Distro Recipes 2013 : Upstream management and consequences on the  distributions: the case of ul…
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Distro Recipes 2013 : Upstream management and consequences on the distributions: the case of ul…

  • 761 views
Uploaded on

https://distro-recipes.org

https://distro-recipes.org

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
761
On Slideshare
756
From Embeds
5
Number of Embeds
1

Actions

Shares
Downloads
6
Comments
0
Likes
0

Embeds 5

https://twitter.com 5

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Ulogd or Where kernel devels meet users Éric Leblond OISF Distro Recipes 2013Éric Leblond (OISF) Ulogd Distro Recipes 2013 1 / 14
  • 2. Some word about meEric Leblond French Previously, co-founder and CTO of EdenWall (RIP) Now, Contractor Suricata IDS/IPS developer @Regiteric on Twitter Éric Leblond (OISF) Ulogd Distro Recipes 2013 2 / 14
  • 3. Some word about meEric Leblond French Previously, co-founder and CTO of EdenWall (RIP) Now, Contractor Suricata IDS/IPS developer @Regiteric on Twitterregit@netfilter.org Netfilter Coreteam Member Working on: some kernel stuff libnetfilter_queue and userspace library ulogd2 maintainer Éric Leblond (OISF) Ulogd Distro Recipes 2013 2 / 14
  • 4. At the beginning was syslogPre Netfilter days Flat packet logging One line per packet A lot of information Non searchable Éric Leblond (OISF) Ulogd Distro Recipes 2013 3 / 14
  • 5. At the beginning was syslogPre Netfilter days Flat packet logging One line per packet A lot of information Non searchableNot sexyINPUT DROP IN=eth0 OUT= MAC=00:1a:92:05:ee:68:00:b0:8e:83:3b:f0:08:00 SRC=62.212.121.211 DST=91.121IN IN=eth0 OUT= MAC=d4:be:d9:69:d1:51:00:11:95:63:c7:5e:08:00 SRC=31.13.80.7 DST=192.168.11.3 LEN=4IN IN=eth0 OUT= MAC=d4:be:d9:69:d1:51:00:11:95:63:c7:5e:08:00 SRC=31.13.80.23 DST=192.168.11.3 LEN=IN IN=eth0 OUT= MAC=d4:be:d9:69:d1:51:00:11:95:63:c7:5e:08:00 SRC=31.13.80.7 DST=192.168.11.3 LEN=4IN IN=eth0 OUT= MAC=d4:be:d9:69:d1:51:00:11:95:63:c7:5e:08:00 SRC=31.13.80.7 DST=192.168.11.3 LEN=4 Éric Leblond (OISF) Ulogd Distro Recipes 2013 3 / 14
  • 6. Ulogd daysULOG Netfilter introduces ULOG target iptables -A INPUT -p tcp -j ULOG --ulog-prefix "bad packet" Communication via a netlink socket Special type of socket used for kernel userspace bidirectionnal communication Éric Leblond (OISF) Ulogd Distro Recipes 2013 4 / 14
  • 7. Ulogd daysULOG Netfilter introduces ULOG target iptables -A INPUT -p tcp -j ULOG --ulog-prefix "bad packet" Communication via a netlink socket Special type of socket used for kernel userspace bidirectionnal communicationUlogd, a ULOG logging daemon Syslog and file output SQL output: PGSQL, MySQL, SQLite Éric Leblond (OISF) Ulogd Distro Recipes 2013 4 / 14
  • 8. History2.6.14 introduced new kernel-user interactions libnetfilter_queue: userspace decision libnetfilter_log: logging libnetfilter_conntrack: connection tracking handling Éric Leblond (OISF) Ulogd Distro Recipes 2013 5 / 14
  • 9. History2.6.14 introduced new kernel-user interactions libnetfilter_queue: userspace decision libnetfilter_log: logging libnetfilter_conntrack: connection tracking handlingA long development Started in 2005 by Harald Welte Ulogd 2.0.0 beta1: 2006/01/09 Ulogd 2.0.0: 2012/06/17 Ulogd 2.0.2: 2013/03/03 Éric Leblond (OISF) Ulogd Distro Recipes 2013 5 / 14
  • 10. Ulogd2: an ulogd generalisationUlogd2 Interact with the new libraries Rewrite of ulogdlibnetfilter_log (generalized ulog) Packet logging IPv6 ready Few structural modificationlibnetfilter_conntrack (new) Connection tracking logging Accounting, logginglibnetfilter_nfacct (added recently) High performance accounting Éric Leblond (OISF) Ulogd Distro Recipes 2013 6 / 14
  • 11. Ulogd in distributions Distribution Ulogd version Linux Mint 1.24 Ubuntu 1.24 Fedora 2.0.0 Debian GNU/Linux 1.24 Debian testing 1.24 openSUSE 2.0.1 Arch Linux 2.0.1 PCLinuxOS X CentOS X Mageia X Slackware Linux XDistribution list: http://distrowatch.com/dwres.php?resource=major Éric Leblond (OISF) Ulogd Distro Recipes 2013 7 / 14
  • 12. Let me in!! Éric Leblond (OISF) Ulogd Distro Recipes 2013 8 / 14
  • 13. State of dependencies Distribution Ulogd libnfnetlink libmnl log conntrack acct Upstream 2.0.2 1.0.1 1.0.3 1.0.1 1.0.3 1.0.2 Requirement 1.0.1 1.0.3 1.0.0 1.0.2 1.0.1 Linux Mint 1.24 1.0.0 1.0.1 1.0.0 0.9.1 X Ubuntu 1.24 1.0.0 1.0.3 1.0.0 1.0.1 X Fedora 2.0.0 1.0.1 1.0.3 1.0.1 1.0.2 X Debian GNU/Linux 1.24 1.0.0 X 0.0.16 0.0.101 X Debian testing 1.24 1.0.0 1.0.3 1.0.0 1.0.1 X openSUSE 2.0.1 1.0.1 1.0.3 1.0.1 1.0.2 1.0.1 Arch Linux 2.0.1 1.0.1 1.0.3 1.0.1 1.0.3 1.0.2 PCLinuxOS X X X X X X CentOS X X X X X X Mageia X X 1.0.2 X X X Slackware Linux X X X X X X Éric Leblond (OISF) Ulogd Distro Recipes 2013 9 / 14
  • 14. Developper faults Éric Leblond (OISF) Ulogd Distro Recipes 2013 10 / 14
  • 15. Developper faultsLibrary policy Upgrade to latest because it has less bug Unconditional compilation Work started in ulogd 2.0.2 Patch proposed by gentoo maintainer. Éric Leblond (OISF) Ulogd Distro Recipes 2013 11 / 14
  • 16. Developper faultsLibrary policy Upgrade to latest because it has less bug Unconditional compilation Work started in ulogd 2.0.2 Patch proposed by gentoo maintainer.Configuration upgrade Incompatible configuration file Incompatible database schema Éric Leblond (OISF) Ulogd Distro Recipes 2013 11 / 14
  • 17. Developper faultsLibrary policy Upgrade to latest because it has less bug Unconditional compilation Work started in ulogd 2.0.2 Patch proposed by gentoo maintainer.Configuration upgrade Incompatible configuration file Incompatible database schemaLack of documentation Few user documentation User don’t ask for it Netfilter should have a wiki soon Éric Leblond (OISF) Ulogd Distro Recipes 2013 11 / 14
  • 18. Distribution faults Éric Leblond (OISF) Ulogd Distro Recipes 2013 12 / 14
  • 19. Distribution faultsSome need to be boosted They could propose alternative to the old ulogd No move if upstream don’t move Éric Leblond (OISF) Ulogd Distro Recipes 2013 13 / 14
  • 20. Distribution faultsSome need to be boosted They could propose alternative to the old ulogd No move if upstream don’t moveFew but powerful users Lack of users The few one build appliance They maintain their version Éric Leblond (OISF) Ulogd Distro Recipes 2013 13 / 14
  • 21. Questions ?Contacts Directly: eric@regit.org Mailling List: netfilter-devel@vger.kernel.orgReferences Ulogd2: http://netfilter.org/projects/ulogd/index.html My blog: https://home.regit.org/ Éric Leblond (OISF) Ulogd Distro Recipes 2013 14 / 14