Your SlideShare is downloading. ×
Distro Recipes 2013 : Upstream management and consequences on the  distributions: the case of ul…
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Distro Recipes 2013 : Upstream management and consequences on the distributions: the case of ul…

434
views

Published on

https://distro-recipes.org

https://distro-recipes.org

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
434
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Ulogd or Where kernel devels meet users Éric Leblond OISF Distro Recipes 2013Éric Leblond (OISF) Ulogd Distro Recipes 2013 1 / 14
  • 2. Some word about meEric Leblond French Previously, co-founder and CTO of EdenWall (RIP) Now, Contractor Suricata IDS/IPS developer @Regiteric on Twitter Éric Leblond (OISF) Ulogd Distro Recipes 2013 2 / 14
  • 3. Some word about meEric Leblond French Previously, co-founder and CTO of EdenWall (RIP) Now, Contractor Suricata IDS/IPS developer @Regiteric on Twitterregit@netfilter.org Netfilter Coreteam Member Working on: some kernel stuff libnetfilter_queue and userspace library ulogd2 maintainer Éric Leblond (OISF) Ulogd Distro Recipes 2013 2 / 14
  • 4. At the beginning was syslogPre Netfilter days Flat packet logging One line per packet A lot of information Non searchable Éric Leblond (OISF) Ulogd Distro Recipes 2013 3 / 14
  • 5. At the beginning was syslogPre Netfilter days Flat packet logging One line per packet A lot of information Non searchableNot sexyINPUT DROP IN=eth0 OUT= MAC=00:1a:92:05:ee:68:00:b0:8e:83:3b:f0:08:00 SRC=62.212.121.211 DST=91.121IN IN=eth0 OUT= MAC=d4:be:d9:69:d1:51:00:11:95:63:c7:5e:08:00 SRC=31.13.80.7 DST=192.168.11.3 LEN=4IN IN=eth0 OUT= MAC=d4:be:d9:69:d1:51:00:11:95:63:c7:5e:08:00 SRC=31.13.80.23 DST=192.168.11.3 LEN=IN IN=eth0 OUT= MAC=d4:be:d9:69:d1:51:00:11:95:63:c7:5e:08:00 SRC=31.13.80.7 DST=192.168.11.3 LEN=4IN IN=eth0 OUT= MAC=d4:be:d9:69:d1:51:00:11:95:63:c7:5e:08:00 SRC=31.13.80.7 DST=192.168.11.3 LEN=4 Éric Leblond (OISF) Ulogd Distro Recipes 2013 3 / 14
  • 6. Ulogd daysULOG Netfilter introduces ULOG target iptables -A INPUT -p tcp -j ULOG --ulog-prefix "bad packet" Communication via a netlink socket Special type of socket used for kernel userspace bidirectionnal communication Éric Leblond (OISF) Ulogd Distro Recipes 2013 4 / 14
  • 7. Ulogd daysULOG Netfilter introduces ULOG target iptables -A INPUT -p tcp -j ULOG --ulog-prefix "bad packet" Communication via a netlink socket Special type of socket used for kernel userspace bidirectionnal communicationUlogd, a ULOG logging daemon Syslog and file output SQL output: PGSQL, MySQL, SQLite Éric Leblond (OISF) Ulogd Distro Recipes 2013 4 / 14
  • 8. History2.6.14 introduced new kernel-user interactions libnetfilter_queue: userspace decision libnetfilter_log: logging libnetfilter_conntrack: connection tracking handling Éric Leblond (OISF) Ulogd Distro Recipes 2013 5 / 14
  • 9. History2.6.14 introduced new kernel-user interactions libnetfilter_queue: userspace decision libnetfilter_log: logging libnetfilter_conntrack: connection tracking handlingA long development Started in 2005 by Harald Welte Ulogd 2.0.0 beta1: 2006/01/09 Ulogd 2.0.0: 2012/06/17 Ulogd 2.0.2: 2013/03/03 Éric Leblond (OISF) Ulogd Distro Recipes 2013 5 / 14
  • 10. Ulogd2: an ulogd generalisationUlogd2 Interact with the new libraries Rewrite of ulogdlibnetfilter_log (generalized ulog) Packet logging IPv6 ready Few structural modificationlibnetfilter_conntrack (new) Connection tracking logging Accounting, logginglibnetfilter_nfacct (added recently) High performance accounting Éric Leblond (OISF) Ulogd Distro Recipes 2013 6 / 14
  • 11. Ulogd in distributions Distribution Ulogd version Linux Mint 1.24 Ubuntu 1.24 Fedora 2.0.0 Debian GNU/Linux 1.24 Debian testing 1.24 openSUSE 2.0.1 Arch Linux 2.0.1 PCLinuxOS X CentOS X Mageia X Slackware Linux XDistribution list: http://distrowatch.com/dwres.php?resource=major Éric Leblond (OISF) Ulogd Distro Recipes 2013 7 / 14
  • 12. Let me in!! Éric Leblond (OISF) Ulogd Distro Recipes 2013 8 / 14
  • 13. State of dependencies Distribution Ulogd libnfnetlink libmnl log conntrack acct Upstream 2.0.2 1.0.1 1.0.3 1.0.1 1.0.3 1.0.2 Requirement 1.0.1 1.0.3 1.0.0 1.0.2 1.0.1 Linux Mint 1.24 1.0.0 1.0.1 1.0.0 0.9.1 X Ubuntu 1.24 1.0.0 1.0.3 1.0.0 1.0.1 X Fedora 2.0.0 1.0.1 1.0.3 1.0.1 1.0.2 X Debian GNU/Linux 1.24 1.0.0 X 0.0.16 0.0.101 X Debian testing 1.24 1.0.0 1.0.3 1.0.0 1.0.1 X openSUSE 2.0.1 1.0.1 1.0.3 1.0.1 1.0.2 1.0.1 Arch Linux 2.0.1 1.0.1 1.0.3 1.0.1 1.0.3 1.0.2 PCLinuxOS X X X X X X CentOS X X X X X X Mageia X X 1.0.2 X X X Slackware Linux X X X X X X Éric Leblond (OISF) Ulogd Distro Recipes 2013 9 / 14
  • 14. Developper faults Éric Leblond (OISF) Ulogd Distro Recipes 2013 10 / 14
  • 15. Developper faultsLibrary policy Upgrade to latest because it has less bug Unconditional compilation Work started in ulogd 2.0.2 Patch proposed by gentoo maintainer. Éric Leblond (OISF) Ulogd Distro Recipes 2013 11 / 14
  • 16. Developper faultsLibrary policy Upgrade to latest because it has less bug Unconditional compilation Work started in ulogd 2.0.2 Patch proposed by gentoo maintainer.Configuration upgrade Incompatible configuration file Incompatible database schema Éric Leblond (OISF) Ulogd Distro Recipes 2013 11 / 14
  • 17. Developper faultsLibrary policy Upgrade to latest because it has less bug Unconditional compilation Work started in ulogd 2.0.2 Patch proposed by gentoo maintainer.Configuration upgrade Incompatible configuration file Incompatible database schemaLack of documentation Few user documentation User don’t ask for it Netfilter should have a wiki soon Éric Leblond (OISF) Ulogd Distro Recipes 2013 11 / 14
  • 18. Distribution faults Éric Leblond (OISF) Ulogd Distro Recipes 2013 12 / 14
  • 19. Distribution faultsSome need to be boosted They could propose alternative to the old ulogd No move if upstream don’t move Éric Leblond (OISF) Ulogd Distro Recipes 2013 13 / 14
  • 20. Distribution faultsSome need to be boosted They could propose alternative to the old ulogd No move if upstream don’t moveFew but powerful users Lack of users The few one build appliance They maintain their version Éric Leblond (OISF) Ulogd Distro Recipes 2013 13 / 14
  • 21. Questions ?Contacts Directly: eric@regit.org Mailling List: netfilter-devel@vger.kernel.orgReferences Ulogd2: http://netfilter.org/projects/ulogd/index.html My blog: https://home.regit.org/ Éric Leblond (OISF) Ulogd Distro Recipes 2013 14 / 14