Add variable to force binding of nfnetlink_log.

This patch updates the behaviour of the NFLOG input plugin to fix an
issue related to kernel older than 2.6.29. The call to nflog_bind_pf()
that can be necessary to receive packet from the nfnetlink_log was only
done if the used group was 0 (system logging). This is logic for the
newest kernel (NFLOG really sends message to nfnetlink_log and not to
the nf_log logger). But this is unsufficient for older one. By forcing
the binding with the new configuration variable bind, it is now possible
to trigger the binding from the ulogd2 configuration file. This gives
users a way to be sure that ulogd will receive packets if the NFLOG
input plugin is used.

diff --git a/input/packet/ulogd_inppkt_NFLOG.c b/input/packet/ulogd_inppkt_NFLOG.c
index 70e9f77dcdff5e13664cdee0d5b7dac0ea6dccec..36f11d74c3ee3bcd47dbb1bf3495241f2e803f38 100644 (file)
--- a/input/packet/ulogd_inppkt_NFLOG.c
+++ b/input/packet/ulogd_inppkt_NFLOG.c
@@ -31,7 +31,7 @@ struct nflog_input {
 /* configuration entries */
 
 static struct config_keyset libulog_kset = {
-       .num_ces = 10,
+       .num_ces = 9,
        .ces = {
                {
                        .key     = "bufsize",
@@ -51,6 +51,13 @@ static struct config_keyset libulog_kset = {
                        .options = CONFIG_OPT_NONE,
                        .u.value = 1,
                },
+               {
+                       .key     = "bind",
+                       .type    = CONFIG_TYPE_INT,
+                       .options = CONFIG_OPT_NONE,
+                       .u.value = 0,
+               },
+
                {
                        .key     = "seq_local",
                        .type    = CONFIG_TYPE_INT,
@@ -87,11 +94,12 @@ static struct config_keyset libulog_kset = {
 #define bufsiz_ce(x)   (x->ces[0])
 #define group_ce(x)    (x->ces[1])
 #define unbind_ce(x)   (x->ces[2])
-#define seq_ce(x)      (x->ces[3])
-#define seq_global_ce(x)       (x->ces[4])
-#define label_ce(x)    (x->ces[5])
-#define nlsockbufsize_ce(x) (x->ces[6])
-#define nlsockbufmaxsize_ce(x) (x->ces[7])
+#define bind_ce(x)     (x->ces[3])
+#define seq_ce(x)      (x->ces[4])
+#define seq_global_ce(x)       (x->ces[5])
+#define label_ce(x)    (x->ces[6])
+#define nlsockbufsize_ce(x) (x->ces[7])
+#define nlsockbufmaxsize_ce(x) (x->ces[8])
 
 enum nflog_keys {
        NFLOG_KEY_RAW_MAC = 0,
@@ -497,7 +505,8 @@ static int start(struct ulogd_pluginstance *upi)
                goto out_handle;
 
        /* This is the system logging (conntrack, ...) facility */
-       if (group_ce(upi->config_kset).u.value == 0) {
+       if ((group_ce(upi->config_kset).u.value == 0) ||
+                       (bind_ce(upi->config_kset).u.value > 0)) {
                if (become_system_logging(upi, AF_INET) == -1)
                        goto out_handle;
                if (become_system_logging(upi, AF_INET6) == -1)

diff --git a/ulogd.conf.in b/ulogd.conf.in
index a48af3f5619f6f463fe2a989609bfd522e14bb1c..7022bf6306e3ea0438465c1e72ee08f73f2e6723 100644 (file)
--- a/ulogd.conf.in
+++ b/ulogd.conf.in
@@ -111,6 +111,11 @@ group=0
 group=1 # Group has to be different from the one use in log1
 #netlink_socket_buffer_size=217088
 #netlink_socket_buffer_maxsize=1085440
+# If your kernel is older than 2.6.29 and if a NFLOG input plugin with
+# group 0 is not used by any stack, you need to have at least one NFLOG
+# input plugin with bind set to 1. If you don't do that you may not
+# receive any message from the kernel.
+#bind=1
 
 # packet logging through NFLOG for group 2, numeric_label is
 # set to 1
@@ -120,6 +125,7 @@ group=2 # Group has to be different from the one use in log1/log2
 numeric_label=1 # you can label the log info based on the packet verdict
 #netlink_socket_buffer_size=217088
 #netlink_socket_buffer_maxsize=1085440
+#bind=1
 
 [ulog1]
 # netlink multicast group (the same as the iptables --ulog-nlgroup param)