Include Eric and myself in the copyright notice and the AUTHORS file
since we're the most recurrent contributors (of course, after the
original author of this software, Harald Welte).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Wed, 1 Aug 2012 11:27:16 +0000 (11:27 +0000)]
nfacct: add timestamp option
This patch adds a timestamp option to the nfacct plugin.
If activated, nfacct output a timestamp which is computed just
after sending the nfacct request.
Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
CC ulogd_inpflow_NFCT_la-ulogd_inpflow_NFCT.lo
ulogd_inpflow_NFCT.c: In function 'configure_nfct':
ulogd_inpflow_NFCT.c:977:28: warning: unused variable 'cpi' [-Wunused-variable]
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Wed, 1 Aug 2012 11:27:15 +0000 (11:27 +0000)]
pgsql: only disable key if it starts with underscore
ulogd2 was magically making inactive the first key of description
table. This patch improves this system by only doing so when
the key start with an undescore. This way, system like nfacct which
do not have a primary key can be implemented easily.
Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Wed, 1 Aug 2012 11:27:14 +0000 (11:27 +0000)]
pgsql schema: fix timestamp default value
Set timestamp default value to now() not now which is the time at
table creation.
Reported-by: Mr Dash Four <mr.dash.four@googlemail.com> Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Wed, 1 Aug 2012 11:27:12 +0000 (11:27 +0000)]
nfacct: add variable to not zero counter after read
The default nfacct input plugin zeroes counter after each read. This
is a limitation as other software can't use the counter at the same
time as ulogd2.
This patch adds the zerocounter variable to the NFACCT input plugin.
If set to zero, the counters are not zeroed.
Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Wed, 18 Jul 2012 20:56:04 +0000 (20:56 +0000)]
NFCT: fix crash in polling mode if used by two stacks
The polling timer initialisation code was put in the configurator
code. It was then created for all instances. But only first one has
a valid NFCT handle. This was resulting in a crash.
This patch moves the timer initialisation in the constructor which
is called only once on the main NFCT instance.
Signed-off-by: Eric Leblond <eric@regit.org> Reported-by: Gomathivinayagam Muthuvinayagam <sankarmail@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jan Engelhardt [Tue, 5 Jun 2012 08:36:24 +0000 (10:36 +0200)]
nfacct: resolve build failure
CC ulogd_inpflow_NFACCT_la-ulogd_inpflow_NFACCT.lo
ulogd_inpflow_NFACCT.c:24:27: fatal error: libmnl/libmnl.h:
No such file or directory
compilation terminated.
Jan Engelhardt [Tue, 5 Jun 2012 08:34:56 +0000 (10:34 +0200)]
sqlite: resolve compiler warnings
In file included from /usr/include/string.h:642:0,
from ulogd_output_SQLITE3.c:34:
In function 'strncat',
inlined from 'db_count_cols' at ulogd_output_SQLITE3.c:306:9,
inlined from 'sqlite3_init_db' at ulogd_output_SQLITE3.c:328:11:
/usr/include/bits/string3.h:152:3: warning: call to __builtin___strncat_chk might overflow destination buffer [enabled by default]
I: Statement might be overflowing a buffer in strncat. Common mistake:
BAD: strncat(buffer,charptr,sizeof(buffer)) is wrong, it takes the left over size as 3rd argument
GOOD: strncat(buffer,charptr,sizeof(buffer)-strlen(buffer)-1)
E: ulogd2 bufferoverflowstrncat ulogd_output_SQLITE3.c:328:11
Björn Lässig [Sat, 10 Mar 2012 14:34:42 +0000 (14:34 +0000)]
build: use pkglibdir instead of pkglibexecdir for automake
This fixes the following problem while running `autoreconf -fi`
`pkglibexecdir' is not a legitimate directory for `LTLIBRARIES'
variable `ulogd_filter_PRINTPKT_la_SOURCES' is defined but no program or
library has `ulogd_filter_PRINTPKT_la' as canonical name (possible typo)
Signed-off-by: Björn Lässig <laessig@bitformer.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
NFCT: add `reliable' config option to enable reliable flow-based logging
Reliability comes at the cost of dropping new flows if the
destroy event that ctnetlink delivers to us is lost. Under
heavy stress this may imply dropping packets, you've been
warned.
If you do want not to lose one single flow-logging information,
enable this.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Harald Welte [Sun, 12 Feb 2012 22:56:27 +0000 (23:56 +0100)]
ulogd2 / DBI / table name
DBI: allow to define table name via table config option
While using the DBI plugin of ulogd2 for NFCT based accounting, despite
using table="conntrack", it always insisted in using the table "ulog"
for deriving the keys/columns to be stored.
I've hacked up a quick fix, and it seems to work as expected (though no
proper null termination after strncpy).
Signed-off-by: Harald Welte <laforge@netfilter.org>
Jozsef Kadlecsik [Sun, 15 Jan 2012 12:16:01 +0000 (13:16 +0100)]
Support stored mysql procedures besides stored functions
MySQL stored procedures must be invoked by the "CALL" SQL command and
not by "SELECT". Add the convention that if the procedure name starts
with "CALL", then the issued SQL command is "CALL procedurename(args)".
The stored procedure support in MySQL automatically brings transaction
support too.
sqlite3: remove automatic creation of table `daily'
This patch removes the creation of the `daily' table. Now, we assume
that the table that we use are created before launching ulogd2.
This code is broken because you have to specify in the configuration
file that the table used is `daily', otherwise this `daily' table is
created and dropped during the daemon starting, but not used.
Moreover, the code explicit shows a message that it says:
/* FIXME make this configurable */
So, I think that this patch is the way to go :-).
This patch also documents the table creation in ulogd.sgml
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
sqlite3: use continue instead of goto in sqlite3_interp()
Use continue instead of goto inside loop. I don't need to scroll
up and down in the code to know what the jump is performing.
I think this improve code readability. It's a comestic cleanup,
of course.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Harald passed them to me with no description, so applying them
separately does not provide more information.
I'll start adding patches on top on these so Holger can get in
sync with my work. This also can help him to take my patches
and to integrate them to his tree.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jan Engelhardt [Fri, 5 Nov 2010 18:25:16 +0000 (19:25 +0100)]
build: propagate global CFLAGS
We must not override CFLAGS, because that will break when the user
overrides CFLAGS again at make time (which he is entitled to). So,
name our CFLAGS regular_CFLAGS, and also include that across all
Makefiles so that they are actually uesd for all the code.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Pierre Chifflier [Wed, 20 Oct 2010 11:44:51 +0000 (13:44 +0200)]
Add new input plugin UNIXSOCK
This input plugins creates a unix socket which can be used to log packets.
Scripts or applications can connect to the socket (only one client allowed
per socket) and send data in a Key-Length-Value format (including the
payload).
Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
Eric Leblond [Sun, 19 Sep 2010 17:55:41 +0000 (19:55 +0200)]
DB output: fix crash in SIGHUP handling
This patch fixes the handling of SIGHUP when a SQL plugin is used. A
freed structure was previoulsy used to build the request and this was
leading to a crash.
Eric Leblond [Sat, 18 Sep 2010 10:37:47 +0000 (12:37 +0200)]
HWHDR: Fix various crashes
This patch fixes the HWHDR plugin. The logic of the interaction with
exiting plugin was not correctly coded and this was leading to crashes
due to the lack of sanity check.
Eric Leblond [Tue, 21 Sep 2010 22:37:20 +0000 (00:37 +0200)]
Mysql schema: fix procedure declaration
It seems that some version of MySQL were more delicate about comment
in procedure. THis patch fixes a problem with a procedure comment
and fix the inner code which was not using the correct variable.
Jan Andres [Mon, 6 Sep 2010 10:47:46 +0000 (12:47 +0200)]
pcap: fix packet length handling
Currently, the PCAP output plugin uses ip.totlen to determine both the
"len" and "caplen" pcap header fields, as well as the amount of packet
data written to the file. There are two issues with this:
- For obvious reasons it doesn't work for IPv6.
- AFAICT, in case of an incompletely captured packet (--nflog-range)
it will attempt to write out the whole packet, not just the part
captured.
This patch changes the behavior to:
- Use raw.pktlen to set the "caplen" field, and the amount of data
written.
- Determine the "len" (original length) field from ip.totlen or
ip6.payload_len if possible, default to the same value as "caplen"
otherwise.
Signed-off-by: Jan Andres <jandres@gmx.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This patch removes the IPFIX from the Makefile. Thus, we keep
it in the tree in the hope that we'll have time to finish it
in the future but don't compile it. This confuses users since
they think that it works.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This patch fixes a bug that makes ulogd loops forever while
propagating inputs to the output plugin. It is reproducible
if you re-use three or more plugin instances. The problem is
that the parameters in the list addition are in incorrect
order.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This patch fixes a problem in configurations that use the NFCT
plugin as input in several stacks. The first plugin loaded contains
the hashtable and other important NFCT private data. Other plugin
instances of NFCT are dummies that are only used to store the
output keys.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This patch adds an infix to the XML file to avoid problems if we are
logging packets and flows at the same time. Thus, we create two
different XML files whose filename describes the sort of logging
information that it contains. It is also useful when listing files
at a quick sight.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
NFCT: split event handler if hashtable is used or not
This patch splits event_handler into two functions:
event_handler_hashtable and event_handler_no_hashtable.
Thus, we register the appropriate handler during the
initialization time. This patch is a cleanup.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
NFCT: use new hashtable implementation for better performance
This patch replaces the existing hashtable implementation with
a newer that provide better performance since it reduces the
number of hash computations.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This patch adds support for poll-based logging. Basically,
ulogd polls from the kernel periodically to log entries. You
can use the `pollinterval' option in the configuration file to
set the polling period.
This patch changes the current behaviour of `pollinterval'
that allowed to mix both the event-driven logging with
polling periodically from the kernel. I have tried to look
for anyone in google (and asking Eric Leblond) using this
feature but I found noone.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
NFCT: cleanup constructor and destructor functions
This patch cleans up the destructor and the destructor functions
in the NFCT plugin. I know, this patch isn't easy to review
because it includes too many changes in one.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This patch is a preliminary fix for the yet-unfinished IPFIX
support. This patch resolves a couple of bugs that made ulogd
crash and a couple of missing symbols that didn't allow to
use this plugin in the configuration file.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
NFCT: add configurable option to set the value of the resynchronization timer
This patch adds `netlink_resync_timeout' that allows you to set
the number of seconds that we wait to perform a resynchronization
due to a netlink overrun. This patch changes the default timeout
from 2 to 60 seconds (less agressive).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
With this patch, we schedule one resynchronization against the
kernel conntrack table that will occur in two seconds (still
we need a patch to make this configurable). Before this, we
scheduled a resynchronization for every overrun, that is very
bad in a scenario in which overruns occurs very frequently.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
projects / thirdparty / ulogd2.git / log
