Commit 7200135b authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso

netfilter: kill ulog targets

This has been marked as deprecated for quite some time and the NFLOG
target replacement has been also available since 2006.
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 9500507c
...@@ -14,6 +14,5 @@ header-y += ebt_nflog.h ...@@ -14,6 +14,5 @@ header-y += ebt_nflog.h
header-y += ebt_pkttype.h header-y += ebt_pkttype.h
header-y += ebt_redirect.h header-y += ebt_redirect.h
header-y += ebt_stp.h header-y += ebt_stp.h
header-y += ebt_ulog.h
header-y += ebt_vlan.h header-y += ebt_vlan.h
header-y += ebtables.h header-y += ebtables.h
#ifndef _EBT_ULOG_H
#define _EBT_ULOG_H
#include <linux/types.h>
#define EBT_ULOG_DEFAULT_NLGROUP 0
#define EBT_ULOG_DEFAULT_QTHRESHOLD 1
#define EBT_ULOG_MAXNLGROUPS 32 /* hardcoded netlink max */
#define EBT_ULOG_PREFIX_LEN 32
#define EBT_ULOG_MAX_QLEN 50
#define EBT_ULOG_WATCHER "ulog"
#define EBT_ULOG_VERSION 1
struct ebt_ulog_info {
__u32 nlgroup;
unsigned int cprange;
unsigned int qthreshold;
char prefix[EBT_ULOG_PREFIX_LEN];
};
typedef struct ebt_ulog_packet_msg {
int version;
char indev[IFNAMSIZ];
char outdev[IFNAMSIZ];
char physindev[IFNAMSIZ];
char physoutdev[IFNAMSIZ];
char prefix[EBT_ULOG_PREFIX_LEN];
struct timeval stamp;
unsigned long mark;
unsigned int hook;
size_t data_len;
/* The complete packet, including Ethernet header and perhaps
* the VLAN header is appended */
unsigned char data[0] __attribute__
((aligned (__alignof__(struct ebt_ulog_info))));
} ebt_ulog_packet_msg_t;
#endif /* _EBT_ULOG_H */
...@@ -5,7 +5,6 @@ header-y += ipt_ECN.h ...@@ -5,7 +5,6 @@ header-y += ipt_ECN.h
header-y += ipt_LOG.h header-y += ipt_LOG.h
header-y += ipt_REJECT.h header-y += ipt_REJECT.h
header-y += ipt_TTL.h header-y += ipt_TTL.h
header-y += ipt_ULOG.h
header-y += ipt_ah.h header-y += ipt_ah.h
header-y += ipt_ecn.h header-y += ipt_ecn.h
header-y += ipt_ttl.h header-y += ipt_ttl.h
/* Header file for IP tables userspace logging, Version 1.8
*
* (C) 2000-2002 by Harald Welte <laforge@gnumonks.org>
*
* Distributed under the terms of GNU GPL */
#ifndef _IPT_ULOG_H
#define _IPT_ULOG_H
#ifndef NETLINK_NFLOG
#define NETLINK_NFLOG 5
#endif
#define ULOG_DEFAULT_NLGROUP 1
#define ULOG_DEFAULT_QTHRESHOLD 1
#define ULOG_MAC_LEN 80
#define ULOG_PREFIX_LEN 32
#define ULOG_MAX_QLEN 50
/* Why 50? Well... there is a limit imposed by the slab cache 131000
* bytes. So the multipart netlink-message has to be < 131000 bytes.
* Assuming a standard ethernet-mtu of 1500, we could define this up
* to 80... but even 50 seems to be big enough. */
/* private data structure for each rule with a ULOG target */
struct ipt_ulog_info {
unsigned int nl_group;
size_t copy_range;
size_t qthreshold;
char prefix[ULOG_PREFIX_LEN];
};
/* Format of the ULOG packets passed through netlink */
typedef struct ulog_packet_msg {
unsigned long mark;
long timestamp_sec;
long timestamp_usec;
unsigned int hook;
char indev_name[IFNAMSIZ];
char outdev_name[IFNAMSIZ];
size_t data_len;
char prefix[ULOG_PREFIX_LEN];
unsigned char mac_len;
unsigned char mac[ULOG_MAC_LEN];
unsigned char payload[0];
} ulog_packet_msg_t;
#endif /*_IPT_ULOG_H*/
...@@ -202,22 +202,6 @@ config BRIDGE_EBT_LOG ...@@ -202,22 +202,6 @@ config BRIDGE_EBT_LOG
To compile it as a module, choose M here. If unsure, say N. To compile it as a module, choose M here. If unsure, say N.
config BRIDGE_EBT_ULOG
tristate "ebt: ulog support (OBSOLETE)"
help
This option enables the old bridge-specific "ebt_ulog" implementation
which has been obsoleted by the new "nfnetlink_log" code (see
CONFIG_NETFILTER_NETLINK_LOG).
This option adds the ulog watcher, that you can use in any rule
in any ebtables table. The packet is passed to a userspace
logging daemon using netlink multicast sockets. This differs
from the log watcher in the sense that the complete packet is
sent to userspace instead of a descriptive text and that
netlink multicast sockets are used instead of the syslog.
To compile it as a module, choose M here. If unsure, say N.
config BRIDGE_EBT_NFLOG config BRIDGE_EBT_NFLOG
tristate "ebt: nflog support" tristate "ebt: nflog support"
help help
......
This diff is collapsed.
...@@ -159,25 +159,6 @@ config IP_NF_TARGET_SYNPROXY ...@@ -159,25 +159,6 @@ config IP_NF_TARGET_SYNPROXY
To compile it as a module, choose M here. If unsure, say N. To compile it as a module, choose M here. If unsure, say N.
config IP_NF_TARGET_ULOG
tristate "ULOG target support (obsolete)"
default m if NETFILTER_ADVANCED=n
---help---
This option enables the old IPv4-only "ipt_ULOG" implementation
which has been obsoleted by the new "nfnetlink_log" code (see
CONFIG_NETFILTER_NETLINK_LOG).
This option adds a `ULOG' target, which allows you to create rules in
any iptables table. The packet is passed to a userspace logging
daemon using netlink multicast sockets; unlike the LOG target
which can only be viewed through syslog.
The appropriate userspace logging daemon (ulogd) may be obtained from
<http://www.netfilter.org/projects/ulogd/index.html>
To compile it as a module, choose M here. If unsure, say N.
# NAT + specific targets: nf_conntrack # NAT + specific targets: nf_conntrack
config NF_NAT_IPV4 config NF_NAT_IPV4
tristate "IPv4 NAT" tristate "IPv4 NAT"
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment