Ulogd                             or               Where kernel devels meet users                         Éric Leblond    ...
Some word about meEric Leblond   French   Previously, co-founder and CTO of EdenWall (RIP)   Now, Contractor   Suricata ID...
Some word about meEric Leblond    French    Previously, co-founder and CTO of EdenWall (RIP)    Now, Contractor    Suricat...
At the beginning was syslogPre Netfilter days    Flat packet logging    One line per packet           A lot of information ...
At the beginning was syslogPre Netfilter days      Flat packet logging      One line per packet              A lot of infor...
Ulogd daysULOG   Netfilter introduces ULOG target   iptables -A INPUT -p tcp -j ULOG --ulog-prefix "bad packet"   Communica...
Ulogd daysULOG   Netfilter introduces ULOG target   iptables -A INPUT -p tcp -j ULOG --ulog-prefix "bad packet"   Communica...
History2.6.14 introduced new kernel-user interactions    libnetfilter_queue: userspace decision    libnetfilter_log: logging...
History2.6.14 introduced new kernel-user interactions    libnetfilter_queue: userspace decision    libnetfilter_log: logging...
Ulogd2: an ulogd generalisationUlogd2    Interact with the new libraries    Rewrite of ulogdlibnetfilter_log (generalized u...
Ulogd in distributions                           Distribution          Ulogd version                           Linux Mint ...
Let me in!!    Éric Leblond (OISF)   Ulogd   Distro Recipes 2013   8 / 14
State of dependencies Distribution             Ulogd   libnfnetlink      libmnl   log      conntrack     acct Upstream    ...
Developper faults   Éric Leblond (OISF)   Ulogd   Distro Recipes 2013   10 / 14
Developper faultsLibrary policy    Upgrade to latest because it has less bug    Unconditional compilation           Work s...
Developper faultsLibrary policy    Upgrade to latest because it has less bug    Unconditional compilation           Work s...
Developper faultsLibrary policy    Upgrade to latest because it has less bug    Unconditional compilation           Work s...
Distribution faults    Éric Leblond (OISF)   Ulogd   Distro Recipes 2013   12 / 14
Distribution faultsSome need to be boosted    They could propose alternative to the old ulogd    No move if upstream don’t...
Distribution faultsSome need to be boosted    They could propose alternative to the old ulogd    No move if upstream don’t...
Questions ?Contacts   Directly: eric@regit.org   Mailling List: netfilter-devel@vger.kernel.orgReferences   Ulogd2:   http:...
Upcoming SlideShare
Loading in...5
×

Distro Recipes 2013 : Upstream management and consequences on the distributions: the case of ul…

474

Published on

https://distro-recipes.org

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
474
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Distro Recipes 2013 : Upstream management and consequences on the distributions: the case of ul…

  1. 1. Ulogd or Where kernel devels meet users Éric Leblond OISF Distro Recipes 2013Éric Leblond (OISF) Ulogd Distro Recipes 2013 1 / 14
  2. 2. Some word about meEric Leblond French Previously, co-founder and CTO of EdenWall (RIP) Now, Contractor Suricata IDS/IPS developer @Regiteric on Twitter Éric Leblond (OISF) Ulogd Distro Recipes 2013 2 / 14
  3. 3. Some word about meEric Leblond French Previously, co-founder and CTO of EdenWall (RIP) Now, Contractor Suricata IDS/IPS developer @Regiteric on Twitterregit@netfilter.org Netfilter Coreteam Member Working on: some kernel stuff libnetfilter_queue and userspace library ulogd2 maintainer Éric Leblond (OISF) Ulogd Distro Recipes 2013 2 / 14
  4. 4. At the beginning was syslogPre Netfilter days Flat packet logging One line per packet A lot of information Non searchable Éric Leblond (OISF) Ulogd Distro Recipes 2013 3 / 14
  5. 5. At the beginning was syslogPre Netfilter days Flat packet logging One line per packet A lot of information Non searchableNot sexyINPUT DROP IN=eth0 OUT= MAC=00:1a:92:05:ee:68:00:b0:8e:83:3b:f0:08:00 SRC=62.212.121.211 DST=91.121IN IN=eth0 OUT= MAC=d4:be:d9:69:d1:51:00:11:95:63:c7:5e:08:00 SRC=31.13.80.7 DST=192.168.11.3 LEN=4IN IN=eth0 OUT= MAC=d4:be:d9:69:d1:51:00:11:95:63:c7:5e:08:00 SRC=31.13.80.23 DST=192.168.11.3 LEN=IN IN=eth0 OUT= MAC=d4:be:d9:69:d1:51:00:11:95:63:c7:5e:08:00 SRC=31.13.80.7 DST=192.168.11.3 LEN=4IN IN=eth0 OUT= MAC=d4:be:d9:69:d1:51:00:11:95:63:c7:5e:08:00 SRC=31.13.80.7 DST=192.168.11.3 LEN=4 Éric Leblond (OISF) Ulogd Distro Recipes 2013 3 / 14
  6. 6. Ulogd daysULOG Netfilter introduces ULOG target iptables -A INPUT -p tcp -j ULOG --ulog-prefix "bad packet" Communication via a netlink socket Special type of socket used for kernel userspace bidirectionnal communication Éric Leblond (OISF) Ulogd Distro Recipes 2013 4 / 14
  7. 7. Ulogd daysULOG Netfilter introduces ULOG target iptables -A INPUT -p tcp -j ULOG --ulog-prefix "bad packet" Communication via a netlink socket Special type of socket used for kernel userspace bidirectionnal communicationUlogd, a ULOG logging daemon Syslog and file output SQL output: PGSQL, MySQL, SQLite Éric Leblond (OISF) Ulogd Distro Recipes 2013 4 / 14
  8. 8. History2.6.14 introduced new kernel-user interactions libnetfilter_queue: userspace decision libnetfilter_log: logging libnetfilter_conntrack: connection tracking handling Éric Leblond (OISF) Ulogd Distro Recipes 2013 5 / 14
  9. 9. History2.6.14 introduced new kernel-user interactions libnetfilter_queue: userspace decision libnetfilter_log: logging libnetfilter_conntrack: connection tracking handlingA long development Started in 2005 by Harald Welte Ulogd 2.0.0 beta1: 2006/01/09 Ulogd 2.0.0: 2012/06/17 Ulogd 2.0.2: 2013/03/03 Éric Leblond (OISF) Ulogd Distro Recipes 2013 5 / 14
  10. 10. Ulogd2: an ulogd generalisationUlogd2 Interact with the new libraries Rewrite of ulogdlibnetfilter_log (generalized ulog) Packet logging IPv6 ready Few structural modificationlibnetfilter_conntrack (new) Connection tracking logging Accounting, logginglibnetfilter_nfacct (added recently) High performance accounting Éric Leblond (OISF) Ulogd Distro Recipes 2013 6 / 14
  11. 11. Ulogd in distributions Distribution Ulogd version Linux Mint 1.24 Ubuntu 1.24 Fedora 2.0.0 Debian GNU/Linux 1.24 Debian testing 1.24 openSUSE 2.0.1 Arch Linux 2.0.1 PCLinuxOS X CentOS X Mageia X Slackware Linux XDistribution list: http://distrowatch.com/dwres.php?resource=major Éric Leblond (OISF) Ulogd Distro Recipes 2013 7 / 14
  12. 12. Let me in!! Éric Leblond (OISF) Ulogd Distro Recipes 2013 8 / 14
  13. 13. State of dependencies Distribution Ulogd libnfnetlink libmnl log conntrack acct Upstream 2.0.2 1.0.1 1.0.3 1.0.1 1.0.3 1.0.2 Requirement 1.0.1 1.0.3 1.0.0 1.0.2 1.0.1 Linux Mint 1.24 1.0.0 1.0.1 1.0.0 0.9.1 X Ubuntu 1.24 1.0.0 1.0.3 1.0.0 1.0.1 X Fedora 2.0.0 1.0.1 1.0.3 1.0.1 1.0.2 X Debian GNU/Linux 1.24 1.0.0 X 0.0.16 0.0.101 X Debian testing 1.24 1.0.0 1.0.3 1.0.0 1.0.1 X openSUSE 2.0.1 1.0.1 1.0.3 1.0.1 1.0.2 1.0.1 Arch Linux 2.0.1 1.0.1 1.0.3 1.0.1 1.0.3 1.0.2 PCLinuxOS X X X X X X CentOS X X X X X X Mageia X X 1.0.2 X X X Slackware Linux X X X X X X Éric Leblond (OISF) Ulogd Distro Recipes 2013 9 / 14
  14. 14. Developper faults Éric Leblond (OISF) Ulogd Distro Recipes 2013 10 / 14
  15. 15. Developper faultsLibrary policy Upgrade to latest because it has less bug Unconditional compilation Work started in ulogd 2.0.2 Patch proposed by gentoo maintainer. Éric Leblond (OISF) Ulogd Distro Recipes 2013 11 / 14
  16. 16. Developper faultsLibrary policy Upgrade to latest because it has less bug Unconditional compilation Work started in ulogd 2.0.2 Patch proposed by gentoo maintainer.Configuration upgrade Incompatible configuration file Incompatible database schema Éric Leblond (OISF) Ulogd Distro Recipes 2013 11 / 14
  17. 17. Developper faultsLibrary policy Upgrade to latest because it has less bug Unconditional compilation Work started in ulogd 2.0.2 Patch proposed by gentoo maintainer.Configuration upgrade Incompatible configuration file Incompatible database schemaLack of documentation Few user documentation User don’t ask for it Netfilter should have a wiki soon Éric Leblond (OISF) Ulogd Distro Recipes 2013 11 / 14
  18. 18. Distribution faults Éric Leblond (OISF) Ulogd Distro Recipes 2013 12 / 14
  19. 19. Distribution faultsSome need to be boosted They could propose alternative to the old ulogd No move if upstream don’t move Éric Leblond (OISF) Ulogd Distro Recipes 2013 13 / 14
  20. 20. Distribution faultsSome need to be boosted They could propose alternative to the old ulogd No move if upstream don’t moveFew but powerful users Lack of users The few one build appliance They maintain their version Éric Leblond (OISF) Ulogd Distro Recipes 2013 13 / 14
  21. 21. Questions ?Contacts Directly: eric@regit.org Mailling List: netfilter-devel@vger.kernel.orgReferences Ulogd2: http://netfilter.org/projects/ulogd/index.html My blog: https://home.regit.org/ Éric Leblond (OISF) Ulogd Distro Recipes 2013 14 / 14
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×