From c3161d81bd54122c26021a26e3e571de86d593ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20H=C3=BCrlimann?= Date: Mon, 26 Dec 2022 18:49:44 +0100 Subject: [PATCH 1/3] linuxdoc-tools: init at 0.9.82 Heavily based on original work by xvuko Co-authored-by: xvuko --- lib/licenses.nix | 6 ++ .../text/sgml/linuxdoc-tools/default.nix | 62 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 3 files changed, 70 insertions(+) create mode 100644 pkgs/tools/text/sgml/linuxdoc-tools/default.nix diff --git a/lib/licenses.nix b/lib/licenses.nix index f54ab464357b..52956e52afa6 100644 --- a/lib/licenses.nix +++ b/lib/licenses.nix @@ -842,6 +842,12 @@ in mkLicense lset) ({ fullName = "SGI Free Software License B v2.0"; }; + # Gentoo seems to treat it as a license: + # https://gitweb.gentoo.org/repo/gentoo.git/tree/licenses/SGMLUG?id=7d999af4a47bf55e53e54713d98d145f935935c1 + sgmlug = { + fullName = "SGML UG SGML Parser Materials license"; + }; + sleepycat = { spdxId = "Sleepycat"; fullName = "Sleepycat License"; diff --git a/pkgs/tools/text/sgml/linuxdoc-tools/default.nix b/pkgs/tools/text/sgml/linuxdoc-tools/default.nix new file mode 100644 index 000000000000..8050d084e350 --- /dev/null +++ b/pkgs/tools/text/sgml/linuxdoc-tools/default.nix @@ -0,0 +1,62 @@ +{ stdenv, lib, makeWrapper, fetchFromGitLab, openjade, gnumake, perl, flex +, gnused, coreutils, which, opensp, groff, texlive, texinfo, withLatex ? false +}: + +stdenv.mkDerivation rec { + pname = "linuxdoc-tools"; + version = "0.9.82"; + + src = fetchFromGitLab { + owner = "agmartin"; + repo = "linuxdoc-tools"; + rev = version; + sha256 = "17v9ilh79av4n94vk4m52aq57ykb9myffxd2qr8kb8b3xnq5d36z"; + }; + + outputs = [ "out" "man" "doc" ]; + + configureFlags = [ + ("--enable-docs=txt info lyx html rtf" + + lib.optionalString withLatex " pdf") + ]; + + LEX = "flex"; + + postInstall = '' + wrapProgram $out/bin/linuxdoc \ + --prefix PATH : "${lib.makeBinPath [ groff opensp ]}:$out/bin" \ + --prefix PERL5LIB : "$out/share/linuxdoc-tools/" + ''; + + doInstallCheck = true; + + installCheckPhase = '' + pushd doc/example + substituteInPlace Makefile \ + --replace "COMMAND=linuxdoc" "COMMAND=$out/bin/linuxdoc" \ + ${lib.optionalString (!withLatex) "--replace '.tex .dvi .ps .pdf' ''"} + make + popd + ''; + + nativeBuildInputs = [ flex which makeWrapper ]; + + buildInputs = [ opensp groff texinfo perl gnused coreutils ] + ++ lib.optionals withLatex [ texlive.combined.scheme-medium ]; + + meta = with lib; { + description = "Toolset for processing LinuxDoc DTD SGML files"; + longDescription = '' + A collection of text formatters which understands a LinuxDoc DTD SGML + source file. Each formatter (or "back-end") renders the source file into + a variety of output formats, including HTML, TeX, DVI, PostScript, plain + text, and groff source in manual-page format. The linuxdoc suite is + provided for backward compatibility, because there are still many useful + documents written in LinuxDoc DTD sgml source. + ''; + homepage = "https://gitlab.com/agmartin/linuxdoc-tools"; + license = with licenses; [ gpl3Plus mit sgmlug ]; + platforms = platforms.linux; + maintainers = with maintainers; [ p-h ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b81d61fd6f6b..dff269af8f12 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4928,6 +4928,8 @@ with pkgs; linuxptp = callPackage ../os-specific/linux/linuxptp { }; + linuxdoc-tools = callPackage ../tools/text/sgml/linuxdoc-tools { }; + lisgd = callPackage ../tools/inputmethods/lisgd { }; lite = callPackage ../applications/editors/lite { }; From 77763b4c88fcb64be548d419fc8a4f0ac04548ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20H=C3=BCrlimann?= Date: Mon, 26 Dec 2022 18:50:22 +0100 Subject: [PATCH 2/3] ulogd: init at 2.0.8 Heavily based on original work by xvuko. Co-authored-by: xvuko --- pkgs/os-specific/linux/ulogd/default.nix | 72 ++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 74 insertions(+) create mode 100644 pkgs/os-specific/linux/ulogd/default.nix diff --git a/pkgs/os-specific/linux/ulogd/default.nix b/pkgs/os-specific/linux/ulogd/default.nix new file mode 100644 index 000000000000..fb5fd465f1f3 --- /dev/null +++ b/pkgs/os-specific/linux/ulogd/default.nix @@ -0,0 +1,72 @@ +{ stdenv, lib, fetchurl, gnumake, libnetfilter_acct, libnetfilter_conntrack +, libnetfilter_log, libmnl, libnfnetlink, automake, autoconf, autogen, libtool +, pkg-config, libpcap, linuxdoc-tools, autoreconfHook }: + +stdenv.mkDerivation rec { + version = "2.0.8"; + pname = "ulogd"; + + src = fetchurl { + url = "https://netfilter.org/projects/${pname}/files/${pname}-${version}.tar.bz2"; + hash = "sha256-Tq1sOXDD9X+h6J/i18xIO6b+K9GwhwFSHgs6/WZ98pE="; + }; + + outputs = [ "out" "doc" "man" ]; + + postPatch = '' + substituteInPlace ulogd.8 --replace "/usr/share/doc" "$doc/share/doc" + ''; + + postBuild = '' + pushd doc/ + linuxdoc --backend=txt --filter ulogd.sgml + linuxdoc --backend=html --split=0 ulogd.sgml + popd + ''; + + postInstall = '' + install -Dm444 -t $out/share/doc/${pname} ulogd.conf doc/ulogd.txt doc/ulogd.html README doc/*table + install -Dm444 -t $out/share/doc/${pname}-mysql doc/mysql*.sql + install -Dm444 -t $out/share/doc/${pname}-pgsql doc/pgsql*.sql + ''; + + buildInputs = [ + libnetfilter_acct + libnetfilter_conntrack + libnetfilter_log + libmnl + libnfnetlink + libpcap + ]; + + nativeBuildInputs = [ + autoreconfHook + pkg-config + automake + autoconf + autogen + libtool + linuxdoc-tools + ]; + + meta = with lib; { + description = "Userspace logging daemon for netfilter/iptables"; + + longDescription = '' + Logging daemon that reads event messages coming from the Netfilter + connection tracking, the Netfilter packet logging subsystem and from the + Netfilter accounting subsystem. You have to enable support for connection + tracking event delivery; ctnetlink and the NFLOG target in your Linux + kernel 2.6.x or load their respective modules. The deprecated ULOG target + (which has been superseded by NFLOG) is also supported. + + The received messages can be logged into files or into a MySQL, SQLite3 + or PostgreSQL database. IPFIX and Graphite output are also supported. + ''; + + homepage = "https://www.netfilter.org/projects/ulogd/index.html"; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ p-h ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index dff269af8f12..a63f74e0861c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -13093,6 +13093,8 @@ with pkgs; inherit (chickenPackages_4) eggDerivation fetchegg; }; + ulogd = callPackage ../os-specific/linux/ulogd { }; + unar = callPackage ../tools/archivers/unar { inherit (darwin.apple_sdk.frameworks) Foundation AppKit; stdenv = clangStdenv; From bcbedfeefc21fee3e3f7f897c803adfad425f6d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20H=C3=BCrlimann?= Date: Wed, 28 Dec 2022 00:17:14 +0100 Subject: [PATCH 3/3] nixos/ulogd: init Heavily based on original work by xvuko Co-authored-by: xvuko --- .../from_md/release-notes/rl-2305.section.xml | 8 ++ .../manual/release-notes/rl-2305.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/logging/ulogd.nix | 48 +++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/ulogd.nix | 84 +++++++++++++++++++ pkgs/os-specific/linux/ulogd/default.nix | 4 +- 7 files changed, 147 insertions(+), 1 deletion(-) create mode 100644 nixos/modules/services/logging/ulogd.nix create mode 100644 nixos/tests/ulogd.nix diff --git a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml index 4837b29c585a..82f1751de1c3 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml @@ -67,6 +67,14 @@ services.v2raya. + + + ulogd, + a userspace logging daemon for netfilter/iptables related + logging. Available as + services.ulogd. + +
diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index b3354eec65fb..503ce59f6c40 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -26,6 +26,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [v2rayA](https://v2raya.org), a Linux web GUI client of Project V which supports V2Ray, Xray, SS, SSR, Trojan and Pingtunnel. Available as [services.v2raya](options.html#opt-services.v2raya.enable). +- [ulogd](https://www.netfilter.org/projects/ulogd/index.html), a userspace logging daemon for netfilter/iptables related logging. Available as [services.ulogd](options.html#opt-services.ulogd.enable). + ## Backward Incompatibilities {#sec-release-23.05-incompatibilities} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index a1e7cf01882e..0c840a5d7ab8 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -520,6 +520,7 @@ ./services/logging/syslog-ng.nix ./services/logging/syslogd.nix ./services/logging/vector.nix + ./services/logging/ulogd.nix ./services/mail/clamsmtp.nix ./services/mail/davmail.nix ./services/mail/dkimproxy-out.nix diff --git a/nixos/modules/services/logging/ulogd.nix b/nixos/modules/services/logging/ulogd.nix new file mode 100644 index 000000000000..065032b531c6 --- /dev/null +++ b/nixos/modules/services/logging/ulogd.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.services.ulogd; + settingsFormat = pkgs.formats.ini { }; + settingsFile = settingsFormat.generate "ulogd.conf" cfg.settings; +in { + options = { + services.ulogd = { + enable = mkEnableOption (lib.mdDoc "ulogd"); + + settings = mkOption { + example = { + global.stack = "stack=log1:NFLOG,base1:BASE,pcap1:PCAP"; + log1.group = 2; + pcap1 = { + file = "/var/log/ulogd.pcap"; + sync = 1; + }; + }; + type = settingsFormat.type; + default = { }; + description = lib.mdDoc "Configuration for ulogd. See {file}`/share/doc/ulogd/` in `pkgs.ulogd.doc`."; + }; + + logLevel = mkOption { + type = types.enum [ 1 3 5 7 8 ]; + default = 5; + description = lib.mdDoc "Log level (1 = debug, 3 = info, 5 = notice, 7 = error, 8 = fatal)"; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.ulogd = { + description = "Ulogd Daemon"; + wantedBy = [ "multi-user.target" ]; + wants = [ "network-pre.target" ]; + before = [ "network-pre.target" ]; + + serviceConfig = { + ExecStart = "${pkgs.ulogd}/bin/ulogd -c ${settingsFile} --verbose --loglevel ${toString cfg.logLevel}"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + }; + }; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index e385dfebebf3..25f8994b131b 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -681,6 +681,7 @@ in { tuxguitar = handleTest ./tuxguitar.nix {}; ucarp = handleTest ./ucarp.nix {}; udisks2 = handleTest ./udisks2.nix {}; + ulogd = handleTest ./ulogd.nix {}; unbound = handleTest ./unbound.nix {}; unifi = handleTest ./unifi.nix {}; unit-php = handleTest ./web-servers/unit-php.nix {}; diff --git a/nixos/tests/ulogd.nix b/nixos/tests/ulogd.nix new file mode 100644 index 000000000000..ce52d855ffc2 --- /dev/null +++ b/nixos/tests/ulogd.nix @@ -0,0 +1,84 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: { + name = "ulogd"; + + meta = with lib; { + maintainers = with maintainers; [ p-h ]; + }; + + nodes.machine = { ... }: { + networking.firewall.enable = false; + networking.nftables.enable = true; + networking.nftables.ruleset = '' + table inet filter { + chain input { + type filter hook input priority 0; + log group 2 accept + } + + chain output { + type filter hook output priority 0; policy accept; + log group 2 accept + } + + chain forward { + type filter hook forward priority 0; policy drop; + log group 2 accept + } + + } + ''; + services.ulogd = { + enable = true; + settings = { + global = { + logfile = "/var/log/ulogd.log"; + stack = "log1:NFLOG,base1:BASE,pcap1:PCAP"; + }; + + log1.group = 2; + + pcap1 = { + file = "/var/log/ulogd.pcap"; + sync = 1; + }; + }; + }; + + environment.systemPackages = with pkgs; [ + tcpdump + ]; + }; + + testScript = '' + start_all() + machine.wait_for_unit("ulogd.service") + machine.wait_for_unit("network-online.target") + + with subtest("Ulogd is running"): + machine.succeed("pgrep ulogd >&2") + + # All packets show up twice in the logs + with subtest("Logs are collected"): + machine.succeed("ping -f 127.0.0.1 -c 5 >&2") + machine.succeed("sleep 2") + machine.wait_until_succeeds("du /var/log/ulogd.pcap >&2") + _, echo_request_packets = machine.execute("tcpdump -r /var/log/ulogd.pcap icmp[0] == 8 and host 127.0.0.1") + expected, actual = 5*2, len(echo_request_packets.splitlines()) + assert expected == actual, f"Expected {expected} packets, got: {actual}" + _, echo_reply_packets = machine.execute("tcpdump -r /var/log/ulogd.pcap icmp[0] == 0 and host 127.0.0.1") + expected, actual = 5*2, len(echo_reply_packets.splitlines()) + assert expected == actual, f"Expected {expected} packets, got: {actual}" + + with subtest("Reloading service reopens log file"): + machine.succeed("mv /var/log/ulogd.pcap /var/log/old_ulogd.pcap") + machine.succeed("systemctl reload ulogd.service") + machine.succeed("ping -f 127.0.0.1 -c 5 >&2") + machine.succeed("sleep 2") + _, echo_request_packets = machine.execute("tcpdump -r /var/log/ulogd.pcap icmp[0] == 8 and host 127.0.0.1") + expected, actual = 5*2, len(echo_request_packets.splitlines()) + assert expected == actual, f"Expected {expected} packets, got: {actual}" + _, echo_reply_packets = machine.execute("tcpdump -r /var/log/ulogd.pcap icmp[0] == 0 and host 127.0.0.1") + expected, actual = 5*2, len(echo_reply_packets.splitlines()) + assert expected == actual, f"Expected {expected} packets, got: {actual}" + ''; +}) diff --git a/pkgs/os-specific/linux/ulogd/default.nix b/pkgs/os-specific/linux/ulogd/default.nix index fb5fd465f1f3..cb48d20043fd 100644 --- a/pkgs/os-specific/linux/ulogd/default.nix +++ b/pkgs/os-specific/linux/ulogd/default.nix @@ -1,6 +1,6 @@ { stdenv, lib, fetchurl, gnumake, libnetfilter_acct, libnetfilter_conntrack , libnetfilter_log, libmnl, libnfnetlink, automake, autoconf, autogen, libtool -, pkg-config, libpcap, linuxdoc-tools, autoreconfHook }: +, pkg-config, libpcap, linuxdoc-tools, autoreconfHook, nixosTests }: stdenv.mkDerivation rec { version = "2.0.8"; @@ -49,6 +49,8 @@ stdenv.mkDerivation rec { linuxdoc-tools ]; + passthru.tests = { inherit (nixosTests) ulogd; }; + meta = with lib; { description = "Userspace logging daemon for netfilter/iptables";