[arch-general] ulogd fails to start - cannot find key `oob.in'
Wayne S
linux at zuik.net
Sat Oct 19 09:55:15 EDT 2013
I did a system update the other day with shorewall and ulogd installed. Now ulogd fails to start:
Sat Oct 19 08:26:01 2013 <5> ulogd.c:375 registering plugin `NFLOG'
Sat Oct 19 08:26:01 2013 <5> ulogd.c:375 registering plugin `BASE'
Sat Oct 19 08:26:01 2013 <5> ulogd.c:375 registering plugin `IP2STR'
Sat Oct 19 08:26:01 2013 <5> ulogd.c:375 registering plugin `PRINTPKT'
Sat Oct 19 08:26:01 2013 <5> ulogd.c:375 registering plugin `LOGEMU'
Sat Oct 19 08:26:01 2013 <7> ulogd.c:741 cannot find key `oob.in' in stack
Sat Oct 19 08:26:01 2013 <8> ulogd.c:1234 not even a single working plugin stack
Looking at ulogd package changes shows:
-plugin="/usr/lib/ulogd/ulogd_inppkt_ULOG.so"
+plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
Comparing the difference between ULOG.so and NFLOG.so indicates that the 'oob.in' key does not exist in NFLOG but does exist in ULOG, for example:
# ulogd --info /usr/lib/ulogd/ulogd_inppkt_ULOG.so
Name: ULOG
Config options:
Var: bufsize (Integer, Default: 150000)
Var: nlgroup (Integer, Default: 32)
Var: rmem (Integer, Default: 131071)
Var: numeric_label (Integer, Default: 0)
Input keys:
Input plugin, No keys
Output keys:
Key: raw.mac (raw data)
Key: raw.pkt (raw data)
Key: raw.pktlen (unsigned int 32)
Key: raw.pktcount (unsigned int 32)
Key: oob.prefix (string)
Key: oob.time.sec (unsigned int 32)
Key: oob.time.usec (unsigned int 32)
Key: oob.mark (unsigned int 32)
Key: oob.in (string)
Key: oob.out (string)
Key: oob.hook (unsigned int 8)
Key: raw.mac_len (unsigned int 16)
Key: oob.family (unsigned int 8)
Key: oob.protocol (unsigned int 16)
Key: raw.label (unsigned int 8)
# ulogd --info /usr/lib/ulogd/ulogd_inppkt_NFLOG.so
Name: NFLOG
Config options:
Var: bufsize (Integer, Default: 150000)
Var: group (Integer, Default: 0)
Var: unbind (Integer, Default: 1)
Var: bind (Integer, Default: 0)
Var: seq_local (Integer, Default: 0)
Var: seq_global (Integer, Default: 0)
Var: numeric_label (Integer, Default: 0)
Var: netlink_socket_buffer_size (Integer, Default: 0)
Var: netlink_socket_buffer_maxsize (Integer, Default: 0)
Var: netlink_qthreshold (Integer, Default: 0)
Var: netlink_qtimeout (Integer, Default: 0)
Input keys:
Input plugin, No keys
Output keys:
Key: raw.mac (raw data)
Key: raw.pkt (raw data)
Key: raw.pktlen (unsigned int 32)
Key: raw.pktcount (unsigned int 32)
Key: oob.prefix (string)
Key: oob.time.sec (unsigned int 32)
Key: oob.time.usec (unsigned int 32)
Key: oob.mark (unsigned int 32)
Key: oob.ifindex_in (unsigned int 32)
Key: oob.ifindex_out (unsigned int 32)
Key: oob.hook (unsigned int 8)
Key: raw.mac_len (unsigned int 16)
Key: oob.seq.local (unsigned int 32)
Key: oob.seq.global (unsigned int 32)
Key: oob.family (unsigned int 8)
Key: oob.protocol (unsigned int 16)
Key: oob.uid (unsigned int 32)
Key: oob.gid (unsigned int 32)
Key: raw.label (unsigned int 8)
Key: raw.type (unsigned int 16)
Key: raw.mac.saddr (raw data)
Key: raw.mac.addrlen (unsigned int 16)
Key: raw (raw data)
Reverting ulogd.conf file to use ULOG instead of NFLOG, allows ulogd to run, but NFLOG is probably what is in the kernel, hence this change does log anything.
Any suggestions on getting NFLOG to work?
Wayne
More information about the arch-general
mailing list