[ulogd2] Add variable to force binding of nfnetlink_log.
Eric Leblond
netfilter-cvslog-bounces at lists.netfilter.org
Tue Jan 6 15:18:05 CET 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=ulogd2.git;a=commit;h=6bcbe0e967b1339c308d4e14d027b562ff179f7d
commit 6bcbe0e967b1339c308d4e14d027b562ff179f7d
Author: Eric Leblond <eric at inl.fr>
AuthorDate: Sun Jan 4 23:29:50 2009 +0100
Commit: Eric Leblond <eric at inl.fr>
CommitDate: Mon Jan 5 00:17:47 2009 +0100
Add variable to force binding of nfnetlink_log.
This patch updates the behaviour of the NFLOG input plugin to fix an
issue related to kernel older than 2.6.29. The call to nflog_bind_pf()
that can be necessary to receive packet from the nfnetlink_log was only
done if the used group was 0 (system logging). This is logic for the
newest kernel (NFLOG really sends message to nfnetlink_log and not to
the nf_log logger). But this is unsufficient for older one. By forcing
the binding with the new configuration variable bind, it is now possible
to trigger the binding from the ulogd2 configuration file. This gives
users a way to be sure that ulogd will receive packets if the NFLOG
input plugin is used.
via 6bcbe0e967b1339c308d4e14d027b562ff179f7d (commit)
from 52dea8af4763e3e0a5a32476d25e7130885ddf49 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6bcbe0e967b1339c308d4e14d027b562ff179f7d
Author: Eric Leblond <eric at inl.fr>
Date: Sun Jan 4 23:29:50 2009 +0100
Add variable to force binding of nfnetlink_log.
This patch updates the behaviour of the NFLOG input plugin to fix an
issue related to kernel older than 2.6.29. The call to nflog_bind_pf()
that can be necessary to receive packet from the nfnetlink_log was only
done if the used group was 0 (system logging). This is logic for the
newest kernel (NFLOG really sends message to nfnetlink_log and not to
the nf_log logger). But this is unsufficient for older one. By forcing
the binding with the new configuration variable bind, it is now possible
to trigger the binding from the ulogd2 configuration file. This gives
users a way to be sure that ulogd will receive packets if the NFLOG
input plugin is used.
-----------------------------------------------------------------------
input/packet/ulogd_inppkt_NFLOG.c | 23 ++++++++++++++++-------
ulogd.conf.in | 6 ++++++
2 files changed, 22 insertions(+), 7 deletions(-)
This patch updates the behaviour of the NFLOG input plugin to fix an
issue related to kernel older than 2.6.29. The call to nflog_bind_pf()
that can be necessary to receive packet from the nfnetlink_log was only
done if the used group was 0 (system logging). This is logic for the
newest kernel (NFLOG really sends message to nfnetlink_log and not to
the nf_log logger). But this is unsufficient for older one. By forcing
the binding with the new configuration variable bind, it is now possible
to trigger the binding from the ulogd2 configuration file. This gives
users a way to be sure that ulogd will receive packets if the NFLOG
input plugin is used.
diff --git a/input/packet/ulogd_inppkt_NFLOG.c b/input/packet/ulogd_inppkt_NFLOG.c
index 70e9f77..36f11d7 100644
--- a/input/packet/ulogd_inppkt_NFLOG.c
+++ b/input/packet/ulogd_inppkt_NFLOG.c
@@ -31,7 +31,7 @@ struct nflog_input {
/* configuration entries */
static struct config_keyset libulog_kset = {
- .num_ces = 10,
+ .num_ces = 9,
.ces = {
{
.key = "bufsize",
@@ -52,6 +52,13 @@ static struct config_keyset libulog_kset = {
.u.value = 1,
},
{
+ .key = "bind",
+ .type = CONFIG_TYPE_INT,
+ .options = CONFIG_OPT_NONE,
+ .u.value = 0,
+ },
+
+ {
.key = "seq_local",
.type = CONFIG_TYPE_INT,
.options = CONFIG_OPT_NONE,
@@ -87,11 +94,12 @@ static struct config_keyset libulog_kset = {
#define bufsiz_ce(x) (x->ces[0])
#define group_ce(x) (x->ces[1])
#define unbind_ce(x) (x->ces[2])
-#define seq_ce(x) (x->ces[3])
-#define seq_global_ce(x) (x->ces[4])
-#define label_ce(x) (x->ces[5])
-#define nlsockbufsize_ce(x) (x->ces[6])
-#define nlsockbufmaxsize_ce(x) (x->ces[7])
+#define bind_ce(x) (x->ces[3])
+#define seq_ce(x) (x->ces[4])
+#define seq_global_ce(x) (x->ces[5])
+#define label_ce(x) (x->ces[6])
+#define nlsockbufsize_ce(x) (x->ces[7])
+#define nlsockbufmaxsize_ce(x) (x->ces[8])
enum nflog_keys {
NFLOG_KEY_RAW_MAC = 0,
@@ -497,7 +505,8 @@ static int start(struct ulogd_pluginstance *upi)
goto out_handle;
/* This is the system logging (conntrack, ...) facility */
- if (group_ce(upi->config_kset).u.value == 0) {
+ if ((group_ce(upi->config_kset).u.value == 0) ||
+ (bind_ce(upi->config_kset).u.value > 0)) {
if (become_system_logging(upi, AF_INET) == -1)
goto out_handle;
if (become_system_logging(upi, AF_INET6) == -1)
diff --git a/ulogd.conf.in b/ulogd.conf.in
index a48af3f..7022bf6 100644
--- a/ulogd.conf.in
+++ b/ulogd.conf.in
@@ -111,6 +111,11 @@ group=0
group=1 # Group has to be different from the one use in log1
#netlink_socket_buffer_size=217088
#netlink_socket_buffer_maxsize=1085440
+# If your kernel is older than 2.6.29 and if a NFLOG input plugin with
+# group 0 is not used by any stack, you need to have at least one NFLOG
+# input plugin with bind set to 1. If you don't do that you may not
+# receive any message from the kernel.
+#bind=1
# packet logging through NFLOG for group 2, numeric_label is
# set to 1
@@ -120,6 +125,7 @@ group=2 # Group has to be different from the one use in log1/log2
numeric_label=1 # you can label the log info based on the packet verdict
#netlink_socket_buffer_size=217088
#netlink_socket_buffer_maxsize=1085440
+#bind=1
[ulog1]
# netlink multicast group (the same as the iptables --ulog-nlgroup param)
More information about the netfilter-cvslog
mailing list