Hi,

Le vendredi 26 février 2010 à 21:54 +0100, Pierre Chifflier a écrit :
> Hi,
> 
> Here is an updated version of the UNIXSOCK plugin.
> 
> Changes for v5:
> - align all structures on 64 bits instead of 32
>   This has been tested on a sparc64 (thanks to Jan)
> - update pcap2ulog to handle different pcap formats

As change with previous version are quiet small, I don't think there
will be a "long" discussion anymore.

I will give it some tests and push this patchset to the tree if I did
not detect problem with it.

BR,

> 
> Changes for v4:
> - use structures instead of reading integers directly
> - all structures and fields are now aligned (4 bytes)
> - update pcap2ulog script to use aligned data as well
> 
> Changes for v3:
> - if the bufsize value (from conf) is 0, try to guess the buffer size
>   using getsockopt(SOL_SOCKET, SO_RCVBUF ..)
> - set default path to /var/run/ulogd/ulogd2.sock with mode 0600
> - add new configuration options perms, owner and group to be able
>   to set these parameters on the created socket
> - change the input algorithm to make it more robust against junk data (which
>   can happen if the client is desynchronized)
> - fixed a few bugs
> 
> Description:
> 
> [1] add new input plugin UNISOCK, using a unix socket. This allows userspace
> applications to send packets to ulogd, for example to send packets offline.
> It uses a key-length-value protocol to handle optional fields or extensions.
> 
> [2] is a Perl script to load a PCAP file and send it to ulogd using the
> UNIXSOCK plugin.
> 
> Pierre
> 


-- 
Eric Leblond <eric@inl.fr>
INL: http://www.inl.fr/
NuFW: http://www.nufw.org/