Jan Engelhardt [Tue, 20 Jan 2009 11:05:54 +0000 (12:05 +0100)]
build: resolve autotools suggestions to use AC_CONFIG_MACRO_DIR
libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.ac and
libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.
libtoolize: Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
This patch allows to connect to the server using the local (unix) socket,
thus not using a network socket and SSL encryption.
Local connection is used if host parameter is omitted or empty.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
If the procedure name specified in configuration is INSERT, than use
a regular insertion instead of a stored procedure.
This should be used when performance is needed, with a flat SQL schema,
to reduce the cost of SQL procedure calls.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Eric Leblond [Sun, 4 Jan 2009 22:29:50 +0000 (23:29 +0100)]
Add variable to force binding of nfnetlink_log.
This patch updates the behaviour of the NFLOG input plugin to fix an
issue related to kernel older than 2.6.29. The call to nflog_bind_pf()
that can be necessary to receive packet from the nfnetlink_log was only
done if the used group was 0 (system logging). This is logic for the
newest kernel (NFLOG really sends message to nfnetlink_log and not to
the nf_log logger). But this is unsufficient for older one. By forcing
the binding with the new configuration variable bind, it is now possible
to trigger the binding from the ulogd2 configuration file. This gives
users a way to be sure that ulogd will receive packets if the NFLOG
input plugin is used.
Eric Leblond [Sun, 30 Nov 2008 20:06:46 +0000 (21:06 +0100)]
Add valgrind compilation option.
Valgrind messages are obscur when the plugins are unloaded. This patch
adds a macro that can be used to desactivate unloading. To use it, you
have to specify 'CPPFLAGS=-DDEBUG_VALGRIND' on configure line.
Eric Leblond [Sat, 29 Nov 2008 23:58:00 +0000 (00:58 +0100)]
Call pluginstance stop function when exiting
The stop function of plugin was not called when ulogd2 was
preparing to quit. This patch adds a call to stop for all
plugins in each stack and free pluginstance.
Eric Leblond [Mon, 20 Oct 2008 16:42:12 +0000 (18:42 +0200)]
Document group 0 usage and suppress address_family
Document the fact that group 0 is used by system logging and
update stack and plugin definition to match the suppression
of the address_family variable.
Eric Leblond [Tue, 21 Oct 2008 07:35:20 +0000 (09:35 +0200)]
Get rid of addressfamily variable in NFLOG input plugin
The addressfamily configuration variable for NFLOG is used as param
for nflog_bind_pf. This function is used to claim the fetching of
kernel message sent via nf_log_packet() function.
As all kernel messages are sent to the group 0, it is useless to
call nflog_bind_pf when nflog group of the input plugin is not 0.
Furthermore, as only one plugin can be bound to nflog group 0, it
is mandatory to call nflog_bind_pf for all pf family when the group
is 0.
To sum up, this patch suppress the adressfamily parameter (which
simplify the configuration file) and call nflog_bind_pf for all
pf family when the nflog group of the instance is 0.
Eric Leblond [Mon, 20 Oct 2008 17:05:15 +0000 (19:05 +0200)]
Modify usage of nflog_bind_pf function.
The nflog_bind_pf function was called for each NFLOG instance. This patch
modifies the behaviour to have it call if and only if the nfgroup is set
to 0. As the kernel uses only the 0 group to output subsystem messages,
this change clarify the situation.
This patch cleans up the current key assignation by introducing a
set of functions ukey_* to set the key value as Eric Leblond and
we discussed during the latest Netfilter Workshop. This patch is
based on an idea from Holger Eitzenberger.
libdbi implements a database-independent abstraction layer in C, similar to
the DBI/DBD layer in Perl.
This module brings support for all database types supported by libdbi.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr> Signed-off-by: Eric Leblond <eric@inl.fr>
When len is 0 (for ex. when the input mac is NULL), parse_mac2str tries
to calloc a 0-bytes bloc, which leads to a conditional jump based
on uninitialized value (spotted by valgrind).
Signed-off-by: Pierre Chifflier <chifflier@inl.fr> Signed-off-by: Eric Leblond <eric@inl.fr>
Eric Leblond [Thu, 11 Sep 2008 22:18:22 +0000 (00:18 +0200)]
config: remove obsolete global variables
'rmem' and 'bufsize' global variables are unherited from ulogd1
and are not used anymore. This patch suppresses them from the
example configuration file.
Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Fri, 1 Aug 2008 08:32:13 +0000 (10:32 +0200)]
compilation: set -Wno-ununused-parameter in CFLAGS
This patch adds the "-Wno-unused-parameter" option to CFLAGS. This
suppress gcc warning that can not be fixed due to the usage of generic system
like callback where function definition has to be standardized.
Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Tue, 29 Jul 2008 10:08:19 +0000 (12:08 +0200)]
MAC2STR: add support for the new RAW MAC keys
This patch modifies MAC2STR to use the new MAC keys that gives us more
accurate information to parse the link layer header. This patch also
does some probing based on the header and field size in the case of
ULOG (since we do not have enough information to perform accurate
parsing).
Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Tue, 29 Jul 2008 09:49:24 +0000 (11:49 +0200)]
NFLOG: get full link layer header (requires >= 2.6.27)
This patch modifies the key structure of NFLOG. It solves the conflict
between ULOG and NFLOG by ensuring that keys have the same meaning:
* raw.mac is the full hardware header
* raw.mac.saddr is the source hardware address
Following Patrick suggestion, it adds a new key "raw.type" which is
used to store the type of hardware.
Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Wed, 18 Jun 2008 15:39:37 +0000 (17:39 +0200)]
Fix NFCT/NFLOG plugin compilation when libraries use non-standard prefix.
Fixes compilation of NFLOG and NFCT plugin when libnetfilter libraries
are installed under a non standard prefix. Include path and libs path
for libnetfilter_conntrack and libnetfilter_log were not correctly set even
if pkg-config found them.
Pierre Chifflier [Thu, 12 Jun 2008 09:45:28 +0000 (11:45 +0200)]
Store MAC in SQL databases only once
This patch modifies the SQL schema for MySQL and PostgreSQL to store
the mac address only once (instead of duplicating the mac address for
each packet). This is done by using a shared reference to the entry
containing the tuple (mac_address,mac_protocol).
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Eric Leblond [Thu, 12 Jun 2008 09:17:03 +0000 (11:17 +0200)]
Cleanup: fix error messages and indentation
This patch fixes some messages in the NFCT and NFLOG input
plugin (end of line before quote). It also fixes indenting by
suppressing some spaces on empty line and replacing spaces by tab.
Eric Leblond [Thu, 12 Jun 2008 09:15:14 +0000 (11:15 +0200)]
Use ULOGD_IRET_* as return for all interpreters
This patch modifies plugins to use the already defined but not used
define. This also fixes some weird behaviours in error treatment (like
not stopping after OOM).
Eric Leblond [Thu, 12 Jun 2008 09:10:58 +0000 (11:10 +0200)]
Fix hexadecimal parsing in config file
The config file parsing was not able to parse integer given in hex notation.
This patch modify the parsing of configfile to be able to use different
integers notation.
Eric Leblond [Thu, 12 Jun 2008 09:08:31 +0000 (11:08 +0200)]
New MARK-based filter
This module filters message by using the mark to decide wether or not a
packet or a flow has to be logged. It takes a mark and a mask option. It
demonstrates the usage of ULOGD_IRET_STOP which can be used to abort
iteration through the stack.
Eric Leblond [Thu, 12 Jun 2008 09:06:28 +0000 (11:06 +0200)]
Fix the propagation through the stack
When a plugin returns ULOGD_IRET_STOP, the propagation should
stop. This was not the case as break was used to do so but it was called
inside a switch and thus apply to the switch instruction and not to
the llist iteration.
projects / thirdparty / ulogd2.git / log
