LXR linux/net/netfilter/xt

   1/*
   2 * This is a module which is used for logging packets.
   3 */
   4
   5/* (C) 1999-2001 Paul `Rusty' Russell
   6 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
   7 *
   8 * This program is free software; you can redistribute it and/or modify
   9 * it under the terms of the GNU General Public License version 2 as
  10 * published by the Free Software Foundation.
  11 */
  12
  13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  14#include <linux/module.h>
  15#include <linux/spinlock.h>
  16#include <linux/skbuff.h>
  17#include <linux/if_arp.h>
  18#include <linux/ip.h>
  19#include <net/ipv6.h>
  20#include <net/icmp.h>
  21#include <net/udp.h>
  22#include <net/tcp.h>
  23#include <net/route.h>
  24
  25#include <linux/netfilter.h>
  26#include <linux/netfilter/x_tables.h>
  27#include <linux/netfilter/xt_LOG.h>
  28#include <linux/netfilter_ipv6/ip6_tables.h>
  29#include <net/netfilter/nf_log.h>
  30
  31static unsigned int
  32log_tg(struct sk_buff *skb, const struct xt_action_param *par)
  33{
  34        const struct xt_log_info *loginfo = par->targinfo;
  35        struct net *net = xt_net(par);
  36        struct nf_loginfo li;
  37
  38        li.type = NF_LOG_TYPE_LOG;
  39        li.u.log.level = loginfo->level;
  40        li.u.log.logflags = loginfo->logflags;
  41
  42        nf_log_packet(net, xt_family(par), xt_hooknum(par), skb, xt_in(par),
  43                      xt_out(par), &li, "%s", loginfo->prefix);
  44        return XT_CONTINUE;
  45}
  46
  47static int log_tg_check(const struct xt_tgchk_param *par)
  48{
  49        const struct xt_log_info *loginfo = par->targinfo;
  50
  51        if (par->family != NFPROTO_IPV4 && par->family != NFPROTO_IPV6)
  52                return -EINVAL;
  53
  54        if (loginfo->level >= 8) {
  55                pr_debug("level %u >= 8\n", loginfo->level);
  56                return -EINVAL;
  57        }
  58
  59        if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
  60                pr_debug("prefix is not null-terminated\n");
  61                return -EINVAL;
  62        }
  63
  64        return nf_logger_find_get(par->family, NF_LOG_TYPE_LOG);
  65}
  66
  67static void log_tg_destroy(const struct xt_tgdtor_param *par)
  68{
  69        nf_logger_put(par->family, NF_LOG_TYPE_LOG);
  70}
  71
  72static struct xt_target log_tg_regs[] __read_mostly = {
  73        {
  74                .name           = "LOG",
  75                .family         = NFPROTO_IPV4,
  76                .target         = log_tg,
  77                .targetsize     = sizeof(struct xt_log_info),
  78                .checkentry     = log_tg_check,
  79                .destroy        = log_tg_destroy,
  80                .me             = THIS_MODULE,
  81        },
  82#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
  83        {
  84                .name           = "LOG",
  85                .family         = NFPROTO_IPV6,
  86                .target         = log_tg,
  87                .targetsize     = sizeof(struct xt_log_info),
  88                .checkentry     = log_tg_check,
  89                .destroy        = log_tg_destroy,
  90                .me             = THIS_MODULE,
  91        },
  92#endif
  93};
  94
  95static int __init log_tg_init(void)
  96{
  97        return xt_register_targets(log_tg_regs, ARRAY_SIZE(log_tg_regs));
  98}
  99
 100static void __exit log_tg_exit(void)
 101{
 102        xt_unregister_targets(log_tg_regs, ARRAY_SIZE(log_tg_regs));
 103}
 104
 105module_init(log_tg_init);
 106module_exit(log_tg_exit);
 107
 108MODULE_LICENSE("GPL");
 109MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
 110MODULE_AUTHOR("Jan Rekorajski <baggins@pld.org.pl>");
 111MODULE_DESCRIPTION("Xtables: IPv4/IPv6 packet logging");
 112MODULE_ALIAS("ipt_LOG");
 113MODULE_ALIAS("ip6t_LOG");
 114