[git.ipfire.org] IPFire 3.x development tree branch, master, updated. e0b49310826c9e99042b0316b6bc9b17186e5e74

[git@ipfire.org]

[-- Attachment #1: Type: text/plain, Size: 12487 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 3.x development tree".

The branch, master has been updated
       via  e0b49310826c9e99042b0316b6bc9b17186e5e74 (commit)
       via  ce284ff341d25a4b280023101d324be4e5294bfb (commit)
      from  3712f5e1e69264bc6b5327625781888f3f8c6e80 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e0b49310826c9e99042b0316b6bc9b17186e5e74
Merge: ce284ff 3712f5e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Mon Jun 8 19:42:38 2015 +0000

    Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-3.x

commit ce284ff341d25a4b280023101d324be4e5294bfb
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Mon Jun 8 13:12:24 2015 +0000

    ulogd2: Update to version 2.0.5
    
    This package adds logging of the flows and packets to an sqlite
    database that can be used to get statistical output.
    
    Logging to syslog as known from IPFire 2 has been added as well
    but is only temporary until there is a way to view the logged
    packets on the console.
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 .../ulogd2-2.0.5-better-sqlite-debugging.patch     |  26 ++++
 ulogd2/sqlite3.table                               | 145 ++++++++++++++++++---
 ulogd2/ulogd.conf                                  |  51 +++-----
 ulogd2/ulogd.logrotate                             |   7 -
 ulogd2/ulogd2.nm                                   |  18 ++-
 5 files changed, 180 insertions(+), 67 deletions(-)
 create mode 100644 ulogd2/patches/ulogd2-2.0.5-better-sqlite-debugging.patch
 delete mode 100644 ulogd2/ulogd.logrotate

Difference in files:
diff --git a/ulogd2/patches/ulogd2-2.0.5-better-sqlite-debugging.patch b/ulogd2/patches/ulogd2-2.0.5-better-sqlite-debugging.patch
new file mode 100644
index 0000000..f9c5f7d
--- /dev/null
+++ b/ulogd2/patches/ulogd2-2.0.5-better-sqlite-debugging.patch
@@ -0,0 +1,26 @@
+diff --git a/output/sqlite3/ulogd_output_SQLITE3.c b/output/sqlite3/ulogd_output_SQLITE3.c
+index 5c49055..e3eff6f 100644
+--- a/output/sqlite3/ulogd_output_SQLITE3.c
++++ b/output/sqlite3/ulogd_output_SQLITE3.c
+@@ -212,7 +212,8 @@ sqlite3_interp(struct ulogd_pluginstance *pi)
+ 	return ULOGD_IRET_OK;
+ 
+  err_bind:
+-	ulogd_log(ULOGD_ERROR, "SQLITE: bind: %s\n", sqlite3_errmsg(priv->dbh));
++	ulogd_log(ULOGD_ERROR, "SQLITE: bind: %s (field: %s)\n", sqlite3_errmsg(priv->dbh),
++		f->key->name);
+ 	
+ 	return ULOGD_IRET_ERR;
+ }
+@@ -353,8 +354,10 @@ sqlite3_init_db(struct ulogd_pluginstance *pi)
+ 		}
+ 		strncpy(f->name, buf, ULOGD_MAX_KEYLEN);
+ 
+-		if ((f->key = ulogd_find_key(pi, buf)) == NULL)
++		if ((f->key = ulogd_find_key(pi, buf)) == NULL) {
++			ulogd_log(ULOGD_ERROR, "SQLITE3: Could not find field %s\n", buf);
+ 			return -1;
++		}
+ 
+ 		TAILQ_INSERT_TAIL(&priv->fields, f, link);
+ 	}
diff --git a/ulogd2/sqlite3.table b/ulogd2/sqlite3.table
index 200a4c4..c38474d 100644
--- a/ulogd2/sqlite3.table
+++ b/ulogd2/sqlite3.table
@@ -1,21 +1,126 @@
-CREATE TABLE ulog (
-			raw_mac		VARCHAR(80),
-			oob_time_sec	INT UNSIGNED,
-			oob_time_usec	INT UNSIGNED,
-			ip_saddr	INT UNSIGNED,
-			ip_daddr	INT UNSIGNED,
-			ip_protocol	TINYINT UNSIGNED,
-			ip_totlen       SMALLINT UNSIGNED,
-			tcp_sport	SMALLINT UNSIGNED,
-			tcp_dport	SMALLINT UNSIGNED,
-			udp_sport	SMALLINT UNSIGNED,
-			udp_dport	SMALLINT UNSIGNED,
-			udp_len		SMALLINT UNSIGNED,
-			icmp_type	TINYINT UNSIGNED,
-			icmp_code	TINYINT UNSIGNED,
-			icmp_echoid	SMALLINT UNSIGNED,
-			icmp_echoseq	SMALLINT UNSIGNED,
-			icmp_gateway	INT UNSIGNED,
-			icmp_fragmtu	SMALLINT UNSIGNED
-		);
+CREATE TABLE hits (
+	oob_time_sec		INTEGER NOT NULL,
+	oob_time_usec		INTEGER NOT NULL,
+	oob_hook		INTEGER,
+	oob_prefix		TEXT,
+	mac_saddr_str		TEXT,
+	mac_daddr_str		TEXT,
+	oob_in			TEXT,
+	oob_out			TEXT,
+	oob_family		INTEGER,
+	oob_protocol		INTEGER,
+	oob_uid			INTEGER,
+	oob_gid			INTEGER,
+	oob_mark		INTEGER,
+	ip_saddr		BLOB,
+	ip_saddr_str		TEXT,
+	ip_daddr		BLOB,
+	ip_daddr_str		TEXT,
+	ip_protocol		INTEGER,
+	ip_tos			INTEGER,
+	ip_ttl			INTEGER,
+	ip_totlen		INTEGER,
+	ip_id			INTEGER,
+	ip_fragoff		INTEGER,
+	ip6_payloadlen		INTEGER,
+	ip6_priority		INTEGER,
+	ip6_hoplimit		INTEGER,
+	ip6_flowlabel		INTEGER,
+	ip6_nexthdr		INTEGER,
+	ip6_fragoff		INTEGER,
+	ip6_fragid		INTEGER,
+	tcp_sport		INTEGER,
+	tcp_dport		INTEGER,
+	tcp_seq			INTEGER,
+	tcp_ackseq		INTEGER,
+	tcp_window		INTEGER,
+	tcp_syn			INTEGER,
+	tcp_ack			INTEGER,
+	tcp_rst			INTEGER,
+	tcp_fin			INTEGER,
+	tcp_urg			INTEGER,
+	tcp_urgp		INTEGER,
+	udp_sport		INTEGER,
+	udp_dport		INTEGER,
+	udp_len			INTEGER,
+	icmp_type		INTEGER,
+	icmp_code		INTEGER,
+	icmp_echoid		INTEGER,
+	icmp_echoseq		INTEGER,
+	icmp_gateway		INTEGER,
+	icmp_fragmtu		INTEGER,
+	icmpv6_type		INTEGER,
+	icmpv6_code		INTEGER,
+	icmpv6_echoid		INTEGER,
+	icmpv6_echoseq		INTEGER,
+	icmpv6_csum		INTEGER,
+	ahesp_spi		INTEGER,
+	arp_hwtype		INTEGER,
+	arp_protocoltype	INTEGER,
+	arp_operation		INTEGER,
+	arp_shwaddr		BLOB,
+	arp_saddr_str		TEXT,
+	arp_dhwaddr		BLOB,
+	arp_daddr_str		TEXT,
+	sctp_sport		INTEGER,
+	sctp_dport		INTEGER,
+	sctp_csum		INTEGER
+);
 
+CREATE INDEX hits_time ON hits(oob_time_sec);
+CREATE INDEX hits_prefix ON hits(oob_prefix);
+CREATE INDEX hits_oob_family ON hits(oob_family);
+
+/* Layer 2 - MAC addresses */
+CREATE INDEX hits_mac_saddr ON hits(mac_saddr_str);
+CREATE INDEX hits_mac_daddr ON hits(mac_daddr_str);
+
+/* Layer 3 - IP */
+CREATE INDEX hits_ip_saddr ON hits(ip_saddr);
+CREATE INDEX hits_ip_daddr ON hits(ip_daddr);
+CREATE INDEX hits_ip_protocol ON hits(ip_protocol);
+
+/* Layer 4 protocols */
+CREATE INDEX hits_tcp_sport ON hits(tcp_sport);
+CREATE INDEX hits_tcp_dport ON hits(tcp_dport);
+CREATE INDEX hits_udp_sport ON hits(udp_sport);
+CREATE INDEX hits_udp_dport ON hits(udp_dport);
+CREATE INDEX hits_sctp_sport ON hits(sctp_sport);
+CREATE INDEX hits_sctp_dport ON hits(sctp_dport);
+
+CREATE INDEX hits_icmpv6_type ON hits(icmpv6_type);
+CREATE INDEX hits_icmp_type ON hits(icmp_type);
+
+CREATE TABLE flows (
+	flow_start_sec		INTEGER,
+	flow_start_usec		INTEGER,
+	flow_end_sec		INTEGER,
+	flow_end_usec		INTEGER,
+	orig_ip_saddr		BLOB NOT NULL,
+	orig_ip_saddr_str	TEXT NOT NULL,
+	orig_ip_daddr		BLOB NOT NULL,
+	orig_ip_daddr_str	TEXT NOT NULL,
+	orig_ip_protocol	INTEGER NOT NULL,
+	orig_l4_sport		INTEGER,
+	orig_l4_dport		INTEGER,
+	orig_raw_pktcount	INTEGER NOT NULL,
+	orig_raw_pktlen		INTEGER NOT NULL,
+	reply_ip_saddr		BLOB NOT NULL,
+	reply_ip_saddr_str	BLOB NOT NULL,
+	reply_ip_daddr		BLOB NOT NULL,
+	reply_ip_daddr_str	BLOB NOT NULL,
+	reply_ip_protocol	INTEGER NOT NULL,
+	reply_l4_sport		INTEGER,
+	reply_l4_dport		INTEGER,
+	reply_raw_pktcount	INTEGER NOT NULL,
+	reply_raw_pktlen	INTEGER NOT NULL,
+	icmp_code		INTEGER,
+	icmp_type		INTEGER,
+	ct_id			INTEGER NOT NULL,
+	ct_event		INTEGER NOT NULL,
+	ct_mark			INTEGER
+);
+
+CREATE INDEX flows_ip_saddr ON flows(orig_ip_saddr);
+CREATE INDEX flows_ip_daddr ON flows(orig_ip_daddr);
+CREATE INDEX flows_ip_protocol ON flows(orig_ip_protocol);
diff --git a/ulogd2/ulogd.conf b/ulogd2/ulogd.conf
index c2b8e6d..565579f 100644
--- a/ulogd2/ulogd.conf
+++ b/ulogd2/ulogd.conf
@@ -5,9 +5,6 @@
 # GLOBAL OPTIONS
 ######################################################################
 
-# logfile for status messages
-logfile="/var/log/ulogd/ulogd.log"
-
 # loglevel: debug(1), info(3), notice(5), error(7) or fatal(8)
 loglevel=7
 
@@ -22,7 +19,7 @@ loglevel=7
 # 2. options for each plugin in seperate section below
 
 plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
-plugin="/usr/lib/ulogd/ulogd_inppkt_ULOG.so"
+#plugin="/usr/lib/ulogd/ulogd_inppkt_ULOG.so"
 plugin="/usr/lib/ulogd/ulogd_inpflow_NFCT.so"
 plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"
 plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
@@ -31,7 +28,7 @@ plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
 plugin="/usr/lib/ulogd/ulogd_filter_HWHDR.so"
 plugin="/usr/lib/ulogd/ulogd_filter_PRINTFLOW.so"
 #plugin="/usr/lib/ulogd/ulogd_filter_MARK.so"
-plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
+#plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
 plugin="/usr/lib/ulogd/ulogd_output_SYSLOG.so"
 #plugin="/usr/lib/ulogd/ulogd_output_OPRINT.so"
 #plugin="/usr/lib/ulogd/ulogd_output_NACCT.so"
@@ -42,38 +39,26 @@ plugin="/usr/lib/ulogd/ulogd_output_SYSLOG.so"
 plugin="/usr/lib/ulogd/ulogd_output_SQLITE3.so"
 plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"
 
-# this is a stack for logging packet send by system via LOGEMU
-stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
-
-# this is a stack for NFLOG packet-based logging to PCAP
-#stack=log1:NFLOG,base1:BASE,pcap1:PCAP
-
-# this is a stack for logging packet to sqlite
-#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,sqlite1:SQLITE3
+# Log packets
+stack=src-pkt:NFLOG,base:BASE,ifindex:IFINDEX,ip2str:IP2STR,hw:HWHDR,db-packets:SQLITE3
+stack=src-pkt:NFLOG,base:BASE,ifindex:IFINDEX,ip2str:IP2STR,print:PRINTPKT,syslog:SYSLOG
 
-# this is a stack for logging packets to syslog after a collect via NFLOG
-#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
+# Log connection tracking events
+stack=src-ct:NFCT,ip2bin:IP2BIN,ip2str:IP2STR,print-flow:PRINTFLOW,db-flows:SQLITE3
 
-# Logging of system packet through NFLOG
-[log1]
-# netlink multicast group (the same as the iptables --nflog-group param)
-# Group O is used by the kernel to log connection tracking invalid message
+[src-pkt]
 group=0
-#netlink_socket_buffer_size=217088
-#netlink_socket_buffer_maxsize=1085440
-# set number of packet to queue inside kernel
-#netlink_qthreshold=1
-# set the delay before flushing packet in the queue inside kernel (in ms)
-#netlink_qtimeout=1000
 bind=1
 
-[emu1]
-file="/var/log/ulogd/syslogemu.log"
-sync=1
+[src-ct]
+# Only receive DESTROY events
+event_mask=0x00000004
+hash_enable=1
 
-[pcap1]
-sync=1
+[db-packets]
+db=/var/lib/ulogd/ulogd.db
+table=hits
 
-[sqlite1]
-db=/var/log/ulogd/ulogd.db
-table=ulog
+[db-flows]
+db=/var/lib/ulogd/ulogd.db
+table=flows
diff --git a/ulogd2/ulogd.logrotate b/ulogd2/ulogd.logrotate
deleted file mode 100644
index b3fb6d1..0000000
--- a/ulogd2/ulogd.logrotate
+++ /dev/null
@@ -1,7 +0,0 @@
-/var/log/ulogd.log /var/log/ulogd.syslogemu /var/log/ulogd.pktlog /var/log/ulogd.pcap {
-    missingok
-    sharedscripts
-    postrotate
-	/bin/killall -HUP ulogd 2> /dev/null || true
-    endscript
-}
diff --git a/ulogd2/ulogd2.nm b/ulogd2/ulogd2.nm
index 5a153a2..4d639a8 100644
--- a/ulogd2/ulogd2.nm
+++ b/ulogd2/ulogd2.nm
@@ -4,7 +4,7 @@
 ###############################################################################
 
 name       = ulogd2
-version    = 2.0.4
+version    = 2.0.5
 release    = 1
 epoch      = 1
 
@@ -40,15 +40,15 @@ build
 	# Set libdir to "/usr/lib" for every architecture to install the ulogd2 plugins
 	# to this folder.
 	configure_options+= \
-		--sysconfdir=/etc \
 		--libdir=%{prefix}/lib
 
 	install_cmds
-		mkdir -pv %{BUILDROOT}/etc
-		cp -vf %{DIR_SOURCE}/ulogd.conf %{BUILDROOT}/etc/ulogd.conf
+		mkdir -pv %{BUILDROOT}%{sysconfdir}
+		cp -vf %{DIR_SOURCE}/ulogd.conf %{BUILDROOT}%{sysconfdir}/ulogd.conf
 
-		mkdir -pv %{BUILDROOT}/var/log/ulogd
-		sqlite3 -echo %{BUILDROOT}/var/log/ulogd/ulogd.db < %{DIR_SOURCE}/sqlite3.table
+		mkdir -pv %{BUILDROOT}%{sharedstatedir}/ulogd
+		sqlite3 -echo %{BUILDROOT}%{sharedstatedir}/ulogd/ulogd.db \
+			< %{DIR_SOURCE}/sqlite3.table
 	end
 end
 
@@ -61,7 +61,11 @@ packages
 		end
 
 		configfiles
-			/etc/ulogd.conf
+			%{sysconfdir}/ulogd.conf
+		end
+
+		datafiles
+			%{sharedstatedir}/ulogd/ulogd.db
 		end
 
 		script postin


hooks/post-receive
--
IPFire 3.x development tree