xt_LOG.c (2926B)
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * This is a module which is used for logging packets. 4 */ 5 6/* (C) 1999-2001 Paul `Rusty' Russell 7 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> 8 */ 9 10#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 11#include <linux/module.h> 12#include <linux/spinlock.h> 13#include <linux/skbuff.h> 14#include <linux/if_arp.h> 15#include <linux/ip.h> 16#include <net/ipv6.h> 17#include <net/icmp.h> 18#include <net/udp.h> 19#include <net/tcp.h> 20#include <net/route.h> 21 22#include <linux/netfilter.h> 23#include <linux/netfilter/x_tables.h> 24#include <linux/netfilter/xt_LOG.h> 25#include <linux/netfilter_ipv6/ip6_tables.h> 26#include <net/netfilter/nf_log.h> 27 28static unsigned int 29log_tg(struct sk_buff *skb, const struct xt_action_param *par) 30{ 31 const struct xt_log_info *loginfo = par->targinfo; 32 struct net *net = xt_net(par); 33 struct nf_loginfo li; 34 35 li.type = NF_LOG_TYPE_LOG; 36 li.u.log.level = loginfo->level; 37 li.u.log.logflags = loginfo->logflags; 38 39 nf_log_packet(net, xt_family(par), xt_hooknum(par), skb, xt_in(par), 40 xt_out(par), &li, "%s", loginfo->prefix); 41 return XT_CONTINUE; 42} 43 44static int log_tg_check(const struct xt_tgchk_param *par) 45{ 46 const struct xt_log_info *loginfo = par->targinfo; 47 int ret; 48 49 if (par->family != NFPROTO_IPV4 && par->family != NFPROTO_IPV6) 50 return -EINVAL; 51 52 if (loginfo->level >= 8) { 53 pr_debug("level %u >= 8\n", loginfo->level); 54 return -EINVAL; 55 } 56 57 if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') { 58 pr_debug("prefix is not null-terminated\n"); 59 return -EINVAL; 60 } 61 62 ret = nf_logger_find_get(par->family, NF_LOG_TYPE_LOG); 63 if (ret != 0 && !par->nft_compat) { 64 request_module("%s", "nf_log_syslog"); 65 66 ret = nf_logger_find_get(par->family, NF_LOG_TYPE_LOG); 67 } 68 69 return ret; 70} 71 72static void log_tg_destroy(const struct xt_tgdtor_param *par) 73{ 74 nf_logger_put(par->family, NF_LOG_TYPE_LOG); 75} 76 77static struct xt_target log_tg_regs[] __read_mostly = { 78 { 79 .name = "LOG", 80 .family = NFPROTO_IPV4, 81 .target = log_tg, 82 .targetsize = sizeof(struct xt_log_info), 83 .checkentry = log_tg_check, 84 .destroy = log_tg_destroy, 85 .me = THIS_MODULE, 86 }, 87#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) 88 { 89 .name = "LOG", 90 .family = NFPROTO_IPV6, 91 .target = log_tg, 92 .targetsize = sizeof(struct xt_log_info), 93 .checkentry = log_tg_check, 94 .destroy = log_tg_destroy, 95 .me = THIS_MODULE, 96 }, 97#endif 98}; 99 100static int __init log_tg_init(void) 101{ 102 return xt_register_targets(log_tg_regs, ARRAY_SIZE(log_tg_regs)); 103} 104 105static void __exit log_tg_exit(void) 106{ 107 xt_unregister_targets(log_tg_regs, ARRAY_SIZE(log_tg_regs)); 108} 109 110module_init(log_tg_init); 111module_exit(log_tg_exit); 112 113MODULE_LICENSE("GPL"); 114MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); 115MODULE_AUTHOR("Jan Rekorajski <baggins@pld.org.pl>"); 116MODULE_DESCRIPTION("Xtables: IPv4/IPv6 packet logging"); 117MODULE_ALIAS("ipt_LOG"); 118MODULE_ALIAS("ip6t_LOG"); 119MODULE_SOFTDEP("pre: nf_log_syslog");