[Ulogd2 PATCH 0/4] preparing 2.0.2 release

[Ulogd2 PATCH 0/4] preparing 2.0.2 release

[Eric Leblond]

Hello,

Here's a small patchset updating documentation and "administrative"
files of ulogd.

BR,
--
Eric Leblond <eric@regit.org>

[Ulogd2 PATCH 1/4] Add Changes to extra dist.

[Eric Leblond]

Signed-off-by: Eric Leblond <eric@regit.org>
---
 Makefile.am |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile.am b/Makefile.am
index bac839a..57f74db 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -3,7 +3,7 @@ ACLOCAL_AMFLAGS  = -I m4
 
 man_MANS = ulogd.8
 
-EXTRA_DIST = $(man_MANS) ulogd.logrotate ulogd.spec ulogd.conf.in doc
+EXTRA_DIST = $(man_MANS) ulogd.logrotate ulogd.spec ulogd.conf.in doc Changes
 
 AM_CPPFLAGS = -I$(top_srcdir)/include
 SUBDIRS = include libipulog src input filter output
-- 
1.7.10.4

[Ulogd2 PATCH 2/4] Update man page.

[Eric Leblond]

Signed-off-by: Eric Leblond <eric@regit.org>
---
 ulogd.8 |   21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/ulogd.8 b/ulogd.8
index fc8db15..ad82290 100644
--- a/ulogd.8
+++ b/ulogd.8
@@ -2,7 +2,7 @@
 .\" First parameter, NAME, should be all caps
 .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
 .\" other parameters are allowed: see man(7), man(1)
-.TH ULOGD 8 "September 11, 2008" "Linux Netfilter"
+.TH ULOGD 8 "February 20, 2013" "Linux Netfilter"
 .\" Please adjust this date whenever revising the manpage.
 .\"
 .\" Some roff macros, for reference:
@@ -22,14 +22,15 @@ ulogd \- netfilter/iptables logging daemon
 .SH DESCRIPTION
 .B ulogd
 is a logging daemon that reads event messages coming from the Netfilter 
-connection tracking and the Netfilter packet logging subsystem. You have
-to enable support for connection tracking event delivery; ctnetlink and
-the NFLOG target in your Linux kernel 2.6.x or load their respective modules.
-The deprecated ULOG target (which has been superseded by NFLOG) is also
+connection tracking, the Netfilter packet logging subsystem and from
+the Netfilter accounting subsystem. You have to enable support for
+connection tracking event delivery; ctnetlink and the NFLOG target in
+your Linux kernel 2.6.x or load their respective modules. The deprecated
+ULOG target (which has been superseded by NFLOG) is also
 supported.
 .PP
-The received messages can be logged into files or into a mySQL or
-PostgreSQL database.
+The received messages can be logged into files or into a mySQL, sqlite3 
+or PostgreSQL database. IPFIX and Graphite output are also supported.
 .SH OPTIONS
 .TP
 .B -d, --daemon
@@ -45,6 +46,12 @@ show usage information
 .B -V, --version
 show version information and copyright
 .TP
+.B -v, --verbose
+verbose output on stdout when not running as daemon
+.TP
+.B -l, --loglevel <level>
+set log level to <level>: debug(1), info(3), notice(5), error(7) or fatal(8) (default 5)
+.TP
 .B -u <UID>, --uid <UID>
 change UID/GID
 .TP
-- 
1.7.10.4

[Ulogd2 PATCH 3/4] Update README

[Eric Leblond]

Get rid of ULOG only documentation and adds some new stuffs.

Signed-off-by: Eric Leblond <eric@regit.org>
---
 README |  113 ++++++++++++++++++++++++++++++++++------------------------------
 1 file changed, 60 insertions(+), 53 deletions(-)

diff --git a/README b/README
index 369c264..1acc200 100644
--- a/README
+++ b/README
@@ -15,29 +15,8 @@ userspace process.  This includes
 	- logging of connection startup/teardown (kernel 2.6.14+)
 	- connection-based accounting  (kernel 2.6.14+)
 
-The to-be-logged information
-
-from passing packets from the kernel to userspace 
-to do some logging there. It should work like that:
-
-- Register a target called ULOG with iptables
-- if the target is hit: 
-	- send the packet out using netlink multicast facility
-	- return NF_CONTINUE immediately
-
-New with ipt_ULOG 0.8 we can accumulate packets in userspace and send
-them in small batches (1-50) to userspace. This reduces the amount of
-expensive context switches.
-
-More than one logging daemon may listen to the netlink multicast address.
-
 ===> CONTENTS
 
-= Ulog library (libipulog.a)
-Just a little library like libipq.a which provides a convenient way to 
-write userspace logging daemons. The functions provided are described 
-in the source code, a small demo program (ulog_test) is also included.
-
 = ulogd daemon (ulogd) 
 A sophisticated logging daemon core which uses a plugin for about anything. The
 daemon provides a plugin API for
@@ -51,53 +30,81 @@ please actually make use of it and read it :)
 
 ===> USAGE
 
-The kernel part of the userspace logging facility (ipt_ULOG.o) is included
-in kernels >= 2.4.18-pre8.  If you are running older kernel versions, you MUST
-install the ulog-patch from netfilter patch-o-matic FIRST !!
+To be able to build ulogd, you need to have working developement files and
+and libraries for:
+ - libnfnetlink
+ - libmnl
+ - libnetfilter_log 		[optional]
+ - libnetfilter_conntrack	[optional]
+ - libnetfilter_acct		[optional]
+
+Output plugins are build if the needed library and headers are found. This
+includes:
+ - PCAP: libpcap
+ - PGSQL: libpq
+ - MySQL: libmysqlclient
+ - SQLITE3: libsqlite3
+ - DBI: libdbi
+
+The build procedure is standard:
+ $ ./configure
+ $ make
+ $ sudo make install
+
+After build, you need to edit the ulogd.conf file to define a stack or more
+to use.
 
-Please go to the netfilter homepage (http://www.netfilter.org/)
-and download the latest iptables package.  There is a system called
-patch-o-matic, which manages recent netfilter development, which has
-not been included in the stock kernel yet.
+===> EXAMPLES
 
-Just apply the ulog-patch from patch-o-matic (there is some documentation
-included in the iptables package how to use patch-o-matic).
+= NFLOG usage
 
-Next you have to enable the kernel config option CONFIG_IP_NF_TARGET_ULOG in
-the netfilter subsection of the network options. 
+At first a simple example, which passes every outgoing packet to the 
+userspace logging, using nfnetlink group 3.
 
-Then recompile the kernel or just recompile the netfilter modules using 'make
-modules SUBDIRS=net/ipv4/netfilter'.  Next step is installing the module using
-'make modules_install'
+iptables -A OUTPUT -j NFLOG --nflog-group 3
 
-It is also a good idea to recompile and re-install the iptables package,
-if you don't already have libipt_ULOG.so in /usr/local/lib/iptables or
-/usr/lib/iptables
+A more advanced one, passing all incoming tcp packets with destination 
+port 80 to the userspace logging daemon listening on netlink multicast 
+group 32. All packets get tagged with the ulog prefix "inp"
 
-Now You are ready to go. You may now insert logging rules to every chain.
-To see the full syntax, type 'iptables -j ULOG -h'
+iptables -A INPUT -j NFLOG -p tcp --dport 80 --nflog-group 32 --nflog-prefix inp
 
-===> EXAMPLES
+See iptables -j NFLOG -h for complete information about NFLOG.
 
-At first a simple example, which passes every outgoing packet to the 
-userspace logging, using netlink multicast group 3.
+= NFCT usage
 
-iptables -A OUTPUT -j ULOG --ulog-nlgroup 3
+To use connection logging, simply activate in ulogd.conf one stack using
+the NFCT plugin.
 
-A more advanced one, passing all incoming tcp packets with destination 
-port 80 to the userspace logging daemon listening on netlink multicast 
-group 32. All packets get tagged with the ulog prefix "inp"
+For example, the following stack will do flow-based logging via
+LOGEMU:
+
+ stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU
+
+= NFACCT usage
+
+On ulogd side, activate a stack using the NFACCT module.
+
+You then need to create counters:
+ # nfacct add ipv4.tcp
+ # nfacct add ipv6.tcp.443
+
+Once this is done, you can then create iptables matching rule that will increment
+each time a packet hit them:
 
-iptables -A INPUT -j ULOG -p tcp --dport 80 --ulog-nlgroup 32 --ulog-prefix inp
+ # iptables -A FORWARD -p tcp -m nfacct --nfacct-name ipv4.tcp
+ # ip6tables -A FORWARD -p tcp  --dport 443 -m nfacct --nfacct-name ipv6.tcp.443
+ # ip6tables -A FORWARD -p tcp  --sport 443 -m nfacct --nfacct-name ipv6.tcp.443
 
-Since version 0.2,  I added another parameter (--ulog-cprange). 
-Using this parameter You are able to specify how much octets of the 
-packet should be copied from the kernel to userspace. 
-Setting --ulog-cprange to 0 does always copy the whole packet. Default is 0
+NFACCT plugin will then dump periodically the counters and trigger an update of the
+output corresponding to the active stacks.
 
 ===> COPYRIGHT + CREDITS
 
-The code and documentation is (C) 2000-2005 by Harald Welte <laforge@gnumonks.org>
+The code and documentation is
+	(C) 2000-2006 by Harald Welte <laforge@gnumonks.org>
+	(C) 2008-2012 Pablo Neira Ayuso <pablo@netfilter.org>
+	(C) 2008-2013 Eric Leblond <eric@regit.org>
 
 Thanks also to the valuable contributions of Daniel Stone, Alexander Janssen,
 Michael Stolovitzsky and Jozsef Kadlecsik.
-- 
1.7.10.4

[Ulogd2 PATCH 4/4] Prepare release number to 2.0.2

[Eric Leblond]

Update release number and fill Changes file.

Signed-off-by: Eric Leblond <eric@regit.org>
---
 Changes      |    9 +++++++++
 configure.ac |    2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/Changes b/Changes
index e59322c..3552b11 100644
--- a/Changes
+++ b/Changes
@@ -1,3 +1,12 @@
+Version 2.0.2 (2013-02-21)
+ - Add Graphite output module
+ - Update postgresql schema
+ - Add nfct filtering capabilities
+ - Add -v option to display message on sdtout
+ - Add -l option to specify verbosity on command line
+ - Build system improvements
+ - Fix parsing of ipv6 flowlabel and tc fields
+
 Version 2.00alpha (2004-Oct-03)
 - Total re-work.  ulogd2 is almost unrelated to the ULOG netfilter target.
   Instead, it has become a generic logging framework for anything from
diff --git a/configure.ac b/configure.ac
index df0e9d3..c94704b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 dnl Process this file with autoconf to produce a configure script.
-AC_INIT([ulogd], [2.0.1])
+AC_INIT([ulogd], [2.0.2])
 AC_PREREQ([2.50])
 AC_CONFIG_AUX_DIR([build-aux])
 AM_INIT_AUTOMAKE([-Wall foreign tar-pax no-dist-gzip dist-bzip2 1.10b])
-- 
1.7.10.4

Re: [Ulogd2 PATCH 0/4] preparing 2.0.2 release

[Eric Leblond]

Hi,

On Fri, 2013-02-22 at 11:25 +0100, Eric Leblond wrote:
> Hello,
> 
> Here's a small patchset updating documentation and "administrative"
> files of ulogd.

Pushed to git tree without Changes file update. I've suppressed it as
git log is enough to manage changes.

BR,
-- 
Eric Leblond <eric@regit.org>
Blog: https://home.regit.org/