Jeremy Sowden [Mon, 21 Aug 2023 19:42:36 +0000 (20:42 +0100)]
sqlite3: insert ipv6 addresses as null rather than garbage
Currently, the plug-in assumes that all IP addresses are 32-bit ipv4
addresses, so ipv6 addresses get truncated and inserted as garbage.
Insert nulls instead.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Florian Westphal <fw@strlen.de>
Jeremy Sowden [Mon, 21 Aug 2023 19:42:33 +0000 (20:42 +0100)]
gprint, oprint: use inet_ntop to format ip addresses
Replace hand-rolled ipv4-only formatting code in order to be able to
support ipv6 addresses. This also changes the byte-order expected by
oprint from HBO to NBO.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Florian Westphal <fw@strlen.de>
Jeremy Sowden [Mon, 21 Aug 2023 19:42:30 +0000 (20:42 +0100)]
raw2packet_BASE: store ARP address values as integers
Keys of type `ULOGD_RET_IPADDR` may be ipv4 or ipv6. ARP protocol
addresses are 32-bits (i.e., ipv4). By using `okey_set_u32` we keep
track of the size and allow downstream plug-ins to handle them
correctly.
Reported-by: Robert O'Brien <robrien@foxtrot-research.com> Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Florian Westphal <fw@strlen.de>
Jeremy Sowden [Mon, 21 Aug 2023 19:42:29 +0000 (20:42 +0100)]
printpkt, raw2packet_BASE: keep gateway address in NBO
Everywhere else ipv4 addresses are left in NBO until output. The only
exception is the IP2HBIN filter, which is explicitly intended to convert
from NBO to HBO.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Florian Westphal <fw@strlen.de>
Kyuwon Shim [Thu, 9 Mar 2023 01:24:47 +0000 (14:24 +1300)]
ulogd2: avoid use after free in unregister on global ulogd_fds linked list
Invalid read of size 4
at 0x405F60: ulogd_unregister_fd (select.c:74)
by 0x4E4E3DF: ??? (in /usr/lib/ulogd/ulogd_inppkt_NFLOG.so)
by 0x405003: stop_pluginstances (ulogd.c:1335)
by 0x405003: sigterm_handler_task (ulogd.c:1383)
by 0x405153: call_signal_handler_tasks (ulogd.c:424)
by 0x405153: signal_channel_callback (ulogd.c:443)
by 0x406163: ulogd_select_main (select.c:105)
by 0x403CF3: ulogd_main_loop (ulogd.c:1070)
by 0x403CF3: main (ulogd.c:1649)
Problem is that ulogd_inppkt_NFLOG.c::stop() calls ulogd_unregister_fd()
which does llist_del(). This llist_del may touch ->prev pointer.
As the list element is in private data, we cannot do this llist_del
from stop_pluginstances().
Therefore, the free() process moved location after finishing ulogd_unregister_fd().
Jeremy Sowden [Thu, 16 Mar 2023 11:07:54 +0000 (11:07 +0000)]
pcap: prevent crashes when output `FILE *` is null
If ulogd2 receives a signal it will attempt to re-open the pcap output
file. If this fails (because the permissions or ownership have changed
for example), the FILE pointer will be null and when the next packet
comes in, the null pointer will be passed to fwrite and ulogd will
crash.
Instead, assign the return value of `fopen` to a local variable, and
only close the existing stream if `fopen` succeeded.
Jeremy Sowden [Thu, 16 Mar 2023 11:07:53 +0000 (11:07 +0000)]
pcap: simplify opening of output file
Instead of statting the file, and choosing the mode with which to open
it and whether to write the PCAP header based on the result, always open
it with mode "a" and _then_ stat it. This simplifies the flow-control
and avoids a race between statting and opening.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Florian Westphal <fw@strlen.de>
Jeremy Sowden [Tue, 13 Dec 2022 11:19:51 +0000 (11:19 +0000)]
build: fix pgsql fall-back configuration of CFLAGS
When using mysql_config and pcap_config to configure `CFLAGS`, one
requests the actual flags:
$mysql_config --cflags
$pcap_config --cflags
By constrast, when using pg_config, one requests the include-directory:
$pg_config --includedir
Therefore, the `-I` option has to be explicitly added.
Fixes: 20727ab8b9fc ("build: use pkg-config or pg_config for libpq") Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 29 Nov 2022 21:11:27 +0000 (21:11 +0000)]
pgsql: correct `ulog2.ip_totlen` type
The types of `ip_totlen` in the `ulog` view and the `INSERT_IP_PACKET_FULL`
function are `integer`, but the column in the `ulog2` table is `smallint`. The
"total length" field of an IP packet is an unsigned 16-bit integer, whereas
`smallint` in PostgreSQL is a signed 16-bit integer type. Change the type of
`ulog2.ip_totlen` to `integer`.
Jeremy Sowden [Sat, 3 Dec 2022 19:02:12 +0000 (19:02 +0000)]
db: fix back-log capacity checks
Hitherto, when adding queries to the back-log, the memory usage has been
incremented and decremented by the size of the query structure and the
length of the SQL statement, `sizeof(struct db_stmt) + len`. However,
when checking whether there is available capacity to add a new query,
the struct size has been ignored. Amend the check to include the struct
size, and also account for the NULL that terminates the SQL.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
The arrays are indexed by subtracting `START_KEY` from the enum value of
the key currently being processed: `hwmac_str[okey - START_KEY]`.
However, this means that the last key (`KEY_MAC_ADDR` in this example)
will run off the end of the array. Increase the size of the arrays.
In the case of `IP2BIN` and `IP2HBIN`, there is no overrun, but only
because they use the wrong upper bound when looping over the keys, and
thus don't assign a value to the last key. Correct the bound.
Jeremy Sowden [Sat, 3 Dec 2022 19:02:09 +0000 (19:02 +0000)]
ulogd: fix parse-error check
If `config_parse_file` returns `-ERRTOOLONG`, `config_errce` may be
`NULL`. However, the calling function checks whether
`config_errce->key` is `NULL` instead.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Sun, 9 Jan 2022 11:57:47 +0000 (11:57 +0000)]
build: use pkg-config or pcap-config for libpcap
Recent versions of libpcap support pkg-config. Older versions provide a
pcap-config script. Use pkg-config if available, otherwise fall back to
pcap-config.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Sun, 9 Jan 2022 11:57:46 +0000 (11:57 +0000)]
build: use pkg-config or mysql_config for libmysqlclient
Recent versions of mariadb and mysql support pkg-config. Older versions
provide a mysql_config script. Use pkg-config if available, otherwise
fall back to mysql_config.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Sun, 9 Jan 2022 11:57:44 +0000 (11:57 +0000)]
build: use `--enable-XYZ` options for output plugins
Currently, we use `AC_ARG_WITH` for output plugins. However, this is
not consistent with the input plugins, which use `AC_ARG_ENABLE`, and in
some cases (dbi, mysql, pgsql) the macro calls in configure.ac conflict
with others in acinclude.m4. Use `AC_ARG_ENABLE` instead and change the
name of the option for the JSON plugin from `jansson` to `json`.
Fixes: 51ba7aec8951 ("Fix automagic support of dbi, pcap and sqlite3") Fixes: c61c05c2d050 ("configure.ac: Add --without-{mysql,pgsql}") Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Wed, 5 Jan 2022 22:37:21 +0000 (22:37 +0000)]
output: SQLITE3: remove unused variable
There's local variable left over from a previous tidy-up. Remove it.
Fixes: 67b0be90f16f ("output: SQLITE3: improve mapping of fields to DB columns") Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:56:00 +0000 (10:56 +0000)]
output: IPFIX: remove compiler attribute macros
The ipfix.h header includes three macros which expand to compiler attributes.
Presumably, at some point the definitions were one branch of an if-else
preprocessor conditional where the definitions in the other branch expanded to
nothing. This is no longer the case. Only one of the macros (`__packed`) is
used and the raw attribute is used elsewhere in the code-base. Remove the
macros.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:57 +0000 (10:55 +0000)]
output: JSON: fix possible leak in error-handling.
The `realloc` extending the buffer containing the JSON to allow us to
insert a final new-line may fail. Therefore, we need to assign the
return-value to a temporary variable or we will not able to free the
existing buffer on error.
Use the correct type for `buflen`.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:56 +0000 (10:55 +0000)]
output: JSON: increase time-stamp buffer size
The output buffer for date-times is of sufficient size provided that we
don't get oversized integer values for any of the fields, which is a
reasonable assumption. However, the compiler complains about possible
truncation, e.g.:
ulogd_output_JSON.c:314:65: warning: `%06u` directive output may be truncated writing between 6 and 10 bytes into a region of size between 0 and 18
ulogd_output_JSON.c:313:25: note: `snprintf` output between 27 and 88 bytes into a destination of size 38
Fix the warnings by increasing the buffer size.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:55 +0000 (10:55 +0000)]
output: JSON: fix output of GMT offset
The compiler has two sets of complaints. Firstly, `t->tm_gmtoffset` is
a `long int`, but it is being passed to `abs`, which leads to warnings
such as:
ulogd_output_JSON.c:308:34: warning: absolute value function `abs` given an argument of type `long int` but has parameter of type `int` which may cause truncation of value
Secondly, it can't verify that the hour value derived from the offset
will in fact fit into `%02d`, thus:
ulogd_output_JSON.c:306:37: warning: `%02d` directive output may be truncated writing between 2 and 6 bytes into a region of size 5
To remedy these, we now mod the offset by 86,400 and assign it to an `int`
before deriving the hour and minute values.
We also change the format-specifier for the hour value to `%+03d` which
causes a sign to be printed even if the value is positive, thus allowing
us not to specify the sign explicitly and to drop the `abs` call for the
hour value.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:54 +0000 (10:55 +0000)]
db: simplify initialization of ring-buffer
Currently, `strncpy` is used to copy the SQL statement to the ring
buffer, passing the length of the source string, which leads gcc to
complain:
../../util/db.c:231:25: warning: `strncpy` specified bound depends on the length of the source argument
In fact, the ring buffer is sized to be a multiple of the size of the
SQL buffer, and the SQL is simply copied multiple times at increasing
offsets, so use `strcpy` instead.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:53 +0000 (10:55 +0000)]
db: improve mapping of input-keys to DB columns
Currently, we copy the key-name to a buffer, iterate over it to replace
the full-stops with underscores, using `strchr` from the start of the
buffer on each iteration, then append the buffer to the SQL statement.
Apart from the inefficiency, `strncpy` is used to do the copies, which
leads gcc to complain:
../../util/db.c:118:25: warning: `strncpy` output may be truncated copying 31 bytes from a string of length 31
Furthermore, the buffer is one character too short and so there is the
possibility of overruns.
Instead, append the key-name directly to the statement using `sprintf`,
and run `strchr` from the last underscore on each iteration.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:52 +0000 (10:55 +0000)]
db: improve formatting of insert statement
`sql_createstmt` contains a variable `stmt_val` which points to the end
of the SQL already written, where the next chunk should be appended.
Currently, this is assigned after every write:
However, since `sprintf` returns the number of bytes written, increment
`stmt_val` by the return-value of `sprintf` in order to avoid the
repeated `strlen` calls.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
`sqlite3_createstmt` returns non-zero on error, but the return-value was
being ignored. Change the calling code to check the return-value, log
an error message and propagate the error.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
output: SQLITE3: improve mapping of fields to DB columns
Currently, we derive a field-name by replacing all the underscores in a
DB column-name with full-stops and use the field-name to find the
matching input-key. However, every time we create a new insert SQL
statement, we derive the column-names by copying the field-names to a
buffer, replacing all the full-stops with underscores, and then
appending the buffer containing the column-name to the one containing
the statments.
Apart from the inefficiency, `strncpy` is used to do the copies, which
leads gcc to complain:
ulogd_output_SQLITE3.c:234:17: warning: `strncpy` output may be truncated copying 31 bytes from a string of length 31
Instead, leave the underscores in the field-name, but copy it once to a
buffer in which the underscores are replaced and use this to find the
input-key.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:49 +0000 (10:55 +0000)]
output: SQLITE3: improve mapping of DB columns to fields
Currently, we copy the column-name to a buffer, iterate over it to
replace the underscores with full-stops, using `strchr` from the start
of the buffer on each iteration, then copy the buffer to the field's
`name` member.
Apart from the inefficiency, `strncpy` is used to do the copies, which
leads gcc to complain:
ulogd_output_SQLITE3.c:341:17: warning: `strncpy` output may be truncated copying 31 bytes from a string of length 31
Furthermore, the buffer is not initialized, which means that there is
also a possible buffer overrun if the column-name is too long, since
`strncpy` will not append a NUL.
Instead, copy the column-name directly to the field using `snprintf`,
and run `strchr` from the last underscore on each iteration.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:48 +0000 (10:55 +0000)]
output: SQLITE3: improve formatting of insert statement
`sqlite3_createstmt` contains a variable `stmt_pos` which points to the
end of the SQL already written, where the next chunk should be appended.
Currently, this is assigned after every write:
However, since `sprintf` returns the number of bytes written, increment
`stmt_pos` by the return-value of `sprintf` in order to avoid the
repeated `strlen` calls.
Pablo mangled this original patch to add this chunk at the end of this
patch (originally submitted as a conversion to use strcpy).
+ for (i = 0; i < cols - 1; i++)
+ stmt_pos += sprintf(stmt_pos, "?,");
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Sat, 4 Dec 2021 20:56:00 +0000 (20:56 +0000)]
build: bump libnetfilter_log dependency
Recent changes to add conntrack info to the NFLOG output plug-in rely on
symbols only present in the headers provided by libnetfilter-log v1.0.2:
CC ulogd_inppkt_NFLOG.lo
ulogd_inppkt_NFLOG.c: In function 'build_ct':
ulogd_inppkt_NFLOG.c:346:34: error: 'NFULA_CT' undeclared (first use in this function); did you mean 'NFULA_GID'?
if (mnl_attr_get_type(attr) == NFULA_CT) {
^~~~~~~~
NFULA_GID
ulogd_inppkt_NFLOG.c:346:34: note: each undeclared identifier is reported only once for each function it appears in
ulogd_inppkt_NFLOG.c: In function 'start':
ulogd_inppkt_NFLOG.c:669:12: error: 'NFULNL_CFG_F_CONNTRACK' undeclared (first use in this function); did you mean 'NFULNL_CFG_F_SEQ'?
flags |= NFULNL_CFG_F_CONNTRACK;
^~~~~~~~~~~~~~~~~~~~~~
NFULNL_CFG_F_SEQ
Jeremy Sowden [Tue, 30 Nov 2021 10:55:47 +0000 (10:55 +0000)]
output: SQLITE3: fix memory-leak in error-handling
When mapping DB column names to input-keys, if we cannot find a key to
match a column, the newly allocated `struct field` is leaked. Free it,
and log an error message.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:46 +0000 (10:55 +0000)]
output: SQLITE3: fix possible buffer overruns
There is a an off-by-one error in the size of some of the buffers used
to hold key-names. The maximum length of a name is `ULOGD_MAX_KEYLEN`,
and so declare the buffers with size `ULOGD_MAX_KEYLEN + 1`.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:45 +0000 (10:55 +0000)]
output: PGSQL: fix non-`connstring` configuration of DB connection
In `open_db_pgsql`, we test whether various config-settings are defined
by comparing their string values to `NULL`. However, the `u.string`
member of `struct config_entry` is an array, not a pointer, so it is
never `NULL`. Instead, check whether the string is empty.
Use a pointer to the end of the `connstr` buffer and `sprintf`, rather
than repeated `strcat`s.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:44 +0000 (10:55 +0000)]
output: PGSQL: improve mapping of DB columns to input-keys
Currently, we copy the column-name to a buffer, iterate over it to
replace the underscores with full-stops, using `strchr` from the start
of the buffer on each iteration, then copy the buffer to the input-key's
`name` member.
Apart from the inefficiency, `strncpy` is used to do the copies, which
leads gcc to complain:
ulogd_output_PGSQL.c:204:17: warning: `strncpy` output may be truncated copying 31 bytes from a string of length 31
Furthermore, the buffer is not initialized, which means that there is
also a possible buffer overrun if the column-name is too long, since
`strncpy` will not append a NUL.
Instead, copy the column-name directly to the input-key using
`snprintf`, and run `strchr` from the last underscore on each iteration.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:43 +0000 (10:55 +0000)]
output: MYSQL: improve mapping of DB columns to input-keys
Currently, we copy the column-name to a buffer, iterate over it to
replace the underscores with full-stops, using `strchr` from the start
of the buffer on each iteration, then copy the buffer to the input-key's
`name` member.
Apart from the inefficiency, `strncpy` is used to do the copies, which
leads gcc to complain:
ulogd_output_MYSQL.c:149:17: warning: `strncpy` output may be truncated copying 31 bytes from a string of length 31
Furthermore, the buffer is not initialized, which means that there is
also a possible buffer overrun if the column-name is too long, since
`strncpy` will not append a NUL.
Instead, copy the column-name directly to the input-key using
`snprintf`, and run `strchr` from the last underscore on each iteration.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:42 +0000 (10:55 +0000)]
output: DBI: fix configuration of DB connection
In `open_db_dbi`, we test whether various config-settings are defined
by comparing their string values to `NULL`. However, the `u.string`
member of `struct config_entry` is an array, not a pointer, so it is
never `NULL`. Instead, check whether the string is empty.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:41 +0000 (10:55 +0000)]
output: DBI: fix NUL-termination of escaped SQL string
On error, `dbi_conn_quote_string_copy` returns zero. In this case, we
need to set `*dst` to NUL. Handle a return-value of `2` as normal
below. `1` is never returned.
Replace `strncpy` with `memcpy`: using `strncpy` is nearly always a
mistake, and we don't need its special behaviour here.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:40 +0000 (10:55 +0000)]
output: DBI: improve mapping of DB columns to input-keys
Currently, we copy the column-name to a buffer, iterate over it to
replace the underscores with full-stops, using `strchr` from the start
of the buffer on each iteration, iterate over it a second time to
lower-case all letters, and finally copy the buffer to the input-key's
`name` member.
In addition to being inefficient, `strncpy` is used to do the copies,
which leads gcc to complain:
ulogd_output_DBI.c:160:17: warning: `strncpy` output may be truncated copying 31 bytes from a string of length 31
Furthermore, the buffer is not initialized, which means that there is
also a possible buffer overrun if the column-name is too long, since
`strncpy` will not append a NUL.
Instead, copy the column-name directly to the input-key using
`snprintf`, and then iterate over it once to replace underscores and
lower-case letters.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:38 +0000 (10:55 +0000)]
input: UNIXSOCK: prevent unaligned pointer access
`struct ulogd_unixsock_packet_t` is packed, so taking the address of its
`struct iphdr payload` member may yield an unaligned pointer value. We
only actually dereference the pointer to get the IP version, so replace
the pointer with a version variable and elsewhere use `pkt.payload`
directly.
Remove a couple of stray semicolons.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:36 +0000 (10:55 +0000)]
input: UNIXSOCK: remove stat of socket-path
When creating the UNIX socket, there is a TOCTOU race between the
stat(2) and bind(2) calls, and if the path is already bound, the bind(2)
call will fail in any case. Remove the stat(2) call.
Tidy up a couple of error message.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:35 +0000 (10:55 +0000)]
filter: PWSNIFF: replace malloc+strncpy with strndup
There are a couple of instances of allocating memory with `malloc`,
followed by copying a string to it with `strncpy` and adding an explicit
assignment of `\0` to terminate the string. Replace them with
`strndup`.
Add an enum to name indices of output keys.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Tue, 30 Nov 2021 10:55:30 +0000 (10:55 +0000)]
db: add missing `break` to switch case
When formatting DB queries, if we get a input key of type `RAW`, we log
a message indicating that `RAW` is unsupported, then fall through to the
default case, which logs another message that the key type is unknown.
Add the missing `break` statement to prevent the fall-through.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Sun, 21 Nov 2021 20:41:37 +0000 (20:41 +0000)]
ulogd: fix order of log arguments
If `daemon` fails during start-up, ulogd attempts to print `errno` and
`strerror(errno)` to the log. However, the arguments are the wrong way
round. Swap them.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Sun, 21 Nov 2021 20:41:36 +0000 (20:41 +0000)]
ulogd: remove empty log-line
There is a `strdup` at the beginning of `create_stack`. If it fails, an
empty log-line is printed. It's not useful, so remove it. This is
consistent with the error-handling of the `malloc` which immediately
follows it.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Sun, 21 Nov 2021 20:41:35 +0000 (20:41 +0000)]
include: add `format` attribute to `__ulogd_log` declaration
`__ulogd_log` takes a printf-style format string and matching arguments.
Add the gcc `format` attribute to its declaration in order to allow the
compiler to type-check the function arguments against the specifiers in
the format string.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Sun, 14 Nov 2021 15:52:31 +0000 (15:52 +0000)]
build: use `AS_IF` consistently in configure.ac
configure.ac contains a mix of `AS_IF` and `if` conditionals. Prefer
the portable M4sh `AS_IF` macro. In some cases, where there are both
`AS_IF` and `if` conditionals evaluating the same predicates, the latter
are merged into the former.
Replace three instance of `test -n "$var"` with the usual, more portable,
autoconf idiom: `test "x$var" != "x"`.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Sun, 14 Nov 2021 15:52:25 +0000 (15:52 +0000)]
build: group `*_la_*` variables with their libraries
Move the `_SOURCES`, `_LIBADD` and `_LDFLAGS` variables for each
input-packet library alongside the matching `.la` definition. In
particular, move the `NFLOG` and `ULOG` variables inside the
conditionals controlling whether the libraries get built.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Currently, make enters all sub-directories containing source-code, even
if they only contain optional targets which are not configured to be
built. Instead, change the Makefiles so that the sub-directories are
optional, rather than the targets.
Group sub-directory definitions consistently at the top of the Makefiles
that contain them.
Trim a few leading and trailing blank lines.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Sun, 14 Nov 2021 15:52:22 +0000 (15:52 +0000)]
build: add Make_global.am for common flags
Move `${regular_CFLAGS}` from configure.ac to Make_global.am, renaming
it to `AM_CFLAGS`. Add `AM_CPPFGLAGS` to include
`$(top_srcdir)/include`. Include the new file in the Makefiles that
require it.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Sun, 14 Nov 2021 15:52:21 +0000 (15:52 +0000)]
build: move CPP `-D` flag.
The `ULOGD2_LIBDIR` macro is only used in one place, so move the flag
defining it out of the common `regular_CFLAGS` variable to the
`AM_CPPFLAGS` variable in the Makefile where it is needed.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Sun, 14 Nov 2021 15:52:19 +0000 (15:52 +0000)]
build: remove unused Makefile fragment
Rules.make.in contains a number of variables defined by configure. It
is left-over from the pre-Automake build-system, in which it used to
fill a similar role to Make_global.am. It is no longer used anywhere.
Remove it.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jeremy Sowden [Sun, 14 Nov 2021 15:52:18 +0000 (15:52 +0000)]
gitignore: ignore .dirstamp
It's created by automake while making sure that build directories (utils/
and utils/.deps/, in this case) exist if the `subdir-objects` option is
enabled.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
projects / thirdparty / ulogd2.git / log
