netfilter-2.6/patch-o-matic-ng/trunk: net/ipv4/netfilter/ipt_ULOG.c
net/ipv6/netfilter/Kconfig net/i...
pluto
cvs at pld-linux.org
Thu Jul 28 16:36:45 CEST 2005
Author: pluto
Date: Thu Jul 28 16:36:42 2005
New Revision: 6269
Added:
netfilter-2.6/patch-o-matic-ng/trunk/net/ipv6/netfilter/ip6t_ULOG.c
Modified:
netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_ULOG.c
netfilter-2.6/patch-o-matic-ng/trunk/net/ipv6/netfilter/Kconfig
netfilter-2.6/patch-o-matic-ng/trunk/net/ipv6/netfilter/Makefile
netfilter-2.6/patch-o-matic-ng/trunk/status
Log:
- ULOG (ipv6 port).
Modified: netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_ULOG.c
==============================================================================
--- netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_ULOG.c (original)
+++ netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_ULOG.c Thu Jul 28 16:36:42 2005
@@ -164,7 +164,7 @@
return skb;
}
-static void ipt_ulog_packet(unsigned int hooknum,
+void ipt_ulog_packet(unsigned int hooknum,
const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -415,5 +415,7 @@
}
+EXPORT_SYMBOL(ipt_ulog_packet);
+
module_init(init);
module_exit(fini);
Modified: netfilter-2.6/patch-o-matic-ng/trunk/net/ipv6/netfilter/Kconfig
==============================================================================
--- netfilter-2.6/patch-o-matic-ng/trunk/net/ipv6/netfilter/Kconfig (original)
+++ netfilter-2.6/patch-o-matic-ng/trunk/net/ipv6/netfilter/Kconfig Thu Jul 28 16:36:42 2005
@@ -330,5 +330,22 @@
If you want to compile it as a module, say M here and read
Documentation/modules.txt. If unsure, say `N'.
+config IP6_NF_TARGET_ULOG
+ tristate "ULOG target support"
+ depends on IP6_NF_IPTABLES && IP_NF_TARGET_ULOG
+ ---help---
+ This option adds a `ULOG' target, which allows you to create rules in
+ any ip6tables table. The packet is passed to a userspace logging
+ daemon using netlink multicast sockets; unlike the LOG target
+ which can only be viewed through syslog.
+
+ NOTE: This target requires the ipv4 version of ULOG to be compiled as
+ well.
+
+ The apropriate userspace logging daemon (ulogd) may be obtained from
+ <http://www.gnumonks.org/projects/ulogd/>
+
+ To compile it as a module, choose M here. If unsure, say N.
+
endmenu
Modified: netfilter-2.6/patch-o-matic-ng/trunk/net/ipv6/netfilter/Makefile
==============================================================================
--- netfilter-2.6/patch-o-matic-ng/trunk/net/ipv6/netfilter/Makefile (original)
+++ netfilter-2.6/patch-o-matic-ng/trunk/net/ipv6/netfilter/Makefile Thu Jul 28 16:36:42 2005
@@ -25,6 +25,7 @@
obj-$(CONFIG_IP6_NF_TARGET_ROUTE) += ip6t_ROUTE.o
obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o
obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o
+obj-$(CONFIG_IP6_NF_TARGET_ULOG) += ip6t_ULOG.o
obj-$(CONFIG_IP6_NF_TARGET_HL) += ip6t_HL.o
obj-$(CONFIG_IP6_NF_MATCH_NTH) += ip6t_nth.o
Added: netfilter-2.6/patch-o-matic-ng/trunk/net/ipv6/netfilter/ip6t_ULOG.c
==============================================================================
--- (empty file)
+++ netfilter-2.6/patch-o-matic-ng/trunk/net/ipv6/netfilter/ip6t_ULOG.c Thu Jul 28 16:36:42 2005
@@ -0,0 +1,142 @@
+/*
+ * netfilter module for userspace packet logging daemons
+ *
+ * (C) 2000-2004 by Harald Welte <laforge at netfilter.org>
+ *
+ * 2000/09/22 ulog-cprange feature added
+ * 2001/01/04 in-kernel queue as proposed by Sebastian Zander
+ * <zander at fokus.gmd.de>
+ * 2001/01/30 per-rule nlgroup conflicts with global queue.
+ * nlgroup now global (sysctl)
+ * 2001/04/19 ulog-queue reworked, now fixed buffer size specified at
+ * module loadtime -HW
+ * 2002/07/07 remove broken nflog_rcv() function -HW
+ * 2002/08/29 fix shifted/unshifted nlgroup bug -HW
+ * 2002/10/30 fix uninitialized mac_len field - <Anders K. Pedersen>
+ * 2004/10/25 fix erroneous calculation of 'len' parameter to NLMSG_PUT
+ * resulting in bogus 'error during NLMSG_PUT' messages.
+ * 2005/02/10 ported to ipv6
+ *
+ * (C) 1999-2001 Paul `Rusty' Russell
+ * (C) 2002-2004 Netfilter Core Team <coreteam at netfilter.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/module.h>
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter_ipv4/ipt_ULOG.h>
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Jonas Berlin <xkr47 at outerspace.dyndns.org>");
+MODULE_DESCRIPTION("ip6tables userspace logging module");
+
+#if 0
+#define DEBUGP(format, args...) printk("%s:%s:" format, \
+ __FILE__, __FUNCTION__ , ## args)
+#else
+#define DEBUGP(format, args...)
+#endif
+
+static unsigned int nflog = 1;
+module_param(nflog, int, 0400);
+MODULE_PARM_DESC(nflog, "register as internal netfilter logging module");
+
+// from ipt_ULOG.c
+void ipt_ulog_packet(unsigned int hooknum,
+ const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const struct ipt_ulog_info *loginfo,
+ const char *prefix);
+
+static unsigned int ip6t_ulog_target(struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ unsigned int hooknum,
+ const void *targinfo, void *userinfo)
+{
+ const struct ipt_ulog_info *loginfo = (const struct ipt_ulog_info *) targinfo;
+
+ ipt_ulog_packet(hooknum, *pskb, in, out, loginfo, NULL);
+
+ return IP6T_CONTINUE;
+}
+
+static void ip6t_logfn(unsigned int hooknum,
+ const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const char *prefix)
+{
+ struct ipt_ulog_info loginfo = {
+ .nl_group = ULOG_DEFAULT_NLGROUP,
+ .copy_range = 0,
+ .qthreshold = ULOG_DEFAULT_QTHRESHOLD,
+ .prefix = ""
+ };
+
+ ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
+}
+
+static int ip6t_ulog_checkentry(const char *tablename,
+ const struct ip6t_entry *e,
+ void *targinfo,
+ unsigned int targinfosize,
+ unsigned int hookmask)
+{
+ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
+
+ if (targinfosize != IP6T_ALIGN(sizeof(struct ipt_ulog_info))) {
+ DEBUGP("ip6t_ULOG: targinfosize %u != 0\n", targinfosize);
+ return 0;
+ }
+
+ if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') {
+ DEBUGP("ip6t_ULOG: prefix term %i\n",
+ loginfo->prefix[sizeof(loginfo->prefix) - 1]);
+ return 0;
+ }
+
+ if (loginfo->qthreshold > ULOG_MAX_QLEN) {
+ DEBUGP("ip6t_ULOG: queue threshold %i > MAX_QLEN\n",
+ loginfo->qthreshold);
+ return 0;
+ }
+
+ return 1;
+}
+
+static struct ip6t_target ip6t_ulog_reg = {
+ .name = "ULOG",
+ .target = ip6t_ulog_target,
+ .checkentry = ip6t_ulog_checkentry,
+ .me = THIS_MODULE,
+};
+
+static int __init init(void)
+{
+ DEBUGP("ip6t_ULOG: init module\n");
+
+ if (ip6t_register_target(&ip6t_ulog_reg) != 0) {
+ return -EINVAL;
+ }
+ if (nflog)
+ nf_log_register(PF_INET6, &ip6t_logfn);
+
+ return 0;
+}
+
+static void __exit fini(void)
+{
+ DEBUGP("ip6t_ULOG: cleanup_module\n");
+
+ if (nflog)
+ nf_log_unregister(PF_INET6, &ip6t_logfn);
+ ip6t_unregister_target(&ip6t_ulog_reg);
+}
+
+module_init(init);
+module_exit(fini);
Modified: netfilter-2.6/patch-o-matic-ng/trunk/status
==============================================================================
--- netfilter-2.6/patch-o-matic-ng/trunk/status (original)
+++ netfilter-2.6/patch-o-matic-ng/trunk/status Thu Jul 28 16:36:42 2005
@@ -40,6 +40,6 @@
time 2005/07/27 added
TTL 2005/07/27 added
u32 2005/07/27 added
-ULOG updated
+ULOG 2005/07/27 updated (ipv6 port)
unclean 2005/07/27 added
XOR 2005/07/27 added
More information about the pld-cvs-commit
mailing list