diff options
author | laforge <laforge> | 2000-08-10 11:45:49 +0000 |
---|---|---|
committer | laforge <laforge> | 2000-08-10 11:45:49 +0000 |
commit | 36b5562a3fa5f7e3f5990567c0c7d5b5b401dd1a (patch) | |
tree | 41aa2e037555362c319a69cb46b596ea0b2fb0da | |
parent | f9b17cad817b6770cb68f3e13d326ed74dbf07c6 (diff) |
Initial revision
-rw-r--r-- | Makefile | 33 | ||||
-rw-r--r-- | README | 39 | ||||
-rw-r--r-- | libipulog/Makefile | 14 | ||||
-rw-r--r-- | libipulog/include/libipulog/libipulog.h | 30 |
4 files changed, 116 insertions, 0 deletions
diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..9cb52f6 --- /dev/null +++ b/Makefile @@ -0,0 +1,33 @@ +# Path of libipulog (from iptables) +LIBIPULOG=../libipulog + +# Names of the plugins to be compiled +ULOGD_SL:=BASE OPRINT + + +# Normally You should not need to change anything below +# +CC = gcc +CFLAGS = -I. -I$(LIBIPULOG)/include -g -Wall +SH_CFLAGS:=$(CFLAGS) -fPIC + +SHARED_LIBS+=$(foreach T,$(ULOGD_SL),extensions/ulogd_$(T).so) + +all: $(SHARED_LIBS) ulogd + +$(SHARED_LIBS): %.so: %_sh.o + ld -shared -o $@ $< + +%_sh.o: %.c + gcc $(SH_CFLAGS) -o $@ -c $< + +ulogd: ulogd.c ../libipulog/libipulog.a ulogd.h + $(CC) $(CFLAGS) -rdynamic -ldl -i ulogd.c $(LIBIPULOG)/libipulog.a -o ulogd + +clean: + rm -f ulogd extensions/*.o extensions/*.so + +install: all + mkdir -p /usr/local/lib/ulogd && cp extensions/*.so /usr/local/lib/ulogd + cp ulogd /usr/local/sbin + @@ -0,0 +1,39 @@ +===> CONECEPT + +I want to write a flexible, almost universal logging daemon for my netfilter +ULOG target. These are my thoughts about how the architecture which is most capable of doing that: + +1. Interpreter lugins + +It should be possible to add plugins / runtime modules for new protocols, etc. +For example the standard logging daemon provides source-ip, dest-ip, +source-port, dest-port, etc. Logging for variuos other protocols (GRE, +IPsec, ...) may be implemented as modules. + +2. Output plugins +... describe how and where to put the information gained by logging plugins. +The easiest way is to build a line per packet and fprint it to a file. +Some people might want to log into a SQL database or want an output +conforming to the intrusion detection systems communication draft from the +ietf. + + +===> DETAILS + +The major clue is providing a framework which is as flexible as possible. +Nobody knows what strange network protocols are out there :) Flexibility +depends on the communication between the output of the logging plugins +and input of the output plugins. + +Rusty advised me to use some kind of type-key-value triples, but I think +this is the total overkill and is too complicated for me to implement it +in a reasonable short period of time. (3 hours later) Hmm... Rusty finally +convinced me to use linked lists of type-key-value triples - and it wasn't +that difficult. + +===> INSTALLATION + +Just copy the plugins into /usr/local/lib/ulogd and the ulogd to wherever +You want it to be. + +===> diff --git a/libipulog/Makefile b/libipulog/Makefile new file mode 100644 index 0000000..e737363 --- /dev/null +++ b/libipulog/Makefile @@ -0,0 +1,14 @@ +CC = gcc +CFLAGS = -I./include # -g + +ulog_test: ulog_test.c libipulog.a + $(CC) $(CFLAGS) -i ulog_test.c libipulog.a -o ulog_test + +libipulog.o: libipulog.c + $(CC) $(CFLAGS) -c libipulog.c -o libipulog.o + +libipulog.a: libipulog.o + ld -i libipulog.o -o libipulog.a + +clean: + rm -f ulog_test libipulog.o libipulog.a diff --git a/libipulog/include/libipulog/libipulog.h b/libipulog/include/libipulog/libipulog.h new file mode 100644 index 0000000..9f920dd --- /dev/null +++ b/libipulog/include/libipulog/libipulog.h @@ -0,0 +1,30 @@ +#ifndef _LIBIPULOG_H +#define _LIBIPULOG_H + +#include <errno.h> +#include <unistd.h> +#include <fcntl.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/uio.h> +#include <asm/types.h> +#include <linux/netlink.h> +#include <net/if.h> +#include <linux/netfilter_ipv4/ipt_ULOG.h> + +struct ipulog_handle; + +u_int32_t ipulog_group2gmask(u_int32_t group); + +struct ipulog_handle *ipulog_create_handle(u_int32_t gmask); + +void ipulog_destroy_handle(struct ipulog_handle *h); + +ssize_t ipulog_read(struct ipulog_handle *h, + unsigned char *buf, size_t len, int timeout); + +ulog_packet_msg_t *ipulog_get_packet(const unsigned char *buf); + +void ipulog_perror(const char *s); + +#endif /* _LIBULOG_H */ |