Eric Leblond [Fri, 18 Jan 2013 18:41:19 +0000 (19:41 +0100)]
conf: add flag to allow option setup tuning
This patch adds a flag to the config_entry structure to be able to
tune setup. First usage is to ask config parser not to update a key
if it has been already set.
Eric Leblond [Sat, 24 Nov 2012 13:59:30 +0000 (14:59 +0100)]
nfct: add protocol filter
This patch adds a new configuration variable which is used to limit
conntrack event to connection of these protocols:
For example:
accept_proto_filter=tcp,sctp
Eric Leblond [Mon, 16 Jul 2012 21:03:39 +0000 (23:03 +0200)]
nfct: implement src and dst filter
This patch implements two filtering options in NFCT input plugin.
If 'accept_src_filter' is set to a network it will only catch the
event where the source is that specific network. 'accept_dst_filter'
does the same for the destination.
Eric Leblond [Fri, 21 Dec 2012 20:11:23 +0000 (21:11 +0100)]
Add GRAPHITE output module.
Graphite is a web application which provide real-time visualization
and storage of numeric time-series data. This patch adds a module
named GRAPHITE which sends NFACCT accounting data to a graphite
server.
Jan Engelhardt [Tue, 27 Nov 2012 12:45:44 +0000 (13:45 +0100)]
build: move remaining preprocessor flags into CPPFLAGS
The flags retrieved from `pkg-config --cflags ...` are generally only
preprocessor flags (mostly -I to point to the directories), since
anything else would inconvenience downstream users.
Jan Engelhardt [Tue, 27 Nov 2012 12:43:42 +0000 (13:43 +0100)]
build: avoid per-target CFLAGS
There is no harm in putting the includes in the global AM_CPPFLAGS;
this can generally save number of compilations of a file when a
source file is used multiple times.
Jan Engelhardt [Mon, 26 Nov 2012 23:52:28 +0000 (00:52 +0100)]
build: resolve compile error due to missing nfacct CPPFLAGS
Fixes this error:
make[3]: Entering directory "/home/jengelh/code/ulogd2/output"
CC ulogd_output_XML.lo
ulogd_output_XML.c:31:49: fatal error:
libnetfilter_acct/libnetfilter_acct.h: No such file or directory
(Note that pkgconfig-provided cflags are actually cppflags, so
I add ${LIBNETFILTER_ACCT_CFLAGS} to AM_CPPFLAGS.)
Jan Engelhardt [Mon, 26 Nov 2012 23:51:09 +0000 (00:51 +0100)]
build: resolve automake-1.12 warnings
/usr/share/automake-1.12/am/ltlibrary.am: warning:
'ulogd_output_SQLITE3.la': linking libtool libraries using a non-POSIX
archiver requires 'AM_PROG_AR' in 'configure.ac'
(one for each .la)
Eric Leblond [Sun, 4 Nov 2012 08:19:34 +0000 (09:19 +0100)]
XML: add missing include
Inclusion of libnetfilter_acct.h is not enough as the integer type
definition are not included in the header. So if NFCT is disable, the
compilation fails.
Eric Leblond [Fri, 2 Nov 2012 17:46:22 +0000 (18:46 +0100)]
configure: add flag to disable NFACCT build
It is now possible to pass the --disable-nfacct flag to disable
compilation of NFACCT input plugin. Doing this the build of ulogd
is possible on system where nfacct is not available.
Include Eric and myself in the copyright notice and the AUTHORS file
since we're the most recurrent contributors (of course, after the
original author of this software, Harald Welte).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Wed, 1 Aug 2012 11:27:16 +0000 (11:27 +0000)]
nfacct: add timestamp option
This patch adds a timestamp option to the nfacct plugin.
If activated, nfacct output a timestamp which is computed just
after sending the nfacct request.
Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
CC ulogd_inpflow_NFCT_la-ulogd_inpflow_NFCT.lo
ulogd_inpflow_NFCT.c: In function 'configure_nfct':
ulogd_inpflow_NFCT.c:977:28: warning: unused variable 'cpi' [-Wunused-variable]
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Wed, 1 Aug 2012 11:27:15 +0000 (11:27 +0000)]
pgsql: only disable key if it starts with underscore
ulogd2 was magically making inactive the first key of description
table. This patch improves this system by only doing so when
the key start with an undescore. This way, system like nfacct which
do not have a primary key can be implemented easily.
Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Wed, 1 Aug 2012 11:27:14 +0000 (11:27 +0000)]
pgsql schema: fix timestamp default value
Set timestamp default value to now() not now which is the time at
table creation.
Reported-by: Mr Dash Four <mr.dash.four@googlemail.com> Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Wed, 1 Aug 2012 11:27:12 +0000 (11:27 +0000)]
nfacct: add variable to not zero counter after read
The default nfacct input plugin zeroes counter after each read. This
is a limitation as other software can't use the counter at the same
time as ulogd2.
This patch adds the zerocounter variable to the NFACCT input plugin.
If set to zero, the counters are not zeroed.
Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Wed, 18 Jul 2012 20:56:04 +0000 (20:56 +0000)]
NFCT: fix crash in polling mode if used by two stacks
The polling timer initialisation code was put in the configurator
code. It was then created for all instances. But only first one has
a valid NFCT handle. This was resulting in a crash.
This patch moves the timer initialisation in the constructor which
is called only once on the main NFCT instance.
Signed-off-by: Eric Leblond <eric@regit.org> Reported-by: Gomathivinayagam Muthuvinayagam <sankarmail@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jan Engelhardt [Tue, 5 Jun 2012 08:36:24 +0000 (10:36 +0200)]
nfacct: resolve build failure
CC ulogd_inpflow_NFACCT_la-ulogd_inpflow_NFACCT.lo
ulogd_inpflow_NFACCT.c:24:27: fatal error: libmnl/libmnl.h:
No such file or directory
compilation terminated.
Jan Engelhardt [Tue, 5 Jun 2012 08:34:56 +0000 (10:34 +0200)]
sqlite: resolve compiler warnings
In file included from /usr/include/string.h:642:0,
from ulogd_output_SQLITE3.c:34:
In function 'strncat',
inlined from 'db_count_cols' at ulogd_output_SQLITE3.c:306:9,
inlined from 'sqlite3_init_db' at ulogd_output_SQLITE3.c:328:11:
/usr/include/bits/string3.h:152:3: warning: call to __builtin___strncat_chk might overflow destination buffer [enabled by default]
I: Statement might be overflowing a buffer in strncat. Common mistake:
BAD: strncat(buffer,charptr,sizeof(buffer)) is wrong, it takes the left over size as 3rd argument
GOOD: strncat(buffer,charptr,sizeof(buffer)-strlen(buffer)-1)
E: ulogd2 bufferoverflowstrncat ulogd_output_SQLITE3.c:328:11
Björn Lässig [Sat, 10 Mar 2012 14:34:42 +0000 (14:34 +0000)]
build: use pkglibdir instead of pkglibexecdir for automake
This fixes the following problem while running `autoreconf -fi`
`pkglibexecdir' is not a legitimate directory for `LTLIBRARIES'
variable `ulogd_filter_PRINTPKT_la_SOURCES' is defined but no program or
library has `ulogd_filter_PRINTPKT_la' as canonical name (possible typo)
Signed-off-by: Björn Lässig <laessig@bitformer.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
NFCT: add `reliable' config option to enable reliable flow-based logging
Reliability comes at the cost of dropping new flows if the
destroy event that ctnetlink delivers to us is lost. Under
heavy stress this may imply dropping packets, you've been
warned.
If you do want not to lose one single flow-logging information,
enable this.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Harald Welte [Sun, 12 Feb 2012 22:56:27 +0000 (23:56 +0100)]
ulogd2 / DBI / table name
DBI: allow to define table name via table config option
While using the DBI plugin of ulogd2 for NFCT based accounting, despite
using table="conntrack", it always insisted in using the table "ulog"
for deriving the keys/columns to be stored.
I've hacked up a quick fix, and it seems to work as expected (though no
proper null termination after strncpy).
Signed-off-by: Harald Welte <laforge@netfilter.org>
Jozsef Kadlecsik [Sun, 15 Jan 2012 12:16:01 +0000 (13:16 +0100)]
Support stored mysql procedures besides stored functions
MySQL stored procedures must be invoked by the "CALL" SQL command and
not by "SELECT". Add the convention that if the procedure name starts
with "CALL", then the issued SQL command is "CALL procedurename(args)".
The stored procedure support in MySQL automatically brings transaction
support too.
sqlite3: remove automatic creation of table `daily'
This patch removes the creation of the `daily' table. Now, we assume
that the table that we use are created before launching ulogd2.
This code is broken because you have to specify in the configuration
file that the table used is `daily', otherwise this `daily' table is
created and dropped during the daemon starting, but not used.
Moreover, the code explicit shows a message that it says:
/* FIXME make this configurable */
So, I think that this patch is the way to go :-).
This patch also documents the table creation in ulogd.sgml
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
sqlite3: use continue instead of goto in sqlite3_interp()
Use continue instead of goto inside loop. I don't need to scroll
up and down in the code to know what the jump is performing.
I think this improve code readability. It's a comestic cleanup,
of course.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Harald passed them to me with no description, so applying them
separately does not provide more information.
I'll start adding patches on top on these so Holger can get in
sync with my work. This also can help him to take my patches
and to integrate them to his tree.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jan Engelhardt [Fri, 5 Nov 2010 18:25:16 +0000 (19:25 +0100)]
build: propagate global CFLAGS
We must not override CFLAGS, because that will break when the user
overrides CFLAGS again at make time (which he is entitled to). So,
name our CFLAGS regular_CFLAGS, and also include that across all
Makefiles so that they are actually uesd for all the code.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Pierre Chifflier [Wed, 20 Oct 2010 11:44:51 +0000 (13:44 +0200)]
Add new input plugin UNIXSOCK
This input plugins creates a unix socket which can be used to log packets.
Scripts or applications can connect to the socket (only one client allowed
per socket) and send data in a Key-Length-Value format (including the
payload).
Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
Eric Leblond [Sun, 19 Sep 2010 17:55:41 +0000 (19:55 +0200)]
DB output: fix crash in SIGHUP handling
This patch fixes the handling of SIGHUP when a SQL plugin is used. A
freed structure was previoulsy used to build the request and this was
leading to a crash.
projects / thirdparty / ulogd2.git / log
