1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361
|
version 1.4.14 - 29-Sep-2001 - Etienne Bernard
----------------------------------------------
"ignore all" and "log all" options are now available. Simplified the memory
handling at certain places so that the memory leak detection should be
simplified but did not manage to find the memory leak described in debian bug
report #111190. Anyway, I found a minor memory leak in the filter reloading
(this should only occur if you specify a rule with a TO <hostmask>|<hostname>
without a FROM <hostmask>|<hostname> rule).
version 1.4.13 - 14-Apr-2001 - Etienne Bernard
----------------------------------------------
Fixed the parsing of hostnames containing a "-".
version 1.4.12 - 05-Nov-2000 - Etienne Bernard
----------------------------------------------
Forgot to bump up version number.
Changed to manual page to tell that the default behaviour is changed
to not resolve.
version 1.4.11 - 28-Oct-2000 - Etienne Bernard
----------------------------------------------
Parsing of port ranges (port--port) was broken (see Debian bug #69160).
Applied patch from Matt Zimmerman <mdz@csh.rit.edu> (see Debian bug #72323)
Tell the resolver to use UDP instead of TCP. Should fix Debian bug #75305.
Set default to *NO RESOLVE* (as suggested in Debian bug #50359).
Some exit conditions (in icmp.c, tcp.c and udp.c) now log a message before
stopping ippl. Should ease bug detection.
version 1.4.10 - 21-Apr-2000 - Hugo Haas
----------------------------------------
Parsing of x.x.x.x/n was broken.
Applied patch by Charles C.Fu <ccwf@bacchus.com>.
version 1.4.9 - 11-Feb-2000 - Hugo Haas
---------------------------------------
ippl would change UID, but not GID. See Debian bug #55864.
Patch by Topi Miettinen <Topi.Miettinen@nic.fi>.
version 1.4.8 - 11/10/99 - Hugo Haas
------------------------------------
go_background() now uses daemon(). Cleaned up code.
Stopped complaining about packets with options in the IP header. Those options
are legitimate (source routing). I had kept that from iplogger's behavior.
Fixed a typo in ippl.conf man page.
version 1.4.7 - 5/9/99 - Hugo Haas
----------------------------------
Updated documentation.
version 1.4.pre7 - 29/8/99 - Hugo Haas
--------------------------------------
Updated ippl.conf.man to specify a new format for the netmasks.
Now support syslogd-like 'last message repeated x time(s)' thanks to Per/dw
<dw@lixom.nu>.
version 1.4.6 - 16/6/99 - Hugo Haas
-----------------------------------
Fixes a parsing problem for "port pop-3" (patch by Etienne).
Fixes a couple of problems in the Makefile system. More fixes to come.
version 1.4.5 - 16/4/99 - Etienne Bernard
-----------------------------------------
Fixes another problem with ident resolution.
version 1.4.4 - 12/4/99 - Hugo Haas
-----------------------------------
Applied patch from Etienne solving a problem related to the parsing of
port ranges.
version 1.4.3 - 09/04/99 - Etienne Bernard
------------------------------------------
Implemented a better solution for the problem described below, thanks to
Frank Pavageau <pavageau@imaginet.fr>. Maybe I should buy "Advanced
Programming in the Unix Environment" by Richard R. Stevens :-) (donations
are also accepted, of course :-)
version 1.4.2 - 07/04/99 - Etienne Bernard
------------------------------------------
Fixed a bug related to the ident function. I am not satisfied by the solution
that I used, and I will change it as soon as I get rid of a problem related
to signals and multithreading.
version 1.4.1 - 05/04/99 - Etienne Bernard
------------------------------------------
Integrated patch for filtering on source port from Charles R. Anderson
(<cra@angus.ind.WPI.EDU>).
Corrected debian bug #35365 (see http://www.debian.org/Bugs/db/35/35365.html),
thanks to Gal Roualland <rouallan@info.enserb.u-bordeaux.fr>.
Fixed a bug which caused ippl to take 100 % CPU on ident requests sometimes.
version 1.4.0 - 26/3/99 - Hugo Haas
-----------------------------------
ippl.y: now run works fine if it called more than once.
udp.c: changed the message displayed to "port x UDP datagram from x";
fixes the problem "UDP datagram port port x" since service_lookup()
returns "port x" if x is an unknown port.
ident.c: closed the socket after lookup.
version 1.3.9 - 17/3/99 - Hugo Haas
-----------------------------------
Changed ippl.y: now handle errors in the Line section, not in the Rule one.
Added code to debug parsing mechanism (--enable-parsing-debug).
Removed test against ALL_PROTO in do_log() since it is not supported anymore.
version 1.3.8 - 16/3/99 - Hugo Haas
-----------------------------------
Corrected a typo in configuration.c.
Removed reference to the all keyword for a rule in the man page.
Added filter debugging code.
version 1.3.7 - 15/3/99 - Hugo Haas
-----------------------------------
Added the possibility to change the user running the logging threads.
The default user can be modify using the --with-user=USER option of
configure. At run time, it is specified with the "runas" keyword.
configuration.c: reset all the variables to their default values when
reading configuration. Defined set_default_values().
main.c: do not stop anymore when the account used is not found or when
there is nothing to log. Instead, display a warning and do nothing.
version 1.3.6 - 14/3/99 - Hugo Haas
-----------------------------------
Modified configure.in.
Modified INSTALL.
version 1.3.5 - 13/3/99 - Hugo Haas & Etienne Bernard
-----------------------------------------------------
ippl.l, ippl.y, filter.h & tcp.c: added logclosing/nologclosing rule in
order to log TCP connection closings.
Added configuration capabilities.
version 1.3.4 - 12/3/99 - Hugo Haas & Etienne Bernard
-----------------------------------------------------
netutils.c: changed get_details() so that it does not display the
port numbers only if source and destination ports are equal to 0.
configuration.c: reset the line count before parsing the configuration
file.
ippl.l & ippl.y: fixed a stupid error that caused ident mechanism activation
when an invalid rule was entered. The error is now properly reported.
main.c: cosmetic changes
version 1.3.3 - 9/3/99 - Hugo Haas
----------------------------------
main.c, filter.c, filter.h: added a destroy_filter() function which
purges the existing filter. It now does it correctly (bugs = bugs - 1).
ippl.y: enabled DNS resolution by default.
Modified information files.
version 1.3.2 - 07/3/99 - Etienne Bernard
-----------------------------------------
Cleaned up the code a bit
Merged libc5 patch from Hugo.
version 1.3.1 - 07/3/99 - Etienne Bernard
-----------------------------------------
Modified lots of things:
- name resolution can be done protocol by protocol and rule by rule
- added "short" logging format
- the logging format can be configured protocol by protocol and rule
by rule
- the ident resolution can be configured rule by rule
PLEASE NOTE THAT THE FORMAT OF THE CONFIGURATION FILE HAS CHANGED, AND
THAT YOU WILL PROBABLY HAVE TO REWRITE AND/OR UPDATE YOURS.
version 1.3 - 06/3/99 - Etienne Bernard
---------------------------------------
Added ident mechanism to log remote username.
Added interface for passing information from the filter structure
to the logging function.
version 1.2.4 - 6/3/99 - Hugo Haas
----------------------------------
Modified filter.c, netutils.c: a rule containing a wildcard will no
longer make ippl crash if the noresolve option is used.
Man page updated.
version 1.2.3 - 6/3/99 - Hugo Haas
----------------------------------
Included a patch from Etienne fixing some problems in the configuration
parsing.
version 1.2.2 - 4/3/99 - Hugo Haas
----------------------------------
Removed a stupid line in main.c displaying "test" in the logs...
version 1.2.1 - 3/3/99 - Hugo Haas
----------------------------------
Corrected a bug in main.c: all the file descriptors were closed in
go_background() including those for the log files. Moreover, the connection
to syslog was not open systematically.
version 1.2 - 27/2/99 - Hugo Haas
---------------------------------
Corrected a bug in the configuration parsing: "run all" was not
logging anything.
The --no-resolve and --long options do not exist anymore. They have
been replaced by new rules in the configuration file. Now, the
detailed output can be set on a per-protocol basis.
Modified the README file, the CREDITS file and the man pages.
Removed potential problems ((v)sprintf -> (v)snprintf).
Code clean-up.
Added generic interface for logging. Now it is possible to log in a
file (on a per-protocol basis). Use the SIGHUP signal to reopen the
log files.
version 1.1 - 20/2/99 - Etienne Bernard
---------------------------------------
Corrected a bug which caused compilation to stop with egcc.
Changed lots of code in order to enable the reloading of the
configuration when the ippl process gets a SIGHUP. Warning, this code
is experimental, and I'm not sure of the order I have to take the
mutexes. But it works all right for me. Perhaps we should stress test
this one.
I added support for multiple interfaces. The magic keyword is "TO".
See the man page for ippl.conf(5) for further details. Since I do have
only one ethernet card, I only tested this new code with IP Aliasing and
the loopback interface.
I included the patch from Steffen Ullrich <ccrlphr@xensei.com> which added
a switch to disable name resolving and another one to activate detail logging
of source and destination IP addresses and ports.
Hugo (21/2/99): Modified reload_configuration() so that it now acquires the
mutexes in a correct order. I changed ICMP_PROTO, TCP_PROTO and
UDP_PROTO by IPPROTO_ICMP, IPPROTO_TCP and IPPROTO_UDP as suggested
Robert Cheramy <tibob@via.ecp.fr>. I also included a patch from him
logging when ippl starts and stops.
version 1.0 - 14/2/99 - Hugo Haas
---------------------------------
As it seems that no bug has been found in version 0.13, I cleaned up
the code a little bit and I am going to release version 1.0, a.k.a. a
stable version.
I did not clean up the ident and log-in-file parts because I am
planning to rewrite them so that may be useful later.
version 0.13 - 8/2/99 - Hugo Haas
---------------------------------
Corrected the PID file mechanism (actually, it was working, but badly).
I used Martin Schulze's pidfile routines used in sysklogd: they are very
clean so I did not see any good reason to rewrite them!
Second try:
Changed main.c so that when a thread is run, all the signals are
ignored, i.e. the main thread will handle all the signals.
Now ippl does not segfaulte on exit anymore. :-)
version 0.12 - 7/2/99 - Hugo Haas
---------------------------------
There was still a bug in the configuration parsing: when a name
resolution could not be performed, an incomplete filter entry was
used, and it was screwing up everything.
This has been fixed by adding a hostname field holding the
hostname. Why?
Well, until now, DNS results never expired, and this was
annoying. Now, the cache is periodically emptied (see expire option in
the config) and the configuration is reprocessed (which means that DNS
queries are done) at the same time.
Well, I also added a PID file which fixes the problem of the
start-stop-daemon script on Debian systems.
This is a big patch, I hope everything's fine (especially the part
where I had to remember from the single writer - multiple reader
scheme).
I would tend to say that version 0.12 is a pre1.0 version. We will fix
bugs, and add no more features.
Configuration will be re-read in version 1.0+ (perhaps 1.1, or 2.0,
depending on what we need to add).
And now... beta-testing time! (as soon as Etienne has reread my code)
version 0.11 - 5/2/99 - Hugo Haas
---------------------------------
Etienne changed the parsing mechanism so that... it now works. :-)
Now, hostnames are resolved when the configuration is read. It speeds
up the filtering.
version 0.10 - 3/2/99 - Hugo Haas
---------------------------------
. Corrected a bug in the filtering system.
. Removed code used to log in a file (#if 0 / #endif).
. Wrote a man page for ippl.conf.
. Corrected a bug in the parsing mechanism. Changed the syntax for ranges.
Well, it makes a lot of things for tonight!
version 0.9 - 2/2/99 - Hugo Haas
--------------------------------
Version 0.8 had a problem: when UDP is logged, a lot of DNS queries
are done. This was an issue because it could be a DoS of the DNS
server. Etienne had an excellent idea: cache the DNS queries.
I took my Advanced Algorithms book and coded my first hashtable. :-)
Well, I hope I did it the right way, but the results are impressive: 9
requests out of 10 seem to be in the cache (unless I screwed up with
my code gathering statistics). So it is a huge improvement.
Etienne has improved the configuration parsing: ports can now be
specified by their names, and error messages are more explicit. If you
would like them to be more explicit, send us the URL of a good
documentation about bison.
Well, time to build the package.
version 0.8 - 30/1/99 - Hugo Haas
---------------------------------
I did not officially release version 0.7 because we wanted it to be
tested. It seems that it works fine, so this time I think we will
release this version.
New in this version:
. The arguments are parsed with getopt. Etienne changed that. I must
confess that I did not know this command.
. I wrote a module logging UDP packets. It was actually quite quick to
do that. ippl is modular and it makes enhancements easy to implement.
. Ok, I did not know that fnmatch had a case-insensitiveness option either. :-)
The code has not been cleaned up yet, and the code about logging into
a file is still there (and unused)...
version 0.7 - 24/1/99 - Hugo Haas
---------------------------------
Well, I guess that I am going to do my first public release. New in
this version:
. A new thread is not run to log each incoming packet. Why? If a lot
of packets are received by a host and if the name resolution cannot be
done quick enough, ippl rapidly takes all the resources of the
host. Annoying... Well, unitl I find a solution, there will be one
thread for each protocol logged and that's it! It means that under
heavy network load, some packets may not be logged. I do not think
this is a major problem.
. A man page has been written.
. I have removed all the RCS garbage in the code.
. There is now a package for Debian.
. Currently, users cannot log into a file. The code is here but no
option enables to use it. Why (again)? I am not happy with the way it
is done. Moreover, I believe that it would better to log everything
via the syslog. I guess that in the next version, I will remove this
part of the code and give rules to add in the syslog.conf file if
people want to use a special file.
version 0.6 - 13/12/98 - Hugo Haas
----------------------------------
All the changes were made by Etienne Bernard. The parser now uses Lex/Yacc.
IPpl now runs as 'nobody'. This breaks the logging mechanism into a file. I
will implement a fix soon.
Added a BUGS file.
version 0.5 - 1/12/98 - Hugo Haas
---------------------------------
Now supports ICMP type/code (thanks to Arkadiusz Mikiewicz). Added a few
commands for the preprocessor.
Added a CREDITS file.
version 0.4 - 29/11/98 - Hugo Haas
----------------------------------
Removed ident mechanism (I do not think it works... I will change that
later). New configuration: hopefully, it won't change. Seems to work!
Added a TODO file.
version 0.3 - 27/10/98 - Hugo Haas
----------------------------------
Added ident queries. IPpl has now all the features that iplogger 1.1 has.
version 0.2 - 25/10/98 - Hugo Haas
----------------------------------
Configurable specifying host addresses.
version 0.1 - 25/10/98 - Hugo Haas
----------------------------------
IPpl does offers more or less the same features as iplogger 1.1, except
that it does not support the ident lookup.
|