| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Move a `ULOGD_RET_BOOL` case for consistency.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
| |
By using `okey_set_u128` we keep track of the address size and
downstream plug-ins can distinguish the address family.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
Keys of type `ULOGD_RET_IPADDR` may be ipv4 or ipv6. ARP protocol
addresses are 32-bits (i.e., ipv4). By using `okey_set_u32` we keep
track of the size and allow downstream plug-ins to handle them
correctly.
Reported-by: Robert O'Brien <robrien@foxtrot-research.com>
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
| |
Everywhere else ipv4 addresses are left in NBO until output. The only
exception is the IP2HBIN filter, which is explicitly intended to convert
from NBO to HBO.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
| |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Three of the filter plug-ins define arrays to hold output key values.
The arrays are sized based on the values of enums. For example:
enum output_keys {
KEY_MAC_TYPE,
KEY_MAC_PROTOCOL,
KEY_MAC_SADDR,
START_KEY = KEY_MAC_SADDR,
KEY_MAC_DADDR,
KEY_MAC_ADDR,
MAX_KEY = KEY_MAC_ADDR,
};
static char hwmac_str[MAX_KEY - START_KEY][HWADDR_LENGTH];
The arrays are indexed by subtracting `START_KEY` from the enum value of
the key currently being processed: `hwmac_str[okey - START_KEY]`.
However, this means that the last key (`KEY_MAC_ADDR` in this example)
will run off the end of the array. Increase the size of the arrays.
In the case of `IP2BIN` and `IP2HBIN`, there is no overrun, but only
because they use the wrong upper bound when looping over the keys, and
thus don't assign a value to the last key. Correct the bound.
Also some small white-space tweaks.
Link: https://bugzilla.netfilter.org/show_bug.cgi?id=890
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There are a couple of instances of allocating memory with `malloc`,
followed by copying a string to it with `strncpy` and adding an explicit
assignment of `\0` to terminate the string. Replace them with
`strndup`.
Add an enum to name indices of output keys.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
We don't need to initialize `type`, and even if we did the right value
would be `ARPHDR_VOID`, not `0`, which is a valid MAC type
(`ARPHDR_NETROM`).
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, in `interp_mac2str` we have:
if (/* KEY_RAW_MAC is valid */) {
/*
* set mac type
*/
}
if (/* mac type is ethernet */)
// parse ethernet
if (/* KEY_RAW_MAC is not valid */)
// return early.
The MAC type will not be set to ethernet unless KEY_RAW_MAC is valid,
so we can move the last check up and drop the first one:
if (/* KEY_RAW_MAC is not valid */)
// return early.
/*
* set mac type
*/
if (/* mac type is ethernet */)
// parse ethernet
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `interp_mac2str` function concludes with a `switch` followed by a
`return` statement.
The `switch` has one case falling through to a default:
switch (expr) {
case X:
// ... X code ...
default:
// ... default code ...
}
This is equivalent to the simpler and more readily comprehensible:
if (expr == X) {
// ... X code ...
}
// ... default code ...
Replace the former with the latter.
Doing so makes it obvious that the following `return` statement is never
reached. Remove it.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
| |
Move `${regular_CFLAGS}` from configure.ac to Make_global.am, renaming
it to `AM_CFLAGS`. Add `AM_CPPFGLAGS` to include
`$(top_srcdir)/include`. Include the new file in the Makefiles that
require it.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
The only file in filter/packet2flow is an empty Makefile.am. Remove it.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Timon Ulrich <t.ulrich@anapur.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Declaring a function inline and building with -O0 was causing the
following message:
undefined symbol: uint32_to_ipv6
By declaring the function as static we fix the problem.
|
| |
|
|
|
|
|
|
|
|
|
| |
If ipv4 packet is truncated, we should not try to dereference the
iph pointer. Otherwise, if the user add such iptables rules
"-j NFLOG --nflog-size 0", we will dereference the NULL pointer
and crash may happen.
Reported-by: Chris Caputo <ccaputo@alt.net>
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Felix Janda <felix.janda@posteo.de>
|
| |
|
|
|
|
|
|
| |
The source uses linux names for members of tcphdr. For example
"source" instead of "th_sport", ... musl libc's headers need
_GNU_SOURCE defined in order to expose these.
Signed-off-by: Felix Janda <felix.janda@posteo.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds storage for CIM field name in ulogd key. This
will be used by JSON output to interoperate with logging
collector such as logstash or splunk.
Common Information Model is an open standard that defines how managed
elements in an IT environment are represented as a common set of objects
and relationships between them:
http://www.dmtf.org/standards/cim
This seems to be mainly XML based but there is a JSON version of some
aspects of the model. One of the main documentation on CIM in JSON
format seems to be:
http://docs.splunk.com/Documentation/PCI/2.0/DataSource/CommonInformationModelFieldReference
Using the correct CIM field name allow events coming from ulogd to be
correlated with events coming from other sources.
|
| | |
|
| |
|
|
| |
This patch also update some copyright and licence declaration.
|
| |
|
|
|
| |
Rename internal keyname ip6.payload_len to remove "_"
to facilitate this.
|
| |
|
|
| |
Mask should be applied after ntohl conversion.
|
| |
|
|
|
|
|
|
| |
The flags retrieved from `pkg-config --cflags ...` are generally only
preprocessor flags (mostly -I to point to the directories), since
anything else would inconvenience downstream users.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
|
| |
|
|
|
|
|
| |
ulogd_filter_IP2HBIN.c: In function 'interp_ip2hbin':
ulogd_filter_IP2HBIN.c:122:6: warning: unused variable 'fret' [-Wunused-variable]
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
It was wrong, use VERSION constant which uses the version
information available in configure.ac.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This fixes the following problem while running `autoreconf -fi`
`pkglibexecdir' is not a legitimate directory for `LTLIBRARIES'
variable `ulogd_filter_PRINTPKT_la_SOURCES' is defined but no program or
library has `ulogd_filter_PRINTPKT_la' as canonical name (possible typo)
Signed-off-by: Björn Lässig <laessig@bitformer.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
The plugin converts the IPv4 addresses to host order for databases
like MySQL. The expected name of the table fields are ip.hsaddr,
ip.hdaddr, etc.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
| |
|
|
|
|
|
| |
This is important for when the libraries are in a non-default path.
Also, libs must be listed in LDADD/LIBADD, not LDFLAGS.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
| |
Modules - since they are dependent on the executable - generally go to
libexec/.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
| |
It is 1 by definition.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
|
| |
We must not override CFLAGS, because that will break when the user
overrides CFLAGS again at make time (which he is entitled to). So,
name our CFLAGS regular_CFLAGS, and also include that across all
Makefiles so that they are actually uesd for all the code.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
| |
This patch fixes the HWHDR plugin. The logic of the interaction with
exiting plugin was not correctly coded and this was leading to crashes
due to the lack of sanity check.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ulogd2 from git won't start using filter IP2BIN. It gives the following error
message in the log:
<1> ulogd.c:670 traversing plugin `IP2BIN'
<1> ulogd.c:627 log4(NFLOG)
<1> ulogd.c:733 assigning `oob.family(?)' as source for IP2BIN(oob.family)
<7> ulogd.c:727 cannot find key `' in stack
<1> ulogd.c:863 destroying stack
Filling up ip2bin_inp[] declaration with missing section in
filter/ulogd_filter_IP2BIN.c solves the problem:
Signed-off-by: Christophe Fish <christophe.fish@free.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
This patch adds support for AF_BRIDGE family. It synchronizes code of
IP2BIN module with the one of IP2STR.
|
| |
|
|
|
| |
This patch suppresses all allocation and use a statically
created array instead.
|
| |
|
|
|
| |
This patch suppresses explicit allocation and free for each packet and use
a statically created array instead.
|
| |
|
|
|
| |
This patch suppresses explicit allocation and free for each packet
and use a statically created array instead.
|
| |
|
|
|
| |
This patch modifies the interp function to avoid to do an explicit
allocation of memory.
|
| |
|
|
|
| |
This patch fixes autotools warning about deprecated usage of INCLUDES in
Makefile.am.
|
| |
|
|
|
|
|
| |
The modules are pretty much bound to ulogd, and it does not seem
to make sense to specially version these.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
| |
This patch fixes a incorrect computing of the allocation size
of a string.
|
| |
|
|
|
| |
Signed-off-by: Thomas Jacob <jacob@internet24.de>
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
| |
THis patch adds basic support for SCTP in the BASE plugin.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
|
|
| |
This patch cleans up the current key assignation by introducing a
set of functions ukey_* to set the key value as Eric Leblond and
we discussed during the latest Netfilter Workshop. This patch is
based on an idea from Holger Eitzenberger.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
|
|
| |
When len is 0 (for ex. when the input mac is NULL), parse_mac2str tries
to calloc a 0-bytes bloc, which leads to a conditional jump based
on uninitialized value (spotted by valgrind).
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
| |
MAC2STR has been renamed to HWHDR.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This fixes a segfault when RAW_MAC key is NULL in MAC2STR plugin.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
This patch fixes the warning related to signed and unsigned comparaison.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
|
|
| |
This patch fixes some gcc warnings:
* Unused variables
* Functions with wrong return (or without return)
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
