* uacctd: a Linux Netlink ULOG daemon implementation within the pmacct

  project; initial ULOG daemon documentation write-up. Many thanks to:
  - A.O.Prokofiev, original contributor of the ULOG patch
  - Stig Thormodsrud

CONFIG-KEYS

@@ -613,7 +613,7 @@ DESC:		makes 'nfacctd' to ignore timestamps included in NetFlow header and build
 		('sql_history') and an INSERT-only mechanism is in use ('sql_dont_try_update', 'sql_use_copy').
 		(default: false) 
 
-KEY:		[ nfacctd_as_new | sfacctd_as_new | pmacctd_as ] [GLOBAL]
+KEY:		[ nfacctd_as_new | sfacctd_as_new | pmacctd_as | uacctd_as ] [GLOBAL]
 VALUES:		[ false | (true|file) | bgp ]
 DESC:		When 'false', it instructs nfacctd to populate 'src_as' and 'dst_as' from the same primitives
 		in the NetFlow datagram; when 'true' ('file' being an alias of 'true') it instructs nfacctd to
@@ -731,7 +731,7 @@ KEY:            pmacctd_flow_lifetime [GLOBAL, NO_NFACCTD]
 DESC:           defines how long a flow could remain inactive (ie. no packets belonging to such flow are received)
 		before considering it expired. The value is expected in seconds. (default: 60 secs) 
 
-KEY:		pmacctd_ext_sampling_rate [GLOBAL, NO_NFACCTD]
+KEY:		[ pmacctd_ext_sampling_rate | uacctd_ext_sampling_rate ] [GLOBAL, NO_NFACCTD]
 		flags pmacctd that captured traffic is being sampled at the specified rate. Such rate can then
 		be renormalized by using 'pmacctd_renormalize' or otherwise is propagated by the NetFlow/sFlow
 		probe plugins, if any of them is activated. External sampling might be performed by capturing
@@ -750,7 +750,7 @@ DESC:           full pathname to a file containing the list of IPv4/IPv6 address
                 individual IP addresses. The Allow List is intended to be small. If you really need complex,
                 network-prefixed filters, you may prefer a few firewall rules instead. (default: allow all)
 
-KEY:		[ sfacctd_renormalize | nfacctd_renormalize | pmacctd_renormalize ] (-R)
+KEY:		[ sfacctd_renormalize | nfacctd_renormalize | pmacctd_renormalize | uacctd_renormalize ] (-R)
 VALUES:		[true|false]
 DESC:		automatically renormalizes byte/packet counters value basing on informations acquired from 
 		either the NetFlow data unit or sFlow packet. In particular, it allows to deal with scenarios
@@ -947,3 +947,6 @@ DESC:		writes a list of the BGP neighbors in the established state to the specif
 		per line. This gets particularly useful for automation purposes (ie. auto-discovery of
 		devices to poll via SNMP). (default: none)
 
+KEY:		uacctd_group
+DESC:		Sets the Linux Netlink ULOG multicast group to be joined. (default: 1)
+

TOOLS

@@ -13,6 +13,10 @@ sfacctd         sFlow accounting daemon; it listens for sFlow packets v2,
                 v4 and v5 on one or more interfaces (both IPv4 and IPv6);
                 statistics may be either pushed to stdout, stored in a
                 memory table or a PostgreSQL/MySQL/SQLite database.
+uacctd		Linux Netlink ULOG accounting daemon; it gathers packets
+		from a ULOG multicast group and works only on Linux;
+		statistics may be either pushed to stdout, stored in a
+		memory table or a PostgreSQL/MySQL/SQLite database.
 pmacct  	commandline pmacct client; used to retrieve data from an
 		active memroy plugin; it may ask for specific entries,
 		partial fields or perform a bulk data retrieval; output

src/pmacct-data.h

@@ -212,6 +212,7 @@ static const struct _dictionary_line dictionary[] = {
   {"promisc", cfg_key_promisc},
   {"pcap_filter", cfg_key_pcap_filter},
   {"pmacctd_as", cfg_key_nfacctd_as_new},
+  {"uacctd_as", cfg_key_nfacctd_as_new},
   {"plugins", NULL},
   {"plugin_pipe_size", cfg_key_plugin_pipe_size},
   {"plugin_buffer_size", cfg_key_plugin_buffer_size},
@@ -278,8 +279,13 @@ static const struct _dictionary_line dictionary[] = {
   {"pmacctd_conntrack_buffer_size", cfg_key_pmacctd_conntrack_buffer_size},
   {"pmacctd_flow_lifetime", cfg_key_pmacctd_flow_lifetime},
   {"pmacctd_ext_sampling_rate", cfg_key_pmacctd_ext_sampling_rate},
-  {"pmacctd_id", cfg_key_post_tag},	/* obsolete */
-  {"nfacctd_id_file", cfg_key_pre_tag_map},	/* obsolete */
+  {"uacctd_force_frag_handling", cfg_key_pmacctd_force_frag_handling},
+  {"uacctd_frag_buffer_size", cfg_key_pmacctd_frag_buffer_size},
+  {"uacctd_flow_buffer_size", cfg_key_pmacctd_flow_buffer_size},
+  {"uacctd_flow_buffer_buckets", cfg_key_pmacctd_flow_buffer_buckets},
+  {"uacctd_conntrack_buffer_size", cfg_key_pmacctd_conntrack_buffer_size},
+  {"uacctd_flow_lifetime", cfg_key_pmacctd_flow_lifetime},
+  {"uacctd_ext_sampling_rate", cfg_key_pmacctd_ext_sampling_rate},
   {"pcap_savefile", cfg_key_pcap_savefile},
   {"pre_tag_map", cfg_key_pre_tag_map},	
   {"pre_tag_map_entries", cfg_key_pre_tag_map_entries},	
@@ -291,6 +297,7 @@ static const struct _dictionary_line dictionary[] = {
   {"sfacctd_ip", cfg_key_nfacctd_ip},
   {"sfacctd_allow_file", cfg_key_nfacctd_allow_file},
   {"sfacctd_as_new", cfg_key_nfacctd_as_new},
+  {"uacctd_renormalize", cfg_key_sfacctd_renormalize},
   {"pmacctd_renormalize", cfg_key_sfacctd_renormalize},
   {"sfacctd_renormalize", cfg_key_sfacctd_renormalize},
   {"nfacctd_renormalize", cfg_key_sfacctd_renormalize},

src/pmacct-defines.h

@@ -23,7 +23,7 @@
 #define ARGS_NFACCTD "n:dDhP:b:f:F:c:m:p:r:s:S:L:l:v:o:R"
 #define ARGS_SFACCTD "n:dDhP:b:f:F:c:m:p:r:s:S:L:l:v:o:R"
 #define ARGS_PMACCTD "n:NdDhP:b:f:F:c:i:I:m:p:r:s:S:v:o:wWL:R"
-#define ARGS_UACCTD "n:NdDhP:b:f:F:c:i:I:m:p:r:s:S:v:o:wWL:R"
+#define ARGS_UACCTD "n:NdDhP:b:f:F:c:m:p:r:s:S:v:o:Rg:"
 #define ARGS_PMACCT "Ssc:Cetm:p:P:M:arN:n:lT:"
 #define N_PRIMITIVES 21
 #define N_FUNCS 10 

src/pmacctd.c

@@ -67,6 +67,7 @@ void usage_daemon(char *prog_name)
   printf("  -w  \tWait for the listening interface to become available\n");
   printf("  -W  \tReading from a savefile, don't exit but sleep when finished\n");
   printf("  -R  \tRenormalize sampled data\n");
+  printf("  -L  \tSet snapshot length\n");
   printf("\nMemory Plugin (-P memory) options:\n");
   printf("  -p  \tSocket for client-server communication (DEFAULT: /tmp/collect.pipe)\n");
   printf("  -b  \tNumber of buckets\n");

src/pretag_handlers.c

@@ -292,6 +292,7 @@ int PT_map_filter_handler(char *filename, struct id_entry *e, char *value, struc
 
   memset(&device, 0, sizeof(struct pcap_device));
   if (glob_pcapt) device.link_type = pcap_datalink(glob_pcapt);
+  else if (config.uacctd_group) device.link_type = DLT_RAW;
   else device.link_type = 1;
   device.dev_desc = pcap_open_dead(device.link_type, 128); /* snaplen=eth_header+my_iphdr+my_tlhdr */
 

src/setproctitle.c

@@ -37,6 +37,7 @@ extern char *__progname;
 char pmacctd_globstr[] = "pmacctd\0";
 char nfacctd_globstr[] = "nfacctd\0";
 char sfacctd_globstr[] = "sfacctd\0";
+char uacctd_globstr[] = "uacctd\0";
 
 /*
  * NEWSTR -- Create a copy of a C string
@@ -135,6 +136,7 @@ initsetproctitle(argc, argv, envp)
 	if (config.acct_type == ACCT_PM) __progname = pmacctd_globstr;
 	else if (config.acct_type == ACCT_NF) __progname = nfacctd_globstr;
 	else if (config.acct_type == ACCT_SF) __progname = sfacctd_globstr;
+	else if (config.acct_type == ACCT_UL) __progname = uacctd_globstr;
 #endif
 }
 
@@ -211,7 +213,8 @@ pm_setproctitle(fmt, va_alist)
   memset(prefix, 0, sizeof(prefix));
   memset(buf, 0, sizeof(buf));
 
-  if (config.acct_type == ACCT_PM) strcpy(prefix, pmacctd_globstr);
+  if (config.uacctd_group) strcpy(prefix, uacctd_globstr); /* XXX: hack */
+  else if (config.acct_type == ACCT_PM) strcpy(prefix, pmacctd_globstr);
   else if (config.acct_type == ACCT_NF) strcpy(prefix, nfacctd_globstr);
   else if (config.acct_type == ACCT_SF) strcpy(prefix, sfacctd_globstr);
 

src/signals.c

@@ -126,7 +126,7 @@ void my_sigint_handler(int signum)
 
   Log(LOG_INFO, "OK: Exiting ...\n");
 
-  if (config.acct_type == ACCT_PM) {
+  if (config.acct_type == ACCT_PM && !config.uacctd_group /* XXX */) {
     if (config.dev) {
       if (pcap_stats(glob_pcapt, &ps) < 0) printf("\npcap_stats: %s\n", pcap_geterr(glob_pcapt));
       printf("\n%u packets received by filter\n", ps.ps_recv);