xt_LOG.c 2.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114
  1. /*
  2. * This is a module which is used for logging packets.
  3. */
  4. /* (C) 1999-2001 Paul `Rusty' Russell
  5. * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
  6. *
  7. * This program is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License version 2 as
  9. * published by the Free Software Foundation.
  10. */
  11. #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  12. #include <linux/module.h>
  13. #include <linux/spinlock.h>
  14. #include <linux/skbuff.h>
  15. #include <linux/if_arp.h>
  16. #include <linux/ip.h>
  17. #include <net/ipv6.h>
  18. #include <net/icmp.h>
  19. #include <net/udp.h>
  20. #include <net/tcp.h>
  21. #include <net/route.h>
  22. #include <linux/netfilter.h>
  23. #include <linux/netfilter/x_tables.h>
  24. #include <linux/netfilter/xt_LOG.h>
  25. #include <linux/netfilter_ipv6/ip6_tables.h>
  26. #include <net/netfilter/nf_log.h>
  27. static unsigned int
  28. log_tg(struct sk_buff *skb, const struct xt_action_param *par)
  29. {
  30. const struct xt_log_info *loginfo = par->targinfo;
  31. struct nf_loginfo li;
  32. struct net *net = par->net;
  33. li.type = NF_LOG_TYPE_LOG;
  34. li.u.log.level = loginfo->level;
  35. li.u.log.logflags = loginfo->logflags;
  36. nf_log_packet(net, par->family, par->hooknum, skb, par->in, par->out,
  37. &li, "%s", loginfo->prefix);
  38. return XT_CONTINUE;
  39. }
  40. static int log_tg_check(const struct xt_tgchk_param *par)
  41. {
  42. const struct xt_log_info *loginfo = par->targinfo;
  43. if (par->family != NFPROTO_IPV4 && par->family != NFPROTO_IPV6)
  44. return -EINVAL;
  45. if (loginfo->level >= 8) {
  46. pr_debug("level %u >= 8\n", loginfo->level);
  47. return -EINVAL;
  48. }
  49. if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
  50. pr_debug("prefix is not null-terminated\n");
  51. return -EINVAL;
  52. }
  53. return nf_logger_find_get(par->family, NF_LOG_TYPE_LOG);
  54. }
  55. static void log_tg_destroy(const struct xt_tgdtor_param *par)
  56. {
  57. nf_logger_put(par->family, NF_LOG_TYPE_LOG);
  58. }
  59. static struct xt_target log_tg_regs[] __read_mostly = {
  60. {
  61. .name = "LOG",
  62. .family = NFPROTO_IPV4,
  63. .target = log_tg,
  64. .targetsize = sizeof(struct xt_log_info),
  65. .checkentry = log_tg_check,
  66. .destroy = log_tg_destroy,
  67. .me = THIS_MODULE,
  68. },
  69. #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
  70. {
  71. .name = "LOG",
  72. .family = NFPROTO_IPV6,
  73. .target = log_tg,
  74. .targetsize = sizeof(struct xt_log_info),
  75. .checkentry = log_tg_check,
  76. .destroy = log_tg_destroy,
  77. .me = THIS_MODULE,
  78. },
  79. #endif
  80. };
  81. static int __init log_tg_init(void)
  82. {
  83. return xt_register_targets(log_tg_regs, ARRAY_SIZE(log_tg_regs));
  84. }
  85. static void __exit log_tg_exit(void)
  86. {
  87. xt_unregister_targets(log_tg_regs, ARRAY_SIZE(log_tg_regs));
  88. }
  89. module_init(log_tg_init);
  90. module_exit(log_tg_exit);
  91. MODULE_LICENSE("GPL");
  92. MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
  93. MODULE_AUTHOR("Jan Rekorajski <baggins@pld.org.pl>");
  94. MODULE_DESCRIPTION("Xtables: IPv4/IPv6 packet logging");
  95. MODULE_ALIAS("ipt_LOG");
  96. MODULE_ALIAS("ip6t_LOG");