Author: cieciwa Date: Thu Sep 15 08:42:46 2005 GMT Module: SOURCES Tag: LINUX_2_6 ---- Log message: - [extra] ULOG - kernel and iptables patch.
---- Files affected: SOURCES: linux-2.6-nf-ULOG.patch (NONE -> 1.1.2.1) (NEW), iptables-nf-ULOG.patch (NONE -> 1.1.2.1) (NEW) ---- Diffs: ================================================================ Index: SOURCES/linux-2.6-nf-ULOG.patch diff -u /dev/null SOURCES/linux-2.6-nf-ULOG.patch:1.1.2.1 --- /dev/null Thu Sep 15 10:42:46 2005 +++ SOURCES/linux-2.6-nf-ULOG.patch Thu Sep 15 10:42:41 2005 @@ -0,0 +1,203 @@ + ipv4/netfilter/ipt_ULOG.c | 4 - + ipv6/netfilter/Kconfig | 17 +++++ + ipv6/netfilter/Makefile | 1 + ipv6/netfilter/ip6t_ULOG.c | 142 +++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 163 insertions(+), 1 deletion(-) + +diff -Nur --exclude '*.orig' linux-2.6.13.1.org/net/ipv4/netfilter/ipt_ULOG.c linux-2.6.13.1/net/ipv4/netfilter/ipt_ULOG.c +--- linux-2.6.13.1.org/net/ipv4/netfilter/ipt_ULOG.c 2005-09-10 04:42:58.000000000 +0200 ++++ linux-2.6.13.1/net/ipv4/netfilter/ipt_ULOG.c 2005-09-15 10:33:24.000000000 +0200 +@@ -163,7 +163,7 @@ + return skb; + } + +-static void ipt_ulog_packet(unsigned int hooknum, ++void ipt_ulog_packet(unsigned int hooknum, + const struct sk_buff *skb, + const struct net_device *in, + const struct net_device *out, +@@ -414,5 +414,7 @@ + + } + ++EXPORT_SYMBOL(ipt_ulog_packet); ++ + module_init(init); + module_exit(fini); +diff -Nur --exclude '*.orig' linux-2.6.13.1.org/net/ipv6/netfilter/Kconfig linux-2.6.13.1/net/ipv6/netfilter/Kconfig +--- linux-2.6.13.1.org/net/ipv6/netfilter/Kconfig 2005-09-10 04:42:58.000000000 +0200 ++++ linux-2.6.13.1/net/ipv6/netfilter/Kconfig 2005-09-15 10:33:24.000000000 +0200 +@@ -238,5 +238,22 @@ + If you want to compile it as a module, say M here and read + <file:Documentation/modules.txt>. If unsure, say `N'. + ++config IP6_NF_TARGET_ULOG ++ tristate "ULOG target support" ++ depends on IP6_NF_IPTABLES && IP_NF_TARGET_ULOG ++ ---help--- ++ This option adds a `ULOG' target, which allows you to create rules in ++ any ip6tables table. The packet is passed to a userspace logging ++ daemon using netlink multicast sockets; unlike the LOG target ++ which can only be viewed through syslog. ++ ++ NOTE: This target requires the ipv4 version of ULOG to be compiled as ++ well. ++ ++ The apropriate userspace logging daemon (ulogd) may be obtained from ++ <http://www.gnumonks.org/projects/ulogd/> ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ + endmenu + +diff -Nur --exclude '*.orig' linux-2.6.13.1.org/net/ipv6/netfilter/Makefile linux-2.6.13.1/net/ipv6/netfilter/Makefile +--- linux-2.6.13.1.org/net/ipv6/netfilter/Makefile 2005-09-10 04:42:58.000000000 +0200 ++++ linux-2.6.13.1/net/ipv6/netfilter/Makefile 2005-09-15 10:33:24.000000000 +0200 +@@ -0,0 +0,1 @@ ++obj-$(CONFIG_IP6_NF_TARGET_ULOG) += ip6t_ULOG.o +diff -Nur --exclude '*.orig' linux-2.6.13.1.org/net/ipv6/netfilter/ip6t_ULOG.c linux-2.6.13.1/net/ipv6/netfilter/ip6t_ULOG.c +--- linux-2.6.13.1.org/net/ipv6/netfilter/ip6t_ULOG.c 1970-01-01 01:00:00.000000000 +0100 ++++ linux-2.6.13.1/net/ipv6/netfilter/ip6t_ULOG.c 2005-09-15 10:33:24.000000000 +0200 +@@ -0,0 +1,142 @@ ++/* ++ * netfilter module for userspace packet logging daemons ++ * ++ * (C) 2000-2004 by Harald Welte <[EMAIL PROTECTED]> ++ * ++ * 2000/09/22 ulog-cprange feature added ++ * 2001/01/04 in-kernel queue as proposed by Sebastian Zander ++ * <[EMAIL PROTECTED]> ++ * 2001/01/30 per-rule nlgroup conflicts with global queue. ++ * nlgroup now global (sysctl) ++ * 2001/04/19 ulog-queue reworked, now fixed buffer size specified at ++ * module loadtime -HW ++ * 2002/07/07 remove broken nflog_rcv() function -HW ++ * 2002/08/29 fix shifted/unshifted nlgroup bug -HW ++ * 2002/10/30 fix uninitialized mac_len field - <Anders K. Pedersen> ++ * 2004/10/25 fix erroneous calculation of 'len' parameter to NLMSG_PUT ++ * resulting in bogus 'error during NLMSG_PUT' messages. ++ * 2005/02/10 ported to ipv6 ++ * ++ * (C) 1999-2001 Paul `Rusty' Russell ++ * (C) 2002-2004 Netfilter Core Team <[EMAIL PROTECTED]> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++ ++#include <linux/module.h> ++#include <linux/netfilter_ipv6/ip6_tables.h> ++#include <linux/netfilter_ipv4/ipt_ULOG.h> ++ ++MODULE_LICENSE("GPL"); ++MODULE_AUTHOR("Jonas Berlin <[EMAIL PROTECTED]>"); ++MODULE_DESCRIPTION("ip6tables userspace logging module"); ++ ++#if 0 ++#define DEBUGP(format, args...) printk("%s:%s:" format, \ ++ __FILE__, __FUNCTION__ , ## args) ++#else ++#define DEBUGP(format, args...) ++#endif ++ ++static unsigned int nflog = 1; ++module_param(nflog, int, 0400); ++MODULE_PARM_DESC(nflog, "register as internal netfilter logging module"); ++ ++// from ipt_ULOG.c ++void ipt_ulog_packet(unsigned int hooknum, ++ const struct sk_buff *skb, ++ const struct net_device *in, ++ const struct net_device *out, ++ const struct ipt_ulog_info *loginfo, ++ const char *prefix); ++ ++static unsigned int ip6t_ulog_target(struct sk_buff **pskb, ++ const struct net_device *in, ++ const struct net_device *out, ++ unsigned int hooknum, ++ const void *targinfo, void *userinfo) ++{ ++ const struct ipt_ulog_info *loginfo = (const struct ipt_ulog_info *) targinfo; ++ ++ ipt_ulog_packet(hooknum, *pskb, in, out, loginfo, NULL); ++ ++ return IP6T_CONTINUE; ++} ++ ++static void ip6t_logfn(unsigned int hooknum, ++ const struct sk_buff *skb, ++ const struct net_device *in, ++ const struct net_device *out, ++ const char *prefix) ++{ ++ struct ipt_ulog_info loginfo = { ++ .nl_group = ULOG_DEFAULT_NLGROUP, ++ .copy_range = 0, ++ .qthreshold = ULOG_DEFAULT_QTHRESHOLD, ++ .prefix = "" ++ }; ++ ++ ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix); ++} ++ ++static int ip6t_ulog_checkentry(const char *tablename, ++ const struct ip6t_entry *e, ++ void *targinfo, ++ unsigned int targinfosize, ++ unsigned int hookmask) ++{ ++ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; ++ ++ if (targinfosize != IP6T_ALIGN(sizeof(struct ipt_ulog_info))) { ++ DEBUGP("ip6t_ULOG: targinfosize %u != 0\n", targinfosize); ++ return 0; ++ } ++ ++ if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { ++ DEBUGP("ip6t_ULOG: prefix term %i\n", ++ loginfo->prefix[sizeof(loginfo->prefix) - 1]); ++ return 0; ++ } ++ ++ if (loginfo->qthreshold > ULOG_MAX_QLEN) { ++ DEBUGP("ip6t_ULOG: queue threshold %i > MAX_QLEN\n", ++ loginfo->qthreshold); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static struct ip6t_target ip6t_ulog_reg = { ++ .name = "ULOG", ++ .target = ip6t_ulog_target, ++ .checkentry = ip6t_ulog_checkentry, ++ .me = THIS_MODULE, ++}; ++ ++static int __init init(void) ++{ ++ DEBUGP("ip6t_ULOG: init module\n"); ++ ++ if (ip6t_register_target(&ip6t_ulog_reg) != 0) { ++ return -EINVAL; ++ } ++ if (nflog) ++ nf_log_register(PF_INET6, &ip6t_logfn); ++ ++ return 0; ++} ++ ++static void __exit fini(void) ++{ ++ DEBUGP("ip6t_ULOG: cleanup_module\n"); ++ ++ if (nflog) ++ nf_log_unregister(PF_INET6, &ip6t_logfn); ++ ip6t_unregister_target(&ip6t_ulog_reg); ++} ++ ++module_init(init); ++module_exit(fini); ================================================================ Index: SOURCES/iptables-nf-ULOG.patch diff -u /dev/null SOURCES/iptables-nf-ULOG.patch:1.1.2.1 --- /dev/null Thu Sep 15 10:42:46 2005 +++ SOURCES/iptables-nf-ULOG.patch Thu Sep 15 10:42:41 2005 @@ -0,0 +1,273 @@ + .ULOG-test6 | 2 + libip6t_ULOG.c | 227 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + libip6t_ULOG.man | 27 ++++++ + 3 files changed, 256 insertions(+) + +diff -Nur --exclude '*.orig' iptables.org/extensions/.ULOG-test6 iptables/extensions/.ULOG-test6 +--- iptables.org/extensions/.ULOG-test6 1970-01-01 01:00:00.000000000 +0100 ++++ iptables/extensions/.ULOG-test6 2005-09-15 10:33:24.000000000 +0200 +@@ -0,0 +1,2 @@ ++#!/bin/sh ++[ -f $KERNEL_DIR/net/ipv6/netfilter/ip6t_ULOG.c ] && echo ULOG +diff -Nur --exclude '*.orig' iptables.org/extensions/libip6t_ULOG.c iptables/extensions/libip6t_ULOG.c +--- iptables.org/extensions/libip6t_ULOG.c 1970-01-01 01:00:00.000000000 +0100 ++++ iptables/extensions/libip6t_ULOG.c 2005-09-15 10:33:24.000000000 +0200 +@@ -0,0 +1,227 @@ ++/* Shared library add-on to ip6tables to add ULOG support. ++ * ++ * (C) 2000 by Harald Welte <[EMAIL PROTECTED]> ++ * ++ * multipart netlink support based on ideas by Sebastian Zander ++ * <[EMAIL PROTECTED]> ++ * ++ * This software is released under the terms of GNU GPL ++ */ ++#include <stdio.h> ++#include <netdb.h> ++#include <string.h> ++#include <stdlib.h> ++#include <syslog.h> ++#include <getopt.h> ++#include <ip6tables.h> ++#include <linux/netfilter_ipv6/ip6_tables.h> ++/* For 64bit kernel / 32bit userspace */ ++#include "../include/linux/netfilter_ipv4/ipt_ULOG.h" ++ ++ ++void print_groups(unsigned int gmask) ++{ ++ int b; ++ unsigned int test; ++ ++ for (b = 31; b >= 0; b--) { ++ test = (1 << b); ++ if (gmask & test) ++ printf("%d ", b + 1); ++ } ++} ++ ++/* Function which prints out usage message. */ ++static void help(void) ++{ ++ printf("ULOG v%s options:\n" ++ " --ulog-nlgroup nlgroup NETLINK group used for logging\n" ++ " --ulog-cprange size Bytes of each packet to be passed\n" ++ " --ulog-qthreshold Threshold of in-kernel queue\n" ++ " --ulog-prefix prefix Prefix log messages with this prefix.\n\n", ++ IPTABLES_VERSION); ++} ++ ++static struct option opts[] = { ++ {"ulog-nlgroup", 1, 0, '!'}, ++ {"ulog-prefix", 1, 0, '#'}, ++ {"ulog-cprange", 1, 0, 'A'}, ++ {"ulog-qthreshold", 1, 0, 'B'}, ++ {0} ++}; ++ ++/* Initialize the target. */ ++static void init(struct ip6t_entry_target *t, unsigned int *nfcache) ++{ ++ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) t->data; ++ ++ loginfo->nl_group = ULOG_DEFAULT_NLGROUP; ++ loginfo->qthreshold = ULOG_DEFAULT_QTHRESHOLD; ++ ++ /* Can't cache this */ ++ *nfcache |= NFC_UNKNOWN; ++} ++ ++#define IPT_LOG_OPT_NLGROUP 0x01 ++#define IPT_LOG_OPT_PREFIX 0x02 ++#define IPT_LOG_OPT_CPRANGE 0x04 ++#define IPT_LOG_OPT_QTHRESHOLD 0x08 ++ ++/* Function which parses command options; returns true if it ++ ate an option */ ++static int parse(int c, char **argv, int invert, unsigned int *flags, ++ const struct ip6t_entry *entry, ++ struct ip6t_entry_target **target) ++{ ++ struct ipt_ulog_info *loginfo = ++ (struct ipt_ulog_info *) (*target)->data; ++ int group_d; ++ ++ switch (c) { ++ case '!': ++ if (*flags & IPT_LOG_OPT_NLGROUP) ++ exit_error(PARAMETER_PROBLEM, ++ "Can't specify --ulog-nlgroup twice"); ++ ++ if (check_inverse(optarg, &invert, NULL, 0)) ++ exit_error(PARAMETER_PROBLEM, ++ "Unexpected `!' after --ulog-nlgroup"); ++ group_d = atoi(optarg); ++ if (group_d > 32 || group_d < 1) ++ exit_error(PARAMETER_PROBLEM, ++ "--ulog-nlgroup has to be between 1 and 32"); ++ ++ loginfo->nl_group = (1 << (group_d - 1)); ++ ++ *flags |= IPT_LOG_OPT_NLGROUP; ++ break; ++ ++ case '#': ++ if (*flags & IPT_LOG_OPT_PREFIX) ++ exit_error(PARAMETER_PROBLEM, ++ "Can't specify --ulog-prefix twice"); ++ ++ if (check_inverse(optarg, &invert, NULL, 0)) ++ exit_error(PARAMETER_PROBLEM, ++ "Unexpected `!' after --ulog-prefix"); ++ ++ if (strlen(optarg) > sizeof(loginfo->prefix) - 1) ++ exit_error(PARAMETER_PROBLEM, ++ "Maximum prefix length %u for --ulog-prefix", ++ (unsigned int)sizeof(loginfo->prefix) - 1); ++ ++ strcpy(loginfo->prefix, optarg); ++ *flags |= IPT_LOG_OPT_PREFIX; ++ break; ++ case 'A': ++ if (*flags & IPT_LOG_OPT_CPRANGE) ++ exit_error(PARAMETER_PROBLEM, ++ "Can't specify --ulog-cprange twice"); ++ if (atoi(optarg) < 0) ++ exit_error(PARAMETER_PROBLEM, ++ "Negative copy range?"); ++#ifdef KERNEL_64_USERSPACE_32 ++ loginfo->copy_range = (unsigned long long)atoll(optarg); ++#else ++ loginfo->copy_range = atoi(optarg); ++#endif ++ *flags |= IPT_LOG_OPT_CPRANGE; ++ break; ++ case 'B': ++ if (*flags & IPT_LOG_OPT_QTHRESHOLD) ++ exit_error(PARAMETER_PROBLEM, ++ "Can't specify --ulog-qthreshold twice"); ++ if (atoi(optarg) < 1) ++ exit_error(PARAMETER_PROBLEM, ++ "Negative or zero queue threshold ?"); ++ if (atoi(optarg) > ULOG_MAX_QLEN) ++ exit_error(PARAMETER_PROBLEM, ++ "Maximum queue length exceeded"); ++#ifdef KERNEL_64_USERSPACE_32 ++ loginfo->qthreshold = (unsigned long long)atoll(optarg); ++#else ++ loginfo->qthreshold = atoi(optarg); ++#endif ++ *flags |= IPT_LOG_OPT_QTHRESHOLD; ++ break; ++ } ++ return 1; ++} ++ ++/* Final check; nothing. */ ++static void final_check(unsigned int flags) ++{ ++} ++ ++/* Saves the union ip6t_targinfo in parsable form to stdout. */ ++static void save(const struct ip6t_ip6 *ip, ++ const struct ip6t_entry_target *target) ++{ ++ const struct ipt_ulog_info *loginfo ++ = (const struct ipt_ulog_info *) target->data; ++ ++ if (strcmp(loginfo->prefix, "") != 0) ++ printf("--ulog-prefix \"%s\" ", loginfo->prefix); ++ ++ if (loginfo->nl_group != ULOG_DEFAULT_NLGROUP) { ++ printf("--ulog-nlgroup "); ++ print_groups(loginfo->nl_group); ++ } ++#ifdef KERNEL_64_USERSPACE_32 ++ if (loginfo->copy_range) ++ printf("--ulog-cprange %llu ", loginfo->copy_range); ++ ++ if (loginfo->qthreshold != ULOG_DEFAULT_QTHRESHOLD) ++ printf("--ulog-qthreshold %llu ", loginfo->qthreshold); ++#else ++ if (loginfo->copy_range) ++ printf("--ulog-cprange %u ", (unsigned int)loginfo->copy_range); ++ ++ if (loginfo->qthreshold != ULOG_DEFAULT_QTHRESHOLD) ++ printf("--ulog-qthreshold %u ", (unsigned int)loginfo->qthreshold); ++#endif ++} ++ ++/* Prints out the targinfo. */ ++static void ++print(const struct ip6t_ip6 *ip, ++ const struct ip6t_entry_target *target, int numeric) ++{ ++ const struct ipt_ulog_info *loginfo ++ = (const struct ipt_ulog_info *) target->data; ++ ++ printf("ULOG "); ++#ifdef KERNEL_64_USERSPACE_32 ++ printf("copy_range %llu nlgroup ", loginfo->copy_range); ++#else ++ printf("copy_range %u nlgroup ", (unsigned int)loginfo->copy_range); ++#endif ++ print_groups(loginfo->nl_group); ++ if (strcmp(loginfo->prefix, "") != 0) ++ printf("prefix `%s' ", loginfo->prefix); ++#ifdef KERNEL_64_USERSPACE_32 ++ printf("queue_threshold %llu ", loginfo->qthreshold); ++#else ++ printf("queue_threshold %u ", (unsigned int)loginfo->qthreshold); ++#endif ++} ++ ++static struct ip6tables_target ulog = { ++ .next = NULL, ++ .name = "ULOG", ++ .version = IPTABLES_VERSION, ++ .size = IP6T_ALIGN(sizeof(struct ipt_ulog_info)), ++ .userspacesize = IP6T_ALIGN(sizeof(struct ipt_ulog_info)), ++ .help = &help, ++ .init = &init, ++ .parse = &parse, ++ .final_check = &final_check, ++ .print = &print, ++ .save = &save, ++ .extra_opts = opts ++}; ++ ++void _init(void) ++{ ++ register_target6(&ulog); ++} +diff -Nur --exclude '*.orig' iptables.org/extensions/libip6t_ULOG.man iptables/extensions/libip6t_ULOG.man +--- iptables.org/extensions/libip6t_ULOG.man 1970-01-01 01:00:00.000000000 +0100 ++++ iptables/extensions/libip6t_ULOG.man 2005-09-15 10:33:24.000000000 +0200 +@@ -0,0 +1,27 @@ ++This target provides userspace logging of matching packets. When this ++target is set for a rule, the Linux kernel will multicast this packet ++through a ++.IR netlink ++socket. One or more userspace processes may then subscribe to various ++multicast groups and receive the packets. ++Like LOG, this is a "non-terminating target", i.e. rule traversal ++continues at the next rule. ++.TP ++.BI "--ulog-nlgroup " "nlgroup" ++This specifies the netlink group (1-32) to which the packet is sent. ++Default value is 1. ++.TP ++.BI "--ulog-prefix " "prefix" ++Prefix log messages with the specified prefix; up to 32 characters ++long, and useful for distinguishing messages in the logs. ++.TP ++.BI "--ulog-cprange " "size" ++Number of bytes to be copied to userspace. A value of 0 always copies ++the entire packet, regardless of its size. Default is 0. ++.TP ++.BI "--ulog-qthreshold " "size" ++Number of packet to queue inside kernel. Setting this value to, e.g. 10 ++accumulates ten packets inside the kernel and transmits them as one ++netlink multipart message to userspace. Default is 1 (for backwards ++compatibility). ++.br ================================================================ _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit