SOURCES (LINUX_2_6): linux-2.6-nf-ULOG.patch (NEW), iptables-nf-UL...
cieciwa
cieciwa at pld-linux.org
Thu Sep 15 10:42:46 CEST 2005
Author: cieciwa Date: Thu Sep 15 08:42:46 2005 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- [extra] ULOG - kernel and iptables patch.
---- Files affected:
SOURCES:
linux-2.6-nf-ULOG.patch (NONE -> 1.1.2.1) (NEW), iptables-nf-ULOG.patch (NONE -> 1.1.2.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-nf-ULOG.patch
diff -u /dev/null SOURCES/linux-2.6-nf-ULOG.patch:1.1.2.1
--- /dev/null Thu Sep 15 10:42:46 2005
+++ SOURCES/linux-2.6-nf-ULOG.patch Thu Sep 15 10:42:41 2005
@@ -0,0 +1,203 @@
+ ipv4/netfilter/ipt_ULOG.c | 4 -
+ ipv6/netfilter/Kconfig | 17 +++++
+ ipv6/netfilter/Makefile | 1
+ ipv6/netfilter/ip6t_ULOG.c | 142 +++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 163 insertions(+), 1 deletion(-)
+
+diff -Nur --exclude '*.orig' linux-2.6.13.1.org/net/ipv4/netfilter/ipt_ULOG.c linux-2.6.13.1/net/ipv4/netfilter/ipt_ULOG.c
+--- linux-2.6.13.1.org/net/ipv4/netfilter/ipt_ULOG.c 2005-09-10 04:42:58.000000000 +0200
++++ linux-2.6.13.1/net/ipv4/netfilter/ipt_ULOG.c 2005-09-15 10:33:24.000000000 +0200
+@@ -163,7 +163,7 @@
+ return skb;
+ }
+
+-static void ipt_ulog_packet(unsigned int hooknum,
++void ipt_ulog_packet(unsigned int hooknum,
+ const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+@@ -414,5 +414,7 @@
+
+ }
+
++EXPORT_SYMBOL(ipt_ulog_packet);
++
+ module_init(init);
+ module_exit(fini);
+diff -Nur --exclude '*.orig' linux-2.6.13.1.org/net/ipv6/netfilter/Kconfig linux-2.6.13.1/net/ipv6/netfilter/Kconfig
+--- linux-2.6.13.1.org/net/ipv6/netfilter/Kconfig 2005-09-10 04:42:58.000000000 +0200
++++ linux-2.6.13.1/net/ipv6/netfilter/Kconfig 2005-09-15 10:33:24.000000000 +0200
+@@ -238,5 +238,22 @@
+ If you want to compile it as a module, say M here and read
+ <file:Documentation/modules.txt>. If unsure, say `N'.
+
++config IP6_NF_TARGET_ULOG
++ tristate "ULOG target support"
++ depends on IP6_NF_IPTABLES && IP_NF_TARGET_ULOG
++ ---help---
++ This option adds a `ULOG' target, which allows you to create rules in
++ any ip6tables table. The packet is passed to a userspace logging
++ daemon using netlink multicast sockets; unlike the LOG target
++ which can only be viewed through syslog.
++
++ NOTE: This target requires the ipv4 version of ULOG to be compiled as
++ well.
++
++ The apropriate userspace logging daemon (ulogd) may be obtained from
++ <http://www.gnumonks.org/projects/ulogd/>
++
++ To compile it as a module, choose M here. If unsure, say N.
++
+ endmenu
+
+diff -Nur --exclude '*.orig' linux-2.6.13.1.org/net/ipv6/netfilter/Makefile linux-2.6.13.1/net/ipv6/netfilter/Makefile
+--- linux-2.6.13.1.org/net/ipv6/netfilter/Makefile 2005-09-10 04:42:58.000000000 +0200
++++ linux-2.6.13.1/net/ipv6/netfilter/Makefile 2005-09-15 10:33:24.000000000 +0200
+@@ -0,0 +0,1 @@
++obj-$(CONFIG_IP6_NF_TARGET_ULOG) += ip6t_ULOG.o
+diff -Nur --exclude '*.orig' linux-2.6.13.1.org/net/ipv6/netfilter/ip6t_ULOG.c linux-2.6.13.1/net/ipv6/netfilter/ip6t_ULOG.c
+--- linux-2.6.13.1.org/net/ipv6/netfilter/ip6t_ULOG.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.13.1/net/ipv6/netfilter/ip6t_ULOG.c 2005-09-15 10:33:24.000000000 +0200
+@@ -0,0 +1,142 @@
++/*
++ * netfilter module for userspace packet logging daemons
++ *
++ * (C) 2000-2004 by Harald Welte <laforge at netfilter.org>
++ *
++ * 2000/09/22 ulog-cprange feature added
++ * 2001/01/04 in-kernel queue as proposed by Sebastian Zander
++ * <zander at fokus.gmd.de>
++ * 2001/01/30 per-rule nlgroup conflicts with global queue.
++ * nlgroup now global (sysctl)
++ * 2001/04/19 ulog-queue reworked, now fixed buffer size specified at
++ * module loadtime -HW
++ * 2002/07/07 remove broken nflog_rcv() function -HW
++ * 2002/08/29 fix shifted/unshifted nlgroup bug -HW
++ * 2002/10/30 fix uninitialized mac_len field - <Anders K. Pedersen>
++ * 2004/10/25 fix erroneous calculation of 'len' parameter to NLMSG_PUT
++ * resulting in bogus 'error during NLMSG_PUT' messages.
++ * 2005/02/10 ported to ipv6
++ *
++ * (C) 1999-2001 Paul `Rusty' Russell
++ * (C) 2002-2004 Netfilter Core Team <coreteam at netfilter.org>
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 2 as
++ * published by the Free Software Foundation.
++ */
++
++#include <linux/module.h>
++#include <linux/netfilter_ipv6/ip6_tables.h>
++#include <linux/netfilter_ipv4/ipt_ULOG.h>
++
++MODULE_LICENSE("GPL");
++MODULE_AUTHOR("Jonas Berlin <xkr47 at outerspace.dyndns.org>");
++MODULE_DESCRIPTION("ip6tables userspace logging module");
++
++#if 0
++#define DEBUGP(format, args...) printk("%s:%s:" format, \
++ __FILE__, __FUNCTION__ , ## args)
++#else
++#define DEBUGP(format, args...)
++#endif
++
++static unsigned int nflog = 1;
++module_param(nflog, int, 0400);
++MODULE_PARM_DESC(nflog, "register as internal netfilter logging module");
++
++// from ipt_ULOG.c
++void ipt_ulog_packet(unsigned int hooknum,
++ const struct sk_buff *skb,
++ const struct net_device *in,
++ const struct net_device *out,
++ const struct ipt_ulog_info *loginfo,
++ const char *prefix);
++
++static unsigned int ip6t_ulog_target(struct sk_buff **pskb,
++ const struct net_device *in,
++ const struct net_device *out,
++ unsigned int hooknum,
++ const void *targinfo, void *userinfo)
++{
++ const struct ipt_ulog_info *loginfo = (const struct ipt_ulog_info *) targinfo;
++
++ ipt_ulog_packet(hooknum, *pskb, in, out, loginfo, NULL);
++
++ return IP6T_CONTINUE;
++}
++
++static void ip6t_logfn(unsigned int hooknum,
++ const struct sk_buff *skb,
++ const struct net_device *in,
++ const struct net_device *out,
++ const char *prefix)
++{
++ struct ipt_ulog_info loginfo = {
++ .nl_group = ULOG_DEFAULT_NLGROUP,
++ .copy_range = 0,
++ .qthreshold = ULOG_DEFAULT_QTHRESHOLD,
++ .prefix = ""
++ };
++
++ ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
++}
++
++static int ip6t_ulog_checkentry(const char *tablename,
++ const struct ip6t_entry *e,
++ void *targinfo,
++ unsigned int targinfosize,
++ unsigned int hookmask)
++{
++ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
++
++ if (targinfosize != IP6T_ALIGN(sizeof(struct ipt_ulog_info))) {
++ DEBUGP("ip6t_ULOG: targinfosize %u != 0\n", targinfosize);
++ return 0;
++ }
++
++ if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') {
++ DEBUGP("ip6t_ULOG: prefix term %i\n",
++ loginfo->prefix[sizeof(loginfo->prefix) - 1]);
++ return 0;
++ }
++
++ if (loginfo->qthreshold > ULOG_MAX_QLEN) {
++ DEBUGP("ip6t_ULOG: queue threshold %i > MAX_QLEN\n",
++ loginfo->qthreshold);
++ return 0;
++ }
++
++ return 1;
++}
++
++static struct ip6t_target ip6t_ulog_reg = {
++ .name = "ULOG",
++ .target = ip6t_ulog_target,
++ .checkentry = ip6t_ulog_checkentry,
++ .me = THIS_MODULE,
++};
++
++static int __init init(void)
++{
++ DEBUGP("ip6t_ULOG: init module\n");
++
++ if (ip6t_register_target(&ip6t_ulog_reg) != 0) {
++ return -EINVAL;
++ }
++ if (nflog)
++ nf_log_register(PF_INET6, &ip6t_logfn);
++
++ return 0;
++}
++
++static void __exit fini(void)
++{
++ DEBUGP("ip6t_ULOG: cleanup_module\n");
++
++ if (nflog)
++ nf_log_unregister(PF_INET6, &ip6t_logfn);
++ ip6t_unregister_target(&ip6t_ulog_reg);
++}
++
++module_init(init);
++module_exit(fini);
================================================================
Index: SOURCES/iptables-nf-ULOG.patch
diff -u /dev/null SOURCES/iptables-nf-ULOG.patch:1.1.2.1
--- /dev/null Thu Sep 15 10:42:46 2005
+++ SOURCES/iptables-nf-ULOG.patch Thu Sep 15 10:42:41 2005
@@ -0,0 +1,273 @@
+ .ULOG-test6 | 2
+ libip6t_ULOG.c | 227 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ libip6t_ULOG.man | 27 ++++++
+ 3 files changed, 256 insertions(+)
+
+diff -Nur --exclude '*.orig' iptables.org/extensions/.ULOG-test6 iptables/extensions/.ULOG-test6
+--- iptables.org/extensions/.ULOG-test6 1970-01-01 01:00:00.000000000 +0100
++++ iptables/extensions/.ULOG-test6 2005-09-15 10:33:24.000000000 +0200
+@@ -0,0 +1,2 @@
++#!/bin/sh
++[ -f $KERNEL_DIR/net/ipv6/netfilter/ip6t_ULOG.c ] && echo ULOG
+diff -Nur --exclude '*.orig' iptables.org/extensions/libip6t_ULOG.c iptables/extensions/libip6t_ULOG.c
+--- iptables.org/extensions/libip6t_ULOG.c 1970-01-01 01:00:00.000000000 +0100
++++ iptables/extensions/libip6t_ULOG.c 2005-09-15 10:33:24.000000000 +0200
+@@ -0,0 +1,227 @@
++/* Shared library add-on to ip6tables to add ULOG support.
++ *
++ * (C) 2000 by Harald Welte <laforge at gnumonks.org>
++ *
++ * multipart netlink support based on ideas by Sebastian Zander
++ * <zander at fokus.gmd.de>
++ *
++ * This software is released under the terms of GNU GPL
++ */
++#include <stdio.h>
++#include <netdb.h>
++#include <string.h>
++#include <stdlib.h>
++#include <syslog.h>
++#include <getopt.h>
++#include <ip6tables.h>
++#include <linux/netfilter_ipv6/ip6_tables.h>
++/* For 64bit kernel / 32bit userspace */
++#include "../include/linux/netfilter_ipv4/ipt_ULOG.h"
++
++
++void print_groups(unsigned int gmask)
++{
++ int b;
++ unsigned int test;
++
++ for (b = 31; b >= 0; b--) {
++ test = (1 << b);
++ if (gmask & test)
++ printf("%d ", b + 1);
++ }
++}
++
++/* Function which prints out usage message. */
++static void help(void)
++{
++ printf("ULOG v%s options:\n"
++ " --ulog-nlgroup nlgroup NETLINK group used for logging\n"
++ " --ulog-cprange size Bytes of each packet to be passed\n"
++ " --ulog-qthreshold Threshold of in-kernel queue\n"
++ " --ulog-prefix prefix Prefix log messages with this prefix.\n\n",
++ IPTABLES_VERSION);
++}
++
++static struct option opts[] = {
++ {"ulog-nlgroup", 1, 0, '!'},
++ {"ulog-prefix", 1, 0, '#'},
++ {"ulog-cprange", 1, 0, 'A'},
++ {"ulog-qthreshold", 1, 0, 'B'},
++ {0}
++};
++
++/* Initialize the target. */
++static void init(struct ip6t_entry_target *t, unsigned int *nfcache)
++{
++ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) t->data;
++
++ loginfo->nl_group = ULOG_DEFAULT_NLGROUP;
++ loginfo->qthreshold = ULOG_DEFAULT_QTHRESHOLD;
++
++ /* Can't cache this */
++ *nfcache |= NFC_UNKNOWN;
++}
++
++#define IPT_LOG_OPT_NLGROUP 0x01
++#define IPT_LOG_OPT_PREFIX 0x02
++#define IPT_LOG_OPT_CPRANGE 0x04
++#define IPT_LOG_OPT_QTHRESHOLD 0x08
++
++/* Function which parses command options; returns true if it
++ ate an option */
++static int parse(int c, char **argv, int invert, unsigned int *flags,
++ const struct ip6t_entry *entry,
++ struct ip6t_entry_target **target)
++{
++ struct ipt_ulog_info *loginfo =
++ (struct ipt_ulog_info *) (*target)->data;
++ int group_d;
++
++ switch (c) {
++ case '!':
++ if (*flags & IPT_LOG_OPT_NLGROUP)
++ exit_error(PARAMETER_PROBLEM,
++ "Can't specify --ulog-nlgroup twice");
++
++ if (check_inverse(optarg, &invert, NULL, 0))
++ exit_error(PARAMETER_PROBLEM,
++ "Unexpected `!' after --ulog-nlgroup");
++ group_d = atoi(optarg);
++ if (group_d > 32 || group_d < 1)
++ exit_error(PARAMETER_PROBLEM,
++ "--ulog-nlgroup has to be between 1 and 32");
++
++ loginfo->nl_group = (1 << (group_d - 1));
++
++ *flags |= IPT_LOG_OPT_NLGROUP;
++ break;
++
++ case '#':
++ if (*flags & IPT_LOG_OPT_PREFIX)
++ exit_error(PARAMETER_PROBLEM,
++ "Can't specify --ulog-prefix twice");
++
++ if (check_inverse(optarg, &invert, NULL, 0))
++ exit_error(PARAMETER_PROBLEM,
++ "Unexpected `!' after --ulog-prefix");
++
++ if (strlen(optarg) > sizeof(loginfo->prefix) - 1)
++ exit_error(PARAMETER_PROBLEM,
++ "Maximum prefix length %u for --ulog-prefix",
++ (unsigned int)sizeof(loginfo->prefix) - 1);
++
++ strcpy(loginfo->prefix, optarg);
++ *flags |= IPT_LOG_OPT_PREFIX;
++ break;
++ case 'A':
++ if (*flags & IPT_LOG_OPT_CPRANGE)
++ exit_error(PARAMETER_PROBLEM,
++ "Can't specify --ulog-cprange twice");
++ if (atoi(optarg) < 0)
++ exit_error(PARAMETER_PROBLEM,
++ "Negative copy range?");
++#ifdef KERNEL_64_USERSPACE_32
++ loginfo->copy_range = (unsigned long long)atoll(optarg);
++#else
++ loginfo->copy_range = atoi(optarg);
++#endif
++ *flags |= IPT_LOG_OPT_CPRANGE;
++ break;
++ case 'B':
++ if (*flags & IPT_LOG_OPT_QTHRESHOLD)
++ exit_error(PARAMETER_PROBLEM,
++ "Can't specify --ulog-qthreshold twice");
++ if (atoi(optarg) < 1)
++ exit_error(PARAMETER_PROBLEM,
++ "Negative or zero queue threshold ?");
++ if (atoi(optarg) > ULOG_MAX_QLEN)
++ exit_error(PARAMETER_PROBLEM,
++ "Maximum queue length exceeded");
++#ifdef KERNEL_64_USERSPACE_32
++ loginfo->qthreshold = (unsigned long long)atoll(optarg);
++#else
++ loginfo->qthreshold = atoi(optarg);
++#endif
++ *flags |= IPT_LOG_OPT_QTHRESHOLD;
++ break;
++ }
++ return 1;
++}
++
++/* Final check; nothing. */
++static void final_check(unsigned int flags)
++{
++}
++
++/* Saves the union ip6t_targinfo in parsable form to stdout. */
++static void save(const struct ip6t_ip6 *ip,
++ const struct ip6t_entry_target *target)
++{
++ const struct ipt_ulog_info *loginfo
++ = (const struct ipt_ulog_info *) target->data;
++
++ if (strcmp(loginfo->prefix, "") != 0)
++ printf("--ulog-prefix \"%s\" ", loginfo->prefix);
++
++ if (loginfo->nl_group != ULOG_DEFAULT_NLGROUP) {
++ printf("--ulog-nlgroup ");
++ print_groups(loginfo->nl_group);
++ }
++#ifdef KERNEL_64_USERSPACE_32
++ if (loginfo->copy_range)
++ printf("--ulog-cprange %llu ", loginfo->copy_range);
++
++ if (loginfo->qthreshold != ULOG_DEFAULT_QTHRESHOLD)
++ printf("--ulog-qthreshold %llu ", loginfo->qthreshold);
++#else
++ if (loginfo->copy_range)
++ printf("--ulog-cprange %u ", (unsigned int)loginfo->copy_range);
++
++ if (loginfo->qthreshold != ULOG_DEFAULT_QTHRESHOLD)
++ printf("--ulog-qthreshold %u ", (unsigned int)loginfo->qthreshold);
++#endif
++}
++
++/* Prints out the targinfo. */
++static void
++print(const struct ip6t_ip6 *ip,
++ const struct ip6t_entry_target *target, int numeric)
++{
++ const struct ipt_ulog_info *loginfo
++ = (const struct ipt_ulog_info *) target->data;
++
++ printf("ULOG ");
++#ifdef KERNEL_64_USERSPACE_32
++ printf("copy_range %llu nlgroup ", loginfo->copy_range);
++#else
++ printf("copy_range %u nlgroup ", (unsigned int)loginfo->copy_range);
++#endif
++ print_groups(loginfo->nl_group);
++ if (strcmp(loginfo->prefix, "") != 0)
++ printf("prefix `%s' ", loginfo->prefix);
++#ifdef KERNEL_64_USERSPACE_32
++ printf("queue_threshold %llu ", loginfo->qthreshold);
++#else
++ printf("queue_threshold %u ", (unsigned int)loginfo->qthreshold);
++#endif
++}
++
++static struct ip6tables_target ulog = {
++ .next = NULL,
++ .name = "ULOG",
++ .version = IPTABLES_VERSION,
++ .size = IP6T_ALIGN(sizeof(struct ipt_ulog_info)),
++ .userspacesize = IP6T_ALIGN(sizeof(struct ipt_ulog_info)),
++ .help = &help,
++ .init = &init,
++ .parse = &parse,
++ .final_check = &final_check,
++ .print = &print,
++ .save = &save,
++ .extra_opts = opts
++};
++
++void _init(void)
++{
++ register_target6(&ulog);
++}
+diff -Nur --exclude '*.orig' iptables.org/extensions/libip6t_ULOG.man iptables/extensions/libip6t_ULOG.man
+--- iptables.org/extensions/libip6t_ULOG.man 1970-01-01 01:00:00.000000000 +0100
++++ iptables/extensions/libip6t_ULOG.man 2005-09-15 10:33:24.000000000 +0200
+@@ -0,0 +1,27 @@
++This target provides userspace logging of matching packets. When this
++target is set for a rule, the Linux kernel will multicast this packet
++through a
++.IR netlink
++socket. One or more userspace processes may then subscribe to various
++multicast groups and receive the packets.
++Like LOG, this is a "non-terminating target", i.e. rule traversal
++continues at the next rule.
++.TP
++.BI "--ulog-nlgroup " "nlgroup"
++This specifies the netlink group (1-32) to which the packet is sent.
++Default value is 1.
++.TP
++.BI "--ulog-prefix " "prefix"
++Prefix log messages with the specified prefix; up to 32 characters
++long, and useful for distinguishing messages in the logs.
++.TP
++.BI "--ulog-cprange " "size"
++Number of bytes to be copied to userspace. A value of 0 always copies
++the entire packet, regardless of its size. Default is 0.
++.TP
++.BI "--ulog-qthreshold " "size"
++Number of packet to queue inside kernel. Setting this value to, e.g. 10
++accumulates ten packets inside the kernel and transmits them as one
++netlink multipart message to userspace. Default is 1 (for backwards
++compatibility).
++.br
================================================================
More information about the pld-cvs-commit
mailing list