hswaw/machines/customs: check in code.hackerspace.pl/vuko/customs
Change-Id: Ic698cce2ef0060a54b195cf90574696b8be1eb0f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1162
Reviewed-by: informatic <informatic@hackerspace.pl>
diff --git a/hswaw/machines/customs.hackerspace.pl/ulogd2/default.nix b/hswaw/machines/customs.hackerspace.pl/ulogd2/default.nix
new file mode 100644
index 0000000..01157fd
--- /dev/null
+++ b/hswaw/machines/customs.hackerspace.pl/ulogd2/default.nix
@@ -0,0 +1,27 @@
+{ pkgs ? import <nixpkgs> {} }:
+
+pkgs.stdenv.mkDerivation {
+ name = "ulogd2";
+
+ buildInputs = with pkgs; [
+ gnumake libnetfilter_acct libnetfilter_conntrack libnetfilter_log libmnl
+ libnfnetlink automake autoconf autogen libtool pkg-config libpcap
+ ];
+
+ # hack to capture TCP and UDP port numbers (first 8 bytes) but omit rest of payload
+ patches = [ ./onlyports.patch ];
+
+ preConfigure = ''
+ echo running autogen
+ ./autogen.sh
+ autoheader
+ automake --force-missing --add-missing
+ ./configure --help
+ '';
+
+ src = pkgs.fetchgit {
+ url = "https://git.netfilter.org/ulogd2/";
+ rev = "63135e73fd878cb71b1eebf8e877c4d4c34feba7";
+ sha256 = "1ccfb8l7q9k4fy9s0sgab49ma9xphr4x4ap0v52xfrnwx57h87s2";
+ };
+}
diff --git a/hswaw/machines/customs.hackerspace.pl/ulogd2/onlyports.patch b/hswaw/machines/customs.hackerspace.pl/ulogd2/onlyports.patch
new file mode 100644
index 0000000..c89b80c
--- /dev/null
+++ b/hswaw/machines/customs.hackerspace.pl/ulogd2/onlyports.patch
@@ -0,0 +1,23 @@
+diff --git a/output/pcap/ulogd_output_PCAP.c b/output/pcap/ulogd_output_PCAP.c
+index e7798f2..51c4ceb 100644
+--- a/output/pcap/ulogd_output_PCAP.c
++++ b/output/pcap/ulogd_output_PCAP.c
+@@ -154,9 +154,15 @@ static int interp_pcap(struct ulogd_pluginstance *upi)
+ switch (ikey_get_u8(&res[5])) {
+ case 2: /* INET */
+ pchdr.len = ikey_get_u16(&res[2]);
++ if (pchdr.caplen > 20 + 8) {
++ pchdr.caplen = 20 + 8;
++ }
+ break;
+ case 10: /* INET6 -- payload length + header length */
+ pchdr.len = ikey_get_u16(&res[6]) + 40;
++ if (pchdr.caplen > 40 + 8) {
++ pchdr.caplen = 40 + 8;
++ }
+ break;
+ default:
+ pchdr.len = pchdr.caplen;
+--
+2.25.4
+
diff --git a/hswaw/machines/customs.hackerspace.pl/ulogd2/service.nix b/hswaw/machines/customs.hackerspace.pl/ulogd2/service.nix
new file mode 100644
index 0000000..e50d92b
--- /dev/null
+++ b/hswaw/machines/customs.hackerspace.pl/ulogd2/service.nix
@@ -0,0 +1,32 @@
+{ pkgs, ... }:
+
+let
+ ulogd2 = import ./default.nix { pkgs = pkgs; };
+ name = "ulogd2";
+ config = pkgs.writeText "ulogd.conf" ''
+ [global]
+ logfile="/var/log/ulogd.log"
+
+ stack=log1:NFLOG,base1:BASE,pcap1:PCAP
+
+ [log1]
+ group=2
+
+ [pcap1]
+ file="/var/log/ulogd.pcap"
+ sync=1
+ '';
+in {
+
+ systemd.services."${name}" = {
+ description = "Logging packet log from nftables";
+ wantedBy = [ "multi-user.target" ];
+
+ serviceConfig.User = "root";
+ serviceConfig.Type = "simple";
+
+ path = [ ulogd2 ];
+
+ serviceConfig.ExecStart = "${ulogd2}/bin/ulogd -c ${config}";
+ };
+}