| Commit message (Collapse) | Author | Age |
|\
| |
| |
| | |
[dgit --quilt=gbp]
|
| |\
| | |
| | |
| | | |
[dgit --quilt=gbp --overwrite]
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
ulogd had a critical bug that is calling Async-Signal-Unsafe functions
in signal hander context.
- Most of libc functions like fopen(), malloc() are Async-Signal-Unsafe.
So you should not call these functions in signal handler context.
- Calling pluginstances in signal handler context is danger.
For implementer of pluginstances, it is very hard to recognize their
functions are called in signal handler context.
To solve the issue, I restructured signal handling by self-pipe trick.
For more detail on self-pipe trick, please see the following.
https://lwn.net/Articles/177897/
This patch will solve various symptoms like following.
- Deadlock
- Segmentation fault caused by libc management data corruption,
- Other unpredictable behavior.
Deadlock example
================
This bug was already filed at:
https://bugzilla.netfilter.org/show_bug.cgi?id=1030
I also hit this bug. The backtrace of this issue is following.
In this case, main thread was calling ctime(),
and signal handler called localtime_r().
That caused the dead lock while getting tzset_lock in __tz_convert().
Because vsyslog() is Async-Signal-Unsafe function, we cannot call
this function in signal handler context.
(gdb) bt
#0 __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95
#1 0x00007f3c3fc7e4ac in _L_lock_2462 () at tzset.c:621
#2 0x00007f3c3fc7e2e7 in __tz_convert (timer=0x7f3c3ff8bf00 <tzset_lock>,
timer@entry=0x7fffcfa923b8, use_localtime=use_localtime@entry=1,
tp=tp@entry=0x7fffcfa92400) at tzset.c:624
#3 0x00007f3c3fc7c28d in __localtime_r (t=t@entry=0x7fffcfa923b8,
tp=tp@entry=0x7fffcfa92400) at localtime.c:32
#4 0x00007f3c3fcbf1ba in __GI___vsyslog_chk (pri=<optimized out>, flag=1,
fmt=0x406fa8 "signal received, calling pluginstances\n", ap=0x7fffcfa924a0)
at ../misc/syslog.c:199
#5 0x00000000004037b5 in __ulogd_log ()
#6 0x00000000004047be in signal_handler ()
#7 <signal handler called>
#8 0x00007f3c3fcb62f5 in __GI___xstat (vers=<optimized out>,
name=0x7f3c3fd4b2c3 "/etc/localtime", buf=0x7fffcfa92c10)
at ../sysdeps/unix/sysv/linux/wordsize-64/xstat.c:37
#9 0x00007f3c3fc7e5f6 in __tzfile_read (file=file@entry=0x7f3c3fd4b2c3 "/etc/localtime",
extra=extra@entry=0, extrap=extrap@entry=0x0) at tzfile.c:170
#10 0x00007f3c3fc7d954 in tzset_internal (always=<optimized out>,
explicit=explicit@entry=1) at tzset.c:444
#11 0x00007f3c3fc7e303 in __tz_convert (timer=0x7fffcfa92d50,
use_localtime=use_localtime@entry=1, tp=tp@entry=0x7f3c3ff8ed80 <_tmbuf>)
at tzset.c:629
#12 0x00007f3c3fc7c2a1 in __GI_localtime (t=<optimized out>) at localtime.c:42
#13 0x00007f3c3fc7c1f9 in ctime (t=<optimized out>) at ctime.c:27
#14 0x00007f3c3e180ec2 in ?? ()
#15 0x0000000056a100c2 in ?? ()
#16 0xf8570f79d4fc4200 in ?? ()
#17 0x000000000209bec0 in ?? ()
#18 0x00007f3c4059f1f8 in ?? ()
#19 0x000000000000003c in ?? ()
#20 0x0000000000404952 in ulogd_propagate_results ()
#21 0x00007f3c3f9cc203 in ?? ()
#22 0x0000000000000000 in ?? ()
Segmentation fault in free()
============================
>From my experience, I think this was caused by some routine called
malloc()/free() in signal handler context.
By that, malloc() management data became inconsistent.
As a result, free() made a wrong dereference.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __GI___libc_free (mem=0x7f430f011000) at malloc.c:2903
2903 if (chunk_is_mmapped(p)) /* release mmapped memory. */
(gdb) bt
#0 __GI___libc_free (mem=0x7f430f011000) at malloc.c:2903
#1 0x00007f430e68affa in __GI__IO_free_backup_area (fp=fp@entry=0x742500)
at genops.c:210
#2 0x00007f430e68a795 in _IO_new_file_overflow (f=0x742500, ch=-1) at fileops.c:849
#3 0x00007f430e689511 in _IO_new_file_xsputn (f=0x742500, data=<optimized out>, n=15)
at fileops.c:1372
#4 0x00007f430e65aa4d in _IO_vfprintf_internal (s=s@entry=0x742500,
format=<optimized out>, format@entry=0x7f430cbc4008 "%.15s %s %s",
ap=ap@entry=0x7fff456ece38) at vfprintf.c:1635
#5 0x00007f430e71d615 in ___fprintf_chk (fp=0x742500, flag=flag@entry=1,
format=format@entry=0x7f430cbc4008 "%.15s %s %s") at fprintf_chk.c:36
#6 0x00007f430cbc3f04 in fprintf (__fmt=0x7f430cbc4008 "%.15s %s %s",
__stream=<optimized out>) at /usr/include/bits/stdio2.h:97
#7 _output_logemu (upi=0x74e5a0) at ulogd_output_LOGEMU.c:102
#8 0x0000000000404952 in ulogd_propagate_results ()
#9 0x00007f430e40f203 in interp_packet (ldata=0x7fff456ed060, pf_family=2 '\002',
upi=0x74a6b0) at ulogd_inppkt_NFLOG.c:400
#10 msg_cb (gh=<optimized out>, nfmsg=0x7f430efe2020, nfa=0x7fff456ed060, data=0x74a6b0)
at ulogd_inppkt_NFLOG.c:483
#11 0x00007f430e20a307 in __nflog_rcv_pkt (nlh=<optimized out>, nfa=<optimized out>,
data=<optimized out>) at libnetfilter_log.c:160
#12 0x00007f430e0056b7 in __nfnl_handle_msg (len=268, nlh=0x7f430efe2010, h=0x74e8e0)
at libnfnetlink.c:1236
#13 nfnl_handle_packet (h=0x74e8e0, buf=0x7f430efe2010 "\f\001", len=<optimized out>)
at libnfnetlink.c:1256
#14 0x00007f430e20a508 in nflog_handle_packet (h=<optimized out>, buf=<optimized out>,
len=<optimized out>) at libnetfilter_log.c:323
#15 0x00007f430e40eaed in nful_read_cb (fd=<optimized out>, what=<optimized out>,
param=0x74a6b0) at ulogd_inppkt_NFLOG.c:463
#16 0x0000000000404ee0 in ulogd_select_main ()
#17 0x0000000000402b17 in main ()
Signed-off-by: Hironobu Ishii <ishii.hironobu@jp.fujitsu.com>
Gbp-Pq: Name ulogd-restructures-signal-handling-by-self-pipe-tric.patch
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The paths in the ulogd(8) man page assume the package is called 'ulogd' and not
'ulogd2'. This patch updates the paths.
Author: Chris Boot <bootc@debian.org>
Bug-Ubuntu: https://launchpad.net/bugs/1232104
Forwarded: not-needed
Last-Update: 2013-11-14
Gbp-Pq: Name ulogd8-ulogd2.patch
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The standard configuration file sends logs to a number of files under
/var/log/. To keep things tidy, including the logrotate script, move all the
logs into a common parent directory.
Forwarded: not-needed
Last-Update: 2013-04-27
Gbp-Pq: Name put-logfiles-in-var-log-ulog.patch
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The simplest and likely most common usage scenario is to log packets to a
logfile using NFLOG, bypassing the kernel ringbuffer. Enable this by default.
Forwarded: not-needed
Last-Update: 2013-04-27
Gbp-Pq: Name enable-nflog-by-default.patch
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Send logging for ulogd itself to syslog rather than to file (not for iptables
logging), and explicitly set loglevel to info.
Forwarded: not-needed
Last-Update: 2013-04-27
Gbp-Pq: Name configure-logging.patch
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Switch to debhelper compat 10.
- debian/control: update and tidy up Build-Depends.
- debian/rules: tidy and remove implied autoreconf, systemd and parallel
options
* ulogd2.service: Add Documentation key
* Tighten ownership and permissions on /var/log/ulog. (Closes: #846843)
[dgit import unpatched ulogd2 2.0.5-5]
|
| | |
| | |
| | |
| | | |
[dgit import tarball ulogd2 2.0.5-5 ulogd2_2.0.5-5.debian.tar.xz]
|
| |
| |
| |
| | |
[dgit import orig ulogd2_2.0.5.orig.tar.bz2]
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The paths in the ulogd(8) man page assume the package is called 'ulogd' and not
'ulogd2'. This patch updates the paths.
Author: Chris Boot <bootc@debian.org>
Bug-Ubuntu: https://launchpad.net/bugs/1232104
Forwarded: not-needed
Last-Update: 2013-11-14
Gbp-Pq: Name ulogd8-ulogd2.patch
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The standard configuration file sends logs to a number of files under
/var/log/. To keep things tidy, including the logrotate script, move all the
logs into a common parent directory.
Forwarded: not-needed
Last-Update: 2013-04-27
Gbp-Pq: Name put-logfiles-in-var-log-ulog.patch
|
| |
| |
| |
| |
| |
| |
| |
| | |
The simplest and likely most common usage scenario is to log packets to a
logfile using NFLOG, bypassing the kernel ringbuffer. Enable this by default.
Forwarded: not-needed
Last-Update: 2013-04-27
Gbp-Pq: Name enable-nflog-by-default.patch
|
| |
| |
| |
| |
| |
| |
| |
| | |
Send logging for ulogd itself to syslog rather than to file (not for iptables
logging), and explicitly set loglevel to info.
Forwarded: not-needed
Last-Update: 2013-04-27
Gbp-Pq: Name configure-logging.patch
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bug-Debian: https://bugs.debian.org/916998
Forwarded: https://lore.kernel.org/netfilter-devel/20221211164631.812617-1-jeremy@azazel.net/
Last-Update: 2022-12-11
include-directory. This is in contrast the mysql_config and pcap_config.
Therefore, the `-I` option needs to be added explicitly.
Gbp-Pq: Name libpq-fall-back-fix.patch
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The paths in the ulogd(8) man page assume the package is called 'ulogd' and not
'ulogd2'. This patch updates the paths.
Author: Chris Boot <bootc@debian.org>
Bug-Ubuntu: https://launchpad.net/bugs/1232104
Forwarded: not-needed
Last-Update: 2013-11-14
Gbp-Pq: Name ulogd8-ulogd2.patch
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Forwarded: not-needed
Last-Update: 2013-04-27
The standard configuration file sends logs to a number of files under
/var/log/. To keep things tidy, including the logrotate script, move all the
logs into a common parent directory.
Gbp-Pq: Name put-logfiles-in-var-log-ulog.patch
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Forwarded: not-needed
Last-Update: 2013-04-27
The simplest and likely most common usage scenario is to log packets to a
logfile using NFLOG, bypassing the kernel ringbuffer. Enable this by default.
Gbp-Pq: Name enable-nflog-by-default.patch
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Forwarded: not-needed
Last-Update: 2013-04-27
Send logging for ulogd itself to syslog rather than to file (not for iptables
logging), and explicitly set loglevel to info.
Gbp-Pq: Name configure-logging.patch
|
| | |
|
| |
| |
| |
| |
| |
| | |
This reverts commit 8879772e32b465ebc1f3d2b202e117c60e8c7462.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805939#10.
|
| |
| |
| |
| | |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
permissions
Hitherto, if the "ulog" user did not exists `adduser` would create /var/log/ulog
with the wrong permissions and ownership, after which mkdir would attempt to
create it on a new install or upgrade from 2.0.5-5~, then correct the
permissions and ownership. Given that 2.0.5-5 was released in Stretch, in the
upgrade case the directory should already exists and be correct, and in the
new-install case, we end up creating the directory with the wrong perms,
redundantly try to create it a second time and correct the ownership and
permissions.
Instead, tell `adduser` _not_ to create the directory, and then create it and
set the ownership and permissions if it does not already exist.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| | |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| |
| |
| |
| | |
ulogd was replaced by ulogd2 in Jessie, so we no longer need to worry
about stopping it or removing the rc?.d links to its init-script.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
and will be created by `postinst` anyway
Listing the directory in ulogd2.dirs means it gets created with the wrong
ownership and permissions. When `adduser` is run to create the "ulog" account,
this leads it to complain:
adduser: Warning: The home directory `/var/log/ulog' does not belong to the
user you are currently creating.
Thereafter, ulogd2.postinst attempts, redundantly, to create the directory,
before correcting its ownership and permissions.
Instead, remove it from ulogd.dirs, and do everything in ulogd2.postinst.
Closes: #731638
Closes: #805940
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| |
| | |
Fixes: cccf22e9617d ("Update Lintian overrides")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| | |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In 2.0.8, the build-system was overhauled. The flags to enable pgsql,
mysql, dbi and JSON have changed, and pkg-config support has been
introduced. Furthermore, all the plug-ins of which the build-
dependencies are detected are now built by default. Thus, we can remove
the obsolete `--with-*` flags.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Most of the problems reported by Helmut in #916998 were fixed upstream
in 2.0.8. However, there is a bug in the libpq fall-back implementation
which is fixed by this patch.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| | |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| |
| | |
Closes: #805939
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| | |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| | |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| | |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| | |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| | |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| | |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| | |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| | |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| | |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 2f915c7e07002e9e8c0118ac5734ee4798ec3819.
While the plug-in packages themselves are theoretically co-installable, they
depend on ulogd2 itself which is not, leading Lintian to complain:
ulogd2 source: dependency-is-not-multi-archified ulogd2-dbi depends on ulogd2 (multi-arch: no)
ulogd2 source: dependency-is-not-multi-archified ulogd2-json depends on ulogd2 (multi-arch: no)
ulogd2 source: dependency-is-not-multi-archified ulogd2-mysql depends on ulogd2 (multi-arch: no)
ulogd2 source: dependency-is-not-multi-archified ulogd2-pcap depends on ulogd2 (multi-arch: no)
ulogd2 source: dependency-is-not-multi-archified ulogd2-pgsql depends on ulogd2 (multi-arch: no)
ulogd2 source: dependency-is-not-multi-archified ulogd2-sqlite3 depends on ulogd2 (multi-arch: no)
Thus there is no point marking the plug-ins as `Multi-Arch: same`.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| | |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| | |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| | |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| | |
|
| |
| |
| |
| |
| |
| | |
`debhelper-compat = 13` to d/control.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| | |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
| |
| |
| |
| | |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
|\ \
| | |
| | |
| | | |
Update to upstream version '2.0.8'
with Debian dir 0a197fa43638f3a396516ae5bc13e184ebfcd575
|