From d24edca8908b18e2a38632e9a96f65b36fe525d9 Mon Sep 17 00:00:00 2001
From: John Crisp <jcrisp@safeandsoundit.co.uk>
Date: Fri, 12 Apr 2024 13:50:48 +0200
Subject: [PATCH] Fix [SME: 12257]

---
 .../etc/rc.d/init.d/masq/90adjustDenyLog      |  4 +-
 .../e-smith/templates/etc/ulogd.conf/10global |  4 +-
 .../templates/etc/ulogd.conf/20plugins        |  8 +--
 .../e-smith/templates/etc/ulogd.conf/30stacks | 16 ++++-
 .../templates/etc/ulogd.conf/40configs        | 71 ++++++++++++++++++-
 smeserver-packetfilter.spec                   | 11 +--
 6 files changed, 98 insertions(+), 16 deletions(-)

diff --git a/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustDenyLog b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustDenyLog
index 77e7a0c..2259fac 100644
--- a/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustDenyLog
+++ b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustDenyLog
@@ -9,7 +9,7 @@
     elsif ($logging eq "all")
     {
         $OUT .= <<"HERE";
-    /sbin/iptables --replace denylog 1 --jump ULOG --ulog-nlgroup 1 --ulog-prefix \"denylog:\"
+    /sbin/iptables --replace denylog 1 --jump NFLOG --nflog-group 1 --nflog-prefix \"denylog:\"
     /sbin/iptables --replace denylog 2 --jump $target
     /sbin/iptables --replace denylog 3 --jump $target
     /sbin/iptables --replace denylog 4 --jump $target
@@ -22,7 +22,7 @@ HERE
     /sbin/iptables --replace denylog 1 -p udp --dport 520 --jump $target
     /sbin/iptables --replace denylog 2 -p udp --dport 137:139 --jump $target
     /sbin/iptables --replace denylog 3 -p tcp --dport 137:139 --jump $target
-    /sbin/iptables --replace denylog 4 --jump ULOG --ulog-nlgroup 1 --ulog-prefix \"denylog:\"
+    /sbin/iptables --replace denylog 4 --jump NFLOG --nflog-group 1 --nflog-prefix \"denylog:\"
     /sbin/iptables --replace denylog 5 --jump $target
 HERE
     }
diff --git a/root/etc/e-smith/templates/etc/ulogd.conf/10global b/root/etc/e-smith/templates/etc/ulogd.conf/10global
index 0dd3109..1e380ec 100644
--- a/root/etc/e-smith/templates/etc/ulogd.conf/10global
+++ b/root/etc/e-smith/templates/etc/ulogd.conf/10global
@@ -1,7 +1,9 @@
 [global]
+# Not necessarily required 
 nlgroup=1
+
 logfile=/var/log/ulogd/ulogd.log
-loglevel=5
+loglevel=1
 rmem=131071
 bufsize=150000
 
diff --git a/root/etc/e-smith/templates/etc/ulogd.conf/20plugins b/root/etc/e-smith/templates/etc/ulogd.conf/20plugins
index 100648c..dbce977 100644
--- a/root/etc/e-smith/templates/etc/ulogd.conf/20plugins
+++ b/root/etc/e-smith/templates/etc/ulogd.conf/20plugins
@@ -9,11 +9,11 @@
 # 1. load the plugins _first_ from the global section
 # 2. options for each plugin in seperate section below
 
-#plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so"
-plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so"
-#plugin="/usr/lib64/ulogd/ulogd_inppkt_UNIXSOCK.so"
+plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so"
+#plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so"
+plugin="/usr/lib64/ulogd/ulogd_inppkt_UNIXSOCK.so"
 #plugin="/usr/lib64/ulogd/ulogd_inpflow_NFCT.so"
-#plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so"
+plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so"
 plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so"
 #plugin="/usr/lib64/ulogd/ulogd_filter_IP2BIN.so"
 #plugin="/usr/lib64/ulogd/ulogd_filter_IP2HBIN.so"
diff --git a/root/etc/e-smith/templates/etc/ulogd.conf/30stacks b/root/etc/e-smith/templates/etc/ulogd.conf/30stacks
index 3e870e5..6e7d952 100644
--- a/root/etc/e-smith/templates/etc/ulogd.conf/30stacks
+++ b/root/etc/e-smith/templates/etc/ulogd.conf/30stacks
@@ -1,4 +1,16 @@
 
-#our base stack ULOG to LOGEMU
-stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+# reetp which one of these do we need?
+# I think log2
 
+# this is a stack for logging packet send by system via LOGEMU
+#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for packet-based logging via LOGEMU
+stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for ULOG packet-based logging via LOGEMU
+# reetp - non functioning
+#stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for packet-based logging via LOGEMU with filtering on MARK
+#stack=log2:NFLOG,base1:BASE,mark1:MARK,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
diff --git a/root/etc/e-smith/templates/etc/ulogd.conf/40configs b/root/etc/e-smith/templates/etc/ulogd.conf/40configs
index ffe567d..c249155 100644
--- a/root/etc/e-smith/templates/etc/ulogd.conf/40configs
+++ b/root/etc/e-smith/templates/etc/ulogd.conf/40configs
@@ -1,10 +1,75 @@
+# Logging of system packet through NFLOG
+[log1]
+# netlink multicast group (the same as the iptables --nflog-group param)
+# Group O is used by the kernel to log connection tracking invalid message
+group=0
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+# set number of packet to queue inside kernel
+#netlink_qthreshold=1
+# set the delay before flushing packet in the queue inside kernel (in 10ms)
+#netlink_qtimeout=100
+
+# packet logging through NFLOG for group 1
+[log2]
+# netlink multicast group (the same as the iptables --nflog-group param)
+group=1 # Group has to be different from the one use in log1
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+# If your kernel is older than 2.6.29 and if a NFLOG input plugin with
+# group 0 is not used by any stack, you need to have at least one NFLOG
+# input plugin with bind set to 1. If you don't do that you may not
+# receive any message from the kernel.
+#bind=1
+
+# packet logging through NFLOG for group 2, numeric_label is
+# set to 1
+[log3]
+# netlink multicast group (the same as the iptables --nflog-group param)
+group=2 # Group has to be different from the one use in log1/log2
+numeric_label=1 # you can label the log info based on the packet verdict
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+#bind=1
+
 [ulog1]
-# denylog:
 # netlink multicast group (the same as the iptables --ulog-nlgroup param)
 nlgroup=1
-
+#numeric_label=0 # optional argument
 
 [emu1]
-file="/var/log/iptables/denylog.log"
+file="/var/log/ulogd/syslogemu.log"
 sync=1
 
+[json1]
+sync=1
+#file="/var/log/ulogd.json"
+#timestamp=0
+# device name to be used in JSON message
+#device="My awesome Netfilter firewall"
+# If boolean_label is set to 1 then the numeric_label put on packet
+# by the input plugin is coding the action on packet: if 0, then
+# packet has been blocked and if non null it has been accepted.
+#boolean_label=1
+# Uncomment the following line to use JSON v1 event format that
+# can provide better compatility with some JSON file reader.
+#eventv1=1
+# Uncomment the following lines to send the JSON logs to a remote host via UDP
+#mode="udp"
+#host="192.0.2.10"
+#port="10210"
+# Uncomment the following lines to send the JSON logs to a remote host via TCP
+#mode="tcp"
+#host="192.0.2.10"
+#port="10210"
+# Uncomment the following lines to send the JSON logs to a local unix socket
+#mode="unix"
+#file="/var/run/ulogd.socket"
+
+[pcap1]
+#default file is /var/log/ulogd.pcap
+#file="/var/log/ulogd.pcap"
+sync=1
+
+[mark1]
+mark = 1
diff --git a/smeserver-packetfilter.spec b/smeserver-packetfilter.spec
index 0f260a6..c07297b 100644
--- a/smeserver-packetfilter.spec
+++ b/smeserver-packetfilter.spec
@@ -4,7 +4,7 @@ Summary: smeserver server and gateway - packetfilter add-on
 %define name smeserver-packetfilter
 Name: %{name}
 %define version 11.0.0
-%define release 4
+%define release 5
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
@@ -27,8 +27,11 @@ Provides: e-smith-packetfilter
 smeserver server and gateway software - packetfilter add-on
 
 %changelog
+* Fri Apr 12 2024 John Crisp <jcrisp@safeandsoundit.co.uk> 11.0.0-5.sme
+- Migrate from ULOG to NFLOG  [SME: 12557]
+
 * Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-4.sme
-- Update createlinks to create smeserver-package-update event[SME: 12579]
+- Update createlinks to create smeserver-package-update event  [SME: 12579]
 
 * Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-3.sme
 - Set license file to GPL2.0  [SME: 12577]
@@ -53,7 +56,7 @@ smeserver server and gateway software - packetfilter add-on
   Fri Apr 09 2007 --> Fri Apr 06 2007 or Mon Apr 09 2007 or Fri Apr 13 2007 or ....
 
 * Mon Nov 15 2021 Jean-Philippe Pialasse <tests@pialasse.com> 2.6.0-8.sme
-- restrict VPN networks to their interface [SME: 11640]
+- restrict VPN networks to their interface  [SME: 11640]
   remove remoteVPNSubnet property added VPNif property
 
 * Wed Apr 07 2021 Jean-Philippe Pialasse <tests@pialasse.com> 2.6.0-7.sme
@@ -99,7 +102,7 @@ smeserver server and gateway software - packetfilter add-on
 * Sun Apr 29 2007 Shad L. Lords <slords@mail.com>
 - Clean up spec so package can be built by koji/plague
 
-* Fri Apr 09 2007 Stephen Noble <support@dungog.net> 1.18.0-5
+* Mon Apr 09 2007 Stephen Noble <support@dungog.net> 1.18.0-5
 - Fix masq error in server only mode (cannot open UDPPort) [SME: 2812] 
 
 * Fri Apr 06 2007 Shad L. Lords <slords@mail.com> 1.18.0-4