From de923c5f36f5244e888b616de42b6a1cbf045372 Mon Sep 17 00:00:00 2001 From: laforge Date: Thu, 10 Aug 2000 11:45:49 +0000 Subject: Initial revision --- iptables/Makefile | 10 + kernel-ULOG-2.4.0-test4.diff | 229 ++++++++++++++++++++++ kernel-ULOG1-to-ULOG2.diff | 210 ++++++++++++++++++++ kernel/Makefile | 8 + plain-2.4.0-to-ulog2.diff | 263 ++++++++++++++++++++++++++ ulogd/Makefile | 33 ++++ ulogd/README | 39 ++++ ulogd/libipulog/Makefile | 14 ++ ulogd/libipulog/include/libipulog/libipulog.h | 30 +++ 9 files changed, 836 insertions(+) create mode 100644 iptables/Makefile create mode 100644 kernel-ULOG-2.4.0-test4.diff create mode 100644 kernel-ULOG1-to-ULOG2.diff create mode 100644 kernel/Makefile create mode 100644 plain-2.4.0-to-ulog2.diff create mode 100644 ulogd/Makefile create mode 100644 ulogd/README create mode 100644 ulogd/libipulog/Makefile create mode 100644 ulogd/libipulog/include/libipulog/libipulog.h diff --git a/iptables/Makefile b/iptables/Makefile new file mode 100644 index 0000000..302bb39 --- /dev/null +++ b/iptables/Makefile @@ -0,0 +1,10 @@ +CFLAGS = -DNETFILTER_VERSION=\"1.1.1\" -fPIC + +libipt_ULOG.so: libipt_ULOG_sh.o + ld -shared libipt_ULOG_sh.o -o libipt_ULOG.so + +libipt_ULOG_sh.o: libipt_ULOG.c + gcc $(CFLAGS) -c libipt_ULOG.c -o libipt_ULOG_sh.o + +clean: + rm -f libipt_ULOG_sh.o libipt_ULOG.so diff --git a/kernel-ULOG-2.4.0-test4.diff b/kernel-ULOG-2.4.0-test4.diff new file mode 100644 index 0000000..f4a5501 --- /dev/null +++ b/kernel-ULOG-2.4.0-test4.diff @@ -0,0 +1,229 @@ +diff -Nru linux-2.4.0-test4-plain/Documentation/Configure.help linux-2.4.0-test4-work/Documentation/Configure.help +--- linux-2.4.0-test4-plain/Documentation/Configure.help Thu Jul 13 18:42:51 2000 ++++ linux-2.4.0-test4-work/Documentation/Configure.help Sun Jul 30 21:56:01 2000 +@@ -2010,6 +2010,16 @@ + If you want to compile it as a module, say M here and read + Documentation/modules.txt. If unsure, say `N'. + ++ULOG target support ++CONFIG_IP_NF_TARGET_ULOG ++ This option adds a `ULOG' target, which allows you to create rules in ++ any iptables table. The packet is passed to one or more userspace logging ++ daemon using netlink multicast sockets. Logging is no longer forced to ++ be in syslog, but can be done by any userspace process. ++ ++ If you want to compile it as a module, say M here and read ++ Documentation/modules.txt. If unsure, say `N'. ++ + ipchains (2.2-style) support + CONFIG_IP_NF_COMPAT_IPCHAINS + This option places ipchains (with masquerading and redirection +diff -Nru linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h +--- linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h Thu Jan 1 01:00:00 1970 ++++ linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h Sun Jul 30 22:11:07 2000 +@@ -0,0 +1,36 @@ ++#ifndef _IPT_ULOG_H ++#define _IPT_ULOG_H ++ ++#ifdef __KERNEL__ ++#include ++#endif ++ ++#define ULOG_MAC_LEN 80 ++ ++ ++/* just until this is in netfilter.h */ ++#ifndef NETLINK_NFLOG ++#define NETLINK_NFLOG 25 ++#endif ++ ++struct ipt_ulog_info { ++ unsigned char logflags; ++ unsigned int nl_group; ++ char prefix[30]; ++}; ++ ++typedef struct ulog_packet_msg { ++ unsigned long mark; ++ long timestamp_sec; ++ long timestamp_usec; ++ unsigned int hook; ++ char indev_name[IFNAMSIZ]; ++ char outdev_name[IFNAMSIZ]; ++ size_t data_len; ++ char prefix[30]; ++ unsigned char mac_len; ++ unsigned char mac[ULOG_MAC_LEN]; ++ unsigned char payload[0]; ++} ulog_packet_msg_t; ++ ++#endif /*_IPT_ULOG_H*/ +diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in +--- linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in Mon Mar 27 20:35:56 2000 ++++ linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in Sun Jul 30 21:47:35 2000 +@@ -51,6 +51,7 @@ + dep_tristate ' MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE + fi + dep_tristate ' LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES ++ dep_tristate ' ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES + fi + + # Backwards compatibility modules: only if you don't build in the others. +diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile +--- linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile Mon Mar 27 20:35:56 2000 ++++ linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile Sun Jul 30 22:02:16 2000 +@@ -197,6 +197,14 @@ + endif + endif + ++ifeq ($(CONFIG_IP_NF_TARGET_ULOG),y) ++O_OBJS += ipt_ULOG.o ++else ++ ifeq ($(CONFIG_IP_NF_TARGET_ULOG),m) ++ M_OBJS += ipt_ULOG.o ++ endif ++endif ++ + ifeq ($(CONFIG_IP_NF_COMPAT_IPCHAINS),y) + O_OBJS += ipchains_core.o $(IP_NF_COMPAT_LAYER) + else +diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c +--- linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c Thu Jan 1 01:00:00 1970 ++++ linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c Sun Jul 30 21:45:44 2000 +@@ -0,0 +1,136 @@ ++/* ++ * netfilter module for userspace packet logging daemons ++ * ++ * (C) 2000 by Harald Welte ++ * ++ * Released under the terms of the GPL ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define NETLINK_NFLOG 25 ++#define ULOG_NL_EVENT 111 ++ ++#if 1 ++#define DEBUGP printk ++#else ++#define DEBUGP(format, args ...) ++#endif ++ ++struct sock *nflognl; ++ ++static void nflog_rcv(struct sock *sk, int len) ++{ ++ printk("nflog_rcv: did receive netlink message ?!?\n"); ++} ++ ++static unsigned int ipt_ulog_target( ++ struct sk_buff **pskb, ++ unsigned int hooknum, ++ const struct net_device *in, ++ const struct net_device *out, ++ const void *targinfo, ++ void *userinfo) ++{ ++ ulog_packet_msg_t *pm; ++ size_t size; ++ struct sk_buff *nlskb; ++ unsigned char *old_tail; ++ struct nlmsghdr *nlh; ++ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *)targinfo; ++ ++ /* calculate the size of the skb needed */ ++ ++ size = NLMSG_SPACE(sizeof(*pm) + (*pskb)->len); ++ nlskb = alloc_skb(size, GFP_ATOMIC); ++ if (!nlskb) ++ goto nlmsg_failure; ++ ++ old_tail = nlskb->tail; ++ nlh = NLMSG_PUT(nlskb, 0, 0, ULOG_NL_EVENT, size - sizeof(*nlh)); ++ pm = NLMSG_DATA(nlh); ++ ++ /* copy hook, prefix, timestamp, payload, etc. */ ++ ++ pm->data_len = (*pskb)->len; ++ pm->timestamp_sec = (*pskb)->stamp.tv_sec; ++ pm->timestamp_usec = (*pskb)->stamp.tv_usec; ++ pm->mark = (*pskb)->nfmark; ++ pm->hook = hooknum; ++ if (loginfo->prefix) ++ strcpy(pm->prefix, loginfo->prefix); ++ ++ if (in && !out) ++ { ++ if ((*pskb)->dev && (*pskb)->dev->hard_header_len > 0 ++ && (*pskb)->dev->hard_header_len <= ULOG_MAC_LEN) ++ { ++ memcpy(pm->mac, (*pskb)->mac.raw, (*pskb)->dev->hard_header_len); ++ pm->mac_len = (*pskb)->dev->hard_header_len; ++ } ++ ++ } ++/* ++ if (in) strcpy(pm->indev_name, in->name); ++ else pm->indev_name[0] = '\0'; ++*/ ++ if ((*pskb)->len) ++ memcpy(pm->payload, (*pskb)->data, (*pskb)->len); ++ nlh->nlmsg_len = nlskb->tail - old_tail; ++ NETLINK_CB(nlskb).dst_groups = loginfo->nl_group; ++ DEBUGP("ipt_ULOG: going to throw out a packet to netlink groupmask %u\n", loginfo->nl_group); ++ netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group, GFP_ATOMIC); ++ ++ return IPT_CONTINUE; ++ ++nlmsg_failure: ++ if (nlskb) ++ kfree(nlskb); ++ printk("ipt_ULOG: Error building netlink message\n"); ++ return IPT_CONTINUE; ++ ++} ++ ++static int ipt_ulog_checkentry( ++ const char *tablename, ++ const struct ipt_entry *e, ++ void *targinfo, ++ unsigned int targinfosize, ++ unsigned int hookmask) ++{ ++ return 1; ++} ++ ++ ++static struct ipt_target ipt_ulog_reg = ++ { { NULL, NULL }, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL, ++ THIS_MODULE }; ++ ++static int __init init(void) ++{ ++ DEBUGP("ipt_ULOG: init module\n"); ++ nflognl = netlink_kernel_create(NETLINK_NFLOG, nflog_rcv); ++ if (ipt_register_target(&ipt_ulog_reg)) ++ return -EINVAL; ++ ++ return 0; ++} ++ ++static void __exit fini(void) ++{ ++ DEBUGP("ipt_ULOG: cleanup_module\n"); ++ ipt_unregister_target(&ipt_ulog_reg); ++} ++ ++module_init(init); ++module_exit(fini); diff --git a/kernel-ULOG1-to-ULOG2.diff b/kernel-ULOG1-to-ULOG2.diff new file mode 100644 index 0000000..a690e05 --- /dev/null +++ b/kernel-ULOG1-to-ULOG2.diff @@ -0,0 +1,210 @@ +diff -Nru linux-2.4.0-test4-ulog1/include/linux/netfilter_ipv4/ipt_ULOG.h linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h +--- linux-2.4.0-test4-ulog1/include/linux/netfilter_ipv4/ipt_ULOG.h Mon Jul 31 13:31:51 2000 ++++ linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h Mon Jul 31 17:17:04 2000 +@@ -7,6 +7,7 @@ + struct ipt_ulog_info + { + unsigned int nl_group; ++ size_t copy_range; + char prefix[ULOG_PREFIX_LEN]; + }; + +diff -Nru linux-2.4.0-test4-ulog1/net/ipv4/netfilter/ipt_ULOG.c linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c +--- linux-2.4.0-test4-ulog1/net/ipv4/netfilter/ipt_ULOG.c Mon Jul 31 13:31:51 2000 ++++ linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c Mon Jul 31 13:41:57 2000 +@@ -4,6 +4,8 @@ + * (C) 2000 by Harald Welte + * + * Released under the terms of the GPL ++ * ++ * ipt_ULOG.c,v 1.4 2000/07/31 11:41:06 laforge Exp + */ + + #include +@@ -15,15 +17,17 @@ + #include + #include + #include ++#include + #include + #include ++#include + +-#define ULOG_NL_EVENT 111 /* Harald's favorite number */ ++#define ULOG_NL_EVENT 111 /* Harald's favorite number */ + + #if 0 + #define DEBUGP printk + #else +-#define DEBUGP(format, args ...) ++#define DEBUGP(format, args...) + #endif + + static struct sock *nflognl; +@@ -33,35 +37,38 @@ + printk("nflog_rcv: did receive netlink message ?!?\n"); + } + +-static unsigned int ipt_ulog_target( +- struct sk_buff **pskb, +- unsigned int hooknum, +- const struct net_device *in, +- const struct net_device *out, +- const void *targinfo, +- void *userinfo) ++static unsigned int ipt_ulog_target(struct sk_buff **pskb, ++ unsigned int hooknum, ++ const struct net_device *in, ++ const struct net_device *out, ++ const void *targinfo, void *userinfo) + { + ulog_packet_msg_t *pm; +- size_t size; ++ size_t size, copy_len; + struct sk_buff *nlskb; + unsigned char *old_tail; + struct nlmsghdr *nlh; +- struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *)targinfo; ++ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; + + /* calculate the size of the skb needed */ +- +- size = NLMSG_SPACE(sizeof(*pm) + (*pskb)->len); ++ if ((loginfo->copy_range == 0) || ++ (loginfo->copy_range > (*pskb)->len)) { ++ copy_len = (*pskb)->len; ++ } else { ++ copy_len = loginfo->copy_range; ++ } ++ size = NLMSG_SPACE(sizeof(*pm) + copy_len); + nlskb = alloc_skb(size, GFP_ATOMIC); + if (!nlskb) + goto nlmsg_failure; +- ++ + old_tail = nlskb->tail; + nlh = NLMSG_PUT(nlskb, 0, 0, ULOG_NL_EVENT, size - sizeof(*nlh)); + pm = NLMSG_DATA(nlh); +- ++ + /* copy hook, prefix, timestamp, payload, etc. */ + +- pm->data_len = (*pskb)->len; ++ pm->data_len = copy_len; + pm->timestamp_sec = (*pskb)->stamp.tv_sec; + pm->timestamp_usec = (*pskb)->stamp.tv_usec; + pm->mark = (*pskb)->nfmark; +@@ -70,52 +77,57 @@ + strcpy(pm->prefix, loginfo->prefix); + + if (in && in->hard_header_len > 0 +- && (*pskb)->mac.raw != (*pskb)->nh.iph ++ && (*pskb)->mac.raw != (void *) (*pskb)->nh.iph + && in->hard_header_len <= ULOG_MAC_LEN) { + memcpy(pm->mac, (*pskb)->mac.raw, in->hard_header_len); + pm->mac_len = in->hard_header_len; + } + +- if (in) strcpy(pm->indev_name, in->name); +- else pm->indev_name[0] = '\0'; ++ if (in) ++ strcpy(pm->indev_name, in->name); ++ else ++ pm->indev_name[0] = '\0'; ++ ++ if (out) ++ strcpy(pm->outdev_name, out->name); ++ else ++ pm->outdev_name[0] = '\0'; + +- if (out) strcpy(pm->outdev_name, out->name); +- else pm->outdev_name[0] = '\0'; +- +- if ((*pskb)->len) +- memcpy(pm->payload, (*pskb)->data, (*pskb)->len); ++ if (copy_len) ++ memcpy(pm->payload, (*pskb)->data, copy_len); + nlh->nlmsg_len = nlskb->tail - old_tail; + NETLINK_CB(nlskb).dst_groups = loginfo->nl_group; +- DEBUGP("ipt_ULOG: going to throw a packet to netlink groupmask %u\n", +- loginfo->nl_group); +- netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group, GFP_ATOMIC); ++ DEBUGP ++ ("ipt_ULOG: going to throw a packet to netlink groupmask %u\n", ++ loginfo->nl_group); ++ netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group, ++ GFP_ATOMIC); + + return IPT_CONTINUE; + +-nlmsg_failure: ++ nlmsg_failure: + if (nlskb) +- kfree(nlskb); ++ kfree(nlskb); + printk("ipt_ULOG: Error building netlink message\n"); + return IPT_CONTINUE; + } + +-static int ipt_ulog_checkentry( +- const char *tablename, +- const struct ipt_entry *e, +- void *targinfo, +- unsigned int targinfosize, +- unsigned int hookmask) ++static int ipt_ulog_checkentry(const char *tablename, ++ const struct ipt_entry *e, ++ void *targinfo, ++ unsigned int targinfosize, ++ unsigned int hookmask) + { +- struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *)targinfo; ++ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; + +- if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ulog_info))) { +- DEBUGP("ULOG: targinfosize %u != 0\n", targinfosize); +- return 0; +- } ++ if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ulog_info))) { ++ DEBUGP("ULOG: targinfosize %u != 0\n", targinfosize); ++ return 0; ++ } + +- if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') { ++ if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { + DEBUGP("ULOG: prefix term %i\n", +- loginfo->prefix[sizeof(loginfo->prefix)-1]); ++ loginfo->prefix[sizeof(loginfo->prefix) - 1]); + return 0; + } + +@@ -123,8 +135,9 @@ + } + + static struct ipt_target ipt_ulog_reg = +- { { NULL, NULL }, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL, +- THIS_MODULE }; ++ { {NULL, NULL}, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL, ++THIS_MODULE ++}; + + static int __init init(void) + { +@@ -134,7 +147,7 @@ + return -ENOMEM; + + if (ipt_register_target(&ipt_ulog_reg) != 0) { +- sock_release(nflognl->socket); ++ sock_release(nflognl->socket); + return -EINVAL; + } + +@@ -144,7 +157,7 @@ + static void __exit fini(void) + { + DEBUGP("ipt_ULOG: cleanup_module\n"); +- ++ + ipt_unregister_target(&ipt_ulog_reg); + sock_release(nflognl->socket); + } diff --git a/kernel/Makefile b/kernel/Makefile new file mode 100644 index 0000000..889a815 --- /dev/null +++ b/kernel/Makefile @@ -0,0 +1,8 @@ +CFLAGS = -D__KERNEL__ -march=i586 -DMODULE -DMODVERSIONS -include /usr/src/linux/include/linux/modversions.h -I/usr/src/linux/include -Wall -O2 -fomit-frame-pointer + + +ipt_ULOG.o: ipt_ULOG.c Makefile + gcc $(CFLAGS) -c ipt_ULOG.c + +clean: + rm -f *.o diff --git a/plain-2.4.0-to-ulog2.diff b/plain-2.4.0-to-ulog2.diff new file mode 100644 index 0000000..ab858ea --- /dev/null +++ b/plain-2.4.0-to-ulog2.diff @@ -0,0 +1,263 @@ +diff -Nru linux-2.4.0-test4-plain/Documentation/Configure.help linux-2.4.0-test4-work/Documentation/Configure.help +--- linux-2.4.0-test4-plain/Documentation/Configure.help Thu Jul 13 18:42:51 2000 ++++ linux-2.4.0-test4-work/Documentation/Configure.help Mon Jul 31 17:23:30 2000 +@@ -2010,6 +2010,16 @@ + If you want to compile it as a module, say M here and read + Documentation/modules.txt. If unsure, say `N'. + ++ULOG target support ++CONFIG_IP_NF_TARGET_ULOG ++ This option adds a `ULOG' target, which allows you to create rules in ++ any iptables table. The packet is passed to a userspace logging ++ daemon using netlink multicast sockets; unlike the LOG target ++ which can only be viewed through syslog. ++ ++ If you want to compile it as a module, say M here and read ++ Documentation/modules.txt. If unsure, say `N'. ++ + ipchains (2.2-style) support + CONFIG_IP_NF_COMPAT_IPCHAINS + This option places ipchains (with masquerading and redirection +diff -Nru linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h +--- linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h Thu Jan 1 01:00:00 1970 ++++ linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h Mon Jul 31 17:23:31 2000 +@@ -0,0 +1,29 @@ ++#ifndef _IPT_ULOG_H ++#define _IPT_ULOG_H ++ ++#define ULOG_MAC_LEN 80 ++#define ULOG_PREFIX_LEN 32 ++ ++struct ipt_ulog_info ++{ ++ unsigned int nl_group; ++ size_t copy_range; ++ char prefix[ULOG_PREFIX_LEN]; ++}; ++ ++typedef struct ulog_packet_msg ++{ ++ unsigned long mark; ++ long timestamp_sec; ++ long timestamp_usec; ++ unsigned int hook; ++ char indev_name[IFNAMSIZ]; ++ char outdev_name[IFNAMSIZ]; ++ size_t data_len; ++ char prefix[ULOG_PREFIX_LEN]; ++ unsigned char mac_len; ++ unsigned char mac[ULOG_MAC_LEN]; ++ unsigned char payload[0]; ++} ulog_packet_msg_t; ++ ++#endif /*_IPT_ULOG_H*/ +diff -Nru linux-2.4.0-test4-plain/include/linux/netlink.h linux-2.4.0-test4-work/include/linux/netlink.h +--- linux-2.4.0-test4-plain/include/linux/netlink.h Fri Aug 28 04:33:08 1998 ++++ linux-2.4.0-test4-work/include/linux/netlink.h Mon Jul 31 17:23:30 2000 +@@ -5,6 +5,7 @@ + #define NETLINK_SKIP 1 /* Reserved for ENskip */ + #define NETLINK_USERSOCK 2 /* Reserved for user mode socket protocols */ + #define NETLINK_FIREWALL 3 /* Firewalling hook */ ++#define NETLINK_NFLOG 4 /* Firewall logging */ + #define NETLINK_ARPD 8 + #define NETLINK_ROUTE6 11 /* af_inet6 route comm channel */ + #define NETLINK_IP6_FW 13 +diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in +--- linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in Mon Mar 27 20:35:56 2000 ++++ linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in Mon Jul 31 17:23:30 2000 +@@ -51,6 +51,7 @@ + dep_tristate ' MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE + fi + dep_tristate ' LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES ++ dep_tristate ' ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES + fi + + # Backwards compatibility modules: only if you don't build in the others. +diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile +--- linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile Mon Mar 27 20:35:56 2000 ++++ linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile Mon Jul 31 17:23:30 2000 +@@ -197,6 +197,14 @@ + endif + endif + ++ifeq ($(CONFIG_IP_NF_TARGET_ULOG),y) ++O_OBJS += ipt_ULOG.o ++else ++ ifeq ($(CONFIG_IP_NF_TARGET_ULOG),m) ++ M_OBJS += ipt_ULOG.o ++ endif ++endif ++ + ifeq ($(CONFIG_IP_NF_COMPAT_IPCHAINS),y) + O_OBJS += ipchains_core.o $(IP_NF_COMPAT_LAYER) + else +diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c +--- linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c Thu Jan 1 01:00:00 1970 ++++ linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c Mon Jul 31 17:23:31 2000 +@@ -0,0 +1,166 @@ ++/* ++ * netfilter module for userspace packet logging daemons ++ * ++ * (C) 2000 by Harald Welte ++ * ++ * Released under the terms of the GPL ++ * ++ * ipt_ULOG.c,v 1.4 2000/07/31 11:41:06 laforge Exp ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define ULOG_NL_EVENT 111 /* Harald's favorite number */ ++ ++#if 0 ++#define DEBUGP printk ++#else ++#define DEBUGP(format, args...) ++#endif ++ ++static struct sock *nflognl; ++ ++static void nflog_rcv(struct sock *sk, int len) ++{ ++ printk("nflog_rcv: did receive netlink message ?!?\n"); ++} ++ ++static unsigned int ipt_ulog_target(struct sk_buff **pskb, ++ unsigned int hooknum, ++ const struct net_device *in, ++ const struct net_device *out, ++ const void *targinfo, void *userinfo) ++{ ++ ulog_packet_msg_t *pm; ++ size_t size, copy_len; ++ struct sk_buff *nlskb; ++ unsigned char *old_tail; ++ struct nlmsghdr *nlh; ++ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; ++ ++ /* calculate the size of the skb needed */ ++ if ((loginfo->copy_range == 0) || ++ (loginfo->copy_range > (*pskb)->len)) { ++ copy_len = (*pskb)->len; ++ } else { ++ copy_len = loginfo->copy_range; ++ } ++ size = NLMSG_SPACE(sizeof(*pm) + copy_len); ++ nlskb = alloc_skb(size, GFP_ATOMIC); ++ if (!nlskb) ++ goto nlmsg_failure; ++ ++ old_tail = nlskb->tail; ++ nlh = NLMSG_PUT(nlskb, 0, 0, ULOG_NL_EVENT, size - sizeof(*nlh)); ++ pm = NLMSG_DATA(nlh); ++ ++ /* copy hook, prefix, timestamp, payload, etc. */ ++ ++ pm->data_len = copy_len; ++ pm->timestamp_sec = (*pskb)->stamp.tv_sec; ++ pm->timestamp_usec = (*pskb)->stamp.tv_usec; ++ pm->mark = (*pskb)->nfmark; ++ pm->hook = hooknum; ++ if (loginfo->prefix) ++ strcpy(pm->prefix, loginfo->prefix); ++ ++ if (in && in->hard_header_len > 0 ++ && (*pskb)->mac.raw != (void *) (*pskb)->nh.iph ++ && in->hard_header_len <= ULOG_MAC_LEN) { ++ memcpy(pm->mac, (*pskb)->mac.raw, in->hard_header_len); ++ pm->mac_len = in->hard_header_len; ++ } ++ ++ if (in) ++ strcpy(pm->indev_name, in->name); ++ else ++ pm->indev_name[0] = '\0'; ++ ++ if (out) ++ strcpy(pm->outdev_name, out->name); ++ else ++ pm->outdev_name[0] = '\0'; ++ ++ if (copy_len) ++ memcpy(pm->payload, (*pskb)->data, copy_len); ++ nlh->nlmsg_len = nlskb->tail - old_tail; ++ NETLINK_CB(nlskb).dst_groups = loginfo->nl_group; ++ DEBUGP ++ ("ipt_ULOG: going to throw a packet to netlink groupmask %u\n", ++ loginfo->nl_group); ++ netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group, ++ GFP_ATOMIC); ++ ++ return IPT_CONTINUE; ++ ++ nlmsg_failure: ++ if (nlskb) ++ kfree(nlskb); ++ printk("ipt_ULOG: Error building netlink message\n"); ++ return IPT_CONTINUE; ++} ++ ++static int ipt_ulog_checkentry(const char *tablename, ++ const struct ipt_entry *e, ++ void *targinfo, ++ unsigned int targinfosize, ++ unsigned int hookmask) ++{ ++ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; ++ ++ if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ulog_info))) { ++ DEBUGP("ULOG: targinfosize %u != 0\n", targinfosize); ++ return 0; ++ } ++ ++ if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { ++ DEBUGP("ULOG: prefix term %i\n", ++ loginfo->prefix[sizeof(loginfo->prefix) - 1]); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static struct ipt_target ipt_ulog_reg = ++ { {NULL, NULL}, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL, ++THIS_MODULE ++}; ++ ++static int __init init(void) ++{ ++ DEBUGP("ipt_ULOG: init module\n"); ++ nflognl = netlink_kernel_create(NETLINK_NFLOG, nflog_rcv); ++ if (!nflognl) ++ return -ENOMEM; ++ ++ if (ipt_register_target(&ipt_ulog_reg) != 0) { ++ sock_release(nflognl->socket); ++ return -EINVAL; ++ } ++ ++ return 0; ++} ++ ++static void __exit fini(void) ++{ ++ DEBUGP("ipt_ULOG: cleanup_module\n"); ++ ++ ipt_unregister_target(&ipt_ulog_reg); ++ sock_release(nflognl->socket); ++} ++ ++module_init(init); ++module_exit(fini); diff --git a/ulogd/Makefile b/ulogd/Makefile new file mode 100644 index 0000000..9cb52f6 --- /dev/null +++ b/ulogd/Makefile @@ -0,0 +1,33 @@ +# Path of libipulog (from iptables) +LIBIPULOG=../libipulog + +# Names of the plugins to be compiled +ULOGD_SL:=BASE OPRINT + + +# Normally You should not need to change anything below +# +CC = gcc +CFLAGS = -I. -I$(LIBIPULOG)/include -g -Wall +SH_CFLAGS:=$(CFLAGS) -fPIC + +SHARED_LIBS+=$(foreach T,$(ULOGD_SL),extensions/ulogd_$(T).so) + +all: $(SHARED_LIBS) ulogd + +$(SHARED_LIBS): %.so: %_sh.o + ld -shared -o $@ $< + +%_sh.o: %.c + gcc $(SH_CFLAGS) -o $@ -c $< + +ulogd: ulogd.c ../libipulog/libipulog.a ulogd.h + $(CC) $(CFLAGS) -rdynamic -ldl -i ulogd.c $(LIBIPULOG)/libipulog.a -o ulogd + +clean: + rm -f ulogd extensions/*.o extensions/*.so + +install: all + mkdir -p /usr/local/lib/ulogd && cp extensions/*.so /usr/local/lib/ulogd + cp ulogd /usr/local/sbin + diff --git a/ulogd/README b/ulogd/README new file mode 100644 index 0000000..4d0870b --- /dev/null +++ b/ulogd/README @@ -0,0 +1,39 @@ +===> CONECEPT + +I want to write a flexible, almost universal logging daemon for my netfilter +ULOG target. These are my thoughts about how the architecture which is most capable of doing that: + +1. Interpreter lugins + +It should be possible to add plugins / runtime modules for new protocols, etc. +For example the standard logging daemon provides source-ip, dest-ip, +source-port, dest-port, etc. Logging for variuos other protocols (GRE, +IPsec, ...) may be implemented as modules. + +2. Output plugins +... describe how and where to put the information gained by logging plugins. +The easiest way is to build a line per packet and fprint it to a file. +Some people might want to log into a SQL database or want an output +conforming to the intrusion detection systems communication draft from the +ietf. + + +===> DETAILS + +The major clue is providing a framework which is as flexible as possible. +Nobody knows what strange network protocols are out there :) Flexibility +depends on the communication between the output of the logging plugins +and input of the output plugins. + +Rusty advised me to use some kind of type-key-value triples, but I think +this is the total overkill and is too complicated for me to implement it +in a reasonable short period of time. (3 hours later) Hmm... Rusty finally +convinced me to use linked lists of type-key-value triples - and it wasn't +that difficult. + +===> INSTALLATION + +Just copy the plugins into /usr/local/lib/ulogd and the ulogd to wherever +You want it to be. + +===> diff --git a/ulogd/libipulog/Makefile b/ulogd/libipulog/Makefile new file mode 100644 index 0000000..e737363 --- /dev/null +++ b/ulogd/libipulog/Makefile @@ -0,0 +1,14 @@ +CC = gcc +CFLAGS = -I./include # -g + +ulog_test: ulog_test.c libipulog.a + $(CC) $(CFLAGS) -i ulog_test.c libipulog.a -o ulog_test + +libipulog.o: libipulog.c + $(CC) $(CFLAGS) -c libipulog.c -o libipulog.o + +libipulog.a: libipulog.o + ld -i libipulog.o -o libipulog.a + +clean: + rm -f ulog_test libipulog.o libipulog.a diff --git a/ulogd/libipulog/include/libipulog/libipulog.h b/ulogd/libipulog/include/libipulog/libipulog.h new file mode 100644 index 0000000..9f920dd --- /dev/null +++ b/ulogd/libipulog/include/libipulog/libipulog.h @@ -0,0 +1,30 @@ +#ifndef _LIBIPULOG_H +#define _LIBIPULOG_H + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +struct ipulog_handle; + +u_int32_t ipulog_group2gmask(u_int32_t group); + +struct ipulog_handle *ipulog_create_handle(u_int32_t gmask); + +void ipulog_destroy_handle(struct ipulog_handle *h); + +ssize_t ipulog_read(struct ipulog_handle *h, + unsigned char *buf, size_t len, int timeout); + +ulog_packet_msg_t *ipulog_get_packet(const unsigned char *buf); + +void ipulog_perror(const char *s); + +#endif /* _LIBULOG_H */ -- cgit v1.2.3