summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'app-admin/ulogd/files')
-rw-r--r--app-admin/ulogd/files/ulogd-2.0.4-linux-headers-3.17-ipt_ulog.patch100
-rw-r--r--app-admin/ulogd/files/ulogd-2.0.5-remove-db-automagic.patch45
-rw-r--r--app-admin/ulogd/files/ulogd.init41
-rw-r--r--app-admin/ulogd/files/ulogd.logrotate9
-rw-r--r--app-admin/ulogd/files/ulogd.service13
5 files changed, 208 insertions, 0 deletions
diff --git a/app-admin/ulogd/files/ulogd-2.0.4-linux-headers-3.17-ipt_ulog.patch b/app-admin/ulogd/files/ulogd-2.0.4-linux-headers-3.17-ipt_ulog.patch
new file mode 100644
index 000000000000..f8c10622e229
--- /dev/null
+++ b/app-admin/ulogd/files/ulogd-2.0.4-linux-headers-3.17-ipt_ulog.patch
@@ -0,0 +1,100 @@
+From 30e24dbfc7a8644e29664070e8c16e5c3997f87e Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Fri, 7 Nov 2014 18:33:01 +0100
+Subject: [PATCH] include: keep a copy of linux/netfilter_ipv4/ipt_ULOG.h
+
+This fixes compilation if you use a Linux kernel >= 3.17. This problem
+occurs since ULOG was removed from mainstream:
+
+http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7200135bc1e61f1437dc326ae2ef2f310c50b4eb
+
+Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=986
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+
+diff --git a/configure.ac b/configure.ac
+index 522c345..c5f573c 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -142,7 +142,7 @@ dnl AM_CONDITIONAL(HAVE_PGSQL, test x$pgsqldir != x)
+
+ AC_CONFIG_FILES(include/Makefile include/ulogd/Makefile include/libipulog/Makefile \
+ include/linux/Makefile include/linux/netfilter/Makefile \
+- libipulog/Makefile \
++ include/linux/netfilter_ipv4/Makefile libipulog/Makefile \
+ input/Makefile input/packet/Makefile input/flow/Makefile \
+ input/sum/Makefile \
+ filter/Makefile filter/raw2packet/Makefile filter/packet2flow/Makefile \
+diff --git a/include/linux/Makefile.am b/include/linux/Makefile.am
+index ca80d0d..18af1c2 100644
+--- a/include/linux/Makefile.am
++++ b/include/linux/Makefile.am
+@@ -1,2 +1,2 @@
+-
+-SUBDIRS = netfilter
++SUBDIRS = netfilter \
++ netfilter_ipv4
+diff --git a/include/linux/netfilter_ipv4/Makefile.am b/include/linux/netfilter_ipv4/Makefile.am
+new file mode 100644
+index 0000000..41819a3
+--- /dev/null
++++ b/include/linux/netfilter_ipv4/Makefile.am
+@@ -0,0 +1 @@
++noinst_HEADERS = ipt_ULOG.h
+diff --git a/include/linux/netfilter_ipv4/ipt_ULOG.h b/include/linux/netfilter_ipv4/ipt_ULOG.h
+new file mode 100644
+index 0000000..417aad2
+--- /dev/null
++++ b/include/linux/netfilter_ipv4/ipt_ULOG.h
+@@ -0,0 +1,49 @@
++/* Header file for IP tables userspace logging, Version 1.8
++ *
++ * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org>
++ *
++ * Distributed under the terms of GNU GPL */
++
++#ifndef _IPT_ULOG_H
++#define _IPT_ULOG_H
++
++#ifndef NETLINK_NFLOG
++#define NETLINK_NFLOG 5
++#endif
++
++#define ULOG_DEFAULT_NLGROUP 1
++#define ULOG_DEFAULT_QTHRESHOLD 1
++
++#define ULOG_MAC_LEN 80
++#define ULOG_PREFIX_LEN 32
++
++#define ULOG_MAX_QLEN 50
++/* Why 50? Well... there is a limit imposed by the slab cache 131000
++ * bytes. So the multipart netlink-message has to be < 131000 bytes.
++ * Assuming a standard ethernet-mtu of 1500, we could define this up
++ * to 80... but even 50 seems to be big enough. */
++
++/* private data structure for each rule with a ULOG target */
++struct ipt_ulog_info {
++ unsigned int nl_group;
++ size_t copy_range;
++ size_t qthreshold;
++ char prefix[ULOG_PREFIX_LEN];
++};
++
++/* Format of the ULOG packets passed through netlink */
++typedef struct ulog_packet_msg {
++ unsigned long mark;
++ long timestamp_sec;
++ long timestamp_usec;
++ unsigned int hook;
++ char indev_name[IFNAMSIZ];
++ char outdev_name[IFNAMSIZ];
++ size_t data_len;
++ char prefix[ULOG_PREFIX_LEN];
++ unsigned char mac_len;
++ unsigned char mac[ULOG_MAC_LEN];
++ unsigned char payload[0];
++} ulog_packet_msg_t;
++
++#endif /*_IPT_ULOG_H*/
+--
+2.0.4
+
diff --git a/app-admin/ulogd/files/ulogd-2.0.5-remove-db-automagic.patch b/app-admin/ulogd/files/ulogd-2.0.5-remove-db-automagic.patch
new file mode 100644
index 000000000000..dfa51112e063
--- /dev/null
+++ b/app-admin/ulogd/files/ulogd-2.0.5-remove-db-automagic.patch
@@ -0,0 +1,45 @@
+commit c61c05c2d050410c24346d42b013d7cb39149949
+Author: Harald Welte <laforge@gnumonks.org>
+Date: Sun May 3 11:08:54 2015 +0200
+
+ configure.ac: Add --without-{mysql,pgsql}
+
+ In some cases you may not want to build a certain output plugin, even
+ if the headers/libraries actually exist on the build host.
+
+diff --git a/configure.ac b/configure.ac
+index c814bec..1a7f8de 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -85,7 +85,10 @@ if [! test "x$enable_nfacct" = "xyes"]; then
+ enable_nfacct="no"
+ fi
+
+-CT_CHECK_POSTGRES_DB()
++AC_ARG_WITH([pgsql], AS_HELP_STRING([--without-pgsql], [Build without postgresql output plugin [default=test]]))
++AS_IF([test "x$with_pgsql" != "xno"], [
++ CT_CHECK_POSTGRES_DB()
++])
+ AM_CONDITIONAL(HAVE_PGSQL, test "x$PQLIBPATH" != "x")
+ if test "x$PQLIBPATH" != "x"; then
+ enable_pgsql="yes"
+@@ -93,7 +96,10 @@ else
+ enable_pgsql="no"
+ fi
+
+-CT_CHECK_MYSQL_DB()
++AC_ARG_WITH([mysql], AS_HELP_STRING([--without-mysql], [Build without mysql output plugin [default=test]]))
++AS_IF([test "x$with_mysql" != "xno"], [
++ CT_CHECK_MYSQL_DB()
++])
+ AM_CONDITIONAL(HAVE_MYSQL, test "x$MYSQL_LIB" != "x")
+ if test "x$MYSQL_LIB" != "x"; then
+ enable_mysql="yes"
+@@ -101,6 +107,7 @@ else
+ enable_mysql="no"
+ fi
+
++
+ AC_ARG_WITH([sqlite], AS_HELP_STRING([--without-sqlite], [Build without SQLITE3 output plugin [default=test]]))
+ AS_IF([test "x$with_sqlite" != "xno"], [
+ PKG_CHECK_MODULES([libsqlite3], [sqlite3], [], [:])
diff --git a/app-admin/ulogd/files/ulogd.init b/app-admin/ulogd/files/ulogd.init
new file mode 100644
index 000000000000..ace6e8b51c91
--- /dev/null
+++ b/app-admin/ulogd/files/ulogd.init
@@ -0,0 +1,41 @@
+#!/sbin/runscript
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_started_commands="reload reopen"
+
+: ${ULOGD_BINARY:=/usr/sbin/ulogd}
+: ${ULOGD_PIDFILE:=/run/${SVCNAME}.pid}
+: ${ULOGD_OPTS:=--daemon --uid ulogd --pidfile ${ULOGD_PIDFILE}}
+
+depend() {
+ before iptables ip6tables ebtables firewall
+ after mysql postgresql
+}
+
+start() {
+ ebegin "Starting ${SVCNAME}"
+ start-stop-daemon --start \
+ --exec ${ULOGD_BINARY} --pidfile ${ULOGD_PIDFILE} \
+ -- ${ULOGD_OPTS}
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping ${SVCNAME}"
+ start-stop-daemon --stop --pidfile ${ULOGD_PIDFILE}
+ eend $?
+}
+
+reload() {
+ ebegin "Reloading ${SVCNAME} configuration"
+ start-stop-daemon --signal USR1 --pidfile ${ULOGD_PIDFILE}
+ eend $?
+}
+
+reopen() {
+ ebegin "Reopening ${SVCNAME} logfiles"
+ start-stop-daemon --signal HUP --pidfile ${ULOGD_PIDFILE}
+ eend $?
+}
diff --git a/app-admin/ulogd/files/ulogd.logrotate b/app-admin/ulogd/files/ulogd.logrotate
new file mode 100644
index 000000000000..777e40097a5e
--- /dev/null
+++ b/app-admin/ulogd/files/ulogd.logrotate
@@ -0,0 +1,9 @@
+/var/log/ulogd/*.log {
+ sharedscripts
+ missingok
+ notifempty
+ create 0640 ulogd
+ postrotate
+ [ -f /run/ulogd.pid ] && /bin/kill -HUP $(cat /run/ulogd.pid)
+ endscript
+}
diff --git a/app-admin/ulogd/files/ulogd.service b/app-admin/ulogd/files/ulogd.service
new file mode 100644
index 000000000000..ec22db0ad663
--- /dev/null
+++ b/app-admin/ulogd/files/ulogd.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=A userspace logging daemon for netfilter/iptables related logging
+Before=iptables.service ip6tables.service
+After=mysql.service postgresql.service
+
+[Service]
+Type=forking
+PIDFile=/run/ulogd.pid
+ExecStart=/usr/sbin/ulogd --daemon --uid ulogd --pidfile /run/ulogd.pid
+ExecReload=/bin/kill -USR1 $MAINPID
+
+[Install]
+WantedBy=network.target