugin, which ulogd shold load -upon initialization. This option may appear more than once. -rmem -Size of the netlink socket receive memory. You should set this to at least the -size of the kernel buffer (nlbufsiz parameter of the ipt_ULOG module). Please -note that there is a maximum limit in /proc/sys/net/core/rmem_max which you -cannot exceed by increasing the ``rmem'' parameter. You may need to raise the -system-wide maximum limit before. -bufsize -Size of the receive buffer. You should set this to at least the socket receive buffer (rmem). - -ulogd commandline option reference -

-Apart from the configfile, there are a couple of commandline options to ulogd: - --h --help -Print a help message about the commandline options. --V --version -Print version information about ulogd. --d --daemon -For off into daemon mode. Unless you are debugging, you will want to use this -most of the time. --c --configfile -Using this commandline option, an alternate config file can be used. This is -important if multiple instances of ulogd are to be run on a single machine. - - -Available plugins -

-It is important to understand that ulogd without plugins does nothing. It will receive packets, and do nothing with them. -

-There are two kinds of plugins, interpreter and output plugins. Interpreter -plugins parse the packet, output plugins write the interpreted information to -some logfile/database/... - -Interpreter plugins -

-ulogd comes with the following interpreter plugins: -ulogd_BASE.so -

-Basic interpreter plugin for nfmark, timestamp, mac address, ip header, tcp -header, udp header, icmp header, ah/esp header... Most people will want to load -this very important plugin. -ulogd_PWSNIFF.so -

-Example interpreter plugin to log plaintext passwords as used with FTP and -POP3. Don't blame me for writing this plugin! The protocols are inherently -insecure, and there are a lot of other tools for sniffing passwords... it's -just an example. -ulogd_LOCAL.so -

-This is a 'virtual interpreter'. It doesn't really return any information on -the packet itself, rather the local system time and hostname. Please note that -the time is the time at the time of logging, not the packets receive time. - -Output plugins -

-ulogd comes with the following output plugins: - -ulogd_OPRINT.so -

-A very simple output module, dumping all packets in the format - -===>PACKET BOUNDARY -key=value -key=value -... -===>PACKET BOUNDARY -... - -to a file. The only useful application is debugging. -

The module defines the following configuration directives: - -dumpfile -The filename where it should log to. The default is -/var/log/ulogd.pktlog - - -ulogd_LOGEMU.so -

-An output module which tries to emulate the old syslog-based LOG targed as far -as possible. Logging is done to a seperate textfile instead of syslog, though. -

-The module defines the following configuration directives: - -fileThe filename where it should log to. The default is -/var/log/ulogd.syslogemu -syncSet this to 1 if you want to have your logfile written -synchronously. This may reduce performance, but makes your log-lines appear -immediately. The default is 0 - - -ulogd_MYSQL.so -

-An output plugin for logging into a mysql database. This is only compiled if -you have the mysql libraries installed, and the configure script was able to -detect them. (that is: --with-mysql was specified for ./configure) - -

-The plugin automagically inserts the data into the configured table; It -connects to mysql during the startup phase of ulogd and obtains a list of the -columns in the table. Then it tries to resolve the column names against keys of -interpreter plugins. This way you can easily select which information you want -to log - just by the layout of the table. - -

-If, for example, your table contains a field called 'ip_saddr', ulogd will -resolve this against the key 'ip.saddr' and put the ip address as 32bit -unsigned integer into the table. - -

-You may want to have a look at the file 'doc/mysql.table' as an -example table including fields to log all keys from ulogd_BASE.so. Just delete -the fields you are not interested in, and create the table. - -

-The module defines the following configuration directives: - -table -Name of the table to which ulogd should log. -ldb -Name of the mysql database. -host -Name of the mysql database host. -port -TCP port number of mysql database server. -user -Name of the mysql user. -pass -Password for mysql. - - -ulogd_PGSQL.so -

-An output plugin for logging into a postgresql database. This is only compiled -if you have the mysql libraries installed, and the configure script was able to -detect them. (that is: --with-pgsql was specified for ./configure) - -

-The plugin automagically inserts the data into the configured table; It -connects to pgsql during the startup phase of ulogd and obtains a list of the -columns in the table. Then it tries to resolve the column names against keys of -interpreter plugins. This way you can easily select which information you want -to log - just by the layout of the table. - -

-If, for example, your table contains a field called 'ip_saddr', ulogd will -resolve this against the key 'ip.saddr' and put the ip address as 32bit -unsigned integer into the table. - -

-You may want to have a look at the file 'doc/mysql.table' as an -example table including fields to log all keys from ulogd_BASE.so. Just delete -the fields you are not interested in, and create the table. - -

-The module defines the following configuration directives: - -table -Name of the table to which ulogd should log. -db -Name of the database. -host -Name of the mysql database host. -port -TCP port number of database server. -user -Name of the sql user. -pass -Password for sql user. - - -ulogd_PCAP.so -

-An output plugin that can be used to generate libpcap-style packet logfiles. -This can be useful for later analysing the packet log with tools like tcpdump -or ethereal. - -The module defines the following configuration directives: - -file -The filename where it should log to. The default is: -/var/log/ulogd.pcap -sync -Set this to 1 if you want to have your pcap logfile written -synchronously. This may reduce performance, but makes your packets appear -immediately in the file on disk. The default is 0 - - -ulogd_SQLITE3.so -

-An output plugin for logging into a SQLITE v3 database. This is only compiled -if you have the sqlite libraries installed, and the configure script was able to -detect them. (that is: --with-sqlite3 was specified for ./configure) - -

-The plugin automagically inserts the data into the configured table; It -opens the sqlite db during the startup phase of ulogd and obtains a list of the -columns in the table. Then it tries to resolve the column names against keys of -interpreter plugins. This way you can easily select which information you want -to log - just by the layout of the table. - -

-If, for example, your table contains a field called 'ip_saddr', ulogd will -resolve this against the key 'ip.saddr' and put the ip address as 32bit -unsigned integer into the table. - -

-You may want to have a look at the file 'doc/sqlite3.table' as an -example table including fields to log all keys from ulogd_BASE.so. Just delete -the fields you are not interested in, and create the table. - -

-The module defines the following configuration directives: - -table -Name of the table to which ulogd should log. -db -Name of the database. -buffer -Size of the sqlite buffer. - - - -ulogd_SYSLOG.so -

-An output plugin that really logs via syslogd. Lines will look exactly like printed with traditional LOG target. - -

-The module defines the following configuration directives: - -facility -The syslog facility (LOG_DAEMON, LOG_KERN, LOG_LOCAL0 .. LOG_LOCAL7, LOG_USER) -level -The syslog level (LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR, LOG_WARNING, LOG_NOTICE, LOG_INFO, LOG_DEBUG) - - - - QUESTIONS / COMMENTS -

-All comments / questions / ... are appreciated. -

-Just drop me a note to laforge@gnumonks.org -

-Please note also that there is now a mailinglist, ulogd@lists.gnumonks.org. -You can subscribe at -. -

-The preferred method for reporting bugs is the netfilter bugzilla system, -available at . - -

diff --git a/ulogd/extensions/Makefile.in b/ulogd/extensions/Makefile.in deleted file mode 100644 index 589bf7b..0000000 --- a/ulogd/extensions/Makefile.in +++ /dev/null @@ -1,37 +0,0 @@ -# - -# Normally You should not need to change anything below -# -include @top_srcdir@/Rules.make - -CFLAGS+=-I@top_srcdir@ -I@top_srcdir@/libipulog/include -I@top_srcdir@/include -SH_CFLAGS:=$(CFLAGS) -fPIC - -SHARED_LIBS+=$(foreach T,$(ULOGD_SL),ulogd_$(T).so) - - -all: $(SHARED_LIBS) - -distrib: - -printpkt.o: printpkt.c - $(CC) $(SH_CFLAGS) -o $@ -c $< - -$(SHARED_LIBS): %.so: %_sh.o - $(LD) -shared -o $@ $< -lc - -ulogd_SYSLOG.so: printpkt.o ulogd_SYSLOG_sh.o - $(LD) -shared -o $@ $^ -lc - -%_sh.o: %.c - $(CC) $(SH_CFLAGS) -o $@ -c $< - -clean: - $(RM) $(SHARED_LIBS) *.o - -distclean: - $(RM) Makefile - -install: all - $(INSTALL) -m 755 -d $(DESTDIR)$(ULOGD_LIB_PATH) - $(INSTALL) -m 755 *.so $(DESTDIR)$(ULOGD_LIB_PATH) diff --git a/ulogd/extensions/chtons.h b/ulogd/extensions/chtons.h deleted file mode 100644 index 4506e33..0000000 --- a/ulogd/extensions/chtons.h +++ /dev/null @@ -1,32 +0,0 @@ -#ifndef _CHTONS_H_ -#define _CHTONS_H_ - -#include - -#if __BYTE_ORDER == __BIG_ENDIAN -# define BITNR(X) ((X)^31) -# if !defined(__constant_htonl) -# define __constant_htonl(x) (x) -# endif -# if !defined(__constant_htons) -# define __constant_htons(x) (x) -# endif -#elif __BYTE_ORDER == __LITTLE_ENDIAN -# define BITNR(X) ((X)^7) -# if !defined(__constant_htonl) -# define __constant_htonl(x) \ - ((unsigned long int)((((unsigned long int)(x) & 0x000000ffU) << 24) | \ - (((unsigned long int)(x) & 0x0000ff00U) << 8) | \ - (((unsigned long int)(x) & 0x00ff0000U) >> 8) | \ - (((unsigned long int)(x) & 0xff000000U) >> 24))) -# endif -# if !defined(__constant_htons) -# define __constant_htons(x) \ - ((unsigned short int)((((unsigned short int)(x) & 0x00ff) << 8) | \ - (((unsigned short int)(x) & 0xff00) >> 8))) -# endif -#else -# error "Don't know if bytes are big- or little-endian!" -#endif - -#endif diff --git a/ulogd/extensions/printpkt.c b/ulogd/extensions/printpkt.c deleted file mode 100644 index a9e78d7..0000000 --- a/ulogd/extensions/printpkt.c +++ /dev/null @@ -1,276 +0,0 @@ -/* printpkt.c - * - * build something looking like a iptables LOG message - * - * (C) 2000-2003 by Harald Welte - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * $Id$ - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifndef HOST_NAME_MAX -#warning this libc does not define HOST_NAME_MAX -#define HOST_NAME_MAX (255+1) -#endif - -#define NIPQUAD(addr) \ - ((unsigned char *)&addr)[0], \ - ((unsigned char *)&addr)[1], \ - ((unsigned char *)&addr)[2], \ - ((unsigned char *)&addr)[3] - -struct intr_id { - char* name; - unsigned int id; -}; - -static char hostname[HOST_NAME_MAX+1]; - -#define INTR_IDS 35 -static struct intr_id intr_ids[INTR_IDS] = { - { "oob.time.sec", 0 }, - { "oob.prefix", 0 }, - { "oob.in", 0 }, - { "oob.out", 0 }, - { "raw.mac", 0 }, - { "ip.saddr", 0 }, - { "ip.daddr", 0 }, - { "ip.totlen", 0 }, - { "ip.tos", 0 }, - { "ip.ttl", 0 }, - { "ip.id", 0 }, - { "ip.fragoff", 0 }, - { "ip.protocol", 0 }, - { "tcp.sport", 0 }, - { "tcp.dport", 0 }, - { "tcp.seq", 0 }, - { "tcp.ackseq", 0 }, - { "tcp.window", 0 }, - { "tcp.urg", 0 }, - { "tcp.ack", 0 }, - { "tcp.psh", 0 }, - { "tcp.rst", 0 }, - { "tcp.syn", 0 }, - { "tcp.fin", 0 }, - { "tcp.urgp", 0 }, - { "udp.sport", 0 }, - { "udp.dport", 0 }, - { "udp.len", 0 }, - { "icmp.type", 0 }, - { "icmp.code", 0 }, - { "icmp.echoid", 0 }, - { "icmp.echoseq", 0 }, - { "icmp.gateway", 0 }, - { "icmp.fragmtu", 0 }, - { "ahesp.spi", 0 }, -}; - -#define GET_VALUE(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].value -#define GET_FLAGS(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].flags - -int printpkt_print(ulog_iret_t *res, char *buf, int prefix) -{ - char *timestr; - char *tmp; - time_t now; - - char *buf_cur = buf; - - if (prefix) { - now = (time_t) GET_VALUE(0).ui32; - timestr = ctime(&now) + 4; - - /* truncate time */ - if ((tmp = strchr(timestr, '\n'))) - *tmp = '\0'; - - /* truncate hostname */ - if ((tmp = strchr(hostname, '.'))) - *tmp = '\0'; - - /* print time and hostname */ - buf_cur += sprintf(buf_cur, "%.15s %s", timestr, hostname); - } - - if (*(char *) GET_VALUE(1).ptr) - buf_cur += sprintf(buf_cur, " %s", (char *) GET_VALUE(1).ptr); - - buf_cur += sprintf(buf_cur," IN=%s OUT=%s ", - (char *) GET_VALUE(2).ptr, - (char *) GET_VALUE(3).ptr); - - /* FIXME: configurable */ - buf_cur += sprintf(buf_cur, "MAC=%s ", - (GET_FLAGS(4) & ULOGD_RETF_VALID) ? (char *) GET_VALUE(4).ptr : ""); - - buf_cur += sprintf(buf_cur, "SRC=%s ", - inet_ntoa((struct in_addr) {htonl(GET_VALUE(5).ui32)})); - buf_cur += sprintf(buf_cur, "DST=%s ", - inet_ntoa((struct in_addr) {htonl(GET_VALUE(6).ui32)})); - - buf_cur += sprintf(buf_cur,"LEN=%u TOS=%02X PREC=0x%02X TTL=%u ID=%u ", - GET_VALUE(7).ui16, GET_VALUE(8).ui8 & IPTOS_TOS_MASK, - GET_VALUE(8).ui8 & IPTOS_PREC_MASK, GET_VALUE(9).ui8, - GET_VALUE(10).ui16); - - if (GET_VALUE(10).ui16 & IP_RF) - buf_cur += sprintf(buf_cur, "CE "); - - if (GET_VALUE(11).ui16 & IP_DF) - buf_cur += sprintf(buf_cur, "DF "); - - if (GET_VALUE(11).ui16 & IP_MF) - buf_cur += sprintf(buf_cur, "MF "); - - if (GET_VALUE(11).ui16 & IP_OFFMASK) - buf_cur += sprintf(buf_cur, "FRAG:%u ", - GET_VALUE(11).ui16 & IP_OFFMASK); - - switch (GET_VALUE(12).ui8) { - - case IPPROTO_TCP: - buf_cur += sprintf(buf_cur, "PROTO=TCP "); - buf_cur += sprintf(buf_cur, "SPT=%u DPT=%u ", - GET_VALUE(13).ui16, GET_VALUE(14).ui16); - /* FIXME: config */ - buf_cur += sprintf(buf_cur, "SEQ=%u ACK=%u ", - GET_VALUE(15).ui32, GET_VALUE(16).ui32); - - buf_cur += sprintf(buf_cur, "WINDOW=%u ", GET_VALUE(17).ui16); - -// buf_cur += sprintf(buf_cur, "RES=0x%02x ", - - if (GET_VALUE(18).b) - buf_cur += sprintf(buf_cur, "URG "); - - if (GET_VALUE(19).b) - buf_cur += sprintf(buf_cur, "ACK "); - - if (GET_VALUE(20).b) - buf_cur += sprintf(buf_cur, "PSH "); - - if (GET_VALUE(21).b) - buf_cur += sprintf(buf_cur, "RST "); - - if (GET_VALUE(22).b) - buf_cur += sprintf(buf_cur, "SYN "); - - if (GET_VALUE(23).b) - buf_cur += sprintf(buf_cur, "FIN "); - - buf_cur += sprintf(buf_cur, "URGP=%u ", GET_VALUE(24).ui16); - - break; - case IPPROTO_UDP: - - buf_cur += sprintf(buf_cur, "PROTO=UDP "); - - buf_cur += sprintf(buf_cur, "SPT=%u DPT=%u LEN=%u ", - GET_VALUE(25).ui16, GET_VALUE(26).ui16, - GET_VALUE(27).ui16); - break; - case IPPROTO_ICMP: - - buf_cur += sprintf(buf_cur, "PROTO=ICMP "); - - buf_cur += sprintf(buf_cur, "TYPE=%u CODE=%u ", - GET_VALUE(28).ui8, GET_VALUE(29).ui8); - - switch (GET_VALUE(28).ui8) { - case ICMP_ECHO: - case ICMP_ECHOREPLY: - buf_cur += sprintf(buf_cur, "ID=%u SEQ=%u ", - GET_VALUE(30).ui16, - GET_VALUE(31).ui16); - break; - case ICMP_PARAMETERPROB: - buf_cur += sprintf(buf_cur, "PARAMETER=%u ", - GET_VALUE(32).ui32 >> 24); - break; - case ICMP_REDIRECT: - buf_cur += sprintf(buf_cur, "GATEWAY=%s ", inet_ntoa((struct in_addr) {htonl(GET_VALUE(32).ui32)})); - break; - case ICMP_DEST_UNREACH: - if (GET_VALUE(29).ui8 == ICMP_FRAG_NEEDED) - buf_cur += sprintf(buf_cur, "MTU=%u ", - GET_VALUE(33).ui16); - break; - } - break; - case IPPROTO_ESP: - case IPPROTO_AH: - buf_cur += sprintf(buf_cur, "PROTO=%s ", GET_VALUE(12).ui8 == IPPROTO_ESP ? "ESP" : "AH"); - /* FIXME: "INCOMPLETE [%u bytes]" in case of short pkt */ - if (intr_ids[34].id > 0) { - buf_cur += sprintf(buf_cur, "SPI=0x%x ", GET_VALUE(34).ui32); - } - break; - default: - - buf_cur += sprintf(buf_cur, "PROTO=%u ", GET_VALUE(12).ui8); - } - strcat(buf_cur, "\n"); - - return 0; -} - -/* get all key id's for the keys we are intrested in */ -static int get_ids(void) -{ - int i; - struct intr_id *cur_id; - - for (i = 0; i < INTR_IDS; i++) { - cur_id = &intr_ids[i]; - cur_id->id = keyh_getid(cur_id->name); - if (!cur_id->id) { - ulogd_log(ULOGD_ERROR, - "Cannot resolve keyhash id for %s\n", - cur_id->name); - return 1; - } - } - return 0; -} - -int printpkt_init(void) -{ - if (gethostname(hostname, sizeof(hostname)) < 0) { - ulogd_log(ULOGD_FATAL, "can't gethostname(): %s\n", - strerror(errno)); - exit(2); - } - hostname[sizeof(hostname)-1] = '\0'; - - if (get_ids()) - return 1; - - return 0; -} diff --git a/ulogd/extensions/printpkt.h b/ulogd/extensions/printpkt.h deleted file mode 100644 index ce42de4..0000000 --- a/ulogd/extensions/printpkt.h +++ /dev/null @@ -1,7 +0,0 @@ -#ifndef _PRINTPKT_H -#define _PRINTPKT_H - -int printpkt_print(ulog_iret_t *res, char *buf, int prefix); -int printpkt_init(void); - -#endif diff --git a/ulogd/extensions/ulogd_BASE.c b/ulogd/extensions/ulogd_BASE.c deleted file mode 100644 index 61bad21..0000000 --- a/ulogd/extensions/ulogd_BASE.c +++ /dev/null @@ -1,569 +0,0 @@ -/* ulogd_MAC.c, Version $Revision$ - * - * ulogd interpreter plugin for - * o MAC addresses - * o NFMARK field - * o TIME - * o Interface names - * o IP header - * o TCP header - * o UDP header - * o ICMP header - * o AH/ESP header - * - * (C) 2000-2001 by Harald Welte - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - - * $Id$ - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/*********************************************************************** - * Raw header - ***********************************************************************/ -static ulog_iret_t raw_rets[] = { - { .type = ULOGD_RET_STRING, - .flags = ULOGD_RETF_FREE, - .key = "raw.mac", - }, - { .type = ULOGD_RET_RAW, - .flags = ULOGD_RETF_NONE, - .key = "raw.pkt", - }, - { .type = ULOGD_RET_UINT32, - .flags = ULOGD_RETF_NONE, - .key = "raw.pktlen", - }, -}; - -static ulog_iret_t *_interp_raw(ulog_interpreter_t *ip, - ulog_packet_msg_t *pkt) -{ - unsigned char *p; - int i, tmp, len = 0; - char *buf, *ptr = NULL; - ulog_iret_t *ret = ip->result; - size_t siz; - - if (pkt->mac_len) { - siz = 3 * pkt->mac_len + 1; - buf = (char *) malloc(siz); - if (!buf) { - ulogd_log(ULOGD_ERROR, "OOM!!!\n"); - return NULL; - } - *buf = '\0'; - - p = pkt->mac; - ptr = buf; - for (i = 0; i < pkt->mac_len; i++, p++) { - tmp = snprintf(ptr+len, siz-len, "%02x%s", - *p, i==pkt->mac_len-1 ? "":":"); - if (tmp < 0) - break; - if (tmp >= siz-len) { - buf[siz] = '\0'; - break; - } - len += tmp; - } - ret[0].value.ptr = buf; - ret[0].flags |= ULOGD_RETF_VALID; - } - - /* include pointer to raw ipv4 packet */ - ret[1].value.ptr = pkt->payload; - ret[1].flags |= ULOGD_RETF_VALID; - ret[2].value.ui32 = pkt->data_len; - ret[2].flags |= ULOGD_RETF_VALID; - - return ret; -} - -/*********************************************************************** - * OUT OF BAND - ***********************************************************************/ - -static ulog_iret_t oob_rets[] = { - { .type = ULOGD_RET_STRING, - .flags = ULOGD_RETF_NONE, - .key = "oob.prefix", - }, - { .type = ULOGD_RET_UINT32, - .flags = ULOGD_RETF_NONE, - .key = "oob.time.sec", - }, - { .type = ULOGD_RET_UINT32, - .flags = ULOGD_RETF_NONE, - .key = "oob.time.usec", - }, - { .type = ULOGD_RET_UINT32, - .flags = ULOGD_RETF_NONE, - .key = "oob.mark", - }, - { .type = ULOGD_RET_STRING, - .flags = ULOGD_RETF_NONE, - .key = "oob.in", - }, - { .type = ULOGD_RET_STRING, - .flags = ULOGD_RETF_NONE, - .key = "oob.out", - }, -}; - -static ulog_iret_t *_interp_oob(struct ulog_interpreter *ip, - ulog_packet_msg_t *pkt) -{ - ulog_iret_t *ret = ip->result; - - ret[0].value.ptr = pkt->prefix; - ret[0].flags |= ULOGD_RETF_VALID; - - /* god knows why timestamp_usec contains crap if timestamp_sec == 0 - * if (pkt->timestamp_sec || pkt->timestamp_usec) { */ - if (pkt->timestamp_sec) { - ret[1].value.ui32 = pkt->timestamp_sec; - ret[1].flags |= ULOGD_RETF_VALID; - ret[2].value.ui32 = pkt->timestamp_usec; - ret[2].flags |= ULOGD_RETF_VALID; - } else { - ret[1].flags &= ~ULOGD_RETF_VALID; - ret[2].flags &= ~ULOGD_RETF_VALID; - } - - ret[3].value.ui32 = pkt->mark; - ret[3].flags |= ULOGD_RETF_VALID; - ret[4].value.ptr = pkt->indev_name; - ret[4].flags |= ULOGD_RETF_VALID; - ret[5].value.ptr = pkt->outdev_name; - ret[5].flags |= ULOGD_RETF_VALID; - - return ret; -} - -/*********************************************************************** - * IP HEADER - ***********************************************************************/ - -static ulog_iret_t iphdr_rets[] = { - { .type = ULOGD_RET_IPADDR, - .flags = ULOGD_RETF_NONE, - .key = "ip.saddr", - }, - { .type = ULOGD_RET_IPADDR, - .flags = ULOGD_RETF_NONE, - .key = "ip.daddr", - }, - { .type = ULOGD_RET_UINT8, - .flags = ULOGD_RETF_NONE, - .key = "ip.protocol", - }, - { .type = ULOGD_RET_UINT8, - .flags = ULOGD_RETF_NONE, - .key = "ip.tos", - }, - { .type = ULOGD_RET_UINT8, - .flags = ULOGD_RETF_NONE, - .key = "ip.ttl", - }, - { .type = ULOGD_RET_UINT16, - .flags = ULOGD_RETF_NONE, - .key = "ip.totlen", - }, - { .type = ULOGD_RET_UINT8, - .flags = ULOGD_RETF_NONE, - .key = "ip.ihl", - }, - { .type = ULOGD_RET_UINT16, - .flags = ULOGD_RETF_NONE, - .key = "ip.csum", - }, - { .type = ULOGD_RET_UINT16, - .flags = ULOGD_RETF_NONE, - .key = "ip.id", - }, - { .type = ULOGD_RET_UINT16, - .flags = ULOGD_RETF_NONE, - .key = "ip.fragoff", - }, -}; - -static ulog_iret_t *_interp_iphdr(struct ulog_interpreter *ip, - ulog_packet_msg_t *pkt) -{ - ulog_iret_t *ret = ip->result; - struct iphdr *iph = (struct iphdr *) pkt->payload; - - ret[0].value.ui32 = ntohl(iph->saddr); - ret[0].flags |= ULOGD_RETF_VALID; - ret[1].value.ui32 = ntohl(iph->daddr); - ret[1].flags |= ULOGD_RETF_VALID; - ret[2].value.ui8 = iph->protocol; - ret[2].flags |= ULOGD_RETF_VALID; - ret[3].value.ui8 = iph->tos; - ret[3].flags |= ULOGD_RETF_VALID; - ret[4].value.ui8 = iph->ttl; - ret[4].flags |= ULOGD_RETF_VALID; - ret[5].value.ui16 = ntohs(iph->tot_len); - ret[5].flags |= ULOGD_RETF_VALID; - ret[6].value.ui8 = iph->ihl; - ret[6].flags |= ULOGD_RETF_VALID; - ret[7].value.ui16 = ntohs(iph->check); - ret[7].flags |= ULOGD_RETF_VALID; - ret[8].value.ui16 = ntohs(iph->id); - ret[8].flags |= ULOGD_RETF_VALID; - ret[9].value.ui16 = ntohs(iph->frag_off); - ret[9].flags |= ULOGD_RETF_VALID; - - return ret; -} - -/*********************************************************************** - * TCP HEADER - ***********************************************************************/ -static ulog_iret_t tcphdr_rets[] = { - { .type = ULOGD_RET_UINT16, - .flags = ULOGD_RETF_NONE, - .key = "tcp.sport", - }, - { .type = ULOGD_RET_UINT16, - .flags = ULOGD_RETF_NONE, - .key = "tcp.dport", - }, - { .type = ULOGD_RET_UINT32, - .flags = ULOGD_RETF_NONE, - .key = "tcp.seq", - }, - { .type = ULOGD_RET_UINT32, - .flags = ULOGD_RETF_NONE, - .key = "tcp.ackseq", - }, - { .type = ULOGD_RET_UINT8, - .flags = ULOGD_RETF_NONE, - .key = "tcp.offset", - }, - { .type = ULOGD_RET_UINT8, - .flags = ULOGD_RETF_NONE, - .key = "tcp.reserved", - }, - { .type = ULOGD_RET_UINT16, - .flags = ULOGD_RETF_NONE, - .key = "tcp.window", - }, - { .type = ULOGD_RET_BOOL, - .flags = ULOGD_RETF_NONE, - .key = "tcp.urg", - }, - { .type = ULOGD_RET_UINT16, - .flags = ULOGD_RETF_NONE, - .key = "tcp.urgp", - }, - { .type = ULOGD_RET_BOOL, - .flags = ULOGD_RETF_NONE, - .key = "tcp.ack", - }, - { .type = ULOGD_RET_BOOL, - .flags = ULOGD_RETF_NONE, - .key = "tcp.psh", - }, - { .type = ULOGD_RET_BOOL, - .flags = ULOGD_RETF_NONE, - .key = "tcp.rst", - }, - { .type = ULOGD_RET_BOOL, - .flags = ULOGD_RETF_NONE, - .key = "tcp.syn", - }, - { .type = ULOGD_RET_BOOL, - .flags = ULOGD_RETF_NONE, - .key = "tcp.fin", - }, - { .type = ULOGD_RET_BOOL, - .flags = ULOGD_RETF_NONE, - .key = "tcp.res1", - }, - { .type = ULOGD_RET_BOOL, - .flags = ULOGD_RETF_NONE, - .key = "tcp.res2", - }, - { .type = ULOGD_RET_UINT16, - .flags = ULOGD_RETF_NONE, - .key = "tcp.csum", - }, -}; - -static ulog_iret_t *_interp_tcphdr(struct ulog_interpreter *ip, - ulog_packet_msg_t *pkt) -{ - struct iphdr *iph = (struct iphdr *) pkt->payload; - void *protoh = (u_int32_t *)iph + iph->ihl; - struct tcphdr *tcph = (struct tcphdr *) protoh; - ulog_iret_t *ret = ip->result; - - if (iph->protocol != IPPROTO_TCP) - return NULL; - - ret[0].value.ui16 = ntohs(tcph->source); - ret[0].flags |= ULOGD_RETF_VALID; - ret[1].value.ui16 = ntohs(tcph->dest); - ret[1].flags |= ULOGD_RETF_VALID; - ret[2].value.ui32 = ntohl(tcph->seq); - ret[2].flags |= ULOGD_RETF_VALID; - ret[3].value.ui32 = ntohl(tcph->ack_seq); - ret[3].flags |= ULOGD_RETF_VALID; - ret[4].value.ui8 = ntohs(tcph->doff); - ret[4].flags |= ULOGD_RETF_VALID; - ret[5].value.ui8 = ntohs(tcph->res1); - ret[5].flags |= ULOGD_RETF_VALID; - ret[6].value.ui16 = ntohs(tcph->window); - ret[6].flags |= ULOGD_RETF_VALID; - - ret[7].value.b = tcph->urg; - ret[7].flags |= ULOGD_RETF_VALID; - if (tcph->urg) { - ret[8].value.ui16 = ntohs(tcph->urg_ptr); - ret[8].flags |= ULOGD_RETF_VALID; - } - ret[9].value.b = tcph->ack; - ret[9].flags |= ULOGD_RETF_VALID; - ret[10].value.b = tcph->psh; - ret[10].flags |= ULOGD_RETF_VALID; - ret[11].value.b = tcph->rst; - ret[11].flags |= ULOGD_RETF_VALID; - ret[12].value.b = tcph->syn; - ret[12].flags |= ULOGD_RETF_VALID; - ret[13].value.b = tcph->fin; - ret[13].flags |= ULOGD_RETF_VALID; - ret[14].value.b = tcph->res1; - ret[14].flags |= ULOGD_RETF_VALID; - ret[15].value.b = tcph->res2; - ret[15].flags |= ULOGD_RETF_VALID; - ret[16].value.ui16 = ntohs(tcph->check); - ret[16].value.ui16 = ULOGD_RETF_VALID; - - return ret; -} - -/*********************************************************************** - * UDP HEADER - ***********************************************************************/ -static ulog_iret_t udphdr_rets[] = { - { .type = ULOGD_RET_UINT16, - .flags = ULOGD_RETF_NONE, - .key = "udp.sport", - }, - { .type = ULOGD_RET_UINT16, - .flags = ULOGD_RETF_NONE, - .key = "udp.dport", - }, - { .type = ULOGD_RET_UINT16, - .flags = ULOGD_RETF_NONE, - .key = "udp.len", - }, - { .type = ULOGD_RET_UINT16, - .flags = ULOGD_RETF_NONE, - .key = "udp.csum", - }, -}; - -static ulog_iret_t *_interp_udp(struct ulog_interpreter *ip, - ulog_packet_msg_t *pkt) -{ - struct iphdr *iph = (struct iphdr *) pkt->payload; - void *protoh = (u_int32_t *)iph + iph->ihl; - struct udphdr *udph = protoh; - ulog_iret_t *ret = ip->result; - - if (iph->protocol != IPPROTO_UDP) - return NULL; - - ret[0].value.ui16 = ntohs(udph->source); - ret[0].flags |= ULOGD_RETF_VALID; - ret[1].value.ui16 = ntohs(udph->dest); - ret[1].flags |= ULOGD_RETF_VALID; - ret[2].value.ui16 = ntohs(udph->len); - ret[2].flags |= ULOGD_RETF_VALID; - ret[3].value.ui16 = ntohs(udph->check); - ret[3].flags |= ULOGD_RETF_VALID; - - return ret; -} - -/*********************************************************************** - * ICMP HEADER - ***********************************************************************/ - -static ulog_iret_t icmphdr_rets[] = { - { .type = ULOGD_RET_UINT8, - .flags = ULOGD_RETF_NONE, - .key = "icmp.type", - }, - { .type = ULOGD_RET_UINT8, - .flags = ULOGD_RETF_NONE, - .key = "icmp.code", - }, - { .type = ULOGD_RET_UINT16, - .flags = ULOGD_RETF_NONE, - .key = "icmp.echoid", - }, - { .type = ULOGD_RET_UINT16, - .flags = ULOGD_RETF_NONE, - .key = "icmp.echoseq", - }, - { .type = ULOGD_RET_IPADDR, - .flags = ULOGD_RETF_NONE, - .key = "icmp.gateway", - }, - { .type = ULOGD_RET_UINT16, - .flags = ULOGD_RETF_NONE, - .key = "icmp.fragmtu", - }, - { .type = ULOGD_RET_UINT16, - .flags = ULOGD_RETF_NONE, - .key = "icmp.csum", - }, -}; - -static ulog_iret_t *_interp_icmp(struct ulog_interpreter *ip, - ulog_packet_msg_t *pkt) -{ - struct iphdr *iph = (struct iphdr *) pkt->payload; - void *protoh = (u_int32_t *)iph + iph->ihl; - struct icmphdr *icmph = protoh; - ulog_iret_t *ret = ip->result; - - if (iph->protocol != IPPROTO_ICMP) - return NULL; - - ret[0].value.ui8 = icmph->type; - ret[0].flags |= ULOGD_RETF_VALID; - ret[1].value.ui8 = icmph->code; - ret[1].flags |= ULOGD_RETF_VALID; - - switch(icmph->type) { - case ICMP_ECHO: - case ICMP_ECHOREPLY: - ret[2].value.ui16 = ntohs(icmph->un.echo.id); - ret[2].flags |= ULOGD_RETF_VALID; - ret[3].value.ui16 = ntohs(icmph->un.echo.sequence); - ret[3].flags |= ULOGD_RETF_VALID; - break; - case ICMP_REDIRECT: - case ICMP_PARAMETERPROB: - ret[4].value.ui32 = ntohl(icmph->un.gateway); - ret[4].flags |= ULOGD_RETF_VALID; - break; - case ICMP_DEST_UNREACH: - if (icmph->code == ICMP_FRAG_NEEDED) { - ret[5].value.ui16 = ntohs(icmph->un.frag.mtu); - ret[5].flags |= ULOGD_RETF_VALID; - } - break; - } - ret[6].value.ui16 = icmph->checksum; - ret[6].flags |= ULOGD_RETF_VALID; - - return ret; -} - -/*********************************************************************** - * IPSEC HEADER - ***********************************************************************/ - -static ulog_iret_t ahesphdr_rets[] = { - { .type = ULOGD_RET_UINT32, - .flags = ULOGD_RETF_NONE, - .key = "ahesp.spi", - }, -}; - -static ulog_iret_t *_interp_ahesp(struct ulog_interpreter *ip, - ulog_packet_msg_t *pkt) -{ - - ulog_iret_t *ret = ip->result; -#if 0 - struct iphdr *iph = (struct iphdr *) pkt->payload; - void *protoh = (u_int32_t *) (iph + iph->ihl); - struct esphdr *esph = protoh; - - if (iph->protocol != IPPROTO_ESP) - return NULL; - - ret[0].value.ui32 = ntohl(esph->spi); - ret[0].flags |= ULOGD_RETF_VALID; -#endif - - return ret; -} - - -static ulog_interpreter_t base_ip[] = { - { .name = "raw", - .interp = &_interp_raw, - .key_num = 3, - .result = raw_rets }, - { .name = "oob", - .interp = &_interp_oob, - .key_num = 6, - .result = oob_rets }, - { .name = "ip", - .interp = &_interp_iphdr, - .key_num = 10, - .result = iphdr_rets }, - { .name = "tcp", - .interp = &_interp_tcphdr, - .key_num = 17, - .result = tcphdr_rets }, - { .name = "icmp", - .interp = &_interp_icmp, - .key_num = 7, - .result = icmphdr_rets }, - { .name = "udp", - .interp = &_interp_udp, - .key_num = 4, - .result = udphdr_rets }, - { .name = "ahesp", - .interp = &_interp_ahesp, - .key_num = 1, - .result = ahesphdr_rets }, - { NULL, "", 0, NULL, 0, NULL }, -}; - -void _base_reg_ip(void) -{ - ulog_interpreter_t *ip = base_ip; - ulog_interpreter_t *p; - - for (p = ip; p->interp; p++) { - register_interpreter(p); - } -} - -void _init(void) -{ - _base_reg_ip(); -} diff --git a/ulogd/extensions/ulogd_LOCAL.c b/ulogd/extensions/ulogd_LOCAL.c deleted file mode 100644 index 6504ec6..0000000 --- a/ulogd/extensions/ulogd_LOCAL.c +++ /dev/null @@ -1,102 +0,0 @@ -/* ulogd_LOCAL.c, Version 0.3 - * - * ulogd interpreter plugin for: - local time of packet - * - hostname of localhost - * - * (C) 2001-2002 by Florent AIDE - * with the help of Moez MKADMI - * shamelessly ripped from Harald Welte - * - * 2002 extended by Martin Kaehmer - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * - */ - -#include -#include -#include -#include -#include - -#ifdef DEBUG_LOCAL -#define DEBUGP(x) ulogd_log(ULOGD_DEBUG, x) -#else -#define DEBUGP(format, args...) -#endif - - -static char hostname[255]; - -static ulog_iret_t *_interp_local(ulog_interpreter_t *ip, - ulog_packet_msg_t *pkt) -{ - struct timeval tv; - ulog_iret_t *ret = ip->result; - - /* Get date */ - gettimeofday(&tv, NULL); - - /* put date */ - ret[0].value.ui32 = (unsigned long) tv.tv_sec; - ret[0].flags |= ULOGD_RETF_VALID; - - ret[1].value.ptr = hostname; - ret[1].flags |= ULOGD_RETF_VALID; - - return ret; -} - -static ulog_iret_t local_rets[] = { - { .type = ULOGD_RET_UINT32, - .flags = ULOGD_RETF_NONE, - .key = "local.time", - }, - { .type = ULOGD_RET_STRING, - .flags = ULOGD_RETF_NONE, - .key = "local.hostname", - }, -}; - -static ulog_interpreter_t local_ip[] = { - { NULL, "local", 0, &_interp_local, 2, local_rets }, - { NULL, "", 0, NULL, 0, NULL }, -}; - -static void _local_reg_ip(void) -{ - ulog_interpreter_t *ip = local_ip; - ulog_interpreter_t *p; - - for (p = ip; p->interp; p++) - register_interpreter(p); -} - -void _init(void) -{ - /* get hostname */ - char *tmp; - if (gethostname(hostname, sizeof(hostname)) < 0) { - ulogd_log(ULOGD_FATAL, "can't gethostname(): %s\n", - strerror(errno)); - exit(2); - } - hostname[sizeof(hostname)-1] = '\0'; - /* strip off everything after first '.' */ - if ((tmp = strchr(hostname, '.'))) - *tmp = '\0'; - - _local_reg_ip(); -} diff --git a/ulogd/extensions/ulogd_LOCALTIME.c b/ulogd/extensions/ulogd_LOCALTIME.c deleted file mode 100644 index e69de29..0000000 diff --git a/ulogd/extensions/ulogd_LOGEMU.c b/ulogd/extensions/ulogd_LOGEMU.c deleted file mode 100644 index 5473668..0000000 --- a/ulogd/extensions/ulogd_LOGEMU.c +++ /dev/null @@ -1,139 +0,0 @@ -/* ulogd_LOGEMU.c, Version $Revision$ - * - * ulogd output target for syslog logging emulation - * - * This target produces a file which looks the same like the syslog-entries - * of the LOG target. - * - * (C) 2000-2001 by Harald Welte - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * $Id$ - * - */ - -#include -#include -#include -#include -#include -#include -#include "printpkt.c" - -#ifndef ULOGD_LOGEMU_DEFAULT -#define ULOGD_LOGEMU_DEFAULT "/var/log/ulogd.syslogemu" -#endif - -#ifndef ULOGD_LOGEMU_SYNC_DEFAULT -#define ULOGD_LOGEMU_SYNC_DEFAULT 0 -#endif - -#define NIPQUAD(addr) \ - ((unsigned char *)&addr)[0], \ - ((unsigned char *)&addr)[1], \ - ((unsigned char *)&addr)[2], \ - ((unsigned char *)&addr)[3] - -static config_entry_t syslogf_ce = { - .key = "file", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_NONE, - .u = { .string = ULOGD_LOGEMU_DEFAULT } -}; - -static config_entry_t syslsync_ce = { - .next = &syslogf_ce, - .key = "sync", - .type = CONFIG_TYPE_INT, - .options = CONFIG_OPT_NONE, - .u = { .value = ULOGD_LOGEMU_SYNC_DEFAULT } -}; - -static FILE *of = NULL; - -static int _output_logemu(ulog_iret_t *res) -{ - static char buf[4096]; - - printpkt_print(res, buf, 1); - - fprintf(of, "%s", buf); - - if (syslsync_ce.u.value) - fflush(of); - - return 0; -} - -static void signal_handler_logemu(int signal) -{ - FILE *old=of; - - switch (signal) { - case SIGHUP: - ulogd_log(ULOGD_NOTICE, "syslogemu: reopening logfile\n"); - of = fopen(syslogf_ce.u.string, "a"); - if (!of) { - ulogd_log(ULOGD_FATAL, "can't open syslogemu: %s\n", - strerror(errno)); - of=old; - } else { - fclose(old); - } - break; - default: - break; - } -} - - -static int init_logemu(void) { - /* FIXME: error handling */ - config_parse_file("LOGEMU", &syslsync_ce); - -#ifdef DEBUG_LOGEMU - of = stdout; -#else - of = fopen(syslogf_ce.u.string, "a"); - if (!of) { - ulogd_log(ULOGD_FATAL, "can't open syslogemu: %s\n", - strerror(errno)); - exit(2); - } -#endif - if (printpkt_init()) { - ulogd_log(ULOGD_ERROR, "can't resolve all keyhash id's\n"); - } - - return 1; -} - -static void fini_logemu(void) { - if (of != stdout) - fclose(of); -} - -static ulog_output_t logemu_op = { - .name = "syslogemu", - .init = &init_logemu, - .fini = &fini_logemu, - .output = &_output_logemu, - .signal = &signal_handler_logemu, -}; - -void _init(void) -{ - register_output(&logemu_op); -} diff --git a/ulogd/extensions/ulogd_OPRINT.c b/ulogd/extensions/ulogd_OPRINT.c deleted file mode 100644 index ed34382..0000000 --- a/ulogd/extensions/ulogd_OPRINT.c +++ /dev/null @@ -1,149 +0,0 @@ -/* ulogd_MAC.c, Version $Revision$ - * - * ulogd output target for logging to a file - * - * (C) 2000-2001 by Harald Welte - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * $Id$ - * - */ - -#include -#include -#include -#include -#include - -#ifndef ULOGD_OPRINT_DEFAULT -#define ULOGD_OPRINT_DEFAULT "/var/log/ulogd.pktlog" -#endif - -#define NIPQUAD(addr) \ - ((unsigned char *)&addr)[0], \ - ((unsigned char *)&addr)[1], \ - ((unsigned char *)&addr)[2], \ - ((unsigned char *)&addr)[3] - -#define HIPQUAD(addr) \ - ((unsigned char *)&addr)[3], \ - ((unsigned char *)&addr)[2], \ - ((unsigned char *)&addr)[1], \ - ((unsigned char *)&addr)[0] - -static FILE *of = NULL; - -static int _output_print(ulog_iret_t *res) -{ - ulog_iret_t *ret; - - fprintf(of, "===>PACKET BOUNDARY\n"); - for (ret = res; ret; ret = ret->cur_next) { - fprintf(of,"%s=", ret->key); - switch (ret->type) { - case ULOGD_RET_STRING: - fprintf(of, "%s\n", (char *) ret->value.ptr); - break; - case ULOGD_RET_BOOL: - case ULOGD_RET_INT8: - case ULOGD_RET_INT16: - case ULOGD_RET_INT32: - fprintf(of, "%d\n", ret->value.i32); - break; - case ULOGD_RET_UINT8: - case ULOGD_RET_UINT16: - case ULOGD_RET_UINT32: - fprintf(of, "%u\n", ret->value.ui32); - break; - case ULOGD_RET_IPADDR: - fprintf(of, "%u.%u.%u.%u\n", - HIPQUAD(ret->value.ui32)); - break; - case ULOGD_RET_NONE: - fprintf(of, "\n"); - break; - default: - fprintf(of, "\n"); - break; - } - } - return 0; -} - -static config_entry_t outf_ce = { - .key = "file", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_NONE, - .u = { .string = ULOGD_OPRINT_DEFAULT } -}; - -static void sighup_handler_print(int signal) -{ - FILE *old=of; - - switch (signal) { - case SIGHUP: - ulogd_log(ULOGD_NOTICE, "PKTLOG: reopening logfile\n"); - of = fopen(outf_ce.u.string, "a"); - if (!of) { - ulogd_log(ULOGD_FATAL, "can't open PKTLOG: %s\n", - strerror(errno)); - of=old; - } else { - fclose(old); - } - break; - default: - break; - } -} - -static int oprint_init(void) -{ -#ifdef DEBUG - of = stdout; -#else - config_parse_file("OPRINT", &outf_ce); - - of = fopen(outf_ce.u.string, "a"); - if (!of) { - ulogd_log(ULOGD_FATAL, "can't open PKTLOG: %s\n", - strerror(errno)); - exit(2); - } -#endif - return 0; -} - -static void oprint_fini(void) -{ - if (of != stdout) - fclose(of); - - return; -} - -static ulog_output_t oprint_op = { - .name = "oprint", - .output = &_output_print, - .signal = &sighup_handler_print, - .init = &oprint_init, - .fini = &oprint_fini, -}; - -void _init(void) -{ - register_output(&oprint_op); -} diff --git a/ulogd/extensions/ulogd_PWSNIFF.c b/ulogd/extensions/ulogd_PWSNIFF.c deleted file mode 100644 index d205cdd..0000000 --- a/ulogd/extensions/ulogd_PWSNIFF.c +++ /dev/null @@ -1,167 +0,0 @@ -/* ulogd_PWSNIFF.c, Version $Revision$ - * - * ulogd logging interpreter for POP3 / FTP like plaintext passwords. - * - * (C) 2000-2003 by Harald Welte - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * $Id$ - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include "chtons.h" -#include - -#ifdef DEBUG_PWSNIFF -#define DEBUGP(x) ulogd_log(ULOGD_DEBUG, x) -#else -#define DEBUGP(format, args...) -#endif - - -#define PORT_POP3 110 -#define PORT_FTP 21 - -static u_int16_t pwsniff_ports[] = { - __constant_htons(PORT_POP3), - __constant_htons(PORT_FTP), - /* feel free to include any other ports here, provided that their - * user/password syntax is the same */ -}; - -#define PWSNIFF_MAX_PORTS 2 - -static char *_get_next_blank(char* begp, char *endp) -{ - char *ptr; - - for (ptr = begp; ptr < endp; ptr++) { - if (*ptr == ' ' || *ptr == '\n' || *ptr == '\r') { - return ptr-1; - } - } - return NULL; -} - -static ulog_iret_t *_interp_pwsniff(ulog_interpreter_t *ip, ulog_packet_msg_t *pkt) -{ - struct iphdr *iph = (struct iphdr *) pkt->payload; - void *protoh = (u_int32_t *)iph + iph->ihl; - struct tcphdr *tcph = protoh; - u_int32_t tcplen = ntohs(iph->tot_len) - iph->ihl * 4; - unsigned char *ptr, *begp, *pw_begp, *endp, *pw_endp; - ulog_iret_t *ret = ip->result; - int len, pw_len, i, cont = 0; - - len = pw_len = 0; - begp = pw_begp = NULL; - - if (iph->protocol != IPPROTO_TCP) - return NULL; - - for (i = 0; i < PWSNIFF_MAX_PORTS; i++) - { - if (tcph->dest == pwsniff_ports[i]) { - cont = 1; - break; - } - } - if (!cont) - return NULL; - - DEBUGP("----> pwsniff detected, tcplen=%d, struct=%d, iphtotlen=%d, ihl=%d\n", tcplen, sizeof(struct tcphdr), ntohs(iph->tot_len), iph->ihl); - - for (ptr = (unsigned char *) tcph + sizeof(struct tcphdr); - ptr < (unsigned char *) tcph + tcplen; ptr++) - { - if (!strncasecmp((char *)ptr, "USER ", 5)) { - begp = ptr+5; - endp = (unsigned char *)_get_next_blank((char *)begp, (char *)tcph + tcplen); - if (endp) - len = endp - begp + 1; - } - if (!strncasecmp((char *)ptr, "PASS ", 5)) { - pw_begp = ptr+5; - pw_endp = (unsigned char *)_get_next_blank((char *)pw_begp, - (char *)tcph + tcplen); - if (pw_endp) - pw_len = pw_endp - pw_begp + 1; - } - } - - if (len) { - ret[0].value.ptr = (char *) malloc(len+1); - ret[0].flags |= ULOGD_RETF_VALID; - if (!ret[0].value.ptr) { - ulogd_log(ULOGD_ERROR, "OOM (size=%u)\n", len); - return NULL; - } - strncpy(ret[0].value.ptr, (char *)begp, len); - *((char *)ret[0].value.ptr + len) = '\0'; - } - if (pw_len) { - ret[1].value.ptr = (char *) malloc(pw_len+1); - ret[1].flags |= ULOGD_RETF_VALID; - if (!ret[1].value.ptr){ - ulogd_log(ULOGD_ERROR, "OOM (size=%u)\n", pw_len); - return NULL; - } - strncpy(ret[1].value.ptr, (char *)pw_begp, pw_len); - *((char *)ret[1].value.ptr + pw_len) = '\0'; - - } - return ret; -} - -static ulog_iret_t pwsniff_rets[] = { - { .type = ULOGD_RET_STRING, - .flags = ULOGD_RETF_FREE, - .key = "pwsniff.user", - }, - { .type = ULOGD_RET_STRING, - .flags = ULOGD_RETF_FREE, - .key = "pwsniff.pass", - }, -}; - -static ulog_interpreter_t base_ip[] = { - { .name = "pwsniff", - .interp = &_interp_pwsniff, - .key_num = 2, - .result = pwsniff_rets }, - { NULL, "", 0, NULL, 0, NULL }, -}; - -static void _base_reg_ip(void) -{ - ulog_interpreter_t *ip = base_ip; - ulog_interpreter_t *p; - - for (p = ip; p->interp; p++) - register_interpreter(p); -} - - -void _init(void) -{ - _base_reg_ip(); -} diff --git a/ulogd/extensions/ulogd_SYSLOG.c b/ulogd/extensions/ulogd_SYSLOG.c deleted file mode 100644 index 3b8dd44..0000000 --- a/ulogd/extensions/ulogd_SYSLOG.c +++ /dev/null @@ -1,149 +0,0 @@ -/* ulogd_SYSLOG.c, Version $Revision$ - * - * ulogd output target for real syslog() logging - * - * This target produces a syslog entries identical to the LOG target. - * - * (C) 2003 by Harald Welte - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * $Id$ - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include "printpkt.h" - -#ifndef SYSLOG_FACILITY_DEFAULT -#define SYSLOG_FACILITY_DEFAULT "LOG_KERN" -#endif - -#ifndef SYSLOG_LEVEL_DEFAULT -#define SYSLOG_LEVEL_DEFAULT "LOG_NOTICE" -#endif - -static config_entry_t facility_ce = { - .key = "facility", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_NONE, - .u = { .string = SYSLOG_FACILITY_DEFAULT } -}; - -static config_entry_t level_ce = { - .next = &facility_ce, - .key = "level", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_NONE, - .u = { .string = SYSLOG_LEVEL_DEFAULT } -}; - -static int syslog_level, syslog_facility; - -static int _output_syslog(ulog_iret_t *res) -{ - static char buf[4096]; - - printpkt_print(res, buf, 0); - syslog(syslog_level|syslog_facility, buf); - - return 0; -} - -static int syslog_init(void) -{ - /* FIXME: error handling */ - config_parse_file("SYSLOG", &level_ce); - - if (!strcmp(facility_ce.u.string, "LOG_DAEMON")) - syslog_facility = LOG_DAEMON; - else if (!strcmp(facility_ce.u.string, "LOG_KERN")) - syslog_facility = LOG_KERN; - else if (!strcmp(facility_ce.u.string, "LOG_LOCAL0")) - syslog_facility = LOG_LOCAL0; - else if (!strcmp(facility_ce.u.string, "LOG_LOCAL1")) - syslog_facility = LOG_LOCAL1; - else if (!strcmp(facility_ce.u.string, "LOG_LOCAL2")) - syslog_facility = LOG_LOCAL2; - else if (!strcmp(facility_ce.u.string, "LOG_LOCAL3")) - syslog_facility = LOG_LOCAL3; - else if (!strcmp(facility_ce.u.string, "LOG_LOCAL4")) - syslog_facility = LOG_LOCAL4; - else if (!strcmp(facility_ce.u.string, "LOG_LOCAL5")) - syslog_facility = LOG_LOCAL5; - else if (!strcmp(facility_ce.u.string, "LOG_LOCAL6")) - syslog_facility = LOG_LOCAL6; - else if (!strcmp(facility_ce.u.string, "LOG_LOCAL7")) - syslog_facility = LOG_LOCAL7; - else if (!strcmp(facility_ce.u.string, "LOG_USER")) - syslog_facility = LOG_USER; - else { - ulogd_log(ULOGD_FATAL, "unknown facility '%s'\n", - facility_ce.u.string); - exit(2); - } - - if (!strcmp(level_ce.u.string, "LOG_EMERG")) - syslog_level = LOG_EMERG; - else if (!strcmp(level_ce.u.string, "LOG_ALERT")) - syslog_level = LOG_ALERT; - else if (!strcmp(level_ce.u.string, "LOG_CRIT")) - syslog_level = LOG_CRIT; - else if (!strcmp(level_ce.u.string, "LOG_ERR")) - syslog_level = LOG_ERR; - else if (!strcmp(level_ce.u.string, "LOG_WARNING")) - syslog_level = LOG_WARNING; - else if (!strcmp(level_ce.u.string, "LOG_NOTICE")) - syslog_level = LOG_NOTICE; - else if (!strcmp(level_ce.u.string, "LOG_INFO")) - syslog_level = LOG_INFO; - else if (!strcmp(level_ce.u.string, "LOG_DEBUG")) - syslog_level = LOG_DEBUG; - else { - ulogd_log(ULOGD_FATAL, "unknown level '%s'\n", - level_ce.u.string); - exit(2); - } - - openlog("ulogd", LOG_NDELAY|LOG_PID, syslog_facility); - - return 0; -} - -static void syslog_fini(void) -{ - closelog(); -} - -static ulog_output_t syslog_op = { - .name = "syslog", - .init = &syslog_init, - .fini = &syslog_fini, - .output = &_output_syslog, -}; - - -void _init(void) -{ - if (printpkt_init()) - ulogd_log(ULOGD_ERROR, "can't resolve all keyhash id's\n"); - - register_output(&syslog_op); -} diff --git a/ulogd/include/ulogd/conffile.h b/ulogd/include/ulogd/conffile.h deleted file mode 100644 index 4a390d2..0000000 --- a/ulogd/include/ulogd/conffile.h +++ /dev/null @@ -1,66 +0,0 @@ -/* config file parser functions - * - * (C) 2000 by Harald Welte - * - * $Id: conffile.h,v 1.2 2001/05/26 23:19:28 laforge Exp $ - * - * This code is distributed under the terms of GNU GPL */ - -#ifndef _CONFFILE_H -#define _CONFFILE_H - -#include - -/* errors returned by config functions */ -enum { - ERRNONE = 0, - ERROPEN, /* unable to open config file */ - ERROOM, /* out of memory */ - ERRMULT, /* non-multiple option occured more than once */ - ERRMAND, /* mandatory option not found */ - ERRUNKN, /* unknown config key */ - ERRSECTION, /* section not found */ -}; - -/* maximum line lenght of config file entries */ -#define LINE_LEN 255 - -/* maximum lenght of config key name */ -#define CONFIG_KEY_LEN 30 - -/* maximum lenght of string config value */ -#define CONFIG_VAL_STRING_LEN 225 - -/* valid config types */ -#define CONFIG_TYPE_INT 0x0001 -#define CONFIG_TYPE_STRING 0x0002 -#define CONFIG_TYPE_CALLBACK 0x0003 - -/* valid config options */ -#define CONFIG_OPT_NONE 0x0000 -#define CONFIG_OPT_MANDATORY 0x0001 -#define CONFIG_OPT_MULTI 0x0002 - -typedef struct config_entry { - struct config_entry *next; /* the next one in linked list */ - char key[CONFIG_KEY_LEN]; /* name of config directive */ - u_int8_t type; /* type; see above */ - u_int8_t options; /* options; see above */ - u_int8_t hit; /* found? */ - union { - char string[CONFIG_VAL_STRING_LEN]; - int value; - int (*parser)(char *argstr); - } u; -} config_entry_t; - -/* if an error occurs, config_errce is set to the erroneous ce */ -extern config_entry_t *config_errce; - -/* tell us the name of the config file */ -int config_register_file(const char *file); - -/* parse the config file */ -int config_parse_file(const char *section, config_entry_t *keys); - -#endif /* ifndef _CONFFILE_H */ diff --git a/ulogd/include/ulogd/ulogd.h b/ulogd/include/ulogd/ulogd.h deleted file mode 100644 index 36816dc..0000000 --- a/ulogd/include/ulogd/ulogd.h +++ /dev/null @@ -1,162 +0,0 @@ -#ifndef _ULOGD_H -#define _ULOGD_H -/* ulogd, Version $Revision$ - * - * userspace logging daemon for netfilter ULOG target - * of the linux 2.4 netfilter subsystem. - * - * (C) 2000 by Harald Welte - * - * this code is released under the terms of GNU GPL - * - * $Id$ - */ - -#include -#include -#include /* need this because of extension-sighandler */ - -/* All types with MSB = 1 make use of value.ptr - * other types use one of the union's member */ - -/* types without length */ -#define ULOGD_RET_NONE 0x0000 - -#define ULOGD_RET_INT8 0x0001 -#define ULOGD_RET_INT16 0x0002 -#define ULOGD_RET_INT32 0x0003 -#define ULOGD_RET_INT64 0x0004 - -#define ULOGD_RET_UINT8 0x0011 -#define ULOGD_RET_UINT16 0x0012 -#define ULOGD_RET_UINT32 0x0013 -#define ULOGD_RET_UINT64 0x0014 - -#define ULOGD_RET_BOOL 0x0050 - -#define ULOGD_RET_IPADDR 0x0100 - -/* types with length field */ -#define ULOGD_RET_STRING 0x8020 -#define ULOGD_RET_RAW 0x8030 - - -/* FLAGS */ -#define ULOGD_RETF_NONE 0x0000 -#define ULOGD_RETF_VALID 0x0001 /* contains a valid result */ -#define ULOGD_RETF_FREE 0x0002 /* ptr needs to be free()d */ - - -/* maximum length of ulogd key */ -#define ULOGD_MAX_KEYLEN 32 - -#define ULOGD_DEBUG 1 /* debugging information */ -#define ULOGD_INFO 3 -#define ULOGD_NOTICE 5 /* abnormal/unexpected condition */ -#define ULOGD_ERROR 7 /* error condition, requires user action */ -#define ULOGD_FATAL 8 /* fatal, program aborted */ - -typedef struct ulog_iret { - /* next interpreter return (key) in the global list */ - struct ulog_iret *next; - /* next interpreter in linked list for current result */ - struct ulog_iret *cur_next; - /* length of the returned value (only for lengthed types */ - u_int32_t len; - /* type of the returned value (ULOGD_IRET_...) */ - u_int16_t type; - /* flags (i.e. free, ...) */ - u_int16_t flags; - /* name of this key */ - char key[ULOGD_MAX_KEYLEN]; - /* and finally the returned value */ - union { - u_int8_t b; - u_int8_t ui8; - u_int16_t ui16; - u_int32_t ui32; - u_int64_t ui64; - int8_t i8; - int16_t i16; - int32_t i32; - int64_t i64; - void *ptr; - } value; -} ulog_iret_t; - -typedef struct ulog_interpreter { - /* next interpreter in old-style linked list */ - struct ulog_interpreter *next; - /* name of this interpreter (predefined by plugin) */ - char name[ULOGD_MAX_KEYLEN]; - /* ID for this interpreter (dynamically assigned) */ - unsigned int id; - /* function to call for each packet */ - ulog_iret_t* (*interp)(struct ulog_interpreter *ip, - ulog_packet_msg_t *pkt); - /* number of keys this interpreter has */ - unsigned int key_num; - /* keys of this particular interpreter */ - ulog_iret_t *result; -} ulog_interpreter_t; - -typedef struct ulog_output { - /* next output in the linked list */ - struct ulog_output *next; - /* name of this ouput plugin */ - char name[ULOGD_MAX_KEYLEN]; - /* callback for initialization */ - int (*init)(void); - /* callback for de-initialization */ - void (*fini)(void); - /* callback function */ - int (*output)(ulog_iret_t *ret); - /* callback function for signals (SIGHUP, ..) */ - void (*signal)(int signal); -} ulog_output_t; - -/* entries of the key hash */ -struct ulogd_keyh_entry { - ulog_interpreter_t *interp; /* interpreter for this key */ - unsigned int offset; /* offset within interpreter */ - const char *name; /* name of this particular key */ -}; - -/*********************************************************************** - * PUBLIC INTERFACE - ***********************************************************************/ - -/* register a new interpreter plugin */ -void register_interpreter(ulog_interpreter_t *me); - -/* register a new output target */ -void register_output(ulog_output_t *me); - -/* allocate a new ulog_iret_t */ -ulog_iret_t *alloc_ret(const u_int16_t type, const char*); - -/* write a message to the daemons' logfile */ -void __ulogd_log(int level, char *file, int line, const char *message, ...); -/* macro for logging including filename and line number */ -#define ulogd_log(level, format, args...) \ - __ulogd_log(level, __FILE__, __LINE__, format, ## args) -/* backwards compatibility */ -#define ulogd_error(format, args...) ulogd_log(ULOGD_ERROR, format, ## args) - -/* get an interpreter hash id by name */ -unsigned int interh_getid(const char *name); - -/* get a key id if you have the name */ -unsigned int keyh_getid(const char *name); - -/* get a result for a given key id */ -ulog_iret_t *keyh_getres(unsigned int id); - -/* the key hash itself */ -extern struct ulogd_keyh_entry *ulogd_keyh; - -#define IS_VALID(x) (x.flags & ULOGD_RETF_VALID) - -#define SET_VALID(x) (x.flags |= ULOGD_RETF_VALID) - -#endif /* _ULOGD_H */ diff --git a/ulogd/install-sh b/ulogd/install-sh deleted file mode 100755 index e9de238..0000000 --- a/ulogd/install-sh +++ /dev/null @@ -1,251 +0,0 @@ -#!/bin/sh -# -# install - install a program, script, or datafile -# This comes from X11R5 (mit/util/scripts/install.sh). -# -# Copyright 1991 by the Massachusetts Institute of Technology -# -# Permission to use, copy, modify, distribute, and sell this software and its -# documentation for any purpose is hereby granted without fee, provided that -# the above copyright notice appear in all copies and that both that -# copyright notice and this permission notice appear in supporting -# documentation, and that the name of M.I.T. not be used in advertising or -# publicity pertaining to distribution of the software without specific, -# written prior permission. M.I.T. makes no representations about the -# suitability of this software for any purpose. It is provided "as is" -# without express or implied warranty. -# -# Calling this script install-sh is preferred over install.sh, to prevent -# `make' implicit rules from creating a file called install from it -# when there is no Makefile. -# -# This script is compatible with the BSD install script, but was written -# from scratch. It can only install one file at a time, a restriction -# shared with many OS's install programs. - - -# set DOITPROG to echo to test this script - -# Don't use :- since 4.3BSD and earlier shells don't like it. -doit="${DOITPROG-}" - - -# put in absolute paths if you don't have them in your path; or use env. vars. - -mvprog="${MVPROG-mv}" -cpprog="${CPPROG-cp}" -chmodprog="${CHMODPROG-chmod}" -chownprog="${CHOWNPROG-chown}" -chgrpprog="${CHGRPPROG-chgrp}" -stripprog="${STRIPPROG-strip}" -rmprog="${RMPROG-rm}" -mkdirprog="${MKDIRPROG-mkdir}" - -transformbasename="" -transform_arg="" -instcmd="$mvprog" -chmodcmd="$chmodprog 0755" -chowncmd="" -chgrpcmd="" -stripcmd="" -rmcmd="$rmprog -f" -mvcmd="$mvprog" -src="" -dst="" -dir_arg="" - -while [ x"$1" != x ]; do - case $1 in - -c) instcmd="$cpprog" - shift - continue;; - - -d) dir_arg=true - shift - continue;; - - -m) chmodcmd="$chmodprog $2" - shift - shift - continue;; - - -o) chowncmd="$chownprog $2" - shift - shift - continue;; - - -g) chgrpcmd="$chgrpprog $2" - shift - shift - continue;; - - -s) stripcmd="$stripprog" - shift - continue;; - - -t=*) transformarg=`echo $1 | sed 's/-t=//'` - shift - continue;; - - -b=*) transformbasename=`echo $1 | sed 's/-b=//'` - shift - continue;; - - *) if [ x"$src" = x ] - then - src=$1 - else - # this colon is to work around a 386BSD /bin/sh bug - : - dst=$1 - fi - shift - continue;; - esac -done - -if [ x"$src" = x ] -then - echo "install: no input file specified" - exit 1 -else - true -fi - -if [ x"$dir_arg" != x ]; then - dst=$src - src="" - - if [ -d $dst ]; then - instcmd=: - chmodcmd="" - else - instcmd=mkdir - fi -else - -# Waiting for this to be detected by the "$instcmd $src $dsttmp" command -# might cause directories to be created, which would be especially bad -# if $src (and thus $dsttmp) contains '*'. - - if [ -f $src -o -d $src ] - then - true - else - echo "install: $src does not exist" - exit 1 - fi - - if [ x"$dst" = x ] - then - echo "install: no destination specified" - exit 1 - else - true - fi - -# If destination is a directory, append the input filename; if your system -# does not like double slashes in filenames, you may need to add some logic - - if [ -d $dst ] - then - dst="$dst"/`basename $src` - else - true - fi -fi - -## this sed command emulates the dirname command -dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` - -# Make sure that the destination directory exists. -# this part is taken from Noah Friedman's mkinstalldirs script - -# Skip lots of stat calls in the usual case. -if [ ! -d "$dstdir" ]; then -defaultIFS=' -' -IFS="${IFS-${defaultIFS}}" - -oIFS="${IFS}" -# Some sh's can't handle IFS=/ for some reason. -IFS='%' -set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` -IFS="${oIFS}" - -pathcomp='' - -while [ $# -ne 0 ] ; do - pathcomp="${pathcomp}${1}" - shift - - if [ ! -d "${pathcomp}" ] ; - then - $mkdirprog "${pathcomp}" - else - true - fi - - pathcomp="${pathcomp}/" -done -fi - -if [ x"$dir_arg" != x ] -then - $doit $instcmd $dst && - - if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && - if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && - if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && - if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi -else - -# If we're going to rename the final executable, determine the name now. - - if [ x"$transformarg" = x ] - then - dstfile=`basename $dst` - else - dstfile=`basename $dst $transformbasename | - sed $transformarg`$transformbasename - fi - -# don't allow the sed command to completely eliminate the filename - - if [ x"$dstfile" = x ] - then - dstfile=`basename $dst` - else - true - fi - -# Make a temp file name in the proper directory. - - dsttmp=$dstdir/#inst.$$# - -# Move or copy the file name to the temp name - - $doit $instcmd $src $dsttmp && - - trap "rm -f ${dsttmp}" 0 && - -# and set any options; do chmod last to preserve setuid bits - -# If any of these fail, we abort the whole thing. If we want to -# ignore errors from any of these, just make sure not to ignore -# errors from the above "$doit $instcmd $src $dsttmp" command. - - if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && - if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && - if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && - if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && - -# Now rename the file to the real destination. - - $doit $rmcmd -f $dstdir/$dstfile && - $doit $mvcmd $dsttmp $dstdir/$dstfile - -fi && - - -exit 0 diff --git a/ulogd/libipulog/Makefile.in b/ulogd/libipulog/Makefile.in deleted file mode 100644 index 52a3394..0000000 --- a/ulogd/libipulog/Makefile.in +++ /dev/null @@ -1,23 +0,0 @@ -# - -include @top_srcdir@/Rules.make -CFLAGS+=-Iinclude -I/usr/src/linux/include - -libipulog.a: libipulog.o - $(LD) -i $< -o $@ - -distrib: - -ulog_test: ulog_test.c libipulog.a - $(CC) $(CFLAGS) ulog_test.c libipulog.a -o ulog_test - -libipulog.o: libipulog.c - $(CC) $(CFLAGS) -c $< -o $@ - -clean: - $(RM) ulog_test libipulog.o libipulog.a - -distclean: clean - $(RM) Makefile - -install: libipulog.a diff --git a/ulogd/libipulog/include/libipulog/libipulog.h b/ulogd/libipulog/include/libipulog/libipulog.h deleted file mode 100644 index b3805d7..0000000 --- a/ulogd/libipulog/include/libipulog/libipulog.h +++ /dev/null @@ -1,58 +0,0 @@ -#ifndef _LIBIPULOG_H -#define _LIBIPULOG_H - -/* $Id$ */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "linux/netfilter_ipv4/ipt_ULOG.h" - -/* FIXME: glibc sucks */ -#ifndef MSG_TRUNC -#define MSG_TRUNC 0x20 -#endif - -struct ipulog_handle; -extern int ipulog_errno; - -u_int32_t ipulog_group2gmask(u_int32_t group); - -struct ipulog_handle *ipulog_create_handle(u_int32_t gmask, u_int32_t rmem); - -void ipulog_destroy_handle(struct ipulog_handle *h); - -ssize_t ipulog_read(struct ipulog_handle *h, - unsigned char *buf, size_t len, int timeout); - -ulog_packet_msg_t *ipulog_get_packet(struct ipulog_handle *h, - const unsigned char *buf, - size_t len); - -char *ipulog_strerror(int errcode); - -void ipulog_perror(const char *s); - -enum -{ - IPULOG_ERR_NONE = 0, - IPULOG_ERR_IMPL, - IPULOG_ERR_HANDLE, - IPULOG_ERR_SOCKET, - IPULOG_ERR_BIND, - IPULOG_ERR_RECVBUF, - IPULOG_ERR_RECV, - IPULOG_ERR_NLEOF, - IPULOG_ERR_TRUNC, - IPULOG_ERR_INVGR, - IPULOG_ERR_INVNL, -}; -#define IPULOG_MAXERR IPULOG_ERR_INVNL - -#endif /* _LIBULOG_H */ diff --git a/ulogd/libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h b/ulogd/libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h deleted file mode 100644 index de062cd..0000000 --- a/ulogd/libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Header file for IP tables userspace logging, Version 1.8 - * - * (C) 2000-2002 by Harald Welte - * - * Distributed under the terms of GNU GPL */ -#ifndef _IPT_ULOG_H -#define _IPT_ULOG_H - -#ifndef NETLINK_NFLOG -#define NETLINK_NFLOG 5 -#endif - -#define ULOG_DEFAULT_NLGROUP 1 -#define ULOG_DEFAULT_QTHRESHOLD 1 - -#define ULOG_MAC_LEN 80 -#define ULOG_PREFIX_LEN 32 - -#define ULOG_MAX_QLEN 50 -/* Why 50? Well... there is a limit imposed by the slab cache 131000 - * bytes. So the multipart netlink-message has to be < 131000 bytes. - * Assuming a standard ethernet-mtu of 1500, we could define this up - * to 80... but even 50 seems to be big enough. */ - -/* private data structure for each rule with a ULOG target */ -struct ipt_ulog_info { - unsigned int nl_group; -#ifdef KERNEL_64_USERSPACE_32 - unsigned long long copy_range; - unsigned long long qthreshold; -#else - size_t copy_range; - size_t qthreshold; -#endif - char prefix[ULOG_PREFIX_LEN]; -}; - -/* Format of the ULOG packets passed through netlink */ -typedef struct ulog_packet_msg { - unsigned long mark; -#ifdef KERNEL_64_USERSPACE_32 - long long timestamp_sec; - long long timestamp_usec; -#else - long timestamp_sec; - long timestamp_usec; -#endif - unsigned int hook; - char indev_name[IFNAMSIZ]; - char outdev_name[IFNAMSIZ]; -#ifdef KERNEL_64_USERSPACE_32 - unsigned long long data_len; -#else - size_t data_len; -#endif - char prefix[ULOG_PREFIX_LEN]; - unsigned char mac_len; - unsigned char mac[ULOG_MAC_LEN]; - unsigned char payload[0]; -} ulog_packet_msg_t; - -#endif /*_IPT_ULOG_H*/ diff --git a/ulogd/libipulog/libipulog.c b/ulogd/libipulog/libipulog.c deleted file mode 100644 index 415b712..0000000 --- a/ulogd/libipulog/libipulog.c +++ /dev/null @@ -1,256 +0,0 @@ -/* - * libipulog.c, $Revision$ - * - * netfilter ULOG userspace library. - * - * (C) 2000-2001 by Harald Welte - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * This library is still under development, so be aware of sudden interface - * changes - * - * $Id$ - */ - -#include -#include -#include -#include -#include -#include - -struct ipulog_handle -{ - int fd; - u_int8_t blocking; - struct sockaddr_nl local; - struct sockaddr_nl peer; - struct nlmsghdr* last_nlhdr; -}; - -/* internal */ - - -int ipulog_errno = IPULOG_ERR_NONE; - -struct ipulog_errmap_t -{ - int errcode; - char *message; -} ipulog_errmap[] = -{ - { IPULOG_ERR_NONE, "No error" }, - { IPULOG_ERR_IMPL, "Not implemented yet" }, - { IPULOG_ERR_HANDLE, "Unable to create netlink handle" }, - { IPULOG_ERR_SOCKET, "Unable to create netlink socket" }, - { IPULOG_ERR_BIND, "Unable to bind netlink socket" }, - { IPULOG_ERR_RECVBUF, "Receive buffer size invalid" }, - { IPULOG_ERR_RECV, "Error during netlink receive" }, - { IPULOG_ERR_NLEOF, "Received EOF on netlink socket" }, - { IPULOG_ERR_TRUNC, "Receive message truncated" }, - { IPULOG_ERR_INVGR, "Invalid group specified" }, - { IPULOG_ERR_INVNL, "Invalid netlink message" }, -}; - -static ssize_t -ipulog_netlink_recvfrom(const struct ipulog_handle *h, - unsigned char *buf, size_t len) -{ - socklen_t addrlen; - int status; - struct nlmsghdr *nlh; - - if (len < sizeof(struct nlmsgerr)) { - ipulog_errno = IPULOG_ERR_RECVBUF; - return -1; - } - addrlen = sizeof(h->peer); - status = recvfrom(h->fd, buf, len, 0, (struct sockaddr *)&h->peer, - &addrlen); - if (status < 0) { - ipulog_errno = IPULOG_ERR_RECV; - return status; - } - if (addrlen != sizeof (h->peer)) { - ipulog_errno = IPULOG_ERR_RECV; - return -1; - } - if (h->peer.nl_pid != 0) { - ipulog_errno = IPULOG_ERR_RECV; - return -1; - } - if (status == 0) { - ipulog_errno = IPULOG_ERR_NLEOF; - return -1; - } - nlh = (struct nlmsghdr *)buf; - if (nlh->nlmsg_flags & MSG_TRUNC || status > len) { - ipulog_errno = IPULOG_ERR_TRUNC; - return -1; - } - return status; -} - -/* public */ - -char *ipulog_strerror(int errcode) -{ - if (errcode < 0 || errcode > IPULOG_MAXERR) - errcode = IPULOG_ERR_IMPL; - return ipulog_errmap[errcode].message; -} - -/* convert a netlink group (1-32) to a group_mask suitable for create_handle */ -u_int32_t ipulog_group2gmask(u_int32_t group) -{ - if (group < 1 || group > 32) - { - ipulog_errno = IPULOG_ERR_INVGR; - return 0; - } - return (1 << (group - 1)); -} - -/* create a ipulog handle for the reception of packets sent to gmask */ -struct ipulog_handle *ipulog_create_handle(u_int32_t gmask, - u_int32_t rcvbufsize) -{ - struct ipulog_handle *h; - int status; - - h = (struct ipulog_handle *) malloc(sizeof(struct ipulog_handle)); - if (h == NULL) - { - ipulog_errno = IPULOG_ERR_HANDLE; - return NULL; - } - memset(h, 0, sizeof(struct ipulog_handle)); - h->fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_NFLOG); - if (h->fd == -1) - { - ipulog_errno = IPULOG_ERR_SOCKET; - close(h->fd); - free(h); - return NULL; - } - memset(&h->local, 0, sizeof(struct sockaddr_nl)); - h->local.nl_family = AF_NETLINK; - h->local.nl_pid = getpid(); - h->local.nl_groups = gmask; - status = bind(h->fd, (struct sockaddr *)&h->local, sizeof(h->local)); - if (status == -1) - { - ipulog_errno = IPULOG_ERR_BIND; - close(h->fd); - free(h); - return NULL; - } - memset(&h->peer, 0, sizeof(struct sockaddr_nl)); - h->peer.nl_family = AF_NETLINK; - h->peer.nl_pid = 0; - h->peer.nl_groups = gmask; - - status = setsockopt(h->fd, SOL_SOCKET, SO_RCVBUF, &rcvbufsize, - sizeof(rcvbufsize)); - if (status == -1) - { - ipulog_errno = IPULOG_ERR_RECVBUF; - close(h->fd); - free(h); - return NULL; - } - - return h; -} - -/* destroy a ipulog handle */ -void ipulog_destroy_handle(struct ipulog_handle *h) -{ - close(h->fd); - free(h); -} - -#if 0 -int ipulog_set_mode() -{ -} -#endif - -/* do a BLOCKING read on an ipulog handle */ -ssize_t ipulog_read(struct ipulog_handle *h, unsigned char *buf, - size_t len, int timeout) -{ - return ipulog_netlink_recvfrom(h, buf, len); -} - -/* get a pointer to the actual start of the ipulog packet, - use this to strip netlink header */ -ulog_packet_msg_t *ipulog_get_packet(struct ipulog_handle *h, - const unsigned char *buf, - size_t len) -{ - struct nlmsghdr *nlh; - size_t remain_len; - - /* if last header in handle not inside this buffer, - * drop reference to last header */ - if ((unsigned char *)h->last_nlhdr > (buf + len) || - (unsigned char *)h->last_nlhdr < buf) { - h->last_nlhdr = NULL; - } - - if (!h->last_nlhdr) { - /* fist message in buffer */ - nlh = (struct nlmsghdr *) buf; - if (!NLMSG_OK(nlh, len)) { - /* ERROR */ - ipulog_errno = IPULOG_ERR_INVNL; - return NULL; - } - } else { - /* we are in n-th part of multilink message */ - if (h->last_nlhdr->nlmsg_type == NLMSG_DONE || - !(h->last_nlhdr->nlmsg_flags & NLM_F_MULTI)) { - /* if last part in multilink message, - * or no multipart message at all: return */ - h->last_nlhdr = NULL; - return NULL; - } - - /* calculate remaining lenght from lasthdr to end of buffer */ - remain_len = (len - - ((unsigned char *)h->last_nlhdr - buf)); - nlh = NLMSG_NEXT(h->last_nlhdr, remain_len); - } - - h->last_nlhdr = nlh; - - return NLMSG_DATA(nlh); -} - -/* print a human readable description of the last error to stderr */ -void ipulog_perror(const char *s) -{ - if (s) - fputs(s, stderr); - else - fputs("ERROR", stderr); - if (ipulog_errno) - fprintf(stderr, ": %s", ipulog_strerror(ipulog_errno)); - if (errno) - fprintf(stderr, ": %s", strerror(errno)); - fputc('\n', stderr); -} - diff --git a/ulogd/libipulog/ulog_test.c b/ulogd/libipulog/ulog_test.c deleted file mode 100644 index 792a793..0000000 --- a/ulogd/libipulog/ulog_test.c +++ /dev/null @@ -1,84 +0,0 @@ -/* ulog_test, $Revision$ - * - * small testing program for libipulog, part of the netfilter ULOG target - * for the linux 2.4 netfilter subsystem. - * - * (C) 2000-2005 by Harald Welte - * - * this code is released under the terms of GNU GPL - * - * $Id$ - */ - -#include -#include -#include - -#define MYBUFSIZ 2048 - -/* prints some logging about a single packet */ -void handle_packet(ulog_packet_msg_t *pkt) -{ - unsigned char *p; - int i; - - printf("Hook=%u Mark=%lu len=%d ", - pkt->hook, pkt->mark, pkt->data_len); - if (strlen(pkt->prefix)) - printf("Prefix=%s ", pkt->prefix); - - if (pkt->mac_len) - { - printf("mac="); - p = pkt->mac; - for (i = 0; i < pkt->mac_len; i++, p++) - printf("%02x%c", *p, i==pkt->mac_len-1 ? ' ':':'); - } - printf("\n"); - -} - -int main(int argc, char *argv[]) -{ - struct ipulog_handle *h; - unsigned char* buf; - int len; - ulog_packet_msg_t *upkt; - int i; - - if (argc != 4) { - fprintf(stderr, "Usage: %s count group timeout\n", argv[0]); - exit(1); - } - - /* allocate a receive buffer */ - buf = (unsigned char *) malloc(MYBUFSIZ); - - /* create ipulog handle */ - h = ipulog_create_handle(ipulog_group2gmask(atoi(argv[2])),150000); - if (!h) - { - /* if some error occurrs, print it to stderr */ - ipulog_perror(NULL); - exit(1); - } - - alarm(atoi(argv[3])); - - /* loop receiving packets and handling them over to handle_packet */ - for (i = 0; i < atoi(argv[1]); i++) { - len = ipulog_read(h, buf, MYBUFSIZ, 1); - if (len <= 0) { - ipulog_perror("ulog_test: short read"); - exit(1); - } - printf("%d bytes received\n", len); - while (upkt = ipulog_get_packet(h, buf, len)) { - handle_packet(upkt); - } - } - - /* just to give it a cleaner look */ - ipulog_destroy_handle(h); - return 0; -} diff --git a/ulogd/mysql/Makefile.in b/ulogd/mysql/Makefile.in deleted file mode 100644 index cbab843..0000000 --- a/ulogd/mysql/Makefile.in +++ /dev/null @@ -1,30 +0,0 @@ -# - -# Normally You should not need to change anything below -# -include @top_srcdir@/Rules.make - -CFLAGS+=-I@top_srcdir@ -I@top_srcdir@/libipulog/include -I@top_srcdir@/include -SH_CFLAGS:=$(CFLAGS) -fPIC - -SHARED_LIBS=ulogd_MYSQL.so - -all: $(SHARED_LIBS) - -distrib: - -$(SHARED_LIBS): %.so: %_sh.o - $(LD) -shared $(MYSQL_LDFLAGS) -o $@ $< -lc - -%_sh.o: %.c - $(CC) $(MYSQL_CFLAGS) $(SH_CFLAGS) -o $@ -c $< - -clean: - $(RM) $(SHARED_LIBS) *.o - -distclean: - $(RM) Makefile - -install: all - $(INSTALL) -m 755 -d $(DESTDIR)$(ULOGD_LIB_PATH) - $(INSTALL) -m 755 *.so $(DESTDIR)$(ULOGD_LIB_PATH) diff --git a/ulogd/mysql/ulogd_MYSQL.c b/ulogd/mysql/ulogd_MYSQL.c deleted file mode 100644 index b917ffa..0000000 --- a/ulogd/mysql/ulogd_MYSQL.c +++ /dev/null @@ -1,525 +0,0 @@ -/* ulogd_MYSQL.c, Version $Revision$ - * - * ulogd output plugin for logging to a MySQL database - * - * (C) 2000-2001 by Harald Welte - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * $Id$ - * - * 15 May 2001, Alex Janssen : - * Added a compability option for older MySQL-servers, which - * don't support mysql_real_escape_string - * - * 17 May 2001, Alex Janssen : - * Added the --with-mysql-log-ip-as-string feature. This will log - * IP's as string rather than an unsigned long integer to the database. - * See ulogd/doc/mysql.table.ipaddr-as-string as an example. - * BE WARNED: This has _WAY_ less performance during table searches. - * - * 09 Feb 2005, Sven Schuster : - * Added the "port" parameter to specify ports different from 3306 - * - * 12 May 2005, Jozsef Kadlecsik - * Added reconnecting to lost mysql server. - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef DEBUG_MYSQL -#define DEBUGP(x, args...) fprintf(stderr, x, ## args) -#else -#define DEBUGP(x, args...) -#endif - -struct _field { - char name[ULOGD_MAX_KEYLEN]; - unsigned int id; - unsigned int str; - struct _field *next; -}; - -/* The plugin handler */ -static ulog_output_t mysql_plugin; - -/* the database handle we are using */ -static MYSQL *dbh; - -/* a linked list of the fields the table has */ -static struct _field *fields; - -/* buffer for our insert statement */ -static char *stmt; - -/* size of our insert statement buffer */ -static size_t stmt_siz; - -/* pointer to the beginning of the "VALUES" part */ -static char *stmt_val; - -/* pointer to current inser position in statement */ -static char *stmt_ins; - -#define STMT_ADD(pos, fmt...) \ - do { \ - if ((pos) >= stmt && stmt_siz > (pos) - stmt) \ - snprintf((pos), stmt_siz-((pos)-stmt), ##fmt); \ - } while(0) - -/* Attempt to reconnect if connection is lost */ -time_t reconnect = 0; -#define TIME_ERR ((time_t)-1) /* Be paranoid */ - -/* our configuration directives */ -static config_entry_t db_ce = { - .key = "db", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_MANDATORY, -}; - -static config_entry_t host_ce = { - .next = &db_ce, - .key = "host", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_MANDATORY, -}; - -static config_entry_t user_ce = { - .next = &host_ce, - .key = "user", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_MANDATORY, -}; - -static config_entry_t pass_ce = { - .next = &user_ce, - .key = "pass", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_MANDATORY, -}; - -static config_entry_t table_ce = { - .next = &pass_ce, - .key = "table", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_MANDATORY, -}; - -static config_entry_t port_ce = { - .next = &table_ce, - .key = "port", - .type = CONFIG_TYPE_INT, -}; - -static config_entry_t reconnect_ce = { - .next = &port_ce, - .key = "reconnect", - .type = CONFIG_TYPE_INT, -}; - -static config_entry_t connect_timeout_ce = { - .next = &reconnect_ce, - .key = "connect_timeout", - .type = CONFIG_TYPE_INT, -}; - -static int _mysql_init_db(ulog_iret_t *result); -static void _mysql_fini(void); - -/* our main output function, called by ulogd */ -static int mysql_output(ulog_iret_t *result) -{ - struct _field *f; - ulog_iret_t *res; -#ifdef IP_AS_STRING - char *tmpstr; /* need this for --log-ip-as-string */ - struct in_addr addr; -#endif - size_t esclen; - - if (stmt_val == NULL) { - _mysql_fini(); - return _mysql_init_db(result); - } - - stmt_ins = stmt_val; - - for (f = fields; f; f = f->next) { - res = keyh_getres(f->id); - - if (!res) { - ulogd_log(ULOGD_NOTICE, - "no result for %s ?!?\n", f->name); - } - - if (!res || !IS_VALID((*res))) { - /* no result, we have to fake something */ - STMT_ADD(stmt_ins,"NULL,"); - stmt_ins = stmt + strlen(stmt); - continue; - } - - switch (res->type) { - case ULOGD_RET_INT8: - STMT_ADD(stmt_ins,"%d,", res->value.i8); - break; - case ULOGD_RET_INT16: - STMT_ADD(stmt_ins,"%d,", res->value.i16); - break; - case ULOGD_RET_INT32: - STMT_ADD(stmt_ins,"%d,", res->value.i32); - break; - case ULOGD_RET_INT64: - STMT_ADD(stmt_ins,"%"PRId64",", res->value.i64); - break; - case ULOGD_RET_UINT8: - STMT_ADD(stmt_ins,"%u,", res->value.ui8); - break; - case ULOGD_RET_UINT16: - STMT_ADD(stmt_ins,"%u,", res->value.ui16); - break; - case ULOGD_RET_IPADDR: -#ifdef IP_AS_STRING - if (f->str) { - addr.s_addr = ntohl(res->value.ui32); - tmpstr = inet_ntoa(addr); - esclen = (strlen(tmpstr)*2) + 4; - if (stmt_siz <= (stmt_ins-stmt)+esclen){ - STMT_ADD(stmt_ins,"'',"); - break; - } - - *stmt_ins++ = '\''; -#ifdef OLD_MYSQL - mysql_escape_string(stmt_ins, - tmpstr, - strlen(tmpstr)); -#else - mysql_real_escape_string(dbh, - stmt_ins, - tmpstr, - strlen(tmpstr)); -#endif /* OLD_MYSQL */ - stmt_ins = stmt + strlen(stmt); - STMT_ADD(stmt_ins, "',"); - break; - } -#endif /* IP_AS_STRING */ - /* EVIL: fallthrough when logging IP as - * u_int32_t */ - case ULOGD_RET_UINT32: - STMT_ADD(stmt_ins, "%u,", res->value.ui32); - break; - case ULOGD_RET_UINT64: - STMT_ADD(stmt_ins,"%"PRIu64",",res->value.ui64); - break; - case ULOGD_RET_BOOL: - STMT_ADD(stmt_ins, "'%d',", res->value.b); - break; - case ULOGD_RET_STRING: - esclen = (strlen(res->value.ptr)*2) + 4; - if (stmt_siz <= (stmt_ins-stmt) + esclen) { - STMT_ADD(stmt_ins, "'',"); - break; - } - *stmt_ins++ = '\''; -#ifdef OLD_MYSQL - mysql_escape_string(stmt_ins, res->value.ptr, - strlen(res->value.ptr)); -#else - mysql_real_escape_string(dbh, stmt_ins, - res->value.ptr, strlen(res->value.ptr)); -#endif - stmt_ins = stmt + strlen(stmt); - STMT_ADD(stmt_ins,"',"); - break; - case ULOGD_RET_RAW: - ulogd_log(ULOGD_NOTICE, - "%s: type RAW not supported by MySQL\n", - res->key); - break; - default: - ulogd_log(ULOGD_NOTICE, - "unknown type %d for %s\n", - res->type, res->key); - break; - } - stmt_ins = stmt + strlen(stmt); - } - *(stmt_ins - 1) = ')'; - *stmt_ins = '\0'; - - DEBUGP("stmt=#%s#\n", stmt); - - /* now we have created our statement, insert it */ - - if (mysql_real_query(dbh, stmt, strlen(stmt))) { - ulogd_log(ULOGD_ERROR, "sql error during insert: %s\n", - mysql_error(dbh)); - _mysql_fini(); - return _mysql_init_db(result); - } - - return 0; -} - -/* no connection, plugin disabled */ -static int mysql_output_disabled(ulog_iret_t *result) -{ - return 0; -} - -#define MYSQL_INSERTTEMPL "insert into X (Y) values (Z)" -#define MYSQL_VALSIZE 100 - -/* create the static part of our insert statement */ -static int mysql_createstmt(void) -{ - struct _field *f; - char buf[ULOGD_MAX_KEYLEN]; - char *underscore; - - if (stmt) - free(stmt); - - /* caclulate the size for the insert statement */ - stmt_siz = strlen(MYSQL_INSERTTEMPL) + strlen(table_ce.u.string) + 1; - - for (f = fields; f; f = f->next) { - /* we need space for the key and a comma, as well as - * enough space for the values */ - stmt_siz += strlen(f->name) + 1 + MYSQL_VALSIZE; - } - - ulogd_log(ULOGD_DEBUG, "allocating %zu bytes for statement\n", - stmt_siz); - - stmt = (char *) malloc(stmt_siz); - - if (!stmt) { - stmt_val = NULL; - stmt_siz = 0; - ulogd_log(ULOGD_ERROR, "OOM!\n"); - return -1; - } - - snprintf(stmt, stmt_siz, "insert into %s (", table_ce.u.string); - stmt_val = stmt + strlen(stmt); - - for (f = fields; f; f = f->next) { - strncpy(buf, f->name, ULOGD_MAX_KEYLEN-1); - buf[ULOGD_MAX_KEYLEN-1] = '\0'; - while ((underscore = strchr(buf, '.'))) - *underscore = '_'; - STMT_ADD(stmt_val,"%s,", buf); - stmt_val = stmt + strlen(stmt); - } - *(stmt_val - 1) = ')'; - - STMT_ADD(stmt_val," values ("); - stmt_val = stmt + strlen(stmt); - - ulogd_log(ULOGD_DEBUG, "stmt='%s'\n", stmt); - - return 0; -} - -/* find out which columns the table has */ -static int mysql_get_columns(const char *table) -{ - MYSQL_RES *result; - MYSQL_FIELD *field; - char buf[ULOGD_MAX_KEYLEN]; - char *underscore; - struct _field *f; - int id; - - if (!dbh) - return -1; - - result = mysql_list_fields(dbh, table, NULL); - if (!result) - return -1; - - /* Cleanup before reconnect */ - while (fields) { - f = fields; - fields = f->next; - free(f); - } - - while ((field = mysql_fetch_field(result))) { - - /* replace all underscores with dots */ - strncpy(buf, field->name, ULOGD_MAX_KEYLEN-1); - buf[ULOGD_MAX_KEYLEN-1] = '\0'; - - while ((underscore = strchr(buf, '_'))) - *underscore = '.'; - - DEBUGP("field '%s' found: ", buf); - - if (!(id = keyh_getid(buf))) { - DEBUGP(" no keyid!\n"); - continue; - } - - DEBUGP("keyid %u\n", id); - - /* prepend it to the linked list */ - f = (struct _field *) malloc(sizeof *f); - if (!f) { - ulogd_log(ULOGD_ERROR, "OOM!\n"); - return -1; - } - strncpy(f->name, buf, ULOGD_MAX_KEYLEN-1); - f->name[ULOGD_MAX_KEYLEN-1] = '\0'; - f->id = id; - f->str = !IS_NUM(field->type); - f->next = fields; - fields = f; - } - - mysql_free_result(result); - return 0; -} - -/* make connection and select database */ -static int mysql_open_db(char *server, int port, char *user, char *pass, - char *db) -{ -#ifdef MYSQL_OPT_RECONNECT - my_bool trueval = 1; -#endif - dbh = mysql_init(NULL); - if (!dbh) - return -1; - - if (connect_timeout_ce.u.value) - mysql_options(dbh, MYSQL_OPT_CONNECT_TIMEOUT, - (const char *) &connect_timeout_ce.u.value); - -#ifdef MYSQL_OPT_RECONNECT -# if defined(MYSQL_VERSION_ID) && (MYSQL_VERSION_ID >= 50019) - mysql_options(dbh, MYSQL_OPT_RECONNECT, &trueval); -# endif -#endif - - - if (!mysql_real_connect(dbh, server, user, pass, db, port, NULL, 0)) - { - _mysql_fini(); - return -1; - } - -#ifdef MYSQL_OPT_RECONNECT -# if defined(MYSQL_VERSION_ID) && (MYSQL_VERSION_ID < 50019) - mysql_options(dbh, MYSQL_OPT_RECONNECT, &trueval); -# endif -#endif - - return 0; -} - -static int init_reconnect(void) -{ - if (reconnect_ce.u.value) { - reconnect = time(NULL); - if (reconnect != TIME_ERR) { - ulogd_log(ULOGD_ERROR, "no connection to database, " - "attempting to reconnect " - "after %u seconds\n", - reconnect_ce.u.value); - reconnect += reconnect_ce.u.value; - mysql_plugin.output = &_mysql_init_db; - return -1; - } - } - /* Disable plugin permanently */ - mysql_plugin.output = &mysql_output_disabled; - - return 0; -} - -static int _mysql_init_db(ulog_iret_t *result) -{ - if (reconnect && reconnect > time(NULL)) - return 0; - - if (mysql_open_db(host_ce.u.string, port_ce.u.value, user_ce.u.string, - pass_ce.u.string, db_ce.u.string)) { - ulogd_log(ULOGD_ERROR, "can't establish database connection\n"); - return init_reconnect(); - } - - /* read the fieldnames to know which values to insert */ - if (mysql_get_columns(table_ce.u.string)) { - ulogd_log(ULOGD_ERROR, "unable to get mysql columns\n"); - _mysql_fini(); - return init_reconnect(); - } - - if (mysql_createstmt()) - { - ulogd_log(ULOGD_ERROR, "unable to create mysql statement\n"); - _mysql_fini(); - return init_reconnect(); - } - - /* enable plugin */ - mysql_plugin.output = &mysql_output; - - reconnect = 0; - - if (result) - return mysql_output(result); - - return 0; -} - -static int _mysql_init(void) -{ - /* have the opts parsed */ - config_parse_file("MYSQL", &connect_timeout_ce); - - return _mysql_init_db(NULL); -} - -static void _mysql_fini(void) -{ - if (dbh) { - mysql_close(dbh); - dbh = NULL; - } -} - -static ulog_output_t mysql_plugin = { - .name = "mysql", - .output = &mysql_output, - .init = &_mysql_init, - .fini = &_mysql_fini, -}; - -void _init(void) -{ - register_output(&mysql_plugin); -} diff --git a/ulogd/pcap/Makefile.in b/ulogd/pcap/Makefile.in deleted file mode 100644 index d469c2b..0000000 --- a/ulogd/pcap/Makefile.in +++ /dev/null @@ -1,30 +0,0 @@ -# -include @top_srcdir@/Rules.make - -CFLAGS+=-I@top_srcdir@ -I@top_srcdir@/libipulog/include -I@top_srcdir@/include -SH_CFLAGS:=$(CFLAGS) -fPIC - -# Normally You should not need to change anything below -# - -SHARED_LIBS=ulogd_PCAP.so - -all: $(SHARED_LIBS) - -distrib: - -$(SHARED_LIBS): %.so: %_sh.o - $(LD) -shared -o $@ $< -lc -lpcap - -%_sh.o: %.c - $(CC) $(SH_CFLAGS) -o $@ -c $< - -clean: - $(RM) $(SHARED_LIBS) *.o - -distclean: - $(RM) Makefile - -install: all - $(INSTALL) -m 755 -d $(DESTDIR)$(ULOGD_LIB_PATH) - $(INSTALL) -m 755 *.so $(DESTDIR)$(ULOGD_LIB_PATH) diff --git a/ulogd/pcap/ulogd_PCAP.c b/ulogd/pcap/ulogd_PCAP.c deleted file mode 100644 index 686fe47..0000000 --- a/ulogd/pcap/ulogd_PCAP.c +++ /dev/null @@ -1,286 +0,0 @@ -/* ulogd_PCAP.c, Version $Revision$ - * - * ulogd output target for writing pcap-style files (like tcpdump) - * - * FIXME: descr. - * - * - * (C) 2002 by Harald Welte - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * $Id$ - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/* - * This is a timeval as stored in disk in a dumpfile. - * It has to use the same types everywhere, independent of the actual - * `struct timeval' - */ - -struct pcap_timeval { - int32_t tv_sec; /* seconds */ - int32_t tv_usec; /* microseconds */ -}; - -/* - * How a `pcap_pkthdr' is actually stored in the dumpfile. - * - * Do not change the format of this structure, in any way (this includes - * changes that only affect the length of fields in this structure), - * and do not make the time stamp anything other than seconds and - * microseconds (e.g., seconds and nanoseconds). Instead: - * - * introduce a new structure for the new format; - * - * send mail to "tcpdump-workers@tcpdump.org", requesting a new - * magic number for your new capture file format, and, when - * you get the new magic number, put it in "savefile.c"; - * - * use that magic number for save files with the changed record - * header; - * - * make the code in "savefile.c" capable of reading files with - * the old record header as well as files with the new record header - * (using the magic number to determine the header format). - * - * Then supply the changes to "patches@tcpdump.org", so that future - * versions of libpcap and programs that use it (such as tcpdump) will - * be able to read your new capture file format. - */ - -struct pcap_sf_pkthdr { - struct pcap_timeval ts; /* time stamp */ - uint32_t caplen; /* length of portion present */ - uint32_t len; /* length this packet (off wire) */ -}; - -#ifndef ULOGD_PCAP_DEFAULT -#define ULOGD_PCAP_DEFAULT "/var/log/ulogd.pcap" -#endif - -#ifndef ULOGD_PCAP_SYNC_DEFAULT -#define ULOGD_PCAP_SYNC_DEFAULT 0 -#endif - -#define NIPQUAD(addr) \ - ((unsigned char *)&addr)[0], \ - ((unsigned char *)&addr)[1], \ - ((unsigned char *)&addr)[2], \ - ((unsigned char *)&addr)[3] - -static config_entry_t pcapf_ce = { - .key = "file", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_NONE, - .u = { .string = ULOGD_PCAP_DEFAULT } -}; - -static config_entry_t pcapsync_ce = { - .next = &pcapf_ce, - .key = "sync", - .type = CONFIG_TYPE_INT, - .options = CONFIG_OPT_NONE, - .u = { .value = ULOGD_PCAP_SYNC_DEFAULT } -}; - -static FILE *of = NULL; - -struct intr_id { - char* name; - unsigned int id; -}; - -#define INTR_IDS 5 -static struct intr_id intr_ids[INTR_IDS] = { - { "raw.pkt", 0 }, - { "raw.pktlen", 0 }, - { "ip.totlen", 0 }, - { "oob.time.sec", 0 }, - { "oob.time.usec", 0 }, -}; - -#define GET_VALUE(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].value -#define GET_FLAGS(x) ulogd_keyh[intr_ids[x].id].interp->result[ulogd_keyh[intr_ids[x].id].offset].flags - -static int pcap_output(ulog_iret_t *res) -{ - struct pcap_sf_pkthdr pchdr; - - pchdr.caplen = GET_VALUE(1).ui32; - pchdr.len = GET_VALUE(2).ui32; - - if (GET_FLAGS(3) & ULOGD_RETF_VALID - && GET_FLAGS(4) & ULOGD_RETF_VALID) { - pchdr.ts.tv_sec = GET_VALUE(3).ui32; - pchdr.ts.tv_usec = GET_VALUE(4).ui32; - } else { - /* use current system time */ - struct timeval tv; - gettimeofday(&tv, NULL); - - pchdr.ts.tv_sec = tv.tv_sec; - pchdr.ts.tv_usec = tv.tv_usec; - } - - if (fwrite(&pchdr, sizeof(pchdr), 1, of) != 1) { - ulogd_log(ULOGD_ERROR, "Error during write: %s\n", - strerror(errno)); - return 1; - } - if (fwrite(GET_VALUE(0).ptr, pchdr.caplen, 1, of) != 1) { - ulogd_log(ULOGD_ERROR, "Error during write: %s\n", - strerror(errno)); - return 1; - } - - if (pcapsync_ce.u.value) - fflush(of); - - return 0; -} - -/* stolen from libpcap savefile.c */ -#define LINKTYPE_RAW 101 -#define TCPDUMP_MAGIC 0xa1b2c3d4 - -static int write_pcap_header(void) -{ - struct pcap_file_header pcfh; - int ret; - - pcfh.magic = TCPDUMP_MAGIC; - pcfh.version_major = PCAP_VERSION_MAJOR; - pcfh.version_minor = PCAP_VERSION_MINOR; - pcfh.thiszone = timezone; - pcfh.sigfigs = 0; - pcfh.snaplen = 65535; /* we don't know the length in advance */ - pcfh.linktype = LINKTYPE_RAW; - - ret = fwrite(&pcfh, sizeof(pcfh), 1, of); - fflush(of); - - return ret; -} - -/* get all key id's for the keys we are intrested in */ -static int get_ids(void) -{ - int i; - struct intr_id *cur_id; - - for (i = 0; i < INTR_IDS; i++) { - cur_id = &intr_ids[i]; - cur_id->id = keyh_getid(cur_id->name); - if (!cur_id->id) { - ulogd_log(ULOGD_ERROR, - "Cannot resolve keyhash id for %s\n", - cur_id->name); - return 1; - } - } - return 0; -} - -void append_create_outfile(void) { - struct stat st_dummy; - int exist = 0; - - if (stat(pcapf_ce.u.string, &st_dummy) == 0 && st_dummy.st_size > 0) { - exist = 1; - } - - if (!exist) { - of = fopen(pcapf_ce.u.string, "w"); - if (!of) { - ulogd_log(ULOGD_FATAL, "can't open pcap file %s: %s\n", - pcapf_ce.u.string, strerror(errno)); - exit(2); - } - if (!write_pcap_header()) { - ulogd_log(ULOGD_FATAL, "can't write pcap header: %s\n", - strerror(errno)); - exit(2); - } - } else { - of = fopen(pcapf_ce.u.string, "a"); - if (!of) { - ulogd_log(ULOGD_FATAL, "can't open pcap file: %s\n", - strerror(errno)); - exit(2); - } - } -} - -static void pcap_signal_handler(int signal) -{ - switch (signal) { - case SIGHUP: - ulogd_log(ULOGD_NOTICE, "pcap: reopening capture file\n"); - fclose(of); - append_create_outfile(); - break; - default: - break; - } -} - -static int pcap_init(void) -{ - /* FIXME: error handling */ - config_parse_file("PCAP", &pcapsync_ce); - -#ifdef DEBUG_PCAP - of = stdout; -#else - append_create_outfile(); -#endif - return 0; -} - -static void pcap_fini(void) -{ - if (of) - fclose(of); -} - -static ulog_output_t pcap_op = { - .name = "pcap", - .init = &pcap_init, - .fini = &pcap_fini, - .output = &pcap_output, - .signal = &pcap_signal_handler, -}; - -void _init(void) -{ - if (get_ids()) { - ulogd_log(ULOGD_ERROR, "can't resolve all keyhash id's\n"); - } - - register_output(&pcap_op); -} diff --git a/ulogd/pgsql/Makefile.in b/ulogd/pgsql/Makefile.in deleted file mode 100644 index a242e0d..0000000 --- a/ulogd/pgsql/Makefile.in +++ /dev/null @@ -1,30 +0,0 @@ -# - -# Normally You should not need to change anything below -# -include @top_srcdir@/Rules.make - -CFLAGS+=-I@top_srcdir@ -I@top_srcdir@/libipulog/include -I@top_srcdir@/include -SH_CFLAGS:=$(CFLAGS) -fPIC - -SHARED_LIBS=ulogd_PGSQL.so - -all: $(SHARED_LIBS) - -distrib: - -$(SHARED_LIBS): %.so: %_sh.o - $(LD) -shared $(PGSQL_LDFLAGS) -o $@ $< -lc - -%_sh.o: %.c - $(CC) $(PGSQL_CFLAGS) $(SH_CFLAGS) -o $@ -c $< - -clean: - $(RM) $(SHARED_LIBS) *.o - -distclean: - $(RM) Makefile - -install: all - $(INSTALL) -m 755 -d $(DESTDIR)$(ULOGD_LIB_PATH) - $(INSTALL) -m 755 *.so $(DESTDIR)$(ULOGD_LIB_PATH) diff --git a/ulogd/pgsql/ulogd_PGSQL.c b/ulogd/pgsql/ulogd_PGSQL.c deleted file mode 100644 index 695482a..0000000 --- a/ulogd/pgsql/ulogd_PGSQL.c +++ /dev/null @@ -1,543 +0,0 @@ -/* ulogd_PGSQL.c, Version $Revision$ - * - * ulogd output plugin for logging to a PGSQL database - * - * (C) 2000-2005 by Harald Welte - * This software is distributed under the terms of GNU GPL - * - * This plugin is based on the MySQL plugin made by Harald Welte. - * The support PostgreSQL were made by Jakab Laszlo. - * - */ - -#include -#include -#include -#include -#include -#include -#include - -#ifdef DEBUG_PGSQL -#define DEBUGP(x, args...) fprintf(stderr, x, ## args) -#else -#define DEBUGP(x, args...) -#endif - -struct _field { - char name[ULOGD_MAX_KEYLEN]; - unsigned int id; - unsigned int str; - struct _field *next; -}; - -/* the database handle we are using */ -static PGconn *dbh; - -/* a linked list of the fields the table has */ -static struct _field *fields; - -/* buffer for our insert statement */ -static char *stmt; - -/* size of our insert statement buffer */ -static size_t stmt_siz; - -/* pointer to the beginning of the "VALUES" part */ -static char *stmt_val; - -/* pointer to current inser position in statement */ -static char *stmt_ins; - -/* our configuration directives */ -static config_entry_t db_ce = { - .key = "db", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_MANDATORY, -}; - -static config_entry_t host_ce = { - .next = &db_ce, - .key = "host", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_NONE, -}; - -static config_entry_t user_ce = { - .next = &host_ce, - .key = "user", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_MANDATORY, -}; - -static config_entry_t pass_ce = { - .next = &user_ce, - .key = "pass", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_NONE, -}; - -static config_entry_t table_ce = { - .next = &pass_ce, - .key = "table", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_MANDATORY, -}; - -static config_entry_t schema_ce = { - .next = &table_ce, - .key = "schema", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_NONE, - .u = { .string = "public" }, -}; - -static config_entry_t port_ce = { - .next = &schema_ce, - .key = "port", - .type = CONFIG_TYPE_INT, - .options = CONFIG_OPT_NONE, -}; - -static unsigned char pgsql_have_schemas; - -#define STMT_ADD(pos,fmt...) \ - do { \ - if ((pos) >= stmt && stmt_siz > (pos) - stmt) \ - snprintf((pos), stmt_siz-((pos)-stmt), ##fmt); \ - } while(0) - -/* our main output function, called by ulogd */ -static int pgsql_output(ulog_iret_t *result) -{ - struct _field *f; - ulog_iret_t *res; - PGresult *pgres; -#ifdef IP_AS_STRING - char *tmpstr; /* need this for --log-ip-as-string */ - struct in_addr addr; -#endif - size_t esclen; - - if( stmt_val == NULL) - return 1; - - stmt_ins = stmt_val; - - for (f = fields; f; f = f->next) { - res = keyh_getres(f->id); - - if (!res) { - ulogd_log(ULOGD_NOTICE, - "no result for %s ?!?\n", f->name); - } - - if (!res || !IS_VALID((*res))) { - /* no result, we have to fake something */ - STMT_ADD(stmt_ins, "NULL,"); - stmt_ins = stmt + strlen(stmt); - continue; - } - - switch (res->type) { - case ULOGD_RET_INT8: - STMT_ADD(stmt_ins, "%d,", res->value.i8); - break; - case ULOGD_RET_INT16: - STMT_ADD(stmt_ins, "%d,", res->value.i16); - break; - case ULOGD_RET_INT32: - STMT_ADD(stmt_ins, "%d,", res->value.i32); - break; - case ULOGD_RET_INT64: - STMT_ADD(stmt_ins, "%"PRId64",",res->value.i64); - break; - case ULOGD_RET_UINT8: - STMT_ADD(stmt_ins, "%u,", res->value.ui8); - break; - case ULOGD_RET_UINT16: - STMT_ADD(stmt_ins, "%u,", res->value.ui16); - break; - case ULOGD_RET_IPADDR: -#ifdef IP_AS_STRING - if (f->str) { - addr.s_addr = ntohl(res->value.ui32); - tmpstr = (char *)inet_ntoa(addr); - esclen = (strlen(tmpstr)*2) + 4; - if (stmt_siz <= (stmt_ins-stmt)+esclen) - { - STMT_ADD(stmt_ins,"'',"); - break; - } - *stmt_ins++ = '\''; - PQescapeString(stmt_ins,tmpstr, - strlen(tmpstr)); - stmt_ins = stmt + strlen(stmt); - STMT_ADD(stmt_ins, "',"); - break; - } -#endif /* IP_AS_STRING */ - /* EVIL: fallthrough when logging IP as - * u_int32_t */ - - case ULOGD_RET_UINT32: - STMT_ADD(stmt_ins, "%u,", res->value.ui32); - break; - case ULOGD_RET_UINT64: - STMT_ADD(stmt_ins,"%"PRIu64",",res->value.ui64); - break; - case ULOGD_RET_BOOL: - STMT_ADD(stmt_ins, "'%d',", res->value.b); - break; - case ULOGD_RET_STRING: - esclen = (strlen(res->value.ptr)*2) + 4; - if (stmt_siz <= (stmt_ins-stmt) + esclen) { - STMT_ADD(stmt_ins, "'',"); - break; - } - *stmt_ins++ = '\''; - PQescapeString(stmt_ins,res->value.ptr, - strlen(res->value.ptr)); - stmt_ins = stmt + strlen(stmt); - STMT_ADD(stmt_ins, "',"); - break; - case ULOGD_RET_RAW: - ulogd_log(ULOGD_NOTICE, - "%s: pgsql doesn't support type RAW\n", - res->key); - STMT_ADD(stmt_ins, "NULL,"); - break; - default: - ulogd_log(ULOGD_NOTICE, - "unknown type %d for %s\n", - res->type, res->key); - break; - } - stmt_ins = stmt + strlen(stmt); - } - *(stmt_ins - 1) = ')'; - - DEBUGP("stmt=#%s#\n", stmt); - - /* now we have created our statement, insert it */ - /* Added code by Jaki */ - pgres = PQexec(dbh, stmt); - if(!pgres || PQresultStatus(pgres) != PGRES_COMMAND_OK) { - ulogd_log(ULOGD_ERROR, "sql error during insert: %s\n", - PQresultErrorMessage(pgres)); - return 1; - } - - PQclear(pgres); - - return 0; -} - -#define PGSQL_HAVE_NAMESPACE_TEMPLATE \ - "SELECT nspname FROM pg_namespace n WHERE n.nspname='%s'" - -/* Determine if server support schemas */ -static int pgsql_namespace(void) { - PGresult *result; - char pgbuf[strlen(PGSQL_HAVE_NAMESPACE_TEMPLATE)+ - strlen(schema_ce.u.string)+1]; - - if (!dbh) - return 1; - - snprintf(pgbuf, sizeof(pgbuf), PGSQL_HAVE_NAMESPACE_TEMPLATE, - schema_ce.u.string); - ulogd_log(ULOGD_DEBUG, "%s\n", pgbuf); - - result = PQexec(dbh, pgbuf); - if (!result) { - ulogd_log(ULOGD_DEBUG, "\n result false"); - return 1; - } - - if (PQresultStatus(result) == PGRES_TUPLES_OK) { - ulogd_log(ULOGD_DEBUG, "using schema %s\n", schema_ce.u.string); - pgsql_have_schemas = 1; - } else { - pgsql_have_schemas = 0; - } - - PQclear(result); - - return 0; -} - -#define PGSQL_INSERTTEMPL "insert into X (Y) values (Z)" -#define PGSQL_VALSIZE 100 - -/* create the static part of our insert statement */ -static int pgsql_createstmt(void) -{ - struct _field *f; - char buf[ULOGD_MAX_KEYLEN]; - char *underscore; - - if (stmt) { - ulogd_log(ULOGD_NOTICE, "createstmt called, but stmt" - " already existing\n"); - return 1; - } - - /* caclulate the size for the insert statement */ - stmt_siz = strlen(PGSQL_INSERTTEMPL) + - strlen(table_ce.u.string) + - strlen(schema_ce.u.string) + 1; - - for (f = fields; f; f = f->next) { - /* we need space for the key and a comma, as well as - * enough space for the values */ - stmt_siz += strlen(f->name) + 1 + PGSQL_VALSIZE; - } - - ulogd_log(ULOGD_DEBUG, "allocating %u bytes for statement\n", stmt_siz); - - stmt = (char *) malloc(stmt_siz); - - if (!stmt) { - stmt_siz = 0; - ulogd_log(ULOGD_ERROR, "OOM!\n"); - return 1; - } - - if (pgsql_have_schemas) { - snprintf(stmt, stmt_siz, "insert into %s.%s (", - schema_ce.u.string, table_ce.u.string); - } else { - snprintf(stmt, stmt_siz, "insert into %s (", - table_ce.u.string); - } - - stmt_val = stmt + strlen(stmt); - - for (f = fields; f; f = f->next) { - strncpy(buf, f->name, ULOGD_MAX_KEYLEN-1); - buf[ULOGD_MAX_KEYLEN-1] = '\0'; - while ((underscore = strchr(buf, '.'))) - *underscore = '_'; - STMT_ADD(stmt_val, "%s,", buf); - stmt_val = stmt + strlen(stmt); - } - *(stmt_val - 1) = ')'; - - STMT_ADD(stmt_val, " values ("); - stmt_val = stmt + strlen(stmt); - - ulogd_log(ULOGD_DEBUG, "stmt='%s'\n", stmt); - - return 0; -} - -#define PGSQL_GETCOLUMN_TEMPLATE \ - "SELECT a.attname,t.typname FROM pg_class c, pg_attribute a, "\ - "pg_type t WHERE c.relname ='%s' AND a.attnum>0 AND a.attrelid="\ - "c.oid AND a.atttypid=t.oid ORDER BY a.attnum" - -#define PGSQL_GETCOLUMN_TEMPLATE_SCHEMA "SELECT a.attname,t.typname FROM "\ - "pg_attribute a, pg_type t, pg_class c LEFT JOIN pg_namespace n ON "\ - "c.relnamespace=n.oid WHERE c.relname ='%s' AND n.nspname='%s' AND "\ - "a.attnum>0 AND a.attrelid=c.oid AND a.atttypid=t.oid AND "\ - "a.attisdropped=FALSE ORDER BY a.attnum" - -/* find out which columns the table has */ -static int pgsql_get_columns(const char *table) -{ - PGresult *result; - char buf[ULOGD_MAX_KEYLEN]; - char pgbuf[strlen(PGSQL_GETCOLUMN_TEMPLATE_SCHEMA)+ - strlen(table)+strlen(schema_ce.u.string)+2]; - char *underscore; - struct _field *f; - int id; - int intaux; - char *typename; - - if (!dbh) - return 1; - - if (pgsql_have_schemas) { - snprintf(pgbuf, sizeof(pgbuf)-1, - PGSQL_GETCOLUMN_TEMPLATE_SCHEMA, - table, schema_ce.u.string); - } else { - snprintf(pgbuf, sizeof(pgbuf)-1, - PGSQL_GETCOLUMN_TEMPLATE, table); - } - - ulogd_log(ULOGD_DEBUG, "%s\n", pgbuf); - - result = PQexec(dbh, pgbuf); - if (!result) { - ulogd_log(ULOGD_DEBUG, "\n result false"); - return 1; - } - - if (PQresultStatus(result) != PGRES_TUPLES_OK) { - ulogd_log(ULOGD_DEBUG, "\n pres_command_not_ok"); - return 1; - } - - for (intaux=0; intauxname, buf, ULOGD_MAX_KEYLEN-1); - f->name[ULOGD_MAX_KEYLEN-1] = '\0'; - f->id = id; - f->str = 0; - if( (typename = PQgetvalue(result, intaux, 1)) != NULL) - { - if(strcmp(typename, "inet") == 0 || - strstr(typename, "char") != NULL) - f->str = 1; - } - f->next = fields; - fields = f; - } - - PQclear(result); - return 0; -} - -static int exit_nicely(PGconn *conn) -{ - PQfinish(conn); - return 0;; -} - -/* make connection and select database */ -static int pgsql_open_db(char *server, int port, char *user, char *pass, - char *db) -{ - int len; - char *connstr; - - /* 80 is more than what we need for the fixed parts below */ - len = 80 + strlen(user) + strlen(db); - - /* hostname and and password are the only optionals */ - if (server) - len += strlen(server); - if (pass) - len += strlen(pass); - if (port) - len += 20; - - connstr = (char *) malloc(len+1); - if (!connstr) - return 1; - *connstr = '\0'; - - if (server) { - strncat(connstr, " host=", len-strlen(connstr)); - strncat(connstr, server, len-strlen(connstr)); - } - - if (port) { - char portbuf[20]; - snprintf(portbuf, sizeof(portbuf), " port=%u", port); - strncat(connstr, portbuf, len-strlen(connstr)); - } - - strncat(connstr, " dbname=", len-strlen(connstr)); - strncat(connstr, db, len-strlen(connstr)); - strncat(connstr, " user=", len-strlen(connstr)); - strncat(connstr, user, len-strlen(connstr)); - - if (pass) { - strncat(connstr, " password=", len-strlen(connstr)); - strncat(connstr, pass, len-strlen(connstr)); - } - - dbh = PQconnectdb(connstr); - free(connstr); - if (PQstatus(dbh)!=CONNECTION_OK) { - exit_nicely(dbh); - dbh = NULL; - return 1; - } - - return 0; -} - -static int pgsql_init(void) -{ - /* have the opts parsed */ - config_parse_file("PGSQL", &port_ce); - - if (pgsql_open_db(host_ce.u.string, port_ce.u.value, user_ce.u.string, - pass_ce.u.string, db_ce.u.string)) { - ulogd_log(ULOGD_ERROR, "can't establish database connection\n"); - return 1; - } - - if (pgsql_namespace()) { - PQfinish(dbh); - dbh = NULL; - ulogd_log(ULOGD_ERROR, "unable to test for pgsql schemas\n"); - return 1; - } - - /* read the fieldnames to know which values to insert */ - if (pgsql_get_columns(table_ce.u.string)) { - PQfinish(dbh); - dbh = NULL; - ulogd_log(ULOGD_ERROR, "unable to get pgsql columns\n"); - return 1; - } - - if (pgsql_createstmt()) { - PQfinish(dbh); - dbh = NULL; - return 1; - } - - return 0; -} - -static void pgsql_fini(void) -{ - if (dbh) - PQfinish(dbh); - if (stmt) - { - free(stmt); - stmt = NULL; - stmt_val = NULL; - } -} - -static ulog_output_t pgsql_plugin = { - .name = "pgsql", - .output = &pgsql_output, - .init = &pgsql_init, - .fini = &pgsql_fini, -}; - -void _init(void) -{ - register_output(&pgsql_plugin); -} diff --git a/ulogd/sqlite3/Makefile.in b/ulogd/sqlite3/Makefile.in deleted file mode 100644 index 5c0e1f1..0000000 --- a/ulogd/sqlite3/Makefile.in +++ /dev/null @@ -1,29 +0,0 @@ -# -# Normally You should not need to change anything below -# -include @top_srcdir@/Rules.make - -CFLAGS+=-I@top_srcdir@ -I@top_srcdir@/libipulog/include -I@top_srcdir@/include -SH_CFLAGS:=$(CFLAGS) -fPIC - -SHARED_LIBS=ulogd_SQLITE3.so - -all: $(SHARED_LIBS) - -distrib: - -$(SHARED_LIBS): %.so: %_sh.o - $(LD) -shared $(SQLITE3_LDFLAGS) -o $@ $< -lc - -%_sh.o: %.c - $(CC) $(SQLITE3_CFLAGS) $(SH_CFLAGS) -o $@ -c $< - -clean: - $(RM) $(SHARED_LIBS) *.o - -distclean: - $(RM) Makefile - -install: all - $(INSTALL) -m 755 -d $(DESTDIR)$(ULOGD_LIB_PATH) - $(INSTALL) -m 755 *.so $(DESTDIR)$(ULOGD_LIB_PATH) diff --git a/ulogd/sqlite3/ulogd_SQLITE3.c b/ulogd/sqlite3/ulogd_SQLITE3.c deleted file mode 100644 index 7854f2b..0000000 --- a/ulogd/sqlite3/ulogd_SQLITE3.c +++ /dev/null @@ -1,435 +0,0 @@ -/* - * ulogd output plugin for logging to a SQLITE database - * - * (C) 2005 by Ben La Monica - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * This module has been adapted from the ulogd_MYSQL.c written by - * Harald Welte - * Alex Janssen - * - * You can see benchmarks and an explanation of the testing - * at http://www.pojo.us/ulogd/ - * - * 2005-02-09 Harald Welte : - * - port to ulogd-1.20 - */ - -#include -#include -#include -#include -#include -#include - -#ifdef DEBUG_SQLITE3 -#define DEBUGP(x, args...) fprintf(stderr, x, ## args) -#else -#define DEBUGP(x, args...) -#endif - -struct _field { - char name[ULOGD_MAX_KEYLEN]; - unsigned int id; - struct _field *next; -}; - -/* the database handle we are using */ -static sqlite3 *dbh; - -/* a linked list of the fields the table has */ -static struct _field *fields; - -/* buffer for our insert statement */ -static char *stmt; - -/* size of our insert statement buffer */ -static size_t stmt_siz; - -/* pointer to the final prepared statement */ -static sqlite3_stmt *p_stmt; - -/* number of statements to buffer before we commit */ -static int buffer_size; - -/* number of statements currently in the buffer */ -static int buffer_ctr; - -/* our configuration directives */ -static config_entry_t db_ce = { - .key = "db", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_MANDATORY, -}; - -static config_entry_t table_ce = { - .next = &db_ce, - .key = "table", - .type = CONFIG_TYPE_STRING, - .options = CONFIG_OPT_MANDATORY, -}; - -static config_entry_t buffer_ce = { - .next = &table_ce, - .key = "buffer", - .type = CONFIG_TYPE_INT, - .options = CONFIG_OPT_MANDATORY, -}; - -#define STMT_ADD(pos,beg,siz,fmt...) \ - do { \ - if((pos) >= (beg) && (siz) > (pos) - (beg)) \ - snprintf((pos), (siz)-((pos)-(beg)), ##fmt); \ - } while(0) - -/* our main output function, called by ulogd */ -static int _sqlite3_output(ulog_iret_t *result) -{ - struct _field *f; - ulog_iret_t *res; - int col_counter; -#ifdef IP_AS_STRING - char *ipaddr; - struct in_addr addr; -#endif - - if (p_stmt == NULL || dbh == NULL) - return 1; - - col_counter = 1; - for (f = fields; f; f = f->next) { - res = keyh_getres(f->id); - - if (!res) { - ulogd_log(ULOGD_NOTICE, - "no result for %s ?!?\n", f->name); - } - - if (!res || !IS_VALID((*res))) { - /* no result, pass a null */ - sqlite3_bind_null(p_stmt, col_counter); - col_counter++; - continue; - } - - switch (res->type) { - case ULOGD_RET_INT8: - sqlite3_bind_int(p_stmt,col_counter,res->value.i8); - break; - case ULOGD_RET_INT16: - sqlite3_bind_int(p_stmt,col_counter,res->value.i16); - break; - case ULOGD_RET_INT32: - sqlite3_bind_int(p_stmt,col_counter,res->value.i32); - break; - case ULOGD_RET_INT64: - sqlite3_bind_int64(p_stmt,col_counter,res->value.i64); - break; - case ULOGD_RET_UINT8: - sqlite3_bind_int(p_stmt,col_counter,res->value.ui8); - break; - case ULOGD_RET_UINT16: - sqlite3_bind_int(p_stmt,col_counter,res->value.ui16); - break; - case ULOGD_RET_IPADDR: -#ifdef IP_AS_STRING - memset(&addr, 0, sizeof(addr)); - addr.s_addr = ntohl(res->value.ui32); - ipaddr = inet_ntoa(addr); - sqlite3_bind_text(p_stmt,col_counter,ipaddr,strlen(ipaddr),SQLITE_STATIC); - break; -#endif /* IP_AS_STRING */ - /* EVIL: fallthrough when logging IP as u_int32_t */ - case ULOGD_RET_UINT32: - sqlite3_bind_int(p_stmt,col_counter,res->value.ui32); - break; - case ULOGD_RET_UINT64: - sqlite3_bind_int64(p_stmt,col_counter,res->value.ui64); - break; - case ULOGD_RET_BOOL: - sqlite3_bind_int(p_stmt,col_counter,res->value.b); - break; - case ULOGD_RET_STRING: - sqlite3_bind_text(p_stmt,col_counter,res->value.ptr,strlen(res->value.ptr),SQLITE_STATIC); - break; - default: - ulogd_log(ULOGD_NOTICE, - "unknown type %d for %s\n", - res->type, res->key); - break; - } - - col_counter++; - } - - /* now we have created our statement, insert it */ - - if (sqlite3_step(p_stmt) == SQLITE_DONE) { - sqlite3_reset(p_stmt); - buffer_ctr++; - } else { - ulogd_log(ULOGD_ERROR, "sql error during insert: %s\n", - sqlite3_errmsg(dbh)); - return 1; - } - - /* commit all of the inserts to the database, ie flush buffer */ - if (buffer_ctr >= buffer_size) { - if (sqlite3_exec(dbh,"commit",NULL,NULL,NULL) != SQLITE_OK) - ulogd_log(ULOGD_ERROR,"unable to commit records to db."); - - if (sqlite3_exec(dbh,"begin deferred",NULL,NULL,NULL) != SQLITE_OK) - ulogd_log(ULOGD_ERROR,"unable to begin a new transaction."); - - buffer_ctr = 0; - DEBUGP("committing.\n"); - } - - return 0; -} - -#define _SQLITE3_INSERTTEMPL "insert into X (Y) values (Z)" - -/* create the static part of our insert statement */ -static int _sqlite3_createstmt(void) -{ - struct _field *f; - char buf[ULOGD_MAX_KEYLEN]; - char *underscore; - char *stmt_pos; - int col_count; - int i; - - if (stmt) { - ulogd_log(ULOGD_NOTICE, "createstmt called, but stmt" - " already existing\n"); - return 1; - } - - /* caclulate the size for the insert statement */ - stmt_siz = strlen(_SQLITE3_INSERTTEMPL) + strlen(table_ce.u.string); - - DEBUGP("initial size: %zu\n", stmt_siz); - - col_count = 0; - for (f = fields; f; f = f->next) { - /* we need space for the key and a comma, and a ? */ - stmt_siz += strlen(f->name) + 3; - DEBUGP("size is now %zu since adding %s\n",stmt_siz,f->name); - col_count++; - } - - DEBUGP("there were %d columns\n",col_count); - DEBUGP("after calc name length: %zu\n",stmt_siz); - - ulogd_log(ULOGD_DEBUG, "allocating %zu bytes for statement\n", stmt_siz); - - stmt = (char *) malloc(stmt_siz); - - if (!stmt) { - stmt_siz = 0; - ulogd_log(ULOGD_ERROR, "OOM!\n"); - return 1; - } - - snprintf(stmt, stmt_siz, "insert into %s (", table_ce.u.string); - stmt_pos = stmt + strlen(stmt); - - for (f = fields; f; f = f->next) { - strncpy(buf, f->name, ULOGD_MAX_KEYLEN-1); - buf[ULOGD_MAX_KEYLEN-1] = '\0'; - while ((underscore = strchr(buf, '.'))) - *underscore = '_'; - STMT_ADD(stmt_pos,stmt,stmt_siz, "%s,", buf); - stmt_pos = stmt + strlen(stmt); - } - - *(stmt_pos - 1) = ')'; - - STMT_ADD(stmt_pos,stmt,stmt_siz, " values ("); - stmt_pos = stmt + strlen(stmt); - - for (i = 0; i < col_count - 1; i++) { - STMT_ADD(stmt_pos,stmt,stmt_siz, "?,"); - stmt_pos += 2; - } - - STMT_ADD(stmt_pos,stmt,stmt_siz, "?)"); - ulogd_log(ULOGD_DEBUG, "stmt='%s'\n", stmt); - - DEBUGP("about to prepare statement.\n"); - - if (sqlite3_prepare(dbh,stmt,-1,&p_stmt,0) != SQLITE_OK) { - p_stmt = NULL; - free( stmt); - stmt = stmt_pos = NULL; - ulogd_log(ULOGD_ERROR,"unable to prepare statement"); - return 1; - } - - DEBUGP("statement prepared.\n"); - - return 0; -} - - -/* length of "select * from \0" */ -#define SQLITE_SELECT_LEN 15 - -/* find out which columns the table has */ -static int _sqlite3_get_columns(const char *table) -{ - char buf[ULOGD_MAX_KEYLEN]; - char query[SQLITE_SELECT_LEN + CONFIG_VAL_STRING_LEN + 1] = "select * from \0"; - char *underscore; - struct _field *f; - sqlite3_stmt *schema_stmt; - int column; - int result; - int id; - - if (!dbh) - return 1; - - strncat(query,table,sizeof(query)-strlen(query)-1); - - result = sqlite3_prepare(dbh,query,-1,&schema_stmt,0); - - if (result != SQLITE_OK) - return 1; - - for (column = 0; column < sqlite3_column_count(schema_stmt); column++) { - /* replace all underscores with dots */ - strncpy(buf, sqlite3_column_name(schema_stmt,column), ULOGD_MAX_KEYLEN-1); - buf[ULOGD_MAX_KEYLEN-1] = '\0'; - while ((underscore = strchr(buf, '_'))) - *underscore = '.'; - - DEBUGP("field '%s' found: ", buf); - - if (!(id = keyh_getid(buf))) { - DEBUGP(" no keyid!\n"); - continue; - } - - DEBUGP("keyid %u\n", id); - - /* prepend it to the linked list */ - f = (struct _field *) malloc(sizeof *f); - if (!f) { - ulogd_log(ULOGD_ERROR, "OOM!\n"); - return 1; - } - strncpy(f->name, buf, ULOGD_MAX_KEYLEN-1); - f->name[ULOGD_MAX_KEYLEN-1] = '\0'; - f->id = id; - f->next = fields; - fields = f; - } - - sqlite3_finalize(schema_stmt); - return 0; -} - -/** - * make connection and select database - * returns 0 if database failed to open. - */ -static int _sqlite3_open_db(char *db_file) -{ - DEBUGP("opening database.\n"); - return sqlite3_open(db_file,&dbh); -} - -/* give us an opportunity to close the database down properly */ -static void _sqlite3_fini(void) -{ - DEBUGP("cleaning up db connection\n"); - - /* free up our prepared statements so we can close the db */ - if (p_stmt) { - sqlite3_finalize(p_stmt); - DEBUGP("prepared statement finalized\n"); - } - - if (dbh) { - int result; - /* flush the remaining insert statements to the database. */ - result = sqlite3_exec(dbh,"commit",NULL,NULL,NULL); - - if (result != SQLITE_OK) - ulogd_log(ULOGD_ERROR,"unable to commit remaining records to db."); - - sqlite3_close(dbh); - dbh = NULL; - DEBUGP("database file closed\n"); - } -} - -#define _SQLITE3_BUSY_TIMEOUT 300 - -static int _sqlite3_init(void) -{ - /* have the opts parsed */ - config_parse_file("SQLITE3", &buffer_ce); - - if (_sqlite3_open_db(db_ce.u.string)) { - ulogd_log(ULOGD_ERROR, "can't open the database file\n"); - return 1; - } - - /* set the timeout so that we don't automatically fail - * if the table is busy. */ - sqlite3_busy_timeout(dbh, _SQLITE3_BUSY_TIMEOUT); - - /* read the fieldnames to know which values to insert */ - if (_sqlite3_get_columns(table_ce.u.string)) { - sqlite3_close(dbh); - dbh = NULL; - ulogd_log(ULOGD_ERROR, "unable to get sqlite columns\n"); - return 1; - } - - /* initialize our buffer size and counter */ - buffer_size = buffer_ce.u.value; - buffer_ctr = 0; - - DEBUGP("Have a buffer size of : %d\n", buffer_size); - - if (sqlite3_exec(dbh,"begin deferred",NULL,NULL,NULL) != SQLITE_OK) - ulogd_log(ULOGD_ERROR,"can't create a new transaction\n"); - - /* create and prepare the actual insert statement */ - if(_sqlite3_createstmt()) { - sqlite3_close(dbh); - dbh = NULL; - return 1; - } - - return 0; -} - -static ulog_output_t _sqlite3_plugin = { - .name = "sqlite3", - .output = &_sqlite3_output, - .init = &_sqlite3_init, - .fini = &_sqlite3_fini, -}; - -void _init(void) -{ - register_output(&_sqlite3_plugin); -} - diff --git a/ulogd/ulogd.8 b/ulogd/ulogd.8 deleted file mode 100644 index 7dfb2e9..0000000 --- a/ulogd/ulogd.8 +++ /dev/null @@ -1,64 +0,0 @@ -.\" Hey, EMACS: -*- nroff -*- -.\" First parameter, NAME, should be all caps -.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection -.\" other parameters are allowed: see man(7), man(1) -.TH ULOGD 8 "November 05, 2002" "Linux Netfilter" -.\" Please adjust this date whenever revising the manpage. -.\" -.\" Some roff macros, for reference: -.\" .nh disable hyphenation -.\" .hy enable hyphenation -.\" .ad l left justify -.\" .ad b justify to both left and right margins -.\" .nf disable filling -.\" .fi enable filling -.\" .br insert line break -.\" .sp insert n+1 empty lines -.\" for manpage-specific macros, see man(7) -.SH NAME -ulogd \- netfilter/iptables ULOG daemon -.SH SYNOPSIS -.B ulogd [options] -.SH DESCRIPTION -.B ulogd -connects to the netlink device of the Linux kernel and reads messages -from the netfilter that get queued with the iptables ULOG target. For -this to work you have to compile the ULOG target into your kernel or -load the respective module. -.PP -The received messages can be logged into files or into a mySQL or -PostgreSQL database. -.SH OPTIONS -.TP -.B -d, --daemon -fork ulogd into background (start as daemon) -.TP -.B -c , --configfile -use as configuration file instead of -.I /etc/ulogd.conf -.TP -.B -h, --help -show usage information -.TP -.B -V, --version -show version information and copyright -.SH FILES -.I /etc/ulogd.conf -.br -.I /var/log/ulogd.log -.SH SEE ALSO -There is more documentation about the daemon and the database plugins -(including examples) in the directories -.nf -.br -.I /usr/share/doc/ulogd -.br -.fi -.I /usr/share/doc/ulogd-mysql -and -.nf -.br -.I /usr/share/doc/ulogd-pgsql -.SH AUTHOR -This manual page was written by Joerg Wendland , -for the Debian GNU/Linux system (but may be used by others). diff --git a/ulogd/ulogd.c b/ulogd/ulogd.c deleted file mode 100644 index 5707ef8..0000000 --- a/ulogd/ulogd.c +++ /dev/null @@ -1,826 +0,0 @@ -/* ulogd, Version $LastChangedRevision$ - * - * $Id$ - * - * userspace logging daemon for the iptables ULOG target - * of the linux 2.4 netfilter subsystem. - * - * (C) 2000-2003 by Harald Welte - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * $Id$ - * - * Modifications: - * 14 Jun 2001 Martin Josefsson - * - added SIGHUP handler for logfile cycling - * - * 10 Feb 2002 Alessandro Bono - * - added support for non-fork mode - * - added support for logging to stdout - * - * 09 Sep 2003 Magnus Boden - * - added support for more flexible multi-section conffile - * - * 20 Apr 2004 Nicolas Pougetoux - * - added suppurt for seteuid() - */ - -#define ULOGD_VERSION "1.23" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/* Size of the socket recevive memory. Should be at least the same size as the - * 'nlbufsiz' module loadtime parameter of ipt_ULOG.o - * If you have _big_ in-kernel queues, you may have to increase this number. ( - * --qthreshold 100 * 1500 bytes/packet = 150kB */ -#define ULOGD_RMEM_DEFAULT 131071 - -/* Size of the receive buffer for the netlink socket. Should be at least of - * RMEM_DEFAULT size. */ -#define ULOGD_BUFSIZE_DEFAULT 150000 - -#ifdef DEBUG -#define DEBUGP(format, args...) fprintf(stderr, format, ## args) -#else -#define DEBUGP(format, args...) -#endif - -/* default config parameters, if not changed in configfile */ -#ifndef ULOGD_LOGFILE_DEFAULT -#define ULOGD_LOGFILE_DEFAULT "/var/log/ulogd.log" -#endif -#ifndef ULOGD_NLGROUP_DEFAULT -#define ULOGD_NLGROUP_DEFAULT 32 -#endif - -/* where to look for the config file */ -#ifndef ULOGD_CONFIGFILE -#define ULOGD_CONFIGFILE "/etc/ulogd.conf" -#endif - -/* global variables */ -static struct ipulog_handle *libulog_h; /* our libipulog handle */ -static unsigned char* libulog_buf; /* the receive buffer */ -static FILE *logfile = NULL; /* logfile pointer */ -static char *ulogd_configfile = ULOGD_CONFIGFILE; - -/* linked list for all registered interpreters */ -static ulog_interpreter_t *ulogd_interpreters; - -/* linked list for all registered output targets */ -static ulog_output_t *ulogd_outputs; - -/*********************************************************************** - * INTERPRETER AND KEY HASH FUNCTIONS (new in 0.9) - ***********************************************************************/ - -/* We keep hashtables of interpreters and registered keys. The hash-tables - * are allocated dynamically at program load time. You may control the - * allocation granularity of both hashes (i.e. the amount of hashtable - * entries are allocated at one time) through modification of the constants - * INTERH_ALLOC_GRAN and KEYH_ALLOC_GRAN - */ - -/* allocation granularith */ -#define INTERH_ALLOC_GRAN 5 - -/* hashtable for all registered interpreters */ -static ulog_interpreter_t **ulogd_interh; - -/* current hashtable size */ -static unsigned int ulogd_interh_ids_alloc; - -/* total number of registered ids */ -static unsigned int ulogd_interh_ids; - -/* allocate a new interpreter id and write it into the interpreter struct */ -static unsigned int interh_allocid(ulog_interpreter_t *ip) -{ - unsigned int id; - - id = ++ulogd_interh_ids; - - if (id >= ulogd_interh_ids_alloc) { - if (!ulogd_interh) - ulogd_interh = (ulog_interpreter_t **) - malloc(INTERH_ALLOC_GRAN * - sizeof(ulog_interpreter_t)); - else - ulogd_interh = (ulog_interpreter_t **) - realloc(ulogd_interh, - (INTERH_ALLOC_GRAN + - ulogd_interh_ids_alloc) * - sizeof(ulog_interpreter_t)); - - ulogd_interh_ids_alloc += INTERH_ALLOC_GRAN; - } - - ip->id = id; - ulogd_interh[id] = ip; - return id; -} - -/* get interpreter id by name */ -unsigned int interh_getid(const char *name) -{ - unsigned int i; - for (i = 1; i <= ulogd_interh_ids; i++) - if (!strcmp(name, (ulogd_interh[i])->name)) - return i; - - return 0; -} - -#ifdef DEBUG -/* dump out the contents of the interpreter hash */ -static void interh_dump(void) -{ - unsigned int i; - - for (i = 1; i <= ulogd_interh_ids; i++) - ulogd_log(ULOGD_DEBUG, "ulogd_interh[%d] = %s\n", - i, (ulogd_interh[i])->name); - -} -#endif - -/* key hash allocation granularity */ -#define KEYH_ALLOC_GRAN 20 - -/* hash table for key ids */ -struct ulogd_keyh_entry *ulogd_keyh; - -/* current size of the hashtable */ -static unsigned int ulogd_keyh_ids_alloc; - -/* total number of registered keys */ -static unsigned int ulogd_keyh_ids; - -/* allocate a new key_id */ -static unsigned int keyh_allocid(ulog_interpreter_t *ip, unsigned int offset, - const char *name) -{ - unsigned int id; - - id = ++ulogd_keyh_ids; - - if (id >= ulogd_keyh_ids_alloc) { - if (!ulogd_keyh) { - ulogd_keyh = (struct ulogd_keyh_entry *) - malloc(KEYH_ALLOC_GRAN * - sizeof(struct ulogd_keyh_entry)); - if (!ulogd_keyh) { - ulogd_log(ULOGD_ERROR, "OOM!\n"); - return 0; - } - } else { - ulogd_keyh = (struct ulogd_keyh_entry *) - realloc(ulogd_keyh, (KEYH_ALLOC_GRAN - +ulogd_keyh_ids_alloc) * - sizeof(struct ulogd_keyh_entry)); - - if (!ulogd_keyh) { - ulogd_log(ULOGD_ERROR, "OOM!\n"); - return 0; - } - } - - ulogd_keyh_ids_alloc += KEYH_ALLOC_GRAN; - } - - ulogd_keyh[id].interp = ip; - ulogd_keyh[id].offset = offset; - ulogd_keyh[id].name = name; - - return id; -} - -#ifdef DEBUG -/* dump the keyhash to standard output */ -static void keyh_dump(void) -{ - unsigned int i; - - printf("dumping keyh\n"); - for (i = 1; i <= ulogd_keyh_ids; i++) - printf("ulogd_keyh[%lu] = %s:%u\n", i, - ulogd_keyh[i].interp->name, ulogd_keyh[i].offset); -} -#endif - -/* get keyid by name */ -unsigned int keyh_getid(const char *name) -{ - unsigned int i; - for (i = 1; i <= ulogd_keyh_ids; i++) - if (!strcmp(name, ulogd_keyh[i].name)) - return i; - - return 0; -} - -/* get key name by keyid */ -char *keyh_getname(unsigned int id) -{ - if (id > ulogd_keyh_ids) { - ulogd_log(ULOGD_NOTICE, - "keyh_getname called with invalid id%u\n", id); - return NULL; - } - - return ulogd_keyh[id].interp->name; -} - -/* get result for given key id. does not check if result valid */ -ulog_iret_t *keyh_getres(unsigned int id) -{ - ulog_iret_t *ret; - - if (id > ulogd_keyh_ids) { - ulogd_log(ULOGD_NOTICE, - "keyh_getres called with invalid id %d\n", id); - return NULL; - } - - ret = &ulogd_keyh[id].interp->result[ulogd_keyh[id].offset]; - - return ret; -} - -/*********************************************************************** - * INTERPRETER MANAGEMENT - ***********************************************************************/ - -/* try to lookup a registered interpreter for a given name */ -static ulog_interpreter_t *find_interpreter(const char *name) -{ - unsigned int id; - - id = interh_getid(name); - if (!id) - return NULL; - - return ulogd_interh[id]; -} - -/* the function called by all interpreter plugins for registering their - * target. */ -void register_interpreter(ulog_interpreter_t *me) -{ - unsigned int i; - - /* check if we already have an interpreter with this name */ - if (find_interpreter(me->name)) { - ulogd_log(ULOGD_NOTICE, - "interpreter `%s' already registered\n", me->name); - return; - } - - ulogd_log(ULOGD_INFO, "registering interpreter `%s'\n", me->name); - - /* allocate a new interpreter id for it */ - if (!interh_allocid(me)) { - ulogd_log(ULOGD_ERROR, "unable to obtain interh_id for " - "interpreter '%s'\n", me->name); - return; - } - - /* - allocate one keyh_id for each result of this interpreter - * - link the elements to each other */ - for (i = 0; i < me->key_num; i++) { - if (!keyh_allocid(me, i, me->result[i].key)) { - ulogd_log(ULOGD_ERROR, "unable to obtain keyh_id " - "for interpreter %s, key %d", me->name, - me->result[i].key); - continue; - } - if (i != me->key_num - 1) - me->result[i].next = &me->result[i+1]; - } - - /* all work done, we can prepend the new interpreter to the list */ - if (ulogd_interpreters) - me->result[me->key_num - 1].next = - &ulogd_interpreters->result[0]; - me->next = ulogd_interpreters; - ulogd_interpreters = me; -} - -/*********************************************************************** - * OUTPUT MANAGEMENT - ***********************************************************************/ - -/* try to lookup a registered output plugin for a given name */ -static ulog_output_t *find_output(const char *name) -{ - ulog_output_t *ptr; - - for (ptr = ulogd_outputs; ptr; ptr = ptr->next) { - if (strcmp(name, ptr->name) == 0) - return ptr; - } - - return NULL; -} - -/* the function called by all output plugins for registering themselves */ -void register_output(ulog_output_t *me) -{ - if (find_output(me->name)) { - ulogd_log(ULOGD_NOTICE, "output `%s' already registered\n", - me->name); - exit(EXIT_FAILURE); - } - ulogd_log(ULOGD_INFO, "registering output `%s'\n", me->name); - me->next = ulogd_outputs; - ulogd_outputs = me; -} - -/*********************************************************************** - * MAIN PROGRAM - ***********************************************************************/ - -static FILE syslog_dummy; - -static inline int ulogd2syslog_level(int level) -{ - int syslog_level = LOG_WARNING; - - switch (level) { - case ULOGD_DEBUG: - syslog_level = LOG_DEBUG; - break; - case ULOGD_INFO: - syslog_level = LOG_INFO; - break; - case ULOGD_NOTICE: - syslog_level = LOG_NOTICE; - break; - case ULOGD_ERROR: - syslog_level = LOG_ERR; - break; - case ULOGD_FATAL: - syslog_level = LOG_CRIT; - break; - } - return syslog_level; -} -/* propagate results to all registered output plugins */ -static void propagate_results(ulog_iret_t *ret) -{ - ulog_output_t *p; - - for (p = ulogd_outputs; p; p = p->next) { - (*p->output)(ret); - } -} - -/* clean results (set all values to 0 and free pointers) */ -static void clean_results(ulog_iret_t *ret) -{ - ulog_iret_t *r; - - for (r = ret; r; r = r->next) { - if (r->flags & ULOGD_RETF_FREE) { - free(r->value.ptr); - r->value.ptr = NULL; - } - memset(&r->value, 0, sizeof(r->value)); - r->flags &= ~ULOGD_RETF_VALID; - } -} - -/* call all registered interpreters and hand the results over to - * propagate_results */ -static void handle_packet(ulog_packet_msg_t *pkt) -{ - ulog_iret_t *ret; - ulog_iret_t *allret = NULL; - ulog_interpreter_t *ip; - - unsigned int i,j; - - /* If there are no interpreters registered yet, - * ignore this packet */ - if (!ulogd_interh_ids) { - ulogd_log(ULOGD_NOTICE, - "packet received, but no interpreters found\n"); - return; - } - - for (i = 1; i <= ulogd_interh_ids; i++) { - ip = ulogd_interh[i]; - /* call interpreter */ - if ((ret = ((ip)->interp)(ip, pkt))) { - /* create references for result linked-list */ - for (j = 0; j < ip->key_num; j++) { - if (IS_VALID(ip->result[j])) { - ip->result[j].cur_next = allret; - allret = &ip->result[j]; - } - } - } - } - propagate_results(allret); - clean_results(ulogd_interpreters->result); -} - -/* plugin loader to dlopen() a plugins */ -static int load_plugin(char *file) -{ - if (!dlopen(file, RTLD_NOW)) { - ulogd_log(ULOGD_ERROR, "load_plugins: '%s': %s\n", file, - dlerror()); - return 1; - } - return 0; -} - -/* open the logfile */ -static int logfile_open(const char *name) -{ - if (!strcmp(name, "syslog")) { - openlog("ulogd", LOG_PID, LOG_DAEMON); - logfile = &syslog_dummy; - } else if (!strcmp(name,"stdout")) - logfile = stdout; - else { - logfile = fopen(name, "a"); - if (!logfile) { - fprintf(stderr, "ERROR: can't open logfile %s: %s\n", - name, strerror(errno)); - exit(2); - } - } - ulogd_log(ULOGD_INFO, "ulogd Version %s starting\n", ULOGD_VERSION); - return 0; -} - -/* wrapper to handle conffile error codes */ -static int parse_conffile(const char *section, config_entry_t *ce) -{ - int err; - - err = config_parse_file(section, ce); - - switch(err) { - case 0: - return 0; - break; - case -ERROPEN: - ulogd_log(ULOGD_ERROR, - "unable to open configfile: %s\n", - ulogd_configfile); - break; - case -ERRMAND: - ulogd_log(ULOGD_ERROR, - "mandatory option \"%s\" not found\n", - config_errce->key); - break; - case -ERRMULT: - ulogd_log(ULOGD_ERROR, - "option \"%s\" occurred more than once\n", - config_errce->key); - break; - case -ERRUNKN: - ulogd_log(ULOGD_ERROR, - "unknown config key \"%s\"\n", - config_errce->key); - break; - case -ERRSECTION: - ulogd_log(ULOGD_ERROR, - "section \"%s\" not found\n", section); - break; - } - return 1; - -} - -/* configuration directives of the main program */ -static config_entry_t logf_ce = { NULL, "logfile", CONFIG_TYPE_STRING, - CONFIG_OPT_NONE, 0, - { string: ULOGD_LOGFILE_DEFAULT } }; - -static config_entry_t bufsiz_ce = { &logf_ce, "bufsize", CONFIG_TYPE_INT, - CONFIG_OPT_NONE, 0, - { value: ULOGD_BUFSIZE_DEFAULT } }; - -static config_entry_t plugin_ce = { &bufsiz_ce, "plugin", CONFIG_TYPE_CALLBACK, - CONFIG_OPT_MULTI, 0, - { parser: &load_plugin } }; - -static config_entry_t nlgroup_ce = { &plugin_ce, "nlgroup", CONFIG_TYPE_INT, - CONFIG_OPT_NONE, 0, - { value: ULOGD_NLGROUP_DEFAULT } }; - -static config_entry_t loglevel_ce = { &nlgroup_ce, "loglevel", CONFIG_TYPE_INT, - CONFIG_OPT_NONE, 0, - { value: ULOGD_NOTICE } }; -static config_entry_t rmem_ce = { &loglevel_ce, "rmem", CONFIG_TYPE_INT, - CONFIG_OPT_NONE, 0, - { value: ULOGD_RMEM_DEFAULT } }; - -/* log message to the logfile */ -void __ulogd_log(int level, char *file, int line, const char *format, ...) -{ - char *timestr; - va_list ap; - time_t tm; - FILE *outfd; - - /* log only messages which have level at least as high as loglevel */ - if (level < loglevel_ce.u.value) - return; - - if (logfile == &syslog_dummy) { - /* FIXME: this omit's the 'file' string */ - va_start(ap, format); - vsyslog(ulogd2syslog_level(level), format, ap); - va_end(ap); - } else { - if (logfile) - outfd = logfile; - else - outfd = stderr; - - va_start(ap, format); - - tm = time(NULL); - timestr = ctime(&tm); - timestr[strlen(timestr)-1] = '\0'; - fprintf(outfd, "%s <%1.1d> %s:%d ", timestr, level, file, line); - - vfprintf(outfd, format, ap); - va_end(ap); - - /* flush glibc's buffer */ - fflush(outfd); - } -} - -static void sigterm_handler(int signal) -{ - ulog_output_t *p; - - ulogd_log(ULOGD_NOTICE, "sigterm received, exiting\n"); - - ipulog_destroy_handle(libulog_h); - free(libulog_buf); - - for (p = ulogd_outputs; p; p = p->next) { - if (p->fini) - (*p->fini)(); - } - - if (logfile != stdout && logfile != &syslog_dummy) - fclose(logfile); - - exit(0); -} - -static void sighup_handler(int signal) -{ - ulog_output_t *p; - - if (logfile != stdout && logfile != &syslog_dummy) { - fclose(logfile); - logfile = fopen(logf_ce.u.string, "a"); - if (!logfile) - sigterm_handler(signal); - } - - ulogd_log(ULOGD_NOTICE, "sighup received, calling plugin handlers\n"); - - for (p = ulogd_outputs; p; p = p->next) { - if (p->signal) - (*p->signal)(SIGHUP); - } -} - -static void print_usage(void) -{ - /* FIXME */ - printf("ulogd Version %s\n", ULOGD_VERSION); - printf("Copyright (C) 2000-2005 Harald Welte " - "\n"); - printf("This is free software with ABSOLUTELY NO WARRANTY.\n\n"); - printf("Parameters:\n"); - printf("\t-h --help\tThis help page\n"); - printf("\t-V --version\tPrint version information\n"); - printf("\t-d --daemon\tDaemonize (fork into background)\n"); - printf("\t-c --configfile\tUse alternative Configfile\n"); - printf("\t-u --uid\tChange UID/GID\n"); -} - -static struct option opts[] = { - { "version", 0, NULL, 'V' }, - { "daemon", 0, NULL, 'd' }, - { "help", 0, NULL, 'h' }, - { "configfile", 1, NULL, 'c'}, - { "uid", 1, NULL, 'u' }, - { 0 } -}; - -int main(int argc, char* argv[]) -{ - int len; - int argch; - int daemonize = 0; - int change_uid = 0; - char *user = NULL; - struct passwd *pw; - uid_t uid = 0; - gid_t gid = 0; - ulog_packet_msg_t *upkt; - ulog_output_t *p; - - - while ((argch = getopt_long(argc, argv, "c:dh::Vu:", opts, NULL)) != -1) { - switch (argch) { - default: - case '?': - if (isprint(optopt)) - fprintf(stderr, "Unknown option `-%c'.\n", optopt); - else - fprintf(stderr, "Unknown option character `\\x%x'.\n", optopt); - - print_usage(); - exit(1); - break; - case 'h': - print_usage(); - exit(0); - break; - case 'd': - daemonize = 1; - break; - case 'V': - printf("ulogd Version %s\n", ULOGD_VERSION); - printf("Copyright (C) 2000-2005 Harald Welte " - "\n"); - exit(0); - break; - case 'c': - ulogd_configfile = optarg; - break; - case 'u': - change_uid = 1; - user = strdup(optarg); - pw = getpwnam(user); - if (!pw) { - printf("Unknown user %s.\n", user); - free(user); - exit(1); - } - uid = pw->pw_uid; - gid = pw->pw_gid; - break; - } - } - - if (config_register_file(ulogd_configfile)) { - ulogd_log(ULOGD_FATAL, "error registering configfile \"%s\"\n", - ulogd_configfile); - exit(1); - } - - /* parse config file */ - if (parse_conffile("global", &rmem_ce)) { - ulogd_log(ULOGD_FATAL, "parse_conffile\n"); - exit(1); - } - - /* allocate a receive buffer */ - libulog_buf = (unsigned char *) malloc(bufsiz_ce.u.value); - - if (!libulog_buf) { - ulogd_log(ULOGD_FATAL, "unable to allocate receive buffer" - "of %d bytes\n", bufsiz_ce.u.value); - ipulog_perror(NULL); - exit(1); - } - - /* create ipulog handle */ - libulog_h = ipulog_create_handle(ipulog_group2gmask(nlgroup_ce.u.value), - rmem_ce.u.value); - - if (!libulog_h) { - /* if some error occurrs, print it to stderr */ - ulogd_log(ULOGD_FATAL, "unable to create ipulogd handle\n"); - ipulog_perror(NULL); - exit(1); - } - - - if (change_uid) { - ulogd_log(ULOGD_NOTICE, "Changing UID / GID\n"); - if (setgid(gid)) { - ulogd_log(ULOGD_FATAL, "can't set GID\n"); - ipulog_perror(NULL); - exit(1); - } - if (setegid(gid)) { - ulogd_log(ULOGD_FATAL, "can't sett effective GID\n"); - ipulog_perror(NULL); - exit(1); - } - if (initgroups(user, gid)) { - ulogd_log(ULOGD_FATAL, "can't set user secondary GID\n"); - ipulog_perror(NULL); - exit(1); - } - if (setuid(uid)) { - ulogd_log(ULOGD_FATAL, "can't set UID\n"); - ipulog_perror(NULL); - exit(1); - } - if (seteuid(uid)) { - ulogd_log(ULOGD_FATAL, "can't set effective UID\n"); - ipulog_perror(NULL); - exit(1); - } - } - - logfile_open(logf_ce.u.string); - - for (p = ulogd_outputs; p; p = p->next) { - if (p->init) - (*p->init)(); - } - -#ifdef DEBUG - /* dump key and interpreter hash */ - interh_dump(); - keyh_dump(); -#endif - if (daemonize){ - if (fork()) { - exit(0); - } - if (logfile != stdout) - fclose(stdout); - fclose(stderr); - fclose(stdin); - setsid(); - } - - /* send SIGINT to the term handler, since they hit CTRL-C */ - signal(SIGINT, &sigterm_handler); - signal(SIGHUP, &sighup_handler); - signal(SIGTERM, &sigterm_handler); - - ulogd_log(ULOGD_INFO, - "initialization finished, entering main loop\n"); - - /* endless loop receiving packets and handling them over to - * handle_packet */ - while ((len = ipulog_read(libulog_h, libulog_buf, - bufsiz_ce.u.value, 1))) { - - if (len <= 0) { - /* this is not supposed to happen */ - ulogd_log(ULOGD_ERROR, "ipulog_read == %d! " - "ipulog_errno == %d, errno = %d\n", - len, ipulog_errno, errno); - } else { - while ((upkt = ipulog_get_packet(libulog_h, - libulog_buf, len))) { - DEBUGP("==> packet received\n"); - handle_packet(upkt); - } - } - } - - /* hackish, but result is the same */ - sigterm_handler(SIGTERM); - return(0); -} diff --git a/ulogd/ulogd.conf.in b/ulogd/ulogd.conf.in deleted file mode 100644 index e0c873a..0000000 --- a/ulogd/ulogd.conf.in +++ /dev/null @@ -1,82 +0,0 @@ -# Example configuration for ulogd -# $Id$ -# - -[global] -###################################################################### -# GLOBAL OPTIONS -###################################################################### - -# netlink multicast group (the same as the iptables --ulog-nlgroup param) -nlgroup=1 - -# logfile for status messages -logfile="/var/log/ulogd.log" - -# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) -loglevel=5 - -# socket receive buffer size (should be at least the size of the -# in-kernel buffer (ipt_ULOG.o 'nlbufsiz' parameter) -rmem=131071 - -# libipulog/ulogd receive buffer size, should be > rmem -bufsize=150000 - -###################################################################### -# PLUGIN OPTIONS -###################################################################### - -# We have to configure and load all the plugins we want to use - -# general rules: -# 1. load the plugins _first_ from the global section -# 2. options for each plugin in seperate section below - - -# -# ulogd_BASE.so - interpreter plugin for basic IPv4 header fields -# you will always need this -plugin="@libdir@/ulogd_BASE.so" - - -# output plugins. -plugin="@libdir@/ulogd_LOGEMU.so" -#plugin="@libdir@/ulogd_OPRINT.so" -#plugin="@libdir@/ulogd_MYSQL.so" -#plugin="@libdir@/ulogd_PGSQL.so" -#plugin="@libdir@/ulogd_SQLITE3.so" -#plugin="@libdir@/ulogd_PCAP.so" - - -[LOGEMU] -file="/var/log/ulogd.syslogemu" -sync=1 - -[OPRINT] -file="/var/log/ulogd.pktlog" - -[MYSQL] -table="ulog" -pass="changeme" -user="laforge" -db="ulogd" -host="localhost" - -[PGSQL] -table="ulog" -schema="public" -pass="changeme" -user="postgres" -db="ulogd" -host="localhost" - -[SQLITE3] -table="ulog" -db="/var/log/ulogd.sqlite3db" -buffer=200 - -[PCAP] -file="/var/log/ulogd.pcap" -sync=1 - diff --git a/ulogd/ulogd.init b/ulogd/ulogd.init deleted file mode 100755 index b678652..0000000 --- a/ulogd/ulogd.init +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/sh -# -# chkconfig: 345 81 19 -# description: ulogd is the userspace logging daemon for netfilter/iptables -# - - -. /etc/rc.d/init.d/functions - - -function start() -{ - printf "Starting %s: " "ulogd" - daemon /usr/sbin/ulogd -d - echo - touch /var/lock/subsys/ulogd -} - - -function stop() -{ - printf "Stopping %s: " "ulogd" - killproc ulogd - echo - rm -f /var/lock/subsys/ulogd -} - - -function reload() -{ - pid=`pidof ulogd` - if [ "x$pid" != "x" ]; then - kill -HUP $pid 2>/dev/null - fi - touch /var/lock/subsys/ulogd -} - - -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart) - stop - start - ;; - reload) - reload - ;; - status) - status ulogd - ;; - *) - printf "Usage: %s {start|stop|status|restart|reload}\n" "ulogd" - exit 1 -esac - -exit 0 diff --git a/ulogd/ulogd.logrotate b/ulogd/ulogd.logrotate deleted file mode 100644 index b3fb6d1..0000000 --- a/ulogd/ulogd.logrotate +++ /dev/null @@ -1,7 +0,0 @@ -/var/log/ulogd.log /var/log/ulogd.syslogemu /var/log/ulogd.pktlog /var/log/ulogd.pcap { - missingok - sharedscripts - postrotate - /bin/killall -HUP ulogd 2> /dev/null || true - endscript -} diff --git a/ulogd/ulogd.spec b/ulogd/ulogd.spec deleted file mode 100644 index 8afc4c4..0000000 --- a/ulogd/ulogd.spec +++ /dev/null @@ -1,143 +0,0 @@ -Summary: ulogd - The userspace logging daemon for netfilter -Name: ulogd -Version: 1.22 -Release: 1gm -License: GPL -Group: Network -Source: ftp://ftp.netfilter.org/pub/ulogd/%{name}-%{version}.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-root -Packager: Harald Welte -BuildRequires: MySQL-devel postgresql-devel libpcap-devel libsqlite3-devel -#BuildRequires: mysql-devel - -%package mysql -Summary: MySQL output plugin for ulogd -Group: Network - -%package pgsql -Summary: PostgreSQL output plugin for ulogd -Group: Network - -%package sqlite -Summary: SQLITE3 output plugin for ulogd -Group: Network - -%package pcap -Summary: PCAP output plugin for ulogd -Group: Network - - -%description -ulogd is an universal logging daemon for the ULOG target of netfilter, the -Linux 2.4 firewalling subsystem. ulogd is able to log packets in variuos -formats to different targets (text files, databases, etc..). It has an -easy-to-use plugin interface to add new protocols and new output targets. - -%description mysql -ulogd-mysql is a MySQL output plugin for ulogd. It enables logging of -firewall information into a MySQL database. - -%description pgsql -ulogd-mysql is a PostgreSQL output plugin for ulogd. It enables logging of -firewall information into a PostgreSQL database. - -%description sqlite3 -ulogd-sqlite3 is a SQLITE3 output plugin for ulogd. It enables logging of -firewall information into a SQLITE3 database. - -%description pcap -ulogd-pcap is a output plugin for ulogd that saves packet logs as PCAP file. -PCAP is a standard format that can be later analyzed by a lot of tools such as -tcpdump and ethereal. - -%prep -%setup - -%build -%configure --with-mysql=/usr/lib/mysql --with-pgsql=/usr/lib/postgresql --with-sqlite3 -make - -%install -rm -rf %{buildroot} -mkdir -p %{buildroot}/%{_sysconfdir} -mkdir -p %{buildroot}/%{_libdir}/ulogd -mkdir -p %{buildroot}/%{_sbindir}/sbin -mkdir -p %{buildroot}/%{_mandir}/man8 -make DESTDIR=%{buildroot} install - -mkdir -p %{buildroot}/%{_sysconfdir}/rc.d/init.d -install ulogd.init %{buildroot}/%{_sysconfdir}/rc.d/init.d/ulogd -install ulogd.8 %{buildroot}/%{_mandir}/man8/ulogd.8 - -%clean -rm -rf %{buildroot} - -%files -%defattr(0644,root,root,0755) -%attr(0755,root,root) %{_sbindir}/ulogd -%{_sysconfdir}/ulogd.conf -%{_sysconfdir}/rc.d/init.d/ulogd -%{_mandir}/man8/* -%dir %{_libdir}/ulogd -%{_libdir}/ulogd/ulogd_BASE.so -%{_libdir}/ulogd/ulogd_LOCAL.so -%{_libdir}/ulogd/ulogd_LOGEMU.so -%{_libdir}/ulogd/ulogd_OPRINT.so -%{_libdir}/ulogd/ulogd_PWSNIFF.so -%{_libdir}/ulogd/ulogd_SYSLOG.so -%doc COPYING AUTHORS README -%doc doc/ulogd.txt doc/ulogd.a4.ps doc/ulogd.html - -%files mysql -%defattr(0644,root,root,0755) -%{_libdir}/ulogd/ulogd_MYSQL.so - -%files pgsql -%defattr(0644,root,root,0755) -%{_libdir}/ulogd/ulogd_PGSQL.so - -%files sqlite3 -%defattr(0644,root,root,0755) -%{_libdir}/ulogd/ulogd_SQLITE3.so - -%files pcap -%defattr(0644,root,root,0755) -%{_libdir}/ulogd/ulogd_PCAP.so - -%changelog -* Wed Feb 16 2005 Harald Welte -+ ulogd-1.21-1gm -- updated to 1.21 release -- separate sqlite3 and pcap sub-pacakges - -* Sat Feb 12 2005 Harald Welte -+ ulogd-1.20-1gm -- updated to 1.20 release -- add ulogd.8 manpage - -* Sat Aug 25 2003 Harald Welte -+ ulogd-1.00-1gm -- updated to 1.01 release -- add ulogd.8 manpage - -* Wed Mar 05 2003 Harald Welte -+ ulogd-1.00-1gm -- updated to 1.00 release - -* Mon Sep 24 2001 Harald Welte -+ ulogd-0.97-1cl -- updatd to 0.97 release (to fix endless-one-packet-loop bug) - -* Sun Jun 17 2001 Harald Welte -+ ulogd-0.96-2cl -- updated to 0.96 final release -- use ulogd.init from within source tgz - -* Sun May 20 2001 Harald Welte -+ ulogd-0.96-1cl -- Initial conectiva package -- cleaned up SPEC file -- created mysql subpackage - -* Sun Nov 19 2000 Harald Welte -- Initial RPM package for ulogd-0.9. -- cgit v1.2.3