1 // SPDX-License-Identifier: GPL-2.0-only
2 /* (C) 1999-2001 Paul `Rusty' Russell
3 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
6 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
8 #include <linux/kernel.h>
9 #include <linux/module.h>
10 #include <linux/spinlock.h>
11 #include <linux/skbuff.h>
12 #include <linux/if_arp.h>
18 #include <net/route.h>
20 #include <linux/netfilter.h>
21 #include <linux/netfilter_bridge.h>
22 #include <linux/netfilter_ipv6.h>
23 #include <linux/netfilter/xt_LOG.h>
24 #include <net/netfilter/nf_log.h>
26 static const struct nf_loginfo default_loginfo = {
27 .type = NF_LOG_TYPE_LOG,
30 .level = LOGLEVEL_NOTICE,
31 .logflags = NF_LOG_DEFAULT_MASK,
37 unsigned char mac_src[ETH_ALEN];
38 unsigned char ip_src[4];
39 unsigned char mac_dst[ETH_ALEN];
40 unsigned char ip_dst[4];
43 static void nf_log_dump_vlan(struct nf_log_buf *m, const struct sk_buff *skb)
47 if (!skb_vlan_tag_present(skb))
50 vid = skb_vlan_tag_get(skb);
51 nf_log_buf_add(m, "VPROTO=%04x VID=%u ", ntohs(skb->vlan_proto), vid);
53 static void noinline_for_stack
54 dump_arp_packet(struct nf_log_buf *m,
55 const struct nf_loginfo *info,
56 const struct sk_buff *skb, unsigned int nhoff)
58 const struct arppayload *ap;
59 struct arppayload _arpp;
60 const struct arphdr *ah;
61 unsigned int logflags;
64 ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph);
66 nf_log_buf_add(m, "TRUNCATED");
70 if (info->type == NF_LOG_TYPE_LOG)
71 logflags = info->u.log.logflags;
73 logflags = NF_LOG_DEFAULT_MASK;
75 if (logflags & NF_LOG_MACDECODE) {
76 nf_log_buf_add(m, "MACSRC=%pM MACDST=%pM ",
77 eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest);
78 nf_log_dump_vlan(m, skb);
79 nf_log_buf_add(m, "MACPROTO=%04x ",
80 ntohs(eth_hdr(skb)->h_proto));
83 nf_log_buf_add(m, "ARP HTYPE=%d PTYPE=0x%04x OPCODE=%d",
84 ntohs(ah->ar_hrd), ntohs(ah->ar_pro), ntohs(ah->ar_op));
85 /* If it's for Ethernet and the lengths are OK, then log the ARP
88 if (ah->ar_hrd != htons(ARPHRD_ETHER) ||
89 ah->ar_hln != ETH_ALEN ||
90 ah->ar_pln != sizeof(__be32))
93 ap = skb_header_pointer(skb, sizeof(_arph), sizeof(_arpp), &_arpp);
95 nf_log_buf_add(m, " INCOMPLETE [%zu bytes]",
96 skb->len - sizeof(_arph));
99 nf_log_buf_add(m, " MACSRC=%pM IPSRC=%pI4 MACDST=%pM IPDST=%pI4",
100 ap->mac_src, ap->ip_src, ap->mac_dst, ap->ip_dst);
104 nf_log_dump_packet_common(struct nf_log_buf *m, u8 pf,
105 unsigned int hooknum, const struct sk_buff *skb,
106 const struct net_device *in,
107 const struct net_device *out,
108 const struct nf_loginfo *loginfo, const char *prefix)
110 const struct net_device *physoutdev __maybe_unused;
111 const struct net_device *physindev __maybe_unused;
113 nf_log_buf_add(m, KERN_SOH "%c%sIN=%s OUT=%s ",
114 '0' + loginfo->u.log.level, prefix,
116 out ? out->name : "");
117 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
118 physindev = nf_bridge_get_physindev(skb);
119 if (physindev && in != physindev)
120 nf_log_buf_add(m, "PHYSIN=%s ", physindev->name);
121 physoutdev = nf_bridge_get_physoutdev(skb);
122 if (physoutdev && out != physoutdev)
123 nf_log_buf_add(m, "PHYSOUT=%s ", physoutdev->name);
127 static void nf_log_arp_packet(struct net *net, u_int8_t pf,
128 unsigned int hooknum, const struct sk_buff *skb,
129 const struct net_device *in,
130 const struct net_device *out,
131 const struct nf_loginfo *loginfo,
134 struct nf_log_buf *m;
136 /* FIXME: Disabled from containers until syslog ns is supported */
137 if (!net_eq(net, &init_net) && !sysctl_nf_log_all_netns)
140 m = nf_log_buf_open();
143 loginfo = &default_loginfo;
145 nf_log_dump_packet_common(m, pf, hooknum, skb, in, out, loginfo,
147 dump_arp_packet(m, loginfo, skb, 0);
152 static struct nf_logger nf_arp_logger __read_mostly = {
153 .name = "nf_log_arp",
154 .type = NF_LOG_TYPE_LOG,
155 .logfn = nf_log_arp_packet,
159 static void nf_log_dump_sk_uid_gid(struct net *net, struct nf_log_buf *m,
162 if (!sk || !sk_fullsock(sk) || !net_eq(net, sock_net(sk)))
165 read_lock_bh(&sk->sk_callback_lock);
166 if (sk->sk_socket && sk->sk_socket->file) {
167 const struct cred *cred = sk->sk_socket->file->f_cred;
169 nf_log_buf_add(m, "UID=%u GID=%u ",
170 from_kuid_munged(&init_user_ns, cred->fsuid),
171 from_kgid_munged(&init_user_ns, cred->fsgid));
173 read_unlock_bh(&sk->sk_callback_lock);
176 static noinline_for_stack int
177 nf_log_dump_tcp_header(struct nf_log_buf *m,
178 const struct sk_buff *skb,
179 u8 proto, int fragment,
181 unsigned int logflags)
184 const struct tcphdr *th;
186 /* Max length: 10 "PROTO=TCP " */
187 nf_log_buf_add(m, "PROTO=TCP ");
192 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
193 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
195 nf_log_buf_add(m, "INCOMPLETE [%u bytes] ", skb->len - offset);
199 /* Max length: 20 "SPT=65535 DPT=65535 " */
200 nf_log_buf_add(m, "SPT=%u DPT=%u ",
201 ntohs(th->source), ntohs(th->dest));
202 /* Max length: 30 "SEQ=4294967295 ACK=4294967295 " */
203 if (logflags & NF_LOG_TCPSEQ) {
204 nf_log_buf_add(m, "SEQ=%u ACK=%u ",
205 ntohl(th->seq), ntohl(th->ack_seq));
208 /* Max length: 13 "WINDOW=65535 " */
209 nf_log_buf_add(m, "WINDOW=%u ", ntohs(th->window));
210 /* Max length: 9 "RES=0x3C " */
211 nf_log_buf_add(m, "RES=0x%02x ", (u_int8_t)(ntohl(tcp_flag_word(th) &
212 TCP_RESERVED_BITS) >> 22));
213 /* Max length: 32 "CWR ECE URG ACK PSH RST SYN FIN " */
215 nf_log_buf_add(m, "CWR ");
217 nf_log_buf_add(m, "ECE ");
219 nf_log_buf_add(m, "URG ");
221 nf_log_buf_add(m, "ACK ");
223 nf_log_buf_add(m, "PSH ");
225 nf_log_buf_add(m, "RST ");
227 nf_log_buf_add(m, "SYN ");
229 nf_log_buf_add(m, "FIN ");
230 /* Max length: 11 "URGP=65535 " */
231 nf_log_buf_add(m, "URGP=%u ", ntohs(th->urg_ptr));
233 if ((logflags & NF_LOG_TCPOPT) && th->doff * 4 > sizeof(struct tcphdr)) {
234 unsigned int optsize = th->doff * 4 - sizeof(struct tcphdr);
235 u8 _opt[60 - sizeof(struct tcphdr)];
239 op = skb_header_pointer(skb, offset + sizeof(struct tcphdr),
242 nf_log_buf_add(m, "OPT (TRUNCATED)");
246 /* Max length: 127 "OPT (" 15*4*2chars ") " */
247 nf_log_buf_add(m, "OPT (");
248 for (i = 0; i < optsize; i++)
249 nf_log_buf_add(m, "%02X", op[i]);
251 nf_log_buf_add(m, ") ");
257 static noinline_for_stack int
258 nf_log_dump_udp_header(struct nf_log_buf *m,
259 const struct sk_buff *skb,
260 u8 proto, int fragment,
264 const struct udphdr *uh;
266 if (proto == IPPROTO_UDP)
267 /* Max length: 10 "PROTO=UDP " */
268 nf_log_buf_add(m, "PROTO=UDP ");
269 else /* Max length: 14 "PROTO=UDPLITE " */
270 nf_log_buf_add(m, "PROTO=UDPLITE ");
275 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
276 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
278 nf_log_buf_add(m, "INCOMPLETE [%u bytes] ", skb->len - offset);
283 /* Max length: 20 "SPT=65535 DPT=65535 " */
284 nf_log_buf_add(m, "SPT=%u DPT=%u LEN=%u ",
285 ntohs(uh->source), ntohs(uh->dest), ntohs(uh->len));
291 /* One level of recursion won't kill us */
292 static noinline_for_stack void
293 dump_ipv4_packet(struct net *net, struct nf_log_buf *m,
294 const struct nf_loginfo *info,
295 const struct sk_buff *skb, unsigned int iphoff)
297 const struct iphdr *ih;
298 unsigned int logflags;
301 if (info->type == NF_LOG_TYPE_LOG)
302 logflags = info->u.log.logflags;
304 logflags = NF_LOG_DEFAULT_MASK;
306 ih = skb_header_pointer(skb, iphoff, sizeof(_iph), &_iph);
308 nf_log_buf_add(m, "TRUNCATED");
313 * TOS, len, DF/MF, fragment offset, TTL, src, dst, options.
314 * Max length: 40 "SRC=255.255.255.255 DST=255.255.255.255 "
316 nf_log_buf_add(m, "SRC=%pI4 DST=%pI4 ", &ih->saddr, &ih->daddr);
318 /* Max length: 46 "LEN=65535 TOS=0xFF PREC=0xFF TTL=255 ID=65535 " */
319 nf_log_buf_add(m, "LEN=%u TOS=0x%02X PREC=0x%02X TTL=%u ID=%u ",
320 ntohs(ih->tot_len), ih->tos & IPTOS_TOS_MASK,
321 ih->tos & IPTOS_PREC_MASK, ih->ttl, ntohs(ih->id));
323 /* Max length: 6 "CE DF MF " */
324 if (ntohs(ih->frag_off) & IP_CE)
325 nf_log_buf_add(m, "CE ");
326 if (ntohs(ih->frag_off) & IP_DF)
327 nf_log_buf_add(m, "DF ");
328 if (ntohs(ih->frag_off) & IP_MF)
329 nf_log_buf_add(m, "MF ");
331 /* Max length: 11 "FRAG:65535 " */
332 if (ntohs(ih->frag_off) & IP_OFFSET)
333 nf_log_buf_add(m, "FRAG:%u ", ntohs(ih->frag_off) & IP_OFFSET);
335 if ((logflags & NF_LOG_IPOPT) &&
336 ih->ihl * 4 > sizeof(struct iphdr)) {
337 unsigned char _opt[4 * 15 - sizeof(struct iphdr)];
338 const unsigned char *op;
339 unsigned int i, optsize;
341 optsize = ih->ihl * 4 - sizeof(struct iphdr);
342 op = skb_header_pointer(skb, iphoff + sizeof(_iph),
345 nf_log_buf_add(m, "TRUNCATED");
349 /* Max length: 127 "OPT (" 15*4*2chars ") " */
350 nf_log_buf_add(m, "OPT (");
351 for (i = 0; i < optsize; i++)
352 nf_log_buf_add(m, "%02X", op[i]);
353 nf_log_buf_add(m, ") ");
356 switch (ih->protocol) {
358 if (nf_log_dump_tcp_header(m, skb, ih->protocol,
359 ntohs(ih->frag_off) & IP_OFFSET,
360 iphoff + ih->ihl * 4, logflags))
364 case IPPROTO_UDPLITE:
365 if (nf_log_dump_udp_header(m, skb, ih->protocol,
366 ntohs(ih->frag_off) & IP_OFFSET,
367 iphoff + ih->ihl * 4))
371 static const size_t required_len[NR_ICMP_TYPES + 1] = {
372 [ICMP_ECHOREPLY] = 4,
373 [ICMP_DEST_UNREACH] = 8 + sizeof(struct iphdr),
374 [ICMP_SOURCE_QUENCH] = 8 + sizeof(struct iphdr),
375 [ICMP_REDIRECT] = 8 + sizeof(struct iphdr),
377 [ICMP_TIME_EXCEEDED] = 8 + sizeof(struct iphdr),
378 [ICMP_PARAMETERPROB] = 8 + sizeof(struct iphdr),
379 [ICMP_TIMESTAMP] = 20,
380 [ICMP_TIMESTAMPREPLY] = 20,
382 [ICMP_ADDRESSREPLY] = 12 };
383 const struct icmphdr *ich;
384 struct icmphdr _icmph;
386 /* Max length: 11 "PROTO=ICMP " */
387 nf_log_buf_add(m, "PROTO=ICMP ");
389 if (ntohs(ih->frag_off) & IP_OFFSET)
392 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
393 ich = skb_header_pointer(skb, iphoff + ih->ihl * 4,
394 sizeof(_icmph), &_icmph);
396 nf_log_buf_add(m, "INCOMPLETE [%u bytes] ",
397 skb->len - iphoff - ih->ihl * 4);
401 /* Max length: 18 "TYPE=255 CODE=255 " */
402 nf_log_buf_add(m, "TYPE=%u CODE=%u ", ich->type, ich->code);
404 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
405 if (ich->type <= NR_ICMP_TYPES &&
406 required_len[ich->type] &&
407 skb->len - iphoff - ih->ihl * 4 < required_len[ich->type]) {
408 nf_log_buf_add(m, "INCOMPLETE [%u bytes] ",
409 skb->len - iphoff - ih->ihl * 4);
416 /* Max length: 19 "ID=65535 SEQ=65535 " */
417 nf_log_buf_add(m, "ID=%u SEQ=%u ",
418 ntohs(ich->un.echo.id),
419 ntohs(ich->un.echo.sequence));
422 case ICMP_PARAMETERPROB:
423 /* Max length: 14 "PARAMETER=255 " */
424 nf_log_buf_add(m, "PARAMETER=%u ",
425 ntohl(ich->un.gateway) >> 24);
428 /* Max length: 24 "GATEWAY=255.255.255.255 " */
429 nf_log_buf_add(m, "GATEWAY=%pI4 ", &ich->un.gateway);
431 case ICMP_DEST_UNREACH:
432 case ICMP_SOURCE_QUENCH:
433 case ICMP_TIME_EXCEEDED:
434 /* Max length: 3+maxlen */
435 if (!iphoff) { /* Only recurse once. */
436 nf_log_buf_add(m, "[");
437 dump_ipv4_packet(net, m, info, skb,
438 iphoff + ih->ihl * 4 + sizeof(_icmph));
439 nf_log_buf_add(m, "] ");
442 /* Max length: 10 "MTU=65535 " */
443 if (ich->type == ICMP_DEST_UNREACH &&
444 ich->code == ICMP_FRAG_NEEDED) {
445 nf_log_buf_add(m, "MTU=%u ",
446 ntohs(ich->un.frag.mtu));
453 const struct ip_auth_hdr *ah;
454 struct ip_auth_hdr _ahdr;
456 if (ntohs(ih->frag_off) & IP_OFFSET)
459 /* Max length: 9 "PROTO=AH " */
460 nf_log_buf_add(m, "PROTO=AH ");
462 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
463 ah = skb_header_pointer(skb, iphoff + ih->ihl * 4,
464 sizeof(_ahdr), &_ahdr);
466 nf_log_buf_add(m, "INCOMPLETE [%u bytes] ",
467 skb->len - iphoff - ih->ihl * 4);
471 /* Length: 15 "SPI=0xF1234567 " */
472 nf_log_buf_add(m, "SPI=0x%x ", ntohl(ah->spi));
476 const struct ip_esp_hdr *eh;
477 struct ip_esp_hdr _esph;
479 /* Max length: 10 "PROTO=ESP " */
480 nf_log_buf_add(m, "PROTO=ESP ");
482 if (ntohs(ih->frag_off) & IP_OFFSET)
485 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
486 eh = skb_header_pointer(skb, iphoff + ih->ihl * 4,
487 sizeof(_esph), &_esph);
489 nf_log_buf_add(m, "INCOMPLETE [%u bytes] ",
490 skb->len - iphoff - ih->ihl * 4);
494 /* Length: 15 "SPI=0xF1234567 " */
495 nf_log_buf_add(m, "SPI=0x%x ", ntohl(eh->spi));
498 /* Max length: 10 "PROTO 255 " */
500 nf_log_buf_add(m, "PROTO=%u ", ih->protocol);
503 /* Max length: 15 "UID=4294967295 " */
504 if ((logflags & NF_LOG_UID) && !iphoff)
505 nf_log_dump_sk_uid_gid(net, m, skb->sk);
507 /* Max length: 16 "MARK=0xFFFFFFFF " */
508 if (!iphoff && skb->mark)
509 nf_log_buf_add(m, "MARK=0x%x ", skb->mark);
511 /* Proto Max log string length */
512 /* IP: 40+46+6+11+127 = 230 */
513 /* TCP: 10+max(25,20+30+13+9+32+11+127) = 252 */
514 /* UDP: 10+max(25,20) = 35 */
515 /* UDPLITE: 14+max(25,20) = 39 */
516 /* ICMP: 11+max(25, 18+25+max(19,14,24+3+n+10,3+n+10)) = 91+n */
517 /* ESP: 10+max(25)+15 = 50 */
518 /* AH: 9+max(25)+15 = 49 */
521 /* (ICMP allows recursion one level deep) */
522 /* maxlen = IP + ICMP + IP + max(TCP,UDP,ICMP,unknown) */
523 /* maxlen = 230+ 91 + 230 + 252 = 803 */
526 static noinline_for_stack void
527 dump_ipv6_packet(struct net *net, struct nf_log_buf *m,
528 const struct nf_loginfo *info,
529 const struct sk_buff *skb, unsigned int ip6hoff,
532 const struct ipv6hdr *ih;
533 unsigned int hdrlen = 0;
534 unsigned int logflags;
535 struct ipv6hdr _ip6h;
540 if (info->type == NF_LOG_TYPE_LOG)
541 logflags = info->u.log.logflags;
543 logflags = NF_LOG_DEFAULT_MASK;
545 ih = skb_header_pointer(skb, ip6hoff, sizeof(_ip6h), &_ip6h);
547 nf_log_buf_add(m, "TRUNCATED");
551 /* Max length: 88 "SRC=0000.0000.0000.0000.0000.0000.0000.0000 DST=0000.0000.0000.0000.0000.0000.0000.0000 " */
552 nf_log_buf_add(m, "SRC=%pI6 DST=%pI6 ", &ih->saddr, &ih->daddr);
554 /* Max length: 44 "LEN=65535 TC=255 HOPLIMIT=255 FLOWLBL=FFFFF " */
555 nf_log_buf_add(m, "LEN=%zu TC=%u HOPLIMIT=%u FLOWLBL=%u ",
556 ntohs(ih->payload_len) + sizeof(struct ipv6hdr),
557 (ntohl(*(__be32 *)ih) & 0x0ff00000) >> 20,
559 (ntohl(*(__be32 *)ih) & 0x000fffff));
562 ptr = ip6hoff + sizeof(struct ipv6hdr);
563 currenthdr = ih->nexthdr;
564 while (currenthdr != NEXTHDR_NONE && nf_ip6_ext_hdr(currenthdr)) {
565 struct ipv6_opt_hdr _hdr;
566 const struct ipv6_opt_hdr *hp;
568 hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
570 nf_log_buf_add(m, "TRUNCATED");
574 /* Max length: 48 "OPT (...) " */
575 if (logflags & NF_LOG_IPOPT)
576 nf_log_buf_add(m, "OPT ( ");
578 switch (currenthdr) {
579 case IPPROTO_FRAGMENT: {
580 struct frag_hdr _fhdr;
581 const struct frag_hdr *fh;
583 nf_log_buf_add(m, "FRAG:");
584 fh = skb_header_pointer(skb, ptr, sizeof(_fhdr),
587 nf_log_buf_add(m, "TRUNCATED ");
591 /* Max length: 6 "65535 " */
592 nf_log_buf_add(m, "%u ", ntohs(fh->frag_off) & 0xFFF8);
594 /* Max length: 11 "INCOMPLETE " */
595 if (fh->frag_off & htons(0x0001))
596 nf_log_buf_add(m, "INCOMPLETE ");
598 nf_log_buf_add(m, "ID:%08x ",
599 ntohl(fh->identification));
601 if (ntohs(fh->frag_off) & 0xFFF8)
607 case IPPROTO_DSTOPTS:
608 case IPPROTO_ROUTING:
609 case IPPROTO_HOPOPTS:
611 if (logflags & NF_LOG_IPOPT)
612 nf_log_buf_add(m, ")");
615 hdrlen = ipv6_optlen(hp);
619 if (logflags & NF_LOG_IPOPT) {
620 struct ip_auth_hdr _ahdr;
621 const struct ip_auth_hdr *ah;
623 /* Max length: 3 "AH " */
624 nf_log_buf_add(m, "AH ");
627 nf_log_buf_add(m, ")");
631 ah = skb_header_pointer(skb, ptr, sizeof(_ahdr),
634 /* Max length: 26 "INCOMPLETE [65535 bytes] )" */
635 nf_log_buf_add(m, "INCOMPLETE [%u bytes] )",
640 /* Length: 15 "SPI=0xF1234567 */
641 nf_log_buf_add(m, "SPI=0x%x ", ntohl(ah->spi));
644 hdrlen = ipv6_authlen(hp);
647 if (logflags & NF_LOG_IPOPT) {
648 struct ip_esp_hdr _esph;
649 const struct ip_esp_hdr *eh;
651 /* Max length: 4 "ESP " */
652 nf_log_buf_add(m, "ESP ");
655 nf_log_buf_add(m, ")");
659 /* Max length: 26 "INCOMPLETE [65535 bytes] )" */
660 eh = skb_header_pointer(skb, ptr, sizeof(_esph),
663 nf_log_buf_add(m, "INCOMPLETE [%u bytes] )",
668 /* Length: 16 "SPI=0xF1234567 )" */
669 nf_log_buf_add(m, "SPI=0x%x )",
674 /* Max length: 20 "Unknown Ext Hdr 255" */
675 nf_log_buf_add(m, "Unknown Ext Hdr %u", currenthdr);
678 if (logflags & NF_LOG_IPOPT)
679 nf_log_buf_add(m, ") ");
681 currenthdr = hp->nexthdr;
685 switch (currenthdr) {
687 if (nf_log_dump_tcp_header(m, skb, currenthdr, fragment,
692 case IPPROTO_UDPLITE:
693 if (nf_log_dump_udp_header(m, skb, currenthdr, fragment, ptr))
696 case IPPROTO_ICMPV6: {
697 struct icmp6hdr _icmp6h;
698 const struct icmp6hdr *ic;
700 /* Max length: 13 "PROTO=ICMPv6 " */
701 nf_log_buf_add(m, "PROTO=ICMPv6 ");
706 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
707 ic = skb_header_pointer(skb, ptr, sizeof(_icmp6h), &_icmp6h);
709 nf_log_buf_add(m, "INCOMPLETE [%u bytes] ",
714 /* Max length: 18 "TYPE=255 CODE=255 " */
715 nf_log_buf_add(m, "TYPE=%u CODE=%u ",
716 ic->icmp6_type, ic->icmp6_code);
718 switch (ic->icmp6_type) {
719 case ICMPV6_ECHO_REQUEST:
720 case ICMPV6_ECHO_REPLY:
721 /* Max length: 19 "ID=65535 SEQ=65535 " */
722 nf_log_buf_add(m, "ID=%u SEQ=%u ",
723 ntohs(ic->icmp6_identifier),
724 ntohs(ic->icmp6_sequence));
726 case ICMPV6_MGM_QUERY:
727 case ICMPV6_MGM_REPORT:
728 case ICMPV6_MGM_REDUCTION:
731 case ICMPV6_PARAMPROB:
732 /* Max length: 17 "POINTER=ffffffff " */
733 nf_log_buf_add(m, "POINTER=%08x ",
734 ntohl(ic->icmp6_pointer));
736 case ICMPV6_DEST_UNREACH:
737 case ICMPV6_PKT_TOOBIG:
738 case ICMPV6_TIME_EXCEED:
739 /* Max length: 3+maxlen */
741 nf_log_buf_add(m, "[");
742 dump_ipv6_packet(net, m, info, skb,
743 ptr + sizeof(_icmp6h), 0);
744 nf_log_buf_add(m, "] ");
747 /* Max length: 10 "MTU=65535 " */
748 if (ic->icmp6_type == ICMPV6_PKT_TOOBIG) {
749 nf_log_buf_add(m, "MTU=%u ",
750 ntohl(ic->icmp6_mtu));
755 /* Max length: 10 "PROTO=255 " */
757 nf_log_buf_add(m, "PROTO=%u ", currenthdr);
760 /* Max length: 15 "UID=4294967295 " */
761 if ((logflags & NF_LOG_UID) && recurse)
762 nf_log_dump_sk_uid_gid(net, m, skb->sk);
764 /* Max length: 16 "MARK=0xFFFFFFFF " */
765 if (recurse && skb->mark)
766 nf_log_buf_add(m, "MARK=0x%x ", skb->mark);
769 static void dump_ipv4_mac_header(struct nf_log_buf *m,
770 const struct nf_loginfo *info,
771 const struct sk_buff *skb)
773 struct net_device *dev = skb->dev;
774 unsigned int logflags = 0;
776 if (info->type == NF_LOG_TYPE_LOG)
777 logflags = info->u.log.logflags;
779 if (!(logflags & NF_LOG_MACDECODE))
784 nf_log_buf_add(m, "MACSRC=%pM MACDST=%pM ",
785 eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest);
786 nf_log_dump_vlan(m, skb);
787 nf_log_buf_add(m, "MACPROTO=%04x ",
788 ntohs(eth_hdr(skb)->h_proto));
795 nf_log_buf_add(m, "MAC=");
796 if (dev->hard_header_len &&
797 skb->mac_header != skb->network_header) {
798 const unsigned char *p = skb_mac_header(skb);
801 nf_log_buf_add(m, "%02x", *p++);
802 for (i = 1; i < dev->hard_header_len; i++, p++)
803 nf_log_buf_add(m, ":%02x", *p);
805 nf_log_buf_add(m, " ");
808 static void nf_log_ip_packet(struct net *net, u_int8_t pf,
809 unsigned int hooknum, const struct sk_buff *skb,
810 const struct net_device *in,
811 const struct net_device *out,
812 const struct nf_loginfo *loginfo,
815 struct nf_log_buf *m;
817 /* FIXME: Disabled from containers until syslog ns is supported */
818 if (!net_eq(net, &init_net) && !sysctl_nf_log_all_netns)
821 m = nf_log_buf_open();
824 loginfo = &default_loginfo;
826 nf_log_dump_packet_common(m, pf, hooknum, skb, in,
827 out, loginfo, prefix);
830 dump_ipv4_mac_header(m, loginfo, skb);
832 dump_ipv4_packet(net, m, loginfo, skb, 0);
837 static struct nf_logger nf_ip_logger __read_mostly = {
838 .name = "nf_log_ipv4",
839 .type = NF_LOG_TYPE_LOG,
840 .logfn = nf_log_ip_packet,
844 static void dump_ipv6_mac_header(struct nf_log_buf *m,
845 const struct nf_loginfo *info,
846 const struct sk_buff *skb)
848 struct net_device *dev = skb->dev;
849 unsigned int logflags = 0;
851 if (info->type == NF_LOG_TYPE_LOG)
852 logflags = info->u.log.logflags;
854 if (!(logflags & NF_LOG_MACDECODE))
859 nf_log_buf_add(m, "MACSRC=%pM MACDST=%pM ",
860 eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest);
861 nf_log_dump_vlan(m, skb);
862 nf_log_buf_add(m, "MACPROTO=%04x ",
863 ntohs(eth_hdr(skb)->h_proto));
870 nf_log_buf_add(m, "MAC=");
871 if (dev->hard_header_len &&
872 skb->mac_header != skb->network_header) {
873 const unsigned char *p = skb_mac_header(skb);
874 unsigned int len = dev->hard_header_len;
877 if (dev->type == ARPHRD_SIT) {
885 nf_log_buf_add(m, "%02x", *p++);
886 for (i = 1; i < len; i++)
887 nf_log_buf_add(m, ":%02x", *p++);
889 nf_log_buf_add(m, " ");
891 if (dev->type == ARPHRD_SIT) {
892 const struct iphdr *iph =
893 (struct iphdr *)skb_mac_header(skb);
894 nf_log_buf_add(m, "TUNNEL=%pI4->%pI4 ", &iph->saddr,
898 nf_log_buf_add(m, " ");
902 static void nf_log_ip6_packet(struct net *net, u_int8_t pf,
903 unsigned int hooknum, const struct sk_buff *skb,
904 const struct net_device *in,
905 const struct net_device *out,
906 const struct nf_loginfo *loginfo,
909 struct nf_log_buf *m;
911 /* FIXME: Disabled from containers until syslog ns is supported */
912 if (!net_eq(net, &init_net) && !sysctl_nf_log_all_netns)
915 m = nf_log_buf_open();
918 loginfo = &default_loginfo;
920 nf_log_dump_packet_common(m, pf, hooknum, skb, in, out,
924 dump_ipv6_mac_header(m, loginfo, skb);
926 dump_ipv6_packet(net, m, loginfo, skb, skb_network_offset(skb), 1);
931 static struct nf_logger nf_ip6_logger __read_mostly = {
932 .name = "nf_log_ipv6",
933 .type = NF_LOG_TYPE_LOG,
934 .logfn = nf_log_ip6_packet,
938 static void nf_log_netdev_packet(struct net *net, u_int8_t pf,
939 unsigned int hooknum,
940 const struct sk_buff *skb,
941 const struct net_device *in,
942 const struct net_device *out,
943 const struct nf_loginfo *loginfo,
946 switch (skb->protocol) {
947 case htons(ETH_P_IP):
948 nf_log_ip_packet(net, pf, hooknum, skb, in, out, loginfo, prefix);
950 case htons(ETH_P_IPV6):
951 nf_log_ip6_packet(net, pf, hooknum, skb, in, out, loginfo, prefix);
953 case htons(ETH_P_ARP):
954 case htons(ETH_P_RARP):
955 nf_log_arp_packet(net, pf, hooknum, skb, in, out, loginfo, prefix);
960 static struct nf_logger nf_netdev_logger __read_mostly = {
961 .name = "nf_log_netdev",
962 .type = NF_LOG_TYPE_LOG,
963 .logfn = nf_log_netdev_packet,
967 static struct nf_logger nf_bridge_logger __read_mostly = {
968 .name = "nf_log_bridge",
969 .type = NF_LOG_TYPE_LOG,
970 .logfn = nf_log_netdev_packet,
974 static int __net_init nf_log_syslog_net_init(struct net *net)
976 int ret = nf_log_set(net, NFPROTO_IPV4, &nf_ip_logger);
981 ret = nf_log_set(net, NFPROTO_ARP, &nf_arp_logger);
985 ret = nf_log_set(net, NFPROTO_IPV6, &nf_ip6_logger);
989 ret = nf_log_set(net, NFPROTO_NETDEV, &nf_netdev_logger);
993 ret = nf_log_set(net, NFPROTO_BRIDGE, &nf_bridge_logger);
998 nf_log_unset(net, &nf_netdev_logger);
1000 nf_log_unset(net, &nf_ip6_logger);
1002 nf_log_unset(net, &nf_arp_logger);
1004 nf_log_unset(net, &nf_ip_logger);
1008 static void __net_exit nf_log_syslog_net_exit(struct net *net)
1010 nf_log_unset(net, &nf_ip_logger);
1011 nf_log_unset(net, &nf_arp_logger);
1012 nf_log_unset(net, &nf_ip6_logger);
1013 nf_log_unset(net, &nf_netdev_logger);
1014 nf_log_unset(net, &nf_bridge_logger);
1017 static struct pernet_operations nf_log_syslog_net_ops = {
1018 .init = nf_log_syslog_net_init,
1019 .exit = nf_log_syslog_net_exit,
1022 static int __init nf_log_syslog_init(void)
1026 ret = register_pernet_subsys(&nf_log_syslog_net_ops);
1030 ret = nf_log_register(NFPROTO_IPV4, &nf_ip_logger);
1034 ret = nf_log_register(NFPROTO_ARP, &nf_arp_logger);
1038 ret = nf_log_register(NFPROTO_IPV6, &nf_ip6_logger);
1042 ret = nf_log_register(NFPROTO_NETDEV, &nf_netdev_logger);
1046 ret = nf_log_register(NFPROTO_BRIDGE, &nf_bridge_logger);
1052 nf_log_unregister(&nf_netdev_logger);
1054 nf_log_unregister(&nf_ip6_logger);
1056 nf_log_unregister(&nf_arp_logger);
1058 nf_log_unregister(&nf_ip_logger);
1060 pr_err("failed to register logger\n");
1061 unregister_pernet_subsys(&nf_log_syslog_net_ops);
1065 static void __exit nf_log_syslog_exit(void)
1067 unregister_pernet_subsys(&nf_log_syslog_net_ops);
1068 nf_log_unregister(&nf_ip_logger);
1069 nf_log_unregister(&nf_arp_logger);
1070 nf_log_unregister(&nf_ip6_logger);
1071 nf_log_unregister(&nf_netdev_logger);
1072 nf_log_unregister(&nf_bridge_logger);
1075 module_init(nf_log_syslog_init);
1076 module_exit(nf_log_syslog_exit);
1078 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
1079 MODULE_DESCRIPTION("Netfilter syslog packet logging");
1080 MODULE_LICENSE("GPL");
1081 MODULE_ALIAS("nf_log_arp");
1082 MODULE_ALIAS("nf_log_bridge");
1083 MODULE_ALIAS("nf_log_ipv4");
1084 MODULE_ALIAS("nf_log_ipv6");
1085 MODULE_ALIAS("nf_log_netdev");
1086 MODULE_ALIAS_NF_LOGGER(AF_BRIDGE, 0);
1087 MODULE_ALIAS_NF_LOGGER(AF_INET, 0);
1088 MODULE_ALIAS_NF_LOGGER(3, 0);
1089 MODULE_ALIAS_NF_LOGGER(5, 0); /* NFPROTO_NETDEV */
1090 MODULE_ALIAS_NF_LOGGER(AF_INET6, 0);
projects / linux-2.6-microblaze.git / blob