NFCT: split event handler if hashtable is used or not
This patch splits event_handler into two functions:
event_handler_hashtable and event_handler_no_hashtable.
Thus, we register the appropriate handler during the
initialization time. This patch is a cleanup.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
NFCT: use new hashtable implementation for better performance
This patch replaces the existing hashtable implementation with
a newer that provide better performance since it reduces the
number of hash computations.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This patch adds support for poll-based logging. Basically,
ulogd polls from the kernel periodically to log entries. You
can use the `pollinterval' option in the configuration file to
set the polling period.
This patch changes the current behaviour of `pollinterval'
that allowed to mix both the event-driven logging with
polling periodically from the kernel. I have tried to look
for anyone in google (and asking Eric Leblond) using this
feature but I found noone.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
NFCT: cleanup constructor and destructor functions
This patch cleans up the destructor and the destructor functions
in the NFCT plugin. I know, this patch isn't easy to review
because it includes too many changes in one.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This patch is a preliminary fix for the yet-unfinished IPFIX
support. This patch resolves a couple of bugs that made ulogd
crash and a couple of missing symbols that didn't allow to
use this plugin in the configuration file.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
NFCT: add configurable option to set the value of the resynchronization timer
This patch adds `netlink_resync_timeout' that allows you to set
the number of seconds that we wait to perform a resynchronization
due to a netlink overrun. This patch changes the default timeout
from 2 to 60 seconds (less agressive).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
With this patch, we schedule one resynchronization against the
kernel conntrack table that will occur in two seconds (still
we need a patch to make this configurable). Before this, we
scheduled a resynchronization for every overrun, that is very
bad in a scenario in which overruns occurs very frequently.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pierre Chifflier [Thu, 16 Apr 2009 12:20:40 +0000 (14:20 +0200)]
ulogd: configure all plugins before resolving keys.
Split the 'resolve keys' step in two parts: first call the configure
fonction for all plugins (in reverse order), then loop again
to resolve the keys.
This allows dynamic construction of the input and output keys, even
for filter plugins.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Jan Engelhardt [Tue, 20 Jan 2009 11:05:54 +0000 (12:05 +0100)]
build: resolve autotools suggestions to use AC_CONFIG_MACRO_DIR
libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.ac and
libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.
libtoolize: Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
This patch allows to connect to the server using the local (unix) socket,
thus not using a network socket and SSL encryption.
Local connection is used if host parameter is omitted or empty.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
If the procedure name specified in configuration is INSERT, than use
a regular insertion instead of a stored procedure.
This should be used when performance is needed, with a flat SQL schema,
to reduce the cost of SQL procedure calls.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Eric Leblond [Sun, 4 Jan 2009 22:29:50 +0000 (23:29 +0100)]
Add variable to force binding of nfnetlink_log.
This patch updates the behaviour of the NFLOG input plugin to fix an
issue related to kernel older than 2.6.29. The call to nflog_bind_pf()
that can be necessary to receive packet from the nfnetlink_log was only
done if the used group was 0 (system logging). This is logic for the
newest kernel (NFLOG really sends message to nfnetlink_log and not to
the nf_log logger). But this is unsufficient for older one. By forcing
the binding with the new configuration variable bind, it is now possible
to trigger the binding from the ulogd2 configuration file. This gives
users a way to be sure that ulogd will receive packets if the NFLOG
input plugin is used.
Eric Leblond [Sun, 30 Nov 2008 20:06:46 +0000 (21:06 +0100)]
Add valgrind compilation option.
Valgrind messages are obscur when the plugins are unloaded. This patch
adds a macro that can be used to desactivate unloading. To use it, you
have to specify 'CPPFLAGS=-DDEBUG_VALGRIND' on configure line.
Eric Leblond [Sat, 29 Nov 2008 23:58:00 +0000 (00:58 +0100)]
Call pluginstance stop function when exiting
The stop function of plugin was not called when ulogd2 was
preparing to quit. This patch adds a call to stop for all
plugins in each stack and free pluginstance.
Eric Leblond [Mon, 20 Oct 2008 16:42:12 +0000 (18:42 +0200)]
Document group 0 usage and suppress address_family
Document the fact that group 0 is used by system logging and
update stack and plugin definition to match the suppression
of the address_family variable.
Eric Leblond [Tue, 21 Oct 2008 07:35:20 +0000 (09:35 +0200)]
Get rid of addressfamily variable in NFLOG input plugin
The addressfamily configuration variable for NFLOG is used as param
for nflog_bind_pf. This function is used to claim the fetching of
kernel message sent via nf_log_packet() function.
As all kernel messages are sent to the group 0, it is useless to
call nflog_bind_pf when nflog group of the input plugin is not 0.
Furthermore, as only one plugin can be bound to nflog group 0, it
is mandatory to call nflog_bind_pf for all pf family when the group
is 0.
To sum up, this patch suppress the adressfamily parameter (which
simplify the configuration file) and call nflog_bind_pf for all
pf family when the nflog group of the instance is 0.
Eric Leblond [Mon, 20 Oct 2008 17:05:15 +0000 (19:05 +0200)]
Modify usage of nflog_bind_pf function.
The nflog_bind_pf function was called for each NFLOG instance. This patch
modifies the behaviour to have it call if and only if the nfgroup is set
to 0. As the kernel uses only the 0 group to output subsystem messages,
this change clarify the situation.
This patch cleans up the current key assignation by introducing a
set of functions ukey_* to set the key value as Eric Leblond and
we discussed during the latest Netfilter Workshop. This patch is
based on an idea from Holger Eitzenberger.
libdbi implements a database-independent abstraction layer in C, similar to
the DBI/DBD layer in Perl.
This module brings support for all database types supported by libdbi.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr> Signed-off-by: Eric Leblond <eric@inl.fr>
When len is 0 (for ex. when the input mac is NULL), parse_mac2str tries
to calloc a 0-bytes bloc, which leads to a conditional jump based
on uninitialized value (spotted by valgrind).
Signed-off-by: Pierre Chifflier <chifflier@inl.fr> Signed-off-by: Eric Leblond <eric@inl.fr>
Eric Leblond [Thu, 11 Sep 2008 22:18:22 +0000 (00:18 +0200)]
config: remove obsolete global variables
'rmem' and 'bufsize' global variables are unherited from ulogd1
and are not used anymore. This patch suppresses them from the
example configuration file.
Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Fri, 1 Aug 2008 08:32:13 +0000 (10:32 +0200)]
compilation: set -Wno-ununused-parameter in CFLAGS
This patch adds the "-Wno-unused-parameter" option to CFLAGS. This
suppress gcc warning that can not be fixed due to the usage of generic system
like callback where function definition has to be standardized.
Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Tue, 29 Jul 2008 10:08:19 +0000 (12:08 +0200)]
MAC2STR: add support for the new RAW MAC keys
This patch modifies MAC2STR to use the new MAC keys that gives us more
accurate information to parse the link layer header. This patch also
does some probing based on the header and field size in the case of
ULOG (since we do not have enough information to perform accurate
parsing).
Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Tue, 29 Jul 2008 09:49:24 +0000 (11:49 +0200)]
NFLOG: get full link layer header (requires >= 2.6.27)
This patch modifies the key structure of NFLOG. It solves the conflict
between ULOG and NFLOG by ensuring that keys have the same meaning:
* raw.mac is the full hardware header
* raw.mac.saddr is the source hardware address
Following Patrick suggestion, it adds a new key "raw.type" which is
used to store the type of hardware.
Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
projects / thirdparty / ulogd2.git / log
