[netfilter-cvslog] r3694 - in trunk/patch-o-matic-ng: . ULOG
ULOG/iptables ULOG/iptables/extensions ULOG/linux
ULOG/linux/Documentation ULOG/linux/net ULOG/linux/net/ipv6
ULOG/linux/net/ipv6/netfilter ULOG/linux-2.6
ULOG/linux-2.6/net ULOG/linux-2.6/net/ipv6
ULOG/linux-2.6/net/ipv6/netfilter
laforge at netfilter.org
laforge at netfilter.org
Tue Feb 15 00:27:51 CET 2005
Author: laforge at netfilter.org
Date: 2005-02-15 00:27:50 +0100 (Tue, 15 Feb 2005)
New Revision: 3694
Added:
trunk/patch-o-matic-ng/ULOG/
trunk/patch-o-matic-ng/ULOG/help
trunk/patch-o-matic-ng/ULOG/info
trunk/patch-o-matic-ng/ULOG/iptables/
trunk/patch-o-matic-ng/ULOG/iptables/extensions/
trunk/patch-o-matic-ng/ULOG/iptables/extensions/.ULOG-test6
trunk/patch-o-matic-ng/ULOG/iptables/extensions/libip6t_ULOG.c
trunk/patch-o-matic-ng/ULOG/iptables/extensions/libip6t_ULOG.man
trunk/patch-o-matic-ng/ULOG/linux-2.6.patch
trunk/patch-o-matic-ng/ULOG/linux-2.6/
trunk/patch-o-matic-ng/ULOG/linux-2.6/net/
trunk/patch-o-matic-ng/ULOG/linux-2.6/net/ipv6/
trunk/patch-o-matic-ng/ULOG/linux-2.6/net/ipv6/netfilter/
trunk/patch-o-matic-ng/ULOG/linux-2.6/net/ipv6/netfilter/Kconfig.ladd
trunk/patch-o-matic-ng/ULOG/linux-2.6/net/ipv6/netfilter/Makefile.ladd
trunk/patch-o-matic-ng/ULOG/linux-2.6/net/ipv6/netfilter/ip6t_ULOG.c
trunk/patch-o-matic-ng/ULOG/linux.patch
trunk/patch-o-matic-ng/ULOG/linux/
trunk/patch-o-matic-ng/ULOG/linux/Documentation/
trunk/patch-o-matic-ng/ULOG/linux/Documentation/Configure.help.ladd
trunk/patch-o-matic-ng/ULOG/linux/net/
trunk/patch-o-matic-ng/ULOG/linux/net/ipv6/
trunk/patch-o-matic-ng/ULOG/linux/net/ipv6/netfilter/
trunk/patch-o-matic-ng/ULOG/linux/net/ipv6/netfilter/Config.in.ladd
trunk/patch-o-matic-ng/ULOG/linux/net/ipv6/netfilter/Makefile.ladd
trunk/patch-o-matic-ng/ULOG/linux/net/ipv6/netfilter/ip6t_ULOG.c
Log:
ULOG ipv6 port, no code duplication (Jonas Berlin)
Added: trunk/patch-o-matic-ng/ULOG/help
===================================================================
--- trunk/patch-o-matic-ng/ULOG/help 2005-02-14 23:22:15 UTC (rev 3693)
+++ trunk/patch-o-matic-ng/ULOG/help 2005-02-14 23:27:50 UTC (rev 3694)
@@ -0,0 +1,4 @@
+This patch adds support for the ULOG target for ip6tables.
+
+It shares the same message queues with the ipv4 version, so the ipv4
+ULOG target needs to be built as well.
Added: trunk/patch-o-matic-ng/ULOG/info
===================================================================
--- trunk/patch-o-matic-ng/ULOG/info 2005-02-14 23:22:15 UTC (rev 3693)
+++ trunk/patch-o-matic-ng/ULOG/info 2005-02-14 23:27:50 UTC (rev 3694)
@@ -0,0 +1,4 @@
+Title: ULOG ported to IPv6
+Author: Jonas Berlin <jberlin at niksula.hut.fi>
+Status: Testing
+Repository: extra
Added: trunk/patch-o-matic-ng/ULOG/iptables/extensions/.ULOG-test6
===================================================================
--- trunk/patch-o-matic-ng/ULOG/iptables/extensions/.ULOG-test6 2005-02-14 23:22:15 UTC (rev 3693)
+++ trunk/patch-o-matic-ng/ULOG/iptables/extensions/.ULOG-test6 2005-02-14 23:27:50 UTC (rev 3694)
@@ -0,0 +1,2 @@
+#!/bin/sh
+[ -f $KERNEL_DIR/net/ipv6/netfilter/ip6t_ULOG.c ] && echo ULOG
Property changes on: trunk/patch-o-matic-ng/ULOG/iptables/extensions/.ULOG-test6
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/patch-o-matic-ng/ULOG/iptables/extensions/libip6t_ULOG.c
===================================================================
--- trunk/patch-o-matic-ng/ULOG/iptables/extensions/libip6t_ULOG.c 2005-02-14 23:22:15 UTC (rev 3693)
+++ trunk/patch-o-matic-ng/ULOG/iptables/extensions/libip6t_ULOG.c 2005-02-14 23:27:50 UTC (rev 3694)
@@ -0,0 +1,227 @@
+/* Shared library add-on to ip6tables to add ULOG support.
+ *
+ * (C) 2000 by Harald Welte <laforge at gnumonks.org>
+ *
+ * multipart netlink support based on ideas by Sebastian Zander
+ * <zander at fokus.gmd.de>
+ *
+ * This software is released under the terms of GNU GPL
+ */
+#include <stdio.h>
+#include <netdb.h>
+#include <string.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <getopt.h>
+#include <ip6tables.h>
+#include <linux/netfilter_ipv6/ip6_tables.h>
+/* For 64bit kernel / 32bit userspace */
+#include "../include/linux/netfilter_ipv4/ipt_ULOG.h"
+
+
+void print_groups(unsigned int gmask)
+{
+ int b;
+ unsigned int test;
+
+ for (b = 31; b >= 0; b--) {
+ test = (1 << b);
+ if (gmask & test)
+ printf("%d ", b + 1);
+ }
+}
+
+/* Function which prints out usage message. */
+static void help(void)
+{
+ printf("ULOG v%s options:\n"
+ " --ulog-nlgroup nlgroup NETLINK group used for logging\n"
+ " --ulog-cprange size Bytes of each packet to be passed\n"
+ " --ulog-qthreshold Threshold of in-kernel queue\n"
+ " --ulog-prefix prefix Prefix log messages with this prefix.\n\n",
+ IPTABLES_VERSION);
+}
+
+static struct option opts[] = {
+ {"ulog-nlgroup", 1, 0, '!'},
+ {"ulog-prefix", 1, 0, '#'},
+ {"ulog-cprange", 1, 0, 'A'},
+ {"ulog-qthreshold", 1, 0, 'B'},
+ {0}
+};
+
+/* Initialize the target. */
+static void init(struct ip6t_entry_target *t, unsigned int *nfcache)
+{
+ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) t->data;
+
+ loginfo->nl_group = ULOG_DEFAULT_NLGROUP;
+ loginfo->qthreshold = ULOG_DEFAULT_QTHRESHOLD;
+
+ /* Can't cache this */
+ *nfcache |= NFC_UNKNOWN;
+}
+
+#define IPT_LOG_OPT_NLGROUP 0x01
+#define IPT_LOG_OPT_PREFIX 0x02
+#define IPT_LOG_OPT_CPRANGE 0x04
+#define IPT_LOG_OPT_QTHRESHOLD 0x08
+
+/* Function which parses command options; returns true if it
+ ate an option */
+static int parse(int c, char **argv, int invert, unsigned int *flags,
+ const struct ip6t_entry *entry,
+ struct ip6t_entry_target **target)
+{
+ struct ipt_ulog_info *loginfo =
+ (struct ipt_ulog_info *) (*target)->data;
+ int group_d;
+
+ switch (c) {
+ case '!':
+ if (*flags & IPT_LOG_OPT_NLGROUP)
+ exit_error(PARAMETER_PROBLEM,
+ "Can't specify --ulog-nlgroup twice");
+
+ if (check_inverse(optarg, &invert, NULL, 0))
+ exit_error(PARAMETER_PROBLEM,
+ "Unexpected `!' after --ulog-nlgroup");
+ group_d = atoi(optarg);
+ if (group_d > 32 || group_d < 1)
+ exit_error(PARAMETER_PROBLEM,
+ "--ulog-nlgroup has to be between 1 and 32");
+
+ loginfo->nl_group = (1 << (group_d - 1));
+
+ *flags |= IPT_LOG_OPT_NLGROUP;
+ break;
+
+ case '#':
+ if (*flags & IPT_LOG_OPT_PREFIX)
+ exit_error(PARAMETER_PROBLEM,
+ "Can't specify --ulog-prefix twice");
+
+ if (check_inverse(optarg, &invert, NULL, 0))
+ exit_error(PARAMETER_PROBLEM,
+ "Unexpected `!' after --ulog-prefix");
+
+ if (strlen(optarg) > sizeof(loginfo->prefix) - 1)
+ exit_error(PARAMETER_PROBLEM,
+ "Maximum prefix length %u for --ulog-prefix",
+ (unsigned int)sizeof(loginfo->prefix) - 1);
+
+ strcpy(loginfo->prefix, optarg);
+ *flags |= IPT_LOG_OPT_PREFIX;
+ break;
+ case 'A':
+ if (*flags & IPT_LOG_OPT_CPRANGE)
+ exit_error(PARAMETER_PROBLEM,
+ "Can't specify --ulog-cprange twice");
+ if (atoi(optarg) < 0)
+ exit_error(PARAMETER_PROBLEM,
+ "Negative copy range?");
+#ifdef KERNEL_64_USERSPACE_32
+ loginfo->copy_range = (unsigned long long)atoll(optarg);
+#else
+ loginfo->copy_range = atoi(optarg);
+#endif
+ *flags |= IPT_LOG_OPT_CPRANGE;
+ break;
+ case 'B':
+ if (*flags & IPT_LOG_OPT_QTHRESHOLD)
+ exit_error(PARAMETER_PROBLEM,
+ "Can't specify --ulog-qthreshold twice");
+ if (atoi(optarg) < 1)
+ exit_error(PARAMETER_PROBLEM,
+ "Negative or zero queue threshold ?");
+ if (atoi(optarg) > ULOG_MAX_QLEN)
+ exit_error(PARAMETER_PROBLEM,
+ "Maximum queue length exceeded");
+#ifdef KERNEL_64_USERSPACE_32
+ loginfo->qthreshold = (unsigned long long)atoll(optarg);
+#else
+ loginfo->qthreshold = atoi(optarg);
+#endif
+ *flags |= IPT_LOG_OPT_QTHRESHOLD;
+ break;
+ }
+ return 1;
+}
+
+/* Final check; nothing. */
+static void final_check(unsigned int flags)
+{
+}
+
+/* Saves the union ip6t_targinfo in parsable form to stdout. */
+static void save(const struct ip6t_ip6 *ip,
+ const struct ip6t_entry_target *target)
+{
+ const struct ipt_ulog_info *loginfo
+ = (const struct ipt_ulog_info *) target->data;
+
+ if (strcmp(loginfo->prefix, "") != 0)
+ printf("--ulog-prefix \"%s\" ", loginfo->prefix);
+
+ if (loginfo->nl_group != ULOG_DEFAULT_NLGROUP) {
+ printf("--ulog-nlgroup ");
+ print_groups(loginfo->nl_group);
+ }
+#ifdef KERNEL_64_USERSPACE_32
+ if (loginfo->copy_range)
+ printf("--ulog-cprange %llu ", loginfo->copy_range);
+
+ if (loginfo->qthreshold != ULOG_DEFAULT_QTHRESHOLD)
+ printf("--ulog-qthreshold %llu ", loginfo->qthreshold);
+#else
+ if (loginfo->copy_range)
+ printf("--ulog-cprange %u ", (unsigned int)loginfo->copy_range);
+
+ if (loginfo->qthreshold != ULOG_DEFAULT_QTHRESHOLD)
+ printf("--ulog-qthreshold %u ", (unsigned int)loginfo->qthreshold);
+#endif
+}
+
+/* Prints out the targinfo. */
+static void
+print(const struct ip6t_ip6 *ip,
+ const struct ip6t_entry_target *target, int numeric)
+{
+ const struct ipt_ulog_info *loginfo
+ = (const struct ipt_ulog_info *) target->data;
+
+ printf("ULOG ");
+#ifdef KERNEL_64_USERSPACE_32
+ printf("copy_range %llu nlgroup ", loginfo->copy_range);
+#else
+ printf("copy_range %u nlgroup ", (unsigned int)loginfo->copy_range);
+#endif
+ print_groups(loginfo->nl_group);
+ if (strcmp(loginfo->prefix, "") != 0)
+ printf("prefix `%s' ", loginfo->prefix);
+#ifdef KERNEL_64_USERSPACE_32
+ printf("queue_threshold %llu ", loginfo->qthreshold);
+#else
+ printf("queue_threshold %u ", (unsigned int)loginfo->qthreshold);
+#endif
+}
+
+static struct ip6tables_target ulog = {
+ .next = NULL,
+ .name = "ULOG",
+ .version = IPTABLES_VERSION,
+ .size = IP6T_ALIGN(sizeof(struct ipt_ulog_info)),
+ .userspacesize = IP6T_ALIGN(sizeof(struct ipt_ulog_info)),
+ .help = &help,
+ .init = &init,
+ .parse = &parse,
+ .final_check = &final_check,
+ .print = &print,
+ .save = &save,
+ .extra_opts = opts
+};
+
+void _init(void)
+{
+ register_target6(&ulog);
+}
Added: trunk/patch-o-matic-ng/ULOG/iptables/extensions/libip6t_ULOG.man
===================================================================
--- trunk/patch-o-matic-ng/ULOG/iptables/extensions/libip6t_ULOG.man 2005-02-14 23:22:15 UTC (rev 3693)
+++ trunk/patch-o-matic-ng/ULOG/iptables/extensions/libip6t_ULOG.man 2005-02-14 23:27:50 UTC (rev 3694)
@@ -0,0 +1,27 @@
+This target provides userspace logging of matching packets. When this
+target is set for a rule, the Linux kernel will multicast this packet
+through a
+.IR netlink
+socket. One or more userspace processes may then subscribe to various
+multicast groups and receive the packets.
+Like LOG, this is a "non-terminating target", i.e. rule traversal
+continues at the next rule.
+.TP
+.BI "--ulog-nlgroup " "nlgroup"
+This specifies the netlink group (1-32) to which the packet is sent.
+Default value is 1.
+.TP
+.BI "--ulog-prefix " "prefix"
+Prefix log messages with the specified prefix; up to 32 characters
+long, and useful for distinguishing messages in the logs.
+.TP
+.BI "--ulog-cprange " "size"
+Number of bytes to be copied to userspace. A value of 0 always copies
+the entire packet, regardless of its size. Default is 0.
+.TP
+.BI "--ulog-qthreshold " "size"
+Number of packet to queue inside kernel. Setting this value to, e.g. 10
+accumulates ten packets inside the kernel and transmits them as one
+netlink multipart message to userspace. Default is 1 (for backwards
+compatibility).
+.br
Added: trunk/patch-o-matic-ng/ULOG/linux/Documentation/Configure.help.ladd
===================================================================
--- trunk/patch-o-matic-ng/ULOG/linux/Documentation/Configure.help.ladd 2005-02-14 23:22:15 UTC (rev 3693)
+++ trunk/patch-o-matic-ng/ULOG/linux/Documentation/Configure.help.ladd 2005-02-14 23:27:50 UTC (rev 3694)
@@ -0,0 +1,14 @@
+CONFIG_IP6_NF_TARGET_LOG
+ULOG target support
+CONFIG_IP6_NF_TARGET_ULOG
+ This option adds a `ULOG' target, which allows you to create rules in
+ any ip6tables table. The packet is passed to a userspace logging
+ daemon using netlink multicast sockets; unlike the LOG target
+ which can only be viewed through syslog.
+
+ This target requires the ipv4 version to be compiled as well.
+
+ The apropriate userspace logging daemon (ulogd) may be obtained from
+ <http://www.gnumonks.org/projects/ulogd/>
+
+ To compile it as a module, choose M here. If unsure, say N.
Added: trunk/patch-o-matic-ng/ULOG/linux/net/ipv6/netfilter/Config.in.ladd
===================================================================
--- trunk/patch-o-matic-ng/ULOG/linux/net/ipv6/netfilter/Config.in.ladd 2005-02-14 23:22:15 UTC (rev 3693)
+++ trunk/patch-o-matic-ng/ULOG/linux/net/ipv6/netfilter/Config.in.ladd 2005-02-14 23:27:50 UTC (rev 3694)
@@ -0,0 +1,4 @@
+ dep_tristate ' LOG target support' CONFIG_IP6_NF_TARGET_LOG $CONFIG_IP6_NF_FILTER
+ if [ "$CONFIG_IP_NF_TARGET_LOG" != "n" ]; then
+ dep_tristate ' ULOG target support' CONFIG_IP6_NF_TARGET_ULOG $CONFIG_IP6_NF_FILTER $CONFIG_IP_NF_TARGET_LOG
+ fi
Added: trunk/patch-o-matic-ng/ULOG/linux/net/ipv6/netfilter/Makefile.ladd
===================================================================
--- trunk/patch-o-matic-ng/ULOG/linux/net/ipv6/netfilter/Makefile.ladd 2005-02-14 23:22:15 UTC (rev 3693)
+++ trunk/patch-o-matic-ng/ULOG/linux/net/ipv6/netfilter/Makefile.ladd 2005-02-14 23:27:50 UTC (rev 3694)
@@ -0,0 +1,2 @@
+obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o
+obj-$(CONFIG_IP6_NF_TARGET_ULOG) += ip6t_ULOG.o
Added: trunk/patch-o-matic-ng/ULOG/linux/net/ipv6/netfilter/ip6t_ULOG.c
===================================================================
--- trunk/patch-o-matic-ng/ULOG/linux/net/ipv6/netfilter/ip6t_ULOG.c 2005-02-14 23:22:15 UTC (rev 3693)
+++ trunk/patch-o-matic-ng/ULOG/linux/net/ipv6/netfilter/ip6t_ULOG.c 2005-02-14 23:27:50 UTC (rev 3694)
@@ -0,0 +1,156 @@
+/*
+ * netfilter module for userspace packet logging daemons
+ *
+ * (C) 2000-2004 by Harald Welte <laforge at netfilter.org>
+ *
+ * 2000/09/22 ulog-cprange feature added
+ * 2001/01/04 in-kernel queue as proposed by Sebastian Zander
+ * <zander at fokus.gmd.de>
+ * 2001/01/30 per-rule nlgroup conflicts with global queue.
+ * nlgroup now global (sysctl)
+ * 2001/04/19 ulog-queue reworked, now fixed buffer size specified at
+ * module loadtime -HW
+ * 2002/07/07 remove broken nflog_rcv() function -HW
+ * 2002/08/29 fix shifted/unshifted nlgroup bug -HW
+ * 2002/10/30 fix uninitialized mac_len field - <Anders K. Pedersen>
+ * 2004/10/25 fix erroneous calculation of 'len' parameter to NLMSG_PUT
+ * resulting in bogus 'error during NLMSG_PUT' messages.
+ * 2005/02/10 ported to ipv6
+ *
+ * (C) 1999-2001 Paul `Rusty' Russell
+ * (C) 2002-2004 Netfilter Core Team <coreteam at netfilter.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/module.h>
+#include <linux/config.h>
+#include <linux/spinlock.h>
+#include <linux/socket.h>
+#include <linux/skbuff.h>
+#include <linux/kernel.h>
+#include <linux/timer.h>
+#include <linux/netlink.h>
+#include <linux/netdevice.h>
+#include <linux/mm.h>
+#include <linux/moduleparam.h>
+#include <linux/netfilter.h>
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter_ipv4/ipt_ULOG.h>
+#include <linux/netfilter_ipv4/lockhelp.h>
+#include <net/sock.h>
+#include <linux/bitops.h>
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Jonas Berlin <jberlin at niksula.hut.fi>");
+MODULE_DESCRIPTION("ip6tables userspace logging module");
+
+#if 0
+#define DEBUGP(format, args...) printk("%s:%s:" format, \
+ __FILE__, __FUNCTION__ , ## args)
+#else
+#define DEBUGP(format, args...)
+#endif
+
+static unsigned int nflog = 1;
+module_param(nflog, int, 0400);
+MODULE_PARM_DESC(nflog, "register as internal netfilter logging module");
+
+// from ipt_ULOG.c
+void ipt_ulog_packet(unsigned int hooknum,
+ const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const struct ipt_ulog_info *loginfo,
+ const char *prefix);
+
+static unsigned int ip6t_ulog_target(struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ unsigned int hooknum,
+ const void *targinfo, void *userinfo)
+{
+ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
+
+ ipt_ulog_packet(hooknum, *pskb, in, out, loginfo, NULL);
+
+ return IP6T_CONTINUE;
+}
+
+static void ip6t_logfn(unsigned int hooknum,
+ const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const char *prefix)
+{
+ struct ipt_ulog_info loginfo = {
+ .nl_group = ULOG_DEFAULT_NLGROUP,
+ .copy_range = 0,
+ .qthreshold = ULOG_DEFAULT_QTHRESHOLD,
+ .prefix = ""
+ };
+
+ ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
+}
+
+static int ip6t_ulog_checkentry(const char *tablename,
+ const struct ip6t_entry *e,
+ void *targinfo,
+ unsigned int targinfosize,
+ unsigned int hookmask)
+{
+ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
+
+ if (targinfosize != IP6T_ALIGN(sizeof(struct ipt_ulog_info))) {
+ DEBUGP("ip6t_ULOG: targinfosize %u != 0\n", targinfosize);
+ return 0;
+ }
+
+ if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') {
+ DEBUGP("ip6t_ULOG: prefix term %i\n",
+ loginfo->prefix[sizeof(loginfo->prefix) - 1]);
+ return 0;
+ }
+
+ if (loginfo->qthreshold > ULOG_MAX_QLEN) {
+ DEBUGP("ip6t_ULOG: queue threshold %i > MAX_QLEN\n",
+ loginfo->qthreshold);
+ return 0;
+ }
+
+ return 1;
+}
+
+static struct ip6t_target ip6t_ulog_reg = {
+ .name = "ULOG",
+ .target = ip6t_ulog_target,
+ .checkentry = ip6t_ulog_checkentry,
+ .me = THIS_MODULE,
+};
+
+static int __init init(void)
+{
+ DEBUGP("ip6t_ULOG: init module\n");
+
+ if (ip6t_register_target(&ip6t_ulog_reg) != 0) {
+ return -EINVAL;
+ }
+ if (nflog)
+ nf_log_register(PF_INET, &ip6t_logfn);
+
+ return 0;
+}
+
+static void __exit fini(void)
+{
+ DEBUGP("ip6t_ULOG: cleanup_module\n");
+
+ if (nflog)
+ nf_log_unregister(PF_INET, &ip6t_logfn);
+ ip6t_unregister_target(&ip6t_ulog_reg);
+}
+
+module_init(init);
+module_exit(fini);
Added: trunk/patch-o-matic-ng/ULOG/linux-2.6/net/ipv6/netfilter/Kconfig.ladd
===================================================================
--- trunk/patch-o-matic-ng/ULOG/linux-2.6/net/ipv6/netfilter/Kconfig.ladd 2005-02-14 23:22:15 UTC (rev 3693)
+++ trunk/patch-o-matic-ng/ULOG/linux-2.6/net/ipv6/netfilter/Kconfig.ladd 2005-02-14 23:27:50 UTC (rev 3694)
@@ -0,0 +1,15 @@
+config IP6_NF_TARGET_ULOG
+ tristate "ULOG target support"
+ depends on IP6_NF_IPTABLES && IP_NF_TARGET_ULOG
+ ---help---
+ This option adds a `ULOG' target, which allows you to create rules in
+ any ip6tables table. The packet is passed to a userspace logging
+ daemon using netlink multicast sockets; unlike the LOG target
+ which can only be viewed through syslog.
+
+ This target requires the ipv4 version to be compiled as well.
+
+ The apropriate userspace logging daemon (ulogd) may be obtained from
+ <http://www.gnumonks.org/projects/ulogd/>
+
+ To compile it as a module, choose M here. If unsure, say N.
Added: trunk/patch-o-matic-ng/ULOG/linux-2.6/net/ipv6/netfilter/Makefile.ladd
===================================================================
--- trunk/patch-o-matic-ng/ULOG/linux-2.6/net/ipv6/netfilter/Makefile.ladd 2005-02-14 23:22:15 UTC (rev 3693)
+++ trunk/patch-o-matic-ng/ULOG/linux-2.6/net/ipv6/netfilter/Makefile.ladd 2005-02-14 23:27:50 UTC (rev 3694)
@@ -0,0 +1,2 @@
+obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o
+obj-$(CONFIG_IP6_NF_TARGET_ULOG) += ip6t_ULOG.o
Added: trunk/patch-o-matic-ng/ULOG/linux-2.6/net/ipv6/netfilter/ip6t_ULOG.c
===================================================================
--- trunk/patch-o-matic-ng/ULOG/linux-2.6/net/ipv6/netfilter/ip6t_ULOG.c 2005-02-14 23:22:15 UTC (rev 3693)
+++ trunk/patch-o-matic-ng/ULOG/linux-2.6/net/ipv6/netfilter/ip6t_ULOG.c 2005-02-14 23:27:50 UTC (rev 3694)
@@ -0,0 +1,156 @@
+/*
+ * netfilter module for userspace packet logging daemons
+ *
+ * (C) 2000-2004 by Harald Welte <laforge at netfilter.org>
+ *
+ * 2000/09/22 ulog-cprange feature added
+ * 2001/01/04 in-kernel queue as proposed by Sebastian Zander
+ * <zander at fokus.gmd.de>
+ * 2001/01/30 per-rule nlgroup conflicts with global queue.
+ * nlgroup now global (sysctl)
+ * 2001/04/19 ulog-queue reworked, now fixed buffer size specified at
+ * module loadtime -HW
+ * 2002/07/07 remove broken nflog_rcv() function -HW
+ * 2002/08/29 fix shifted/unshifted nlgroup bug -HW
+ * 2002/10/30 fix uninitialized mac_len field - <Anders K. Pedersen>
+ * 2004/10/25 fix erroneous calculation of 'len' parameter to NLMSG_PUT
+ * resulting in bogus 'error during NLMSG_PUT' messages.
+ * 2005/02/10 ported to ipv6
+ *
+ * (C) 1999-2001 Paul `Rusty' Russell
+ * (C) 2002-2004 Netfilter Core Team <coreteam at netfilter.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/module.h>
+#include <linux/config.h>
+#include <linux/spinlock.h>
+#include <linux/socket.h>
+#include <linux/skbuff.h>
+#include <linux/kernel.h>
+#include <linux/timer.h>
+#include <linux/netlink.h>
+#include <linux/netdevice.h>
+#include <linux/mm.h>
+#include <linux/moduleparam.h>
+#include <linux/netfilter.h>
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter_ipv4/ipt_ULOG.h>
+#include <linux/netfilter_ipv4/lockhelp.h>
+#include <net/sock.h>
+#include <linux/bitops.h>
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Jonas Berlin <jberlin at niksula.hut.fi>");
+MODULE_DESCRIPTION("ip6tables userspace logging module");
+
+#if 0
+#define DEBUGP(format, args...) printk("%s:%s:" format, \
+ __FILE__, __FUNCTION__ , ## args)
+#else
+#define DEBUGP(format, args...)
+#endif
+
+static unsigned int nflog = 1;
+module_param(nflog, int, 0400);
+MODULE_PARM_DESC(nflog, "register as internal netfilter logging module");
+
+// from ipt_ULOG.c
+void ipt_ulog_packet(unsigned int hooknum,
+ const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const struct ipt_ulog_info *loginfo,
+ const char *prefix);
+
+static unsigned int ip6t_ulog_target(struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ unsigned int hooknum,
+ const void *targinfo, void *userinfo)
+{
+ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
+
+ ipt_ulog_packet(hooknum, *pskb, in, out, loginfo, NULL);
+
+ return IP6T_CONTINUE;
+}
+
+static void ip6t_logfn(unsigned int hooknum,
+ const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const char *prefix)
+{
+ struct ipt_ulog_info loginfo = {
+ .nl_group = ULOG_DEFAULT_NLGROUP,
+ .copy_range = 0,
+ .qthreshold = ULOG_DEFAULT_QTHRESHOLD,
+ .prefix = ""
+ };
+
+ ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
+}
+
+static int ip6t_ulog_checkentry(const char *tablename,
+ const struct ip6t_entry *e,
+ void *targinfo,
+ unsigned int targinfosize,
+ unsigned int hookmask)
+{
+ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
+
+ if (targinfosize != IP6T_ALIGN(sizeof(struct ipt_ulog_info))) {
+ DEBUGP("ip6t_ULOG: targinfosize %u != 0\n", targinfosize);
+ return 0;
+ }
+
+ if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') {
+ DEBUGP("ip6t_ULOG: prefix term %i\n",
+ loginfo->prefix[sizeof(loginfo->prefix) - 1]);
+ return 0;
+ }
+
+ if (loginfo->qthreshold > ULOG_MAX_QLEN) {
+ DEBUGP("ip6t_ULOG: queue threshold %i > MAX_QLEN\n",
+ loginfo->qthreshold);
+ return 0;
+ }
+
+ return 1;
+}
+
+static struct ip6t_target ip6t_ulog_reg = {
+ .name = "ULOG",
+ .target = ip6t_ulog_target,
+ .checkentry = ip6t_ulog_checkentry,
+ .me = THIS_MODULE,
+};
+
+static int __init init(void)
+{
+ DEBUGP("ip6t_ULOG: init module\n");
+
+ if (ip6t_register_target(&ip6t_ulog_reg) != 0) {
+ return -EINVAL;
+ }
+ if (nflog)
+ nf_log_register(PF_INET, &ip6t_logfn);
+
+ return 0;
+}
+
+static void __exit fini(void)
+{
+ DEBUGP("ip6t_ULOG: cleanup_module\n");
+
+ if (nflog)
+ nf_log_unregister(PF_INET, &ip6t_logfn);
+ ip6t_unregister_target(&ip6t_ulog_reg);
+}
+
+module_init(init);
+module_exit(fini);
Added: trunk/patch-o-matic-ng/ULOG/linux-2.6.patch
===================================================================
--- trunk/patch-o-matic-ng/ULOG/linux-2.6.patch 2005-02-14 23:22:15 UTC (rev 3693)
+++ trunk/patch-o-matic-ng/ULOG/linux-2.6.patch 2005-02-14 23:27:50 UTC (rev 3694)
@@ -0,0 +1,19 @@
+--- linux-2.6.10/net/ipv4/netfilter/ipt_ULOG.c 2004-12-24 23:34:30.000000000 +0200
++++ linux-2.6.10-4/net/ipv4/netfilter/ipt_ULOG.c 2005-02-11 00:00:17.745968685 +0200
+@@ -164,7 +164,7 @@
+ return skb;
+ }
+
+-static void ipt_ulog_packet(unsigned int hooknum,
++void ipt_ulog_packet(unsigned int hooknum,
+ const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+@@ -415,5 +415,7 @@
+
+ }
+
++EXPORT_SYMBOL(ipt_ulog_packet);
++
+ module_init(init);
+ module_exit(fini);
Added: trunk/patch-o-matic-ng/ULOG/linux.patch
===================================================================
--- trunk/patch-o-matic-ng/ULOG/linux.patch 2005-02-14 23:22:15 UTC (rev 3693)
+++ trunk/patch-o-matic-ng/ULOG/linux.patch 2005-02-14 23:27:50 UTC (rev 3694)
@@ -0,0 +1,19 @@
+--- linux-2.4.28/net/ipv4/netfilter/ipt_ULOG.c 2004-11-28 09:57:58.000000000 +0200
++++ linux-2.4.28-pom/net/ipv4/netfilter/ipt_ULOG.c 2005-02-11 00:45:53.901594621 +0200
+@@ -155,7 +155,7 @@
+ return skb;
+ }
+
+-static unsigned int ipt_ulog_target(struct sk_buff **pskb,
++unsigned int ipt_ulog_target(struct sk_buff **pskb,
+ unsigned int hooknum,
+ const struct net_device *in,
+ const struct net_device *out,
+@@ -367,5 +367,7 @@
+
+ }
+
++EXPORT_SYMBOL(ipt_ulog_target);
++
+ module_init(init);
+ module_exit(fini);
More information about the netfilter-cvslog
mailing list