cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

xt_LOG.c (2926B)


      1// SPDX-License-Identifier: GPL-2.0-only
      2/*
      3 * This is a module which is used for logging packets.
      4 */
      5
      6/* (C) 1999-2001 Paul `Rusty' Russell
      7 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
      8 */
      9
     10#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
     11#include <linux/module.h>
     12#include <linux/spinlock.h>
     13#include <linux/skbuff.h>
     14#include <linux/if_arp.h>
     15#include <linux/ip.h>
     16#include <net/ipv6.h>
     17#include <net/icmp.h>
     18#include <net/udp.h>
     19#include <net/tcp.h>
     20#include <net/route.h>
     21
     22#include <linux/netfilter.h>
     23#include <linux/netfilter/x_tables.h>
     24#include <linux/netfilter/xt_LOG.h>
     25#include <linux/netfilter_ipv6/ip6_tables.h>
     26#include <net/netfilter/nf_log.h>
     27
     28static unsigned int
     29log_tg(struct sk_buff *skb, const struct xt_action_param *par)
     30{
     31	const struct xt_log_info *loginfo = par->targinfo;
     32	struct net *net = xt_net(par);
     33	struct nf_loginfo li;
     34
     35	li.type = NF_LOG_TYPE_LOG;
     36	li.u.log.level = loginfo->level;
     37	li.u.log.logflags = loginfo->logflags;
     38
     39	nf_log_packet(net, xt_family(par), xt_hooknum(par), skb, xt_in(par),
     40		      xt_out(par), &li, "%s", loginfo->prefix);
     41	return XT_CONTINUE;
     42}
     43
     44static int log_tg_check(const struct xt_tgchk_param *par)
     45{
     46	const struct xt_log_info *loginfo = par->targinfo;
     47	int ret;
     48
     49	if (par->family != NFPROTO_IPV4 && par->family != NFPROTO_IPV6)
     50		return -EINVAL;
     51
     52	if (loginfo->level >= 8) {
     53		pr_debug("level %u >= 8\n", loginfo->level);
     54		return -EINVAL;
     55	}
     56
     57	if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
     58		pr_debug("prefix is not null-terminated\n");
     59		return -EINVAL;
     60	}
     61
     62	ret = nf_logger_find_get(par->family, NF_LOG_TYPE_LOG);
     63	if (ret != 0 && !par->nft_compat) {
     64		request_module("%s", "nf_log_syslog");
     65
     66		ret = nf_logger_find_get(par->family, NF_LOG_TYPE_LOG);
     67	}
     68
     69	return ret;
     70}
     71
     72static void log_tg_destroy(const struct xt_tgdtor_param *par)
     73{
     74	nf_logger_put(par->family, NF_LOG_TYPE_LOG);
     75}
     76
     77static struct xt_target log_tg_regs[] __read_mostly = {
     78	{
     79		.name		= "LOG",
     80		.family		= NFPROTO_IPV4,
     81		.target		= log_tg,
     82		.targetsize	= sizeof(struct xt_log_info),
     83		.checkentry	= log_tg_check,
     84		.destroy	= log_tg_destroy,
     85		.me		= THIS_MODULE,
     86	},
     87#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
     88	{
     89		.name		= "LOG",
     90		.family		= NFPROTO_IPV6,
     91		.target		= log_tg,
     92		.targetsize	= sizeof(struct xt_log_info),
     93		.checkentry	= log_tg_check,
     94		.destroy	= log_tg_destroy,
     95		.me		= THIS_MODULE,
     96	},
     97#endif
     98};
     99
    100static int __init log_tg_init(void)
    101{
    102	return xt_register_targets(log_tg_regs, ARRAY_SIZE(log_tg_regs));
    103}
    104
    105static void __exit log_tg_exit(void)
    106{
    107	xt_unregister_targets(log_tg_regs, ARRAY_SIZE(log_tg_regs));
    108}
    109
    110module_init(log_tg_init);
    111module_exit(log_tg_exit);
    112
    113MODULE_LICENSE("GPL");
    114MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
    115MODULE_AUTHOR("Jan Rekorajski <baggins@pld.org.pl>");
    116MODULE_DESCRIPTION("Xtables: IPv4/IPv6 packet logging");
    117MODULE_ALIAS("ipt_LOG");
    118MODULE_ALIAS("ip6t_LOG");
    119MODULE_SOFTDEP("pre: nf_log_syslog");