[arch-general] ulogd fails to start - cannot find key `oob.in'

Sat, 19 Oct 2013 09:44:37 -0700 

I did a system update the other day with shorewall and ulogd installed. Now 
ulogd fails to start:

Sat Oct 19 08:26:01 2013 <5> ulogd.c:375 registering plugin `NFLOG'
Sat Oct 19 08:26:01 2013 <5> ulogd.c:375 registering plugin `BASE'
Sat Oct 19 08:26:01 2013 <5> ulogd.c:375 registering plugin `IP2STR'
Sat Oct 19 08:26:01 2013 <5> ulogd.c:375 registering plugin `PRINTPKT'
Sat Oct 19 08:26:01 2013 <5> ulogd.c:375 registering plugin `LOGEMU'
Sat Oct 19 08:26:01 2013 <7> ulogd.c:741 cannot find key `oob.in' in stack
Sat Oct 19 08:26:01 2013 <8> ulogd.c:1234 not even a single working plugin stack

Looking at ulogd package changes shows:

-plugin="/usr/lib/ulogd/ulogd_inppkt_ULOG.so"
+plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"

Comparing the difference between ULOG.so and NFLOG.so indicates that the 
'oob.in' key does not exist in NFLOG but does exist in ULOG, for example:

# ulogd --info /usr/lib/ulogd/ulogd_inppkt_ULOG.so
Name: ULOG
Config options:
        Var: bufsize (Integer, Default: 150000)
        Var: nlgroup (Integer, Default: 32)
        Var: rmem (Integer, Default: 131071)
        Var: numeric_label (Integer, Default: 0)
Input keys:
        Input plugin, No keys
Output keys:
        Key: raw.mac (raw data)
        Key: raw.pkt (raw data)
        Key: raw.pktlen (unsigned int 32)
        Key: raw.pktcount (unsigned int 32)
        Key: oob.prefix (string)
        Key: oob.time.sec (unsigned int 32)
        Key: oob.time.usec (unsigned int 32)
        Key: oob.mark (unsigned int 32)
        Key: oob.in (string)
        Key: oob.out (string)
        Key: oob.hook (unsigned int 8)
        Key: raw.mac_len (unsigned int 16)
        Key: oob.family (unsigned int 8)
        Key: oob.protocol (unsigned int 16)
        Key: raw.label (unsigned int 8)


# ulogd --info /usr/lib/ulogd/ulogd_inppkt_NFLOG.so
Name: NFLOG
Config options:
        Var: bufsize (Integer, Default: 150000)
        Var: group (Integer, Default: 0)
        Var: unbind (Integer, Default: 1)
        Var: bind (Integer, Default: 0)
        Var: seq_local (Integer, Default: 0)
        Var: seq_global (Integer, Default: 0)
        Var: numeric_label (Integer, Default: 0)
        Var: netlink_socket_buffer_size (Integer, Default: 0)
        Var: netlink_socket_buffer_maxsize (Integer, Default: 0)
        Var: netlink_qthreshold (Integer, Default: 0)
        Var: netlink_qtimeout (Integer, Default: 0)
Input keys:
        Input plugin, No keys
Output keys:
        Key: raw.mac (raw data)
        Key: raw.pkt (raw data)
        Key: raw.pktlen (unsigned int 32)
        Key: raw.pktcount (unsigned int 32)
        Key: oob.prefix (string)
        Key: oob.time.sec (unsigned int 32)
        Key: oob.time.usec (unsigned int 32)
        Key: oob.mark (unsigned int 32)
        Key: oob.ifindex_in (unsigned int 32)
        Key: oob.ifindex_out (unsigned int 32)
        Key: oob.hook (unsigned int 8)
        Key: raw.mac_len (unsigned int 16)
        Key: oob.seq.local (unsigned int 32)
        Key: oob.seq.global (unsigned int 32)
        Key: oob.family (unsigned int 8)
        Key: oob.protocol (unsigned int 16)
        Key: oob.uid (unsigned int 32)
        Key: oob.gid (unsigned int 32)
        Key: raw.label (unsigned int 8)
        Key: raw.type (unsigned int 16)
        Key: raw.mac.saddr (raw data)
        Key: raw.mac.addrlen (unsigned int 16)
        Key: raw (raw data)

Reverting ulogd.conf file to use ULOG instead of NFLOG, allows ulogd to run, 
but NFLOG is probably what is in the kernel, hence this change does log 
anything.

Any suggestions on getting NFLOG to work?

Wayne

Reply via email to