| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch removes the IPFIX from the Makefile. Thus, we keep
it in the tree in the hope that we'll have time to finish it
in the future but don't compile it. This confuses users since
they think that it works.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
With this patch, we copy the conntrack object that we propagate
to the output plugin instances *only once*.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a bug that makes ulogd loops forever while
propagating inputs to the output plugin. It is reproducible
if you re-use three or more plugin instances. The problem is
that the parameters in the list addition are in incorrect
order.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a problem in configurations that use the NFCT
plugin as input in several stacks. The first plugin loaded contains
the hashtable and other important NFCT private data. Other plugin
instances of NFCT are dummies that are only used to store the
output keys.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch adds an infix to the XML file to avoid problems if we are
logging packets and flows at the same time. Thus, we create two
different XML files whose filename describes the sort of logging
information that it contains. It is also useful when listing files
at a quick sight.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This feature is useful for log-rotation.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch adds XML that allows to log information in XML for
ulogd2. It supports packet and flow-based accounting.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch fixes the following error that is displayed if we send
SIGHUP to reopen the logfile:
ulogd.c:904 select says Interrupted system call
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This patch fixes a crash if the output file was not correctly opened.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch is a cleanup to use ARRAY_SIZE in NFLOG and ULOG input
plugins.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ulogd2 from git won't start using filter IP2BIN. It gives the following error
message in the log:
<1> ulogd.c:670 traversing plugin `IP2BIN'
<1> ulogd.c:627 log4(NFLOG)
<1> ulogd.c:733 assigning `oob.family(?)' as source for IP2BIN(oob.family)
<7> ulogd.c:727 cannot find key `' in stack
<1> ulogd.c:863 destroying stack
Filling up ip2bin_inp[] declaration with missing section in
filter/ulogd_filter_IP2BIN.c solves the problem:
Signed-off-by: Christophe Fish <christophe.fish@free.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch fixes a feature that allows to force the logging of
the existing entries and reset the counters.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch fixes the number of options in NFCT that is
actually 8, not 7.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch splits event_handler into two functions:
event_handler_hashtable and event_handler_no_hashtable.
Thus, we register the appropriate handler during the
initialization time. This patch is a cleanup.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch replaces the existing hashtable implementation with
a newer that provide better performance since it reduces the
number of hash computations.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support for poll-based logging. Basically,
ulogd polls from the kernel periodically to log entries. You
can use the `pollinterval' option in the configuration file to
set the polling period.
This patch changes the current behaviour of `pollinterval'
that allowed to mix both the event-driven logging with
polling periodically from the kernel. I have tried to look
for anyone in google (and asking Eric Leblond) using this
feature but I found noone.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch cleans up the destructor and the destructor functions
in the NFCT plugin. I know, this patch isn't easy to review
because it includes too many changes in one.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
Create views using the ip_protocol field (and not the oob_family).
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
|
|
|
|
|
|
| |
Remove Debian packaging files, it is easier to maintain the packaging
files outside of the sources.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
|
|
|
|
|
|
|
|
| |
This patch is a preliminary fix for the yet-unfinished IPFIX
support. This patch resolves a couple of bugs that made ulogd
crash and a couple of missing symbols that didn't allow to
use this plugin in the configuration file.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch remove -lpthread that was introduced time ago to
workaround a problem in gdb.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch reduces the verbosity of the log messages that report
netlink overruns.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch adds `netlink_resync_timeout' that allows you to set
the number of seconds that we wait to perform a resynchronization
due to a netlink overrun. This patch changes the default timeout
from 2 to 60 seconds (less agressive).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
With this patch, we schedule one resynchronization against the
kernel conntrack table that will occur in two seconds (still
we need a patch to make this configurable). Before this, we
scheduled a resynchronization for every overrun, that is very
bad in a scenario in which overruns occurs very frequently.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch fixes a NULL dereference to the timestamp structure when
hashtable_add() fails, for example, because the hashtable is full.
Reported-by: Bernhard Schmidt <berni@birkenwald.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This reverts commit 0ff525cb0506b2c043bc9df6d7e7b486c865bc38. A stable
and clean API should be provided if we choose to offer for external
module capability.
|
|
|
|
|
| |
This patch documents the "procedure" option in the database
plugin configurations.
|
|
|
|
|
|
|
| |
When procedure begins with INSERT* (without space), it considers it as an
INSERT statement.
Signed-off-by: Romain Bignon <romain@inl.fr>
|
|
|
|
|
| |
This patch modifies the procedure name parsing to be able to specify a
complete INSERT command.
|
|
|
|
|
|
|
|
|
|
| |
Split the 'resolve keys' step in two parts: first call the configure
fonction for all plugins (in reverse order), then loop again
to resolve the keys.
This allows dynamic construction of the input and output keys, even
for filter plugins.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
|
|
|
|
| |
This patch modifies Makefile.am to install the headers needed for
compilation of plugins outside of the source tree.
|
|
|
|
|
| |
This patch adds config.h inclusion in ulogd.h to be able to use all
defined value in the whole project.
|
|
|
|
| |
This patches frees an allocated buffer when ulogd is quitting.
|
|
|
|
|
| |
This patch adds support for AF_BRIDGE family. It synchronizes code of
IP2BIN module with the one of IP2STR.
|
|
|
|
|
| |
This patch suppresses all allocation and use a statically
created array instead.
|
|
|
|
|
| |
This patch suppresses explicit allocation and free for each packet and use
a statically created array instead.
|
|
|
|
|
| |
This patch suppresses explicit allocation and free for each packet
and use a statically created array instead.
|
|
|
|
|
| |
This patch modifies the interp function to avoid to do an explicit
allocation of memory.
|
|
|
|
|
| |
Timeout unit is 10ms and not 1ms. This patch fixes an invalid comment
in the configuration file.
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
This patch deletes the overrun timer in the destructor function.
|
|
|
|
|
| |
The oob_protocol does not fit into a smallint (IPv6 case for example).
This patch switches the length of the related field to an integer.
|
|
|
|
|
| |
This patch adds support for setting NFLOG threshold and timeout
from ulogd.
|
|
|
|
| |
This patch affect type and flag to PCAP input key.
|
|
|
|
|
| |
This patch adds a "optional" keyword to description of input key which are
optional when --info is used to dump information about a plugin.
|
|
|
|
|
| |
This patch fixes autotools warning about deprecated usage of INCLUDES in
Makefile.am.
|
|
|
|
|
|
|
| |
Some constructs in there are old-fashioned. Replace them by their
modern counterparts.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
| |
libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.ac and
libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.
libtoolize: Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|