| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The new namespace helper provides an internal stable interface for
plugins to use for switching various linux namespaces. Currently only
network namespaces are supported/implemented, but can easily be extended
if needed. autoconf will enable it automatically if the required symbols
are available. If ulogd is compiled without namespace support, the
functions will simply return an error, there is no need for conditional
compilation or special handling in plugin code.
Signed-off-by: Corubba Smith <corubba@gmx.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until a6fbeb96e889 ("new configuration file syntax (Magnus Boden)")
this was already caught, and the enum member is still present.
Check if the for loop worked throught the whole array without hitting a
matching config option, and return with the unknown key error code.
Because there is no existing config_entry struct with that unknwon key
to use with the established config_errce pointer, allocate a new struct.
This potentially creates a memory leak if that config_entry is never
freed again, but for me that is acceptable in this rare case.
Since the memory allocation for the struct can fail, also reuse the old
out-of-memory error to indicate that.
Signed-off-by: Corubba Smith <corubba@gmx.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
Provide a default implementation for the configure hook which simply
calls ulogd_parse_configfile(), so simple plugins only need to provide
the config_keyset. This also triggers an "unknown key" error if a
plugin defines no config_keyset (aka it has no options), but the config
file contains directives for it.
Signed-off-by: Corubba Smith <corubba@gmx.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `value` union member in `struct config_entry` is declared as `int`
since basically the beginning in e07722e46001 ("config stuff added").
The parsing was switched from the original `atoi()` in 015849995f7f
("Fix hexadecimal parsing in config file") to `strtoul()`.
Switch the function for parsing to the signed `strtol()` variant since
the result will be stored in a signed int, and it makes sense to support
negative numbers. Detect when `strtol()` does not properly consume the
whole argument and return a new format error. Also check the numerical
value to make sure the signed int does not overflow, in which case
a new range error is returned.
Unfortunately there is no `strtoi()` which would do the proper range
check itself, so the intermediate `long` and range-check for `int` is
required. I also considered changing the `value` union member from
`int` to `long`, which would make it possible to use the parsed value
as-is. But since this is part of the api towards plugins (including
third party) such a potentially breaking change felt unwarranted. This
also means that still only 16bit integer values are *guaranteed* to
work, although most platforms use bigger widths for int.
Signed-off-by: Corubba Smith <corubba@gmx.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide a new function `ulogd_parse_configfile()` in the public
interface, which wraps `parse_config_file()` to parse a section of the
config file and communicates found errors to the user. It can be used
as a drop-in replacement because arguments and return value are
compatible.
This relieves plugins of the need to translate the individual error
codes to human readable messages, and plugins are mostly interested if
there is any error, not what specific error.
This reuses the existing `parse_conffile()` function with slight
adjustments.
Signed-off-by: Corubba Smith <corubba@gmx.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a config directive is provided with a malformed argument (e.g.
`loglevel="1`), then the call to get_word() returns NULL and `wordbuf`
is left unchanged aka still contains the directive name. Unlike the
previous calls to get_word(), the return value is not checked here, and
processing continues with `args` pointing to the still unchanged
`wordbuf`. So `loglevel="1` is effectively parsed as
`loglevel=loglevel`.
Instead if no valid argument is found, ignore the directive and log a
warning.
Due to the way get_word() is implemented, this unfortunately will report
an empty argument (e.g. `loglevel=`) as malformed as well. Ideally that
should behave the same as `loglevel=""`, but I found no nice way to
achieve that. An empty argument is only useful in rare cases, so
treating it as malformed should be fine for now. That's still way better
than the previous broken "name as value" behaviour.
Fixes: e88384d9d5a1 ("added new generic get_word() function to do better parsing")
Signed-off-by: Corubba Smith <corubba@gmx.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
| |
Consistently use the return jump to close the config file descriptor if
opened, to prevent it from leaking.
Signed-off-by: Corubba Smith <corubba@gmx.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When deciding whether to call the stop hook of a plugin instance, only
two things are relevant: If the plugin actually has a stop hook defined,
and if the plugin instance is still used in a different stack. The
private data of a plugin instance is opaque to ulogd, so its size or
content are irrelevant to the stop-hook decision. And in the same vein
should ulogd never write to it.
The one-null-byte write could previously lead to an out-of-bounds write
on plugins with a stop hook and zero-size private data.
Signed-off-by: Corubba Smith <corubba@gmx.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Invalid read of size 4
at 0x405F60: ulogd_unregister_fd (select.c:74)
by 0x4E4E3DF: ??? (in /usr/lib/ulogd/ulogd_inppkt_NFLOG.so)
by 0x405003: stop_pluginstances (ulogd.c:1335)
by 0x405003: sigterm_handler_task (ulogd.c:1383)
by 0x405153: call_signal_handler_tasks (ulogd.c:424)
by 0x405153: signal_channel_callback (ulogd.c:443)
by 0x406163: ulogd_select_main (select.c:105)
by 0x403CF3: ulogd_main_loop (ulogd.c:1070)
by 0x403CF3: main (ulogd.c:1649)
Problem is that ulogd_inppkt_NFLOG.c::stop() calls ulogd_unregister_fd()
which does llist_del(). This llist_del may touch ->prev pointer.
As the list element is in private data, we cannot do this llist_del
from stop_pluginstances().
Therefore, the free() process moved location after finishing ulogd_unregister_fd().
Signed-off-by: Kyuwon Shim <kyuwon.shim@alliedtelesis.co.nz>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
| |
If `config_parse_file` returns `-ERRTOOLONG`, `config_errce` may be
`NULL`. However, the calling function checks whether
`config_errce->key` is `NULL` instead.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
There are a number of places where we `malloc` some memory and then
`memset` it to zero. Use `calloc` instead.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
If `daemon` fails during start-up, ulogd attempts to print `errno` and
`strerror(errno)` to the log. However, the arguments are the wrong way
round. Swap them.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
| |
There is a `strdup` at the beginning of `create_stack`. If it fails, an
empty log-line is printed. It's not useful, so remove it. This is
consistent with the error-handling of the `malloc` which immediately
follows it.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
| |
Move `${regular_CFLAGS}` from configure.ac to Make_global.am, renaming
it to `AM_CFLAGS`. Add `AM_CPPFGLAGS` to include
`$(top_srcdir)/include`. Include the new file in the Makefiles that
require it.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
The `ULOGD2_LIBDIR` macro is only used in one place, so move the flag
defining it out of the common `regular_CFLAGS` variable to the
`AM_CPPFLAGS` variable in the Makefile where it is needed.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
The attached patch fixes building ulogd2 with musl libc. It is being
used on Void Linux right now.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1278
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This new configuration behaviour option eases a bit the configuration of ulogd2
by allowing to load all plugins in one go, without having to know their full
path.
Choosing concrete plugins and using full path for them is great for some
environmnets, but I don't think it's a common case. The common case is to
load all plugins, even ignoring where do they live in the filesystem.
Even worse, the full path may be architecture-dependant, which makes copying
the ulogd.conf file between machines unnecesarily complex.
To experiment this new behaviour, don't put any 'plugin=' directive in the
config file. Plugins will be loaded from a default directory, choosen at
build/configure time (--with-ulogd2libdir). If no specified, this is something
like '/usr/local/lib/ulogd/'.
This new configuration option doesn't implement any special logic. We simply
open the dir and try to load all files ending with '.so'.
The log message level for plugins loading is increased so users can see by
default which plugins are loaded.
Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Is common that ulogd runs in scenarios where a lot of packets are to be logged.
If there are more packets than ulogd can handle, users can start seing log
messages like this:
ulogd[556]: We are losing events. Please, consider using the clauses \
`netlink_socket_buffer_size' and `netlink_socket_buffer_maxsize'
Which means that Netlink buffer overrun have happened.
There are several approaches to prevent this situation:
* in the ruleset, limit the amount of packet queued for log
* in the ruleset, instruct the kernel to use a queue-threshold
* from userspace, increment Netlink buffer sizes
* from userspace, configure ulogd to run as high priority process
The first 3 method can be configured by users at runtime.
This patch deals with the last method. SCHED_RR is configured by default,
with no associated configuration parameter for users, since I believe
this is common enough, and should produce no harm.
A similar approach is used in the conntrackd daemon.
Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Acked-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Format string in error message had more arguments than given and
it was resulting in a crash at start.
|
| |
|
|
|
|
|
|
|
| |
On some architecture, ulogd is not starting due to a
crash in memcpy. This patch switches to strncpy to
avoid the problem.
Reported-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Eric Leblond <eric@regit.org>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ulogd had a critical bug that is calling Async-Signal-Unsafe functions
in signal hander context.
- Most of libc functions like fopen(), malloc() are Async-Signal-Unsafe.
So you should not call these functions in signal handler context.
- Calling pluginstances in signal handler context is danger.
For implementer of pluginstances, it is very hard to recognize their
functions are called in signal handler context.
To solve the issue, I restructured signal handling by self-pipe trick.
For more detail on self-pipe trick, please see the following.
https://lwn.net/Articles/177897/
This patch will solve various symptoms like following.
- Deadlock
- Segmentation fault caused by libc management data corruption,
- Other unpredictable behavior.
Deadlock example
================
This bug was already filed at:
https://bugzilla.netfilter.org/show_bug.cgi?id=1030
I also hit this bug. The backtrace of this issue is following.
In this case, main thread was calling ctime(),
and signal handler called localtime_r().
That caused the dead lock while getting tzset_lock in __tz_convert().
Because vsyslog() is Async-Signal-Unsafe function, we cannot call
this function in signal handler context.
(gdb) bt
#0 __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95
#1 0x00007f3c3fc7e4ac in _L_lock_2462 () at tzset.c:621
#2 0x00007f3c3fc7e2e7 in __tz_convert (timer=0x7f3c3ff8bf00 <tzset_lock>,
timer@entry=0x7fffcfa923b8, use_localtime=use_localtime@entry=1,
tp=tp@entry=0x7fffcfa92400) at tzset.c:624
#3 0x00007f3c3fc7c28d in __localtime_r (t=t@entry=0x7fffcfa923b8,
tp=tp@entry=0x7fffcfa92400) at localtime.c:32
#4 0x00007f3c3fcbf1ba in __GI___vsyslog_chk (pri=<optimized out>, flag=1,
fmt=0x406fa8 "signal received, calling pluginstances\n", ap=0x7fffcfa924a0)
at ../misc/syslog.c:199
#5 0x00000000004037b5 in __ulogd_log ()
#6 0x00000000004047be in signal_handler ()
#7 <signal handler called>
#8 0x00007f3c3fcb62f5 in __GI___xstat (vers=<optimized out>,
name=0x7f3c3fd4b2c3 "/etc/localtime", buf=0x7fffcfa92c10)
at ../sysdeps/unix/sysv/linux/wordsize-64/xstat.c:37
#9 0x00007f3c3fc7e5f6 in __tzfile_read (file=file@entry=0x7f3c3fd4b2c3 "/etc/localtime",
extra=extra@entry=0, extrap=extrap@entry=0x0) at tzfile.c:170
#10 0x00007f3c3fc7d954 in tzset_internal (always=<optimized out>,
explicit=explicit@entry=1) at tzset.c:444
#11 0x00007f3c3fc7e303 in __tz_convert (timer=0x7fffcfa92d50,
use_localtime=use_localtime@entry=1, tp=tp@entry=0x7f3c3ff8ed80 <_tmbuf>)
at tzset.c:629
#12 0x00007f3c3fc7c2a1 in __GI_localtime (t=<optimized out>) at localtime.c:42
#13 0x00007f3c3fc7c1f9 in ctime (t=<optimized out>) at ctime.c:27
#14 0x00007f3c3e180ec2 in ?? ()
#15 0x0000000056a100c2 in ?? ()
#16 0xf8570f79d4fc4200 in ?? ()
#17 0x000000000209bec0 in ?? ()
#18 0x00007f3c4059f1f8 in ?? ()
#19 0x000000000000003c in ?? ()
#20 0x0000000000404952 in ulogd_propagate_results ()
#21 0x00007f3c3f9cc203 in ?? ()
#22 0x0000000000000000 in ?? ()
Segmentation fault in free()
============================
>From my experience, I think this was caused by some routine called
malloc()/free() in signal handler context.
By that, malloc() management data became inconsistent.
As a result, free() made a wrong dereference.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __GI___libc_free (mem=0x7f430f011000) at malloc.c:2903
2903 if (chunk_is_mmapped(p)) /* release mmapped memory. */
(gdb) bt
#0 __GI___libc_free (mem=0x7f430f011000) at malloc.c:2903
#1 0x00007f430e68affa in __GI__IO_free_backup_area (fp=fp@entry=0x742500)
at genops.c:210
#2 0x00007f430e68a795 in _IO_new_file_overflow (f=0x742500, ch=-1) at fileops.c:849
#3 0x00007f430e689511 in _IO_new_file_xsputn (f=0x742500, data=<optimized out>, n=15)
at fileops.c:1372
#4 0x00007f430e65aa4d in _IO_vfprintf_internal (s=s@entry=0x742500,
format=<optimized out>, format@entry=0x7f430cbc4008 "%.15s %s %s",
ap=ap@entry=0x7fff456ece38) at vfprintf.c:1635
#5 0x00007f430e71d615 in ___fprintf_chk (fp=0x742500, flag=flag@entry=1,
format=format@entry=0x7f430cbc4008 "%.15s %s %s") at fprintf_chk.c:36
#6 0x00007f430cbc3f04 in fprintf (__fmt=0x7f430cbc4008 "%.15s %s %s",
__stream=<optimized out>) at /usr/include/bits/stdio2.h:97
#7 _output_logemu (upi=0x74e5a0) at ulogd_output_LOGEMU.c:102
#8 0x0000000000404952 in ulogd_propagate_results ()
#9 0x00007f430e40f203 in interp_packet (ldata=0x7fff456ed060, pf_family=2 '\002',
upi=0x74a6b0) at ulogd_inppkt_NFLOG.c:400
#10 msg_cb (gh=<optimized out>, nfmsg=0x7f430efe2020, nfa=0x7fff456ed060, data=0x74a6b0)
at ulogd_inppkt_NFLOG.c:483
#11 0x00007f430e20a307 in __nflog_rcv_pkt (nlh=<optimized out>, nfa=<optimized out>,
data=<optimized out>) at libnetfilter_log.c:160
#12 0x00007f430e0056b7 in __nfnl_handle_msg (len=268, nlh=0x7f430efe2010, h=0x74e8e0)
at libnfnetlink.c:1236
#13 nfnl_handle_packet (h=0x74e8e0, buf=0x7f430efe2010 "\f\001", len=<optimized out>)
at libnfnetlink.c:1256
#14 0x00007f430e20a508 in nflog_handle_packet (h=<optimized out>, buf=<optimized out>,
len=<optimized out>) at libnetfilter_log.c:323
#15 0x00007f430e40eaed in nful_read_cb (fd=<optimized out>, what=<optimized out>,
param=0x74a6b0) at ulogd_inppkt_NFLOG.c:463
#16 0x0000000000404ee0 in ulogd_select_main ()
#17 0x0000000000402b17 in main ()
Signed-off-by: Hironobu Ishii <ishii.hironobu@jp.fujitsu.com>
|
| |
|
|
| |
Signed-off-by: Felix Janda <felix.janda@posteo.de>
|
| |
|
|
|
|
|
|
|
| |
Fixes compilation error with musl libc:
ulogd.c:86:13: error: storage size of 'syslog_dummy' isn't known
static FILE syslog_dummy;
Signed-off-by: Felix Janda <felix.janda@posteo.de>
|
| |
|
|
|
|
| |
It was always default if not specified by command parameter.
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
|
| |
|
|
|
|
|
| |
If the file is in DOS mode, the string coming from config file
parsing are containing the carriage return. The result is that
string are not correct and the parsing of confuguration file
is failling.
|
| |
|
|
|
| |
In case there is no logfile, ulogd could possibly display each
log message twice to stderr.
|
| |
|
|
|
|
|
|
|
| |
Some uClibc-based toolchains lack threading support, so use
AC_SEARCH_LIB instead of AC_CHECK_LIB to check for libpthread
availability and link conditionally if found since it's only used for
the database backends.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
|
| |
|
|
|
|
|
|
| |
This patches update the daemonization code. It is done earlier and
it uses the daemon(à function which is used for daemonization by
most projects.
Signed-off-by: Eric Leblond <eric@regit.org>
|
| |
|
|
|
|
|
|
|
|
| |
This patch improves latest patch by splitting in two part the pid
file creation. This allows to display a message to stdout when
ulogd can not be started. Another linked improvement is that the
plugin initialization is not done if the pid file existence will
result in a ulogd exit.
Signed-off-by: Eric Leblond <eric@regit.org>
|
| |
|
|
|
|
|
|
| |
The deamon currently does not have the ability to write a PID file to track its
process ID. This is very useful to an init script and to ensure there is only
one running instance. This patch implements this functionality.
Signed-off-by: Chris Boot <bootc@bootc.net>
|
| |
|
|
|
|
|
|
| |
The daemon code currently tries to nice(-1) just after having given up root
privileges, which fails. This patch moves the nice(-1) call to just before
the code that gives up the required privileges.
Signed-off-by: Chris Boot <bootc@bootc.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch adds an optional ring buffer option which modify
the way database queries are made. The main thread is only handling
kernel message reading and query formatting. The SQL request is made
in a separate dedicated thread.
The idea is to try to avoid buffer overrun by minimizing the time
requested to treat kernel message. Doing synchronous SQL request, as
it was made before was causing a delay which could cause some messages
to be lost in case of burst from kernel side.
|
| | |
|
| |
|
|
|
|
|
| |
This reverts commit 3179bd4de89de7c2388849f5bc48e8f5aad9e5b9.
Pointing to the wrong place. This is not the file descriptor
that ulogd is leaking.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Joan Touzet reported that file descriptor 3 was not ever closed
in the exit path of the parent process:
open("ulogd.conf", O_RDONLY) = 3
That corresponds to the the file descriptor that was used to
parse the configuration file was not closed.
This closes: http://bugzilla.netfilter.org/show_bug.cgi?id=793
Reported-by: Joan Touzet <joant@cloudant.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
The "registering plugin" message is not really useful as the message
is really explicit if a plugin is missing.
|
| |
|
|
|
| |
When an argument or a line is too long, it can not be store
into ulogd configuration and this must results in a error.
|
| |
|
|
|
| |
This patch adds a call to access to check the readability of the
configuration file.
|
| | |
|
| |
|
|
| |
This patch also update some copyright and licence declaration.
|
| |
|
|
|
|
| |
This patch adds a '-l' option which can be used to setup ulogd
loglevel. Command line option has precedence on the configuration
file one.
|
| |
|
|
|
|
| |
This patch adds a flag to the config_entry structure to be able to
tune setup. First usage is to ask config parser not to update a key
if it has been already set.
|
| |
|
|
|
| |
If can be painful to have to check the logfile, so this patch adds
a '-v' option which display logs message to stderr.
|
| |
|
|
|
| |
This patch fixes a compilation warning related to a signed and
unsigned integer comparison.
|
| | |
|
| |
|
|
|
|
|
|
| |
Include Eric and myself in the copyright notice and the AUTHORS file
since we're the most recurrent contributors (of course, after the
original author of this software, Harald Welte).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
It was wrong, use VERSION constant which uses the version
information available in configure.ac.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
The variable contains global libraries linked into every possible
object, which is unwanted. Clean up things.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
