LXR linux/net/ipv4/netfilter/nf_log

   1/*
   2 * (C) 2014 by Pablo Neira Ayuso <pablo@netfilter.org>
   3 *
   4 * Based on code from ebt_log from:
   5 *
   6 * Bart De Schuymer <bdschuym@pandora.be>
   7 * Harald Welte <laforge@netfilter.org>
   8 *
   9 * This program is free software; you can redistribute it and/or modify
  10 * it under the terms of the GNU General Public License version 2 as
  11 * published by the Free Software Foundation.
  12 */
  13
  14#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  15
  16#include <linux/kernel.h>
  17#include <linux/module.h>
  18#include <linux/spinlock.h>
  19#include <linux/skbuff.h>
  20#include <linux/if_arp.h>
  21#include <linux/ip.h>
  22#include <net/route.h>
  23
  24#include <linux/netfilter.h>
  25#include <linux/netfilter/xt_LOG.h>
  26#include <net/netfilter/nf_log.h>
  27
  28static struct nf_loginfo default_loginfo = {
  29        .type   = NF_LOG_TYPE_LOG,
  30        .u = {
  31                .log = {
  32                        .level    = LOGLEVEL_NOTICE,
  33                        .logflags = NF_LOG_DEFAULT_MASK,
  34                },
  35        },
  36};
  37
  38struct arppayload {
  39        unsigned char mac_src[ETH_ALEN];
  40        unsigned char ip_src[4];
  41        unsigned char mac_dst[ETH_ALEN];
  42        unsigned char ip_dst[4];
  43};
  44
  45static void dump_arp_packet(struct nf_log_buf *m,
  46                            const struct nf_loginfo *info,
  47                            const struct sk_buff *skb, unsigned int nhoff)
  48{
  49        const struct arphdr *ah;
  50        struct arphdr _arph;
  51        const struct arppayload *ap;
  52        struct arppayload _arpp;
  53
  54        ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph);
  55        if (ah == NULL) {
  56                nf_log_buf_add(m, "TRUNCATED");
  57                return;
  58        }
  59        nf_log_buf_add(m, "ARP HTYPE=%d PTYPE=0x%04x OPCODE=%d",
  60                       ntohs(ah->ar_hrd), ntohs(ah->ar_pro), ntohs(ah->ar_op));
  61
  62        /* If it's for Ethernet and the lengths are OK, then log the ARP
  63         * payload.
  64         */
  65        if (ah->ar_hrd != htons(ARPHRD_ETHER) ||
  66            ah->ar_hln != ETH_ALEN ||
  67            ah->ar_pln != sizeof(__be32))
  68                return;
  69
  70        ap = skb_header_pointer(skb, sizeof(_arph), sizeof(_arpp), &_arpp);
  71        if (ap == NULL) {
  72                nf_log_buf_add(m, " INCOMPLETE [%zu bytes]",
  73                               skb->len - sizeof(_arph));
  74                return;
  75        }
  76        nf_log_buf_add(m, " MACSRC=%pM IPSRC=%pI4 MACDST=%pM IPDST=%pI4",
  77                       ap->mac_src, ap->ip_src, ap->mac_dst, ap->ip_dst);
  78}
  79
  80static void nf_log_arp_packet(struct net *net, u_int8_t pf,
  81                              unsigned int hooknum, const struct sk_buff *skb,
  82                              const struct net_device *in,
  83                              const struct net_device *out,
  84                              const struct nf_loginfo *loginfo,
  85                              const char *prefix)
  86{
  87        struct nf_log_buf *m;
  88
  89        /* FIXME: Disabled from containers until syslog ns is supported */
  90        if (!net_eq(net, &init_net) && !sysctl_nf_log_all_netns)
  91                return;
  92
  93        m = nf_log_buf_open();
  94
  95        if (!loginfo)
  96                loginfo = &default_loginfo;
  97
  98        nf_log_dump_packet_common(m, pf, hooknum, skb, in, out, loginfo,
  99                                  prefix);
 100        dump_arp_packet(m, loginfo, skb, 0);
 101
 102        nf_log_buf_close(m);
 103}
 104
 105static struct nf_logger nf_arp_logger __read_mostly = {
 106        .name           = "nf_log_arp",
 107        .type           = NF_LOG_TYPE_LOG,
 108        .logfn          = nf_log_arp_packet,
 109        .me             = THIS_MODULE,
 110};
 111
 112static int __net_init nf_log_arp_net_init(struct net *net)
 113{
 114        return nf_log_set(net, NFPROTO_ARP, &nf_arp_logger);
 115}
 116
 117static void __net_exit nf_log_arp_net_exit(struct net *net)
 118{
 119        nf_log_unset(net, &nf_arp_logger);
 120}
 121
 122static struct pernet_operations nf_log_arp_net_ops = {
 123        .init = nf_log_arp_net_init,
 124        .exit = nf_log_arp_net_exit,
 125};
 126
 127static int __init nf_log_arp_init(void)
 128{
 129        int ret;
 130
 131        ret = register_pernet_subsys(&nf_log_arp_net_ops);
 132        if (ret < 0)
 133                return ret;
 134
 135        ret = nf_log_register(NFPROTO_ARP, &nf_arp_logger);
 136        if (ret < 0) {
 137                pr_err("failed to register logger\n");
 138                goto err1;
 139        }
 140
 141        return 0;
 142
 143err1:
 144        unregister_pernet_subsys(&nf_log_arp_net_ops);
 145        return ret;
 146}
 147
 148static void __exit nf_log_arp_exit(void)
 149{
 150        unregister_pernet_subsys(&nf_log_arp_net_ops);
 151        nf_log_unregister(&nf_arp_logger);
 152}
 153
 154module_init(nf_log_arp_init);
 155module_exit(nf_log_arp_exit);
 156
 157MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
 158MODULE_DESCRIPTION("Netfilter ARP packet logging");
 159MODULE_LICENSE("GPL");
 160MODULE_ALIAS_NF_LOGGER(3, 0);
 161