Distro Recipes 2013 : Upstream management and consequences on the  distributions: the case of ul…
Upcoming SlideShare
Loading in...5
×
 

Distro Recipes 2013 : Upstream management and consequences on the distributions: the case of ul…

on

  • 700 views

https://distro-recipes.org

https://distro-recipes.org

Statistics

Views

Total Views
700
Views on SlideShare
695
Embed Views
5

Actions

Likes
0
Downloads
5
Comments
0

1 Embed 5

https://twitter.com 5

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-ShareAlike LicenseCC Attribution-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Distro Recipes 2013 : Upstream management and consequences on the  distributions: the case of ul… Distro Recipes 2013 : Upstream management and consequences on the distributions: the case of ul… Presentation Transcript

  • Ulogd or Where kernel devels meet users Éric Leblond OISF Distro Recipes 2013Éric Leblond (OISF) Ulogd Distro Recipes 2013 1 / 14
  • Some word about meEric Leblond French Previously, co-founder and CTO of EdenWall (RIP) Now, Contractor Suricata IDS/IPS developer @Regiteric on Twitter Éric Leblond (OISF) Ulogd Distro Recipes 2013 2 / 14
  • Some word about meEric Leblond French Previously, co-founder and CTO of EdenWall (RIP) Now, Contractor Suricata IDS/IPS developer @Regiteric on Twitterregit@netfilter.org Netfilter Coreteam Member Working on: some kernel stuff libnetfilter_queue and userspace library ulogd2 maintainer Éric Leblond (OISF) Ulogd Distro Recipes 2013 2 / 14 View slide
  • At the beginning was syslogPre Netfilter days Flat packet logging One line per packet A lot of information Non searchable Éric Leblond (OISF) Ulogd Distro Recipes 2013 3 / 14 View slide
  • At the beginning was syslogPre Netfilter days Flat packet logging One line per packet A lot of information Non searchableNot sexyINPUT DROP IN=eth0 OUT= MAC=00:1a:92:05:ee:68:00:b0:8e:83:3b:f0:08:00 SRC=62.212.121.211 DST=91.121IN IN=eth0 OUT= MAC=d4:be:d9:69:d1:51:00:11:95:63:c7:5e:08:00 SRC=31.13.80.7 DST=192.168.11.3 LEN=4IN IN=eth0 OUT= MAC=d4:be:d9:69:d1:51:00:11:95:63:c7:5e:08:00 SRC=31.13.80.23 DST=192.168.11.3 LEN=IN IN=eth0 OUT= MAC=d4:be:d9:69:d1:51:00:11:95:63:c7:5e:08:00 SRC=31.13.80.7 DST=192.168.11.3 LEN=4IN IN=eth0 OUT= MAC=d4:be:d9:69:d1:51:00:11:95:63:c7:5e:08:00 SRC=31.13.80.7 DST=192.168.11.3 LEN=4 Éric Leblond (OISF) Ulogd Distro Recipes 2013 3 / 14
  • Ulogd daysULOG Netfilter introduces ULOG target iptables -A INPUT -p tcp -j ULOG --ulog-prefix "bad packet" Communication via a netlink socket Special type of socket used for kernel userspace bidirectionnal communication Éric Leblond (OISF) Ulogd Distro Recipes 2013 4 / 14
  • Ulogd daysULOG Netfilter introduces ULOG target iptables -A INPUT -p tcp -j ULOG --ulog-prefix "bad packet" Communication via a netlink socket Special type of socket used for kernel userspace bidirectionnal communicationUlogd, a ULOG logging daemon Syslog and file output SQL output: PGSQL, MySQL, SQLite Éric Leblond (OISF) Ulogd Distro Recipes 2013 4 / 14
  • History2.6.14 introduced new kernel-user interactions libnetfilter_queue: userspace decision libnetfilter_log: logging libnetfilter_conntrack: connection tracking handling Éric Leblond (OISF) Ulogd Distro Recipes 2013 5 / 14
  • History2.6.14 introduced new kernel-user interactions libnetfilter_queue: userspace decision libnetfilter_log: logging libnetfilter_conntrack: connection tracking handlingA long development Started in 2005 by Harald Welte Ulogd 2.0.0 beta1: 2006/01/09 Ulogd 2.0.0: 2012/06/17 Ulogd 2.0.2: 2013/03/03 Éric Leblond (OISF) Ulogd Distro Recipes 2013 5 / 14
  • Ulogd2: an ulogd generalisationUlogd2 Interact with the new libraries Rewrite of ulogdlibnetfilter_log (generalized ulog) Packet logging IPv6 ready Few structural modificationlibnetfilter_conntrack (new) Connection tracking logging Accounting, logginglibnetfilter_nfacct (added recently) High performance accounting Éric Leblond (OISF) Ulogd Distro Recipes 2013 6 / 14
  • Ulogd in distributions Distribution Ulogd version Linux Mint 1.24 Ubuntu 1.24 Fedora 2.0.0 Debian GNU/Linux 1.24 Debian testing 1.24 openSUSE 2.0.1 Arch Linux 2.0.1 PCLinuxOS X CentOS X Mageia X Slackware Linux XDistribution list: http://distrowatch.com/dwres.php?resource=major Éric Leblond (OISF) Ulogd Distro Recipes 2013 7 / 14
  • Let me in!! Éric Leblond (OISF) Ulogd Distro Recipes 2013 8 / 14
  • State of dependencies Distribution Ulogd libnfnetlink libmnl log conntrack acct Upstream 2.0.2 1.0.1 1.0.3 1.0.1 1.0.3 1.0.2 Requirement 1.0.1 1.0.3 1.0.0 1.0.2 1.0.1 Linux Mint 1.24 1.0.0 1.0.1 1.0.0 0.9.1 X Ubuntu 1.24 1.0.0 1.0.3 1.0.0 1.0.1 X Fedora 2.0.0 1.0.1 1.0.3 1.0.1 1.0.2 X Debian GNU/Linux 1.24 1.0.0 X 0.0.16 0.0.101 X Debian testing 1.24 1.0.0 1.0.3 1.0.0 1.0.1 X openSUSE 2.0.1 1.0.1 1.0.3 1.0.1 1.0.2 1.0.1 Arch Linux 2.0.1 1.0.1 1.0.3 1.0.1 1.0.3 1.0.2 PCLinuxOS X X X X X X CentOS X X X X X X Mageia X X 1.0.2 X X X Slackware Linux X X X X X X Éric Leblond (OISF) Ulogd Distro Recipes 2013 9 / 14
  • Developper faults Éric Leblond (OISF) Ulogd Distro Recipes 2013 10 / 14
  • Developper faultsLibrary policy Upgrade to latest because it has less bug Unconditional compilation Work started in ulogd 2.0.2 Patch proposed by gentoo maintainer. Éric Leblond (OISF) Ulogd Distro Recipes 2013 11 / 14
  • Developper faultsLibrary policy Upgrade to latest because it has less bug Unconditional compilation Work started in ulogd 2.0.2 Patch proposed by gentoo maintainer.Configuration upgrade Incompatible configuration file Incompatible database schema Éric Leblond (OISF) Ulogd Distro Recipes 2013 11 / 14
  • Developper faultsLibrary policy Upgrade to latest because it has less bug Unconditional compilation Work started in ulogd 2.0.2 Patch proposed by gentoo maintainer.Configuration upgrade Incompatible configuration file Incompatible database schemaLack of documentation Few user documentation User don’t ask for it Netfilter should have a wiki soon Éric Leblond (OISF) Ulogd Distro Recipes 2013 11 / 14
  • Distribution faults Éric Leblond (OISF) Ulogd Distro Recipes 2013 12 / 14
  • Distribution faultsSome need to be boosted They could propose alternative to the old ulogd No move if upstream don’t move Éric Leblond (OISF) Ulogd Distro Recipes 2013 13 / 14
  • Distribution faultsSome need to be boosted They could propose alternative to the old ulogd No move if upstream don’t moveFew but powerful users Lack of users The few one build appliance They maintain their version Éric Leblond (OISF) Ulogd Distro Recipes 2013 13 / 14
  • Questions ?Contacts Directly: eric@regit.org Mailling List: netfilter-devel@vger.kernel.orgReferences Ulogd2: http://netfilter.org/projects/ulogd/index.html My blog: https://home.regit.org/ Éric Leblond (OISF) Ulogd Distro Recipes 2013 14 / 14