From: Pierre Chifflier <chifflier@edenwall.com>
To: netfilter-devel@vger.kernel.org
Cc: eleblond@edenwall.com
Subject: [ULOGD2] UNIXSOCK plugin (v5)
Date: Fri, 26 Feb 2010 21:54:38 +0100 [thread overview]
Message-ID: <1267217680-22677-1-git-send-email-chifflier@edenwall.com> (raw)
Hi,
Here is an updated version of the UNIXSOCK plugin.
Changes for v5:
- align all structures on 64 bits instead of 32
This has been tested on a sparc64 (thanks to Jan)
- update pcap2ulog to handle different pcap formats
Changes for v4:
- use structures instead of reading integers directly
- all structures and fields are now aligned (4 bytes)
- update pcap2ulog script to use aligned data as well
Changes for v3:
- if the bufsize value (from conf) is 0, try to guess the buffer size
using getsockopt(SOL_SOCKET, SO_RCVBUF ..)
- set default path to /var/run/ulogd/ulogd2.sock with mode 0600
- add new configuration options perms, owner and group to be able
to set these parameters on the created socket
- change the input algorithm to make it more robust against junk data (which
can happen if the client is desynchronized)
- fixed a few bugs
Description:
[1] add new input plugin UNISOCK, using a unix socket. This allows userspace
applications to send packets to ulogd, for example to send packets offline.
It uses a key-length-value protocol to handle optional fields or extensions.
[2] is a Perl script to load a PCAP file and send it to ulogd using the
UNIXSOCK plugin.
Pierre
next reply other threads:[~2010-02-26 20:54 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-26 20:54 Pierre Chifflier [this message]
2010-02-26 20:54 ` [PATCH 1/2] Add new input plugin UNIXSOCK Pierre Chifflier
2010-02-27 13:55 ` Pablo Neira Ayuso
2010-02-28 14:06 ` Pierre Chifflier
2010-02-28 16:28 ` Pablo Neira Ayuso
2010-02-28 17:29 ` Jan Engelhardt
2010-02-28 18:05 ` Pierre Chifflier
2010-03-01 19:33 ` Pablo Neira Ayuso
2010-03-01 22:16 ` [ULOGD2] UNIXSOCK plugin (v6) Pierre Chifflier
2010-03-01 22:16 ` [PATCH 1/2] Add new input plugin UNIXSOCK Pierre Chifflier
2010-03-01 22:16 ` [PATCH 2/2] Add helper script pcap2ulog Pierre Chifflier
2010-03-03 17:42 ` [PATCH 1/2] Add new input plugin UNIXSOCK Jan Engelhardt
2010-03-03 18:14 ` Jan Engelhardt
2010-03-05 10:25 ` libnetfilter_conntrack alignment issue [was Re: [PATCH 1/2] Add new input plugin UNIXSOCK] Pablo Neira Ayuso
2010-03-07 19:30 ` Jan Engelhardt
2010-03-05 11:15 ` [PATCH 1/2] Add new input plugin UNIXSOCK Patrick McHardy
2010-03-05 17:10 ` Pablo Neira Ayuso
2010-03-08 11:13 ` Patrick McHardy
2010-02-26 20:54 ` [PATCH 2/2] Add helper script pcap2ulog Pierre Chifflier
2010-02-27 10:46 ` [ULOGD2] UNIXSOCK plugin (v5) Eric Leblond
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1267217680-22677-1-git-send-email-chifflier@edenwall.com \
--to=chifflier@edenwall.com \
--cc=eleblond@edenwall.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).