2 * This is a module which is used for logging packets.
5 /* (C) 1999-2001 Paul `Rusty' Russell
6 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14 #include <linux/module.h>
15 #include <linux/spinlock.h>
16 #include <linux/skbuff.h>
17 #include <linux/if_arp.h>
23 #include <net/route.h>
25 #include <linux/netfilter.h>
26 #include <linux/netfilter/x_tables.h>
27 #include <linux/netfilter/xt_LOG.h>
28 #include <linux/netfilter_ipv6/ip6_tables.h>
29 #include <net/netfilter/nf_log.h>
30 #include <net/netfilter/xt_log.h>
32 static struct nf_loginfo default_loginfo = {
33 .type = NF_LOG_TYPE_LOG,
37 .logflags = NF_LOG_MASK,
42 static int dump_udp_header(struct sbuff *m, const struct sk_buff *skb,
43 u8 proto, int fragment, unsigned int offset)
46 const struct udphdr *uh;
48 if (proto == IPPROTO_UDP)
49 /* Max length: 10 "PROTO=UDP " */
50 sb_add(m, "PROTO=UDP ");
51 else /* Max length: 14 "PROTO=UDPLITE " */
52 sb_add(m, "PROTO=UDPLITE ");
57 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
58 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
60 sb_add(m, "INCOMPLETE [%u bytes] ", skb->len - offset);
65 /* Max length: 20 "SPT=65535 DPT=65535 " */
66 sb_add(m, "SPT=%u DPT=%u LEN=%u ", ntohs(uh->source), ntohs(uh->dest),
73 static int dump_tcp_header(struct sbuff *m, const struct sk_buff *skb,
74 u8 proto, int fragment, unsigned int offset,
75 unsigned int logflags)
78 const struct tcphdr *th;
80 /* Max length: 10 "PROTO=TCP " */
81 sb_add(m, "PROTO=TCP ");
86 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
87 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
89 sb_add(m, "INCOMPLETE [%u bytes] ", skb->len - offset);
93 /* Max length: 20 "SPT=65535 DPT=65535 " */
94 sb_add(m, "SPT=%u DPT=%u ", ntohs(th->source), ntohs(th->dest));
95 /* Max length: 30 "SEQ=4294967295 ACK=4294967295 " */
96 if (logflags & XT_LOG_TCPSEQ)
97 sb_add(m, "SEQ=%u ACK=%u ", ntohl(th->seq), ntohl(th->ack_seq));
99 /* Max length: 13 "WINDOW=65535 " */
100 sb_add(m, "WINDOW=%u ", ntohs(th->window));
101 /* Max length: 9 "RES=0x3C " */
102 sb_add(m, "RES=0x%02x ", (u_int8_t)(ntohl(tcp_flag_word(th) &
103 TCP_RESERVED_BITS) >> 22));
104 /* Max length: 32 "CWR ECE URG ACK PSH RST SYN FIN " */
121 /* Max length: 11 "URGP=65535 " */
122 sb_add(m, "URGP=%u ", ntohs(th->urg_ptr));
124 if ((logflags & XT_LOG_TCPOPT) && th->doff*4 > sizeof(struct tcphdr)) {
125 u_int8_t _opt[60 - sizeof(struct tcphdr)];
128 unsigned int optsize = th->doff*4 - sizeof(struct tcphdr);
130 op = skb_header_pointer(skb, offset + sizeof(struct tcphdr),
133 sb_add(m, "OPT (TRUNCATED)");
137 /* Max length: 127 "OPT (" 15*4*2chars ") " */
139 for (i = 0; i < optsize; i++)
140 sb_add(m, "%02X", op[i]);
148 static void dump_sk_uid_gid(struct sbuff *m, struct sock *sk)
150 if (!sk || sk->sk_state == TCP_TIME_WAIT)
153 read_lock_bh(&sk->sk_callback_lock);
154 if (sk->sk_socket && sk->sk_socket->file)
155 sb_add(m, "UID=%u GID=%u ",
156 sk->sk_socket->file->f_cred->fsuid,
157 sk->sk_socket->file->f_cred->fsgid);
158 read_unlock_bh(&sk->sk_callback_lock);
161 /* One level of recursion won't kill us */
162 static void dump_ipv4_packet(struct sbuff *m,
163 const struct nf_loginfo *info,
164 const struct sk_buff *skb,
168 const struct iphdr *ih;
169 unsigned int logflags;
171 if (info->type == NF_LOG_TYPE_LOG)
172 logflags = info->u.log.logflags;
174 logflags = NF_LOG_MASK;
176 ih = skb_header_pointer(skb, iphoff, sizeof(_iph), &_iph);
178 sb_add(m, "TRUNCATED");
183 * TOS, len, DF/MF, fragment offset, TTL, src, dst, options. */
184 /* Max length: 40 "SRC=255.255.255.255 DST=255.255.255.255 " */
185 sb_add(m, "SRC=%pI4 DST=%pI4 ",
186 &ih->saddr, &ih->daddr);
188 /* Max length: 46 "LEN=65535 TOS=0xFF PREC=0xFF TTL=255 ID=65535 " */
189 sb_add(m, "LEN=%u TOS=0x%02X PREC=0x%02X TTL=%u ID=%u ",
190 ntohs(ih->tot_len), ih->tos & IPTOS_TOS_MASK,
191 ih->tos & IPTOS_PREC_MASK, ih->ttl, ntohs(ih->id));
193 /* Max length: 6 "CE DF MF " */
194 if (ntohs(ih->frag_off) & IP_CE)
196 if (ntohs(ih->frag_off) & IP_DF)
198 if (ntohs(ih->frag_off) & IP_MF)
201 /* Max length: 11 "FRAG:65535 " */
202 if (ntohs(ih->frag_off) & IP_OFFSET)
203 sb_add(m, "FRAG:%u ", ntohs(ih->frag_off) & IP_OFFSET);
205 if ((logflags & XT_LOG_IPOPT) &&
206 ih->ihl * 4 > sizeof(struct iphdr)) {
207 const unsigned char *op;
208 unsigned char _opt[4 * 15 - sizeof(struct iphdr)];
209 unsigned int i, optsize;
211 optsize = ih->ihl * 4 - sizeof(struct iphdr);
212 op = skb_header_pointer(skb, iphoff+sizeof(_iph),
215 sb_add(m, "TRUNCATED");
219 /* Max length: 127 "OPT (" 15*4*2chars ") " */
221 for (i = 0; i < optsize; i++)
222 sb_add(m, "%02X", op[i]);
226 switch (ih->protocol) {
228 if (dump_tcp_header(m, skb, ih->protocol,
229 ntohs(ih->frag_off) & IP_OFFSET,
230 iphoff+ih->ihl*4, logflags))
234 case IPPROTO_UDPLITE:
235 if (dump_udp_header(m, skb, ih->protocol,
236 ntohs(ih->frag_off) & IP_OFFSET,
241 struct icmphdr _icmph;
242 const struct icmphdr *ich;
243 static const size_t required_len[NR_ICMP_TYPES+1]
244 = { [ICMP_ECHOREPLY] = 4,
246 = 8 + sizeof(struct iphdr),
248 = 8 + sizeof(struct iphdr),
250 = 8 + sizeof(struct iphdr),
253 = 8 + sizeof(struct iphdr),
255 = 8 + sizeof(struct iphdr),
256 [ICMP_TIMESTAMP] = 20,
257 [ICMP_TIMESTAMPREPLY] = 20,
259 [ICMP_ADDRESSREPLY] = 12 };
261 /* Max length: 11 "PROTO=ICMP " */
262 sb_add(m, "PROTO=ICMP ");
264 if (ntohs(ih->frag_off) & IP_OFFSET)
267 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
268 ich = skb_header_pointer(skb, iphoff + ih->ihl * 4,
269 sizeof(_icmph), &_icmph);
271 sb_add(m, "INCOMPLETE [%u bytes] ",
272 skb->len - iphoff - ih->ihl*4);
276 /* Max length: 18 "TYPE=255 CODE=255 " */
277 sb_add(m, "TYPE=%u CODE=%u ", ich->type, ich->code);
279 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
280 if (ich->type <= NR_ICMP_TYPES &&
281 required_len[ich->type] &&
282 skb->len-iphoff-ih->ihl*4 < required_len[ich->type]) {
283 sb_add(m, "INCOMPLETE [%u bytes] ",
284 skb->len - iphoff - ih->ihl*4);
291 /* Max length: 19 "ID=65535 SEQ=65535 " */
292 sb_add(m, "ID=%u SEQ=%u ",
293 ntohs(ich->un.echo.id),
294 ntohs(ich->un.echo.sequence));
297 case ICMP_PARAMETERPROB:
298 /* Max length: 14 "PARAMETER=255 " */
299 sb_add(m, "PARAMETER=%u ",
300 ntohl(ich->un.gateway) >> 24);
303 /* Max length: 24 "GATEWAY=255.255.255.255 " */
304 sb_add(m, "GATEWAY=%pI4 ", &ich->un.gateway);
306 case ICMP_DEST_UNREACH:
307 case ICMP_SOURCE_QUENCH:
308 case ICMP_TIME_EXCEEDED:
309 /* Max length: 3+maxlen */
310 if (!iphoff) { /* Only recurse once. */
312 dump_ipv4_packet(m, info, skb,
313 iphoff + ih->ihl*4+sizeof(_icmph));
317 /* Max length: 10 "MTU=65535 " */
318 if (ich->type == ICMP_DEST_UNREACH &&
319 ich->code == ICMP_FRAG_NEEDED)
320 sb_add(m, "MTU=%u ", ntohs(ich->un.frag.mtu));
326 struct ip_auth_hdr _ahdr;
327 const struct ip_auth_hdr *ah;
329 if (ntohs(ih->frag_off) & IP_OFFSET)
332 /* Max length: 9 "PROTO=AH " */
333 sb_add(m, "PROTO=AH ");
335 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
336 ah = skb_header_pointer(skb, iphoff+ih->ihl*4,
337 sizeof(_ahdr), &_ahdr);
339 sb_add(m, "INCOMPLETE [%u bytes] ",
340 skb->len - iphoff - ih->ihl*4);
344 /* Length: 15 "SPI=0xF1234567 " */
345 sb_add(m, "SPI=0x%x ", ntohl(ah->spi));
349 struct ip_esp_hdr _esph;
350 const struct ip_esp_hdr *eh;
352 /* Max length: 10 "PROTO=ESP " */
353 sb_add(m, "PROTO=ESP ");
355 if (ntohs(ih->frag_off) & IP_OFFSET)
358 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
359 eh = skb_header_pointer(skb, iphoff+ih->ihl*4,
360 sizeof(_esph), &_esph);
362 sb_add(m, "INCOMPLETE [%u bytes] ",
363 skb->len - iphoff - ih->ihl*4);
367 /* Length: 15 "SPI=0xF1234567 " */
368 sb_add(m, "SPI=0x%x ", ntohl(eh->spi));
371 /* Max length: 10 "PROTO 255 " */
373 sb_add(m, "PROTO=%u ", ih->protocol);
376 /* Max length: 15 "UID=4294967295 " */
377 if ((logflags & XT_LOG_UID) && !iphoff)
378 dump_sk_uid_gid(m, skb->sk);
380 /* Max length: 16 "MARK=0xFFFFFFFF " */
381 if (!iphoff && skb->mark)
382 sb_add(m, "MARK=0x%x ", skb->mark);
384 /* Proto Max log string length */
385 /* IP: 40+46+6+11+127 = 230 */
386 /* TCP: 10+max(25,20+30+13+9+32+11+127) = 252 */
387 /* UDP: 10+max(25,20) = 35 */
388 /* UDPLITE: 14+max(25,20) = 39 */
389 /* ICMP: 11+max(25, 18+25+max(19,14,24+3+n+10,3+n+10)) = 91+n */
390 /* ESP: 10+max(25)+15 = 50 */
391 /* AH: 9+max(25)+15 = 49 */
394 /* (ICMP allows recursion one level deep) */
395 /* maxlen = IP + ICMP + IP + max(TCP,UDP,ICMP,unknown) */
396 /* maxlen = 230+ 91 + 230 + 252 = 803 */
399 static void dump_ipv4_mac_header(struct sbuff *m,
400 const struct nf_loginfo *info,
401 const struct sk_buff *skb)
403 struct net_device *dev = skb->dev;
404 unsigned int logflags = 0;
406 if (info->type == NF_LOG_TYPE_LOG)
407 logflags = info->u.log.logflags;
409 if (!(logflags & XT_LOG_MACDECODE))
414 sb_add(m, "MACSRC=%pM MACDST=%pM MACPROTO=%04x ",
415 eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
416 ntohs(eth_hdr(skb)->h_proto));
424 if (dev->hard_header_len &&
425 skb->mac_header != skb->network_header) {
426 const unsigned char *p = skb_mac_header(skb);
429 sb_add(m, "%02x", *p++);
430 for (i = 1; i < dev->hard_header_len; i++, p++)
431 sb_add(m, ":%02x", *p);
437 log_packet_common(struct sbuff *m,
439 unsigned int hooknum,
440 const struct sk_buff *skb,
441 const struct net_device *in,
442 const struct net_device *out,
443 const struct nf_loginfo *loginfo,
446 sb_add(m, KERN_SOH "%c%sIN=%s OUT=%s ",
447 '0' + loginfo->u.log.level, prefix,
449 out ? out->name : "");
450 #ifdef CONFIG_BRIDGE_NETFILTER
451 if (skb->nf_bridge) {
452 const struct net_device *physindev;
453 const struct net_device *physoutdev;
455 physindev = skb->nf_bridge->physindev;
456 if (physindev && in != physindev)
457 sb_add(m, "PHYSIN=%s ", physindev->name);
458 physoutdev = skb->nf_bridge->physoutdev;
459 if (physoutdev && out != physoutdev)
460 sb_add(m, "PHYSOUT=%s ", physoutdev->name);
467 ipt_log_packet(u_int8_t pf,
468 unsigned int hooknum,
469 const struct sk_buff *skb,
470 const struct net_device *in,
471 const struct net_device *out,
472 const struct nf_loginfo *loginfo,
475 struct sbuff *m = sb_open();
478 loginfo = &default_loginfo;
480 log_packet_common(m, pf, hooknum, skb, in, out, loginfo, prefix);
483 dump_ipv4_mac_header(m, loginfo, skb);
485 dump_ipv4_packet(m, loginfo, skb, 0);
490 #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
491 /* One level of recursion won't kill us */
492 static void dump_ipv6_packet(struct sbuff *m,
493 const struct nf_loginfo *info,
494 const struct sk_buff *skb, unsigned int ip6hoff,
499 struct ipv6hdr _ip6h;
500 const struct ipv6hdr *ih;
502 unsigned int hdrlen = 0;
503 unsigned int logflags;
505 if (info->type == NF_LOG_TYPE_LOG)
506 logflags = info->u.log.logflags;
508 logflags = NF_LOG_MASK;
510 ih = skb_header_pointer(skb, ip6hoff, sizeof(_ip6h), &_ip6h);
512 sb_add(m, "TRUNCATED");
516 /* Max length: 88 "SRC=0000.0000.0000.0000.0000.0000.0000.0000 DST=0000.0000.0000.0000.0000.0000.0000.0000 " */
517 sb_add(m, "SRC=%pI6 DST=%pI6 ", &ih->saddr, &ih->daddr);
519 /* Max length: 44 "LEN=65535 TC=255 HOPLIMIT=255 FLOWLBL=FFFFF " */
520 sb_add(m, "LEN=%Zu TC=%u HOPLIMIT=%u FLOWLBL=%u ",
521 ntohs(ih->payload_len) + sizeof(struct ipv6hdr),
522 (ntohl(*(__be32 *)ih) & 0x0ff00000) >> 20,
524 (ntohl(*(__be32 *)ih) & 0x000fffff));
527 ptr = ip6hoff + sizeof(struct ipv6hdr);
528 currenthdr = ih->nexthdr;
529 while (currenthdr != NEXTHDR_NONE && ip6t_ext_hdr(currenthdr)) {
530 struct ipv6_opt_hdr _hdr;
531 const struct ipv6_opt_hdr *hp;
533 hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
535 sb_add(m, "TRUNCATED");
539 /* Max length: 48 "OPT (...) " */
540 if (logflags & XT_LOG_IPOPT)
543 switch (currenthdr) {
544 case IPPROTO_FRAGMENT: {
545 struct frag_hdr _fhdr;
546 const struct frag_hdr *fh;
549 fh = skb_header_pointer(skb, ptr, sizeof(_fhdr),
552 sb_add(m, "TRUNCATED ");
556 /* Max length: 6 "65535 " */
557 sb_add(m, "%u ", ntohs(fh->frag_off) & 0xFFF8);
559 /* Max length: 11 "INCOMPLETE " */
560 if (fh->frag_off & htons(0x0001))
561 sb_add(m, "INCOMPLETE ");
563 sb_add(m, "ID:%08x ", ntohl(fh->identification));
565 if (ntohs(fh->frag_off) & 0xFFF8)
572 case IPPROTO_DSTOPTS:
573 case IPPROTO_ROUTING:
574 case IPPROTO_HOPOPTS:
576 if (logflags & XT_LOG_IPOPT)
580 hdrlen = ipv6_optlen(hp);
584 if (logflags & XT_LOG_IPOPT) {
585 struct ip_auth_hdr _ahdr;
586 const struct ip_auth_hdr *ah;
588 /* Max length: 3 "AH " */
596 ah = skb_header_pointer(skb, ptr, sizeof(_ahdr),
600 * Max length: 26 "INCOMPLETE [65535
603 sb_add(m, "INCOMPLETE [%u bytes] )",
608 /* Length: 15 "SPI=0xF1234567 */
609 sb_add(m, "SPI=0x%x ", ntohl(ah->spi));
613 hdrlen = (hp->hdrlen+2)<<2;
616 if (logflags & XT_LOG_IPOPT) {
617 struct ip_esp_hdr _esph;
618 const struct ip_esp_hdr *eh;
620 /* Max length: 4 "ESP " */
629 * Max length: 26 "INCOMPLETE [65535 bytes] )"
631 eh = skb_header_pointer(skb, ptr, sizeof(_esph),
634 sb_add(m, "INCOMPLETE [%u bytes] )",
639 /* Length: 16 "SPI=0xF1234567 )" */
640 sb_add(m, "SPI=0x%x )", ntohl(eh->spi));
645 /* Max length: 20 "Unknown Ext Hdr 255" */
646 sb_add(m, "Unknown Ext Hdr %u", currenthdr);
649 if (logflags & XT_LOG_IPOPT)
652 currenthdr = hp->nexthdr;
656 switch (currenthdr) {
658 if (dump_tcp_header(m, skb, currenthdr, fragment, ptr,
663 case IPPROTO_UDPLITE:
664 if (dump_udp_header(m, skb, currenthdr, fragment, ptr))
667 case IPPROTO_ICMPV6: {
668 struct icmp6hdr _icmp6h;
669 const struct icmp6hdr *ic;
671 /* Max length: 13 "PROTO=ICMPv6 " */
672 sb_add(m, "PROTO=ICMPv6 ");
677 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
678 ic = skb_header_pointer(skb, ptr, sizeof(_icmp6h), &_icmp6h);
680 sb_add(m, "INCOMPLETE [%u bytes] ", skb->len - ptr);
684 /* Max length: 18 "TYPE=255 CODE=255 " */
685 sb_add(m, "TYPE=%u CODE=%u ", ic->icmp6_type, ic->icmp6_code);
687 switch (ic->icmp6_type) {
688 case ICMPV6_ECHO_REQUEST:
689 case ICMPV6_ECHO_REPLY:
690 /* Max length: 19 "ID=65535 SEQ=65535 " */
691 sb_add(m, "ID=%u SEQ=%u ",
692 ntohs(ic->icmp6_identifier),
693 ntohs(ic->icmp6_sequence));
695 case ICMPV6_MGM_QUERY:
696 case ICMPV6_MGM_REPORT:
697 case ICMPV6_MGM_REDUCTION:
700 case ICMPV6_PARAMPROB:
701 /* Max length: 17 "POINTER=ffffffff " */
702 sb_add(m, "POINTER=%08x ", ntohl(ic->icmp6_pointer));
704 case ICMPV6_DEST_UNREACH:
705 case ICMPV6_PKT_TOOBIG:
706 case ICMPV6_TIME_EXCEED:
707 /* Max length: 3+maxlen */
710 dump_ipv6_packet(m, info, skb,
711 ptr + sizeof(_icmp6h), 0);
715 /* Max length: 10 "MTU=65535 " */
716 if (ic->icmp6_type == ICMPV6_PKT_TOOBIG)
717 sb_add(m, "MTU=%u ", ntohl(ic->icmp6_mtu));
721 /* Max length: 10 "PROTO=255 " */
723 sb_add(m, "PROTO=%u ", currenthdr);
726 /* Max length: 15 "UID=4294967295 " */
727 if ((logflags & XT_LOG_UID) && recurse)
728 dump_sk_uid_gid(m, skb->sk);
730 /* Max length: 16 "MARK=0xFFFFFFFF " */
731 if (!recurse && skb->mark)
732 sb_add(m, "MARK=0x%x ", skb->mark);
735 static void dump_ipv6_mac_header(struct sbuff *m,
736 const struct nf_loginfo *info,
737 const struct sk_buff *skb)
739 struct net_device *dev = skb->dev;
740 unsigned int logflags = 0;
742 if (info->type == NF_LOG_TYPE_LOG)
743 logflags = info->u.log.logflags;
745 if (!(logflags & XT_LOG_MACDECODE))
750 sb_add(m, "MACSRC=%pM MACDST=%pM MACPROTO=%04x ",
751 eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
752 ntohs(eth_hdr(skb)->h_proto));
760 if (dev->hard_header_len &&
761 skb->mac_header != skb->network_header) {
762 const unsigned char *p = skb_mac_header(skb);
763 unsigned int len = dev->hard_header_len;
766 if (dev->type == ARPHRD_SIT) {
774 sb_add(m, "%02x", *p++);
775 for (i = 1; i < len; i++)
776 sb_add(m, ":%02x", *p++);
780 if (dev->type == ARPHRD_SIT) {
781 const struct iphdr *iph =
782 (struct iphdr *)skb_mac_header(skb);
783 sb_add(m, "TUNNEL=%pI4->%pI4 ", &iph->saddr,
791 ip6t_log_packet(u_int8_t pf,
792 unsigned int hooknum,
793 const struct sk_buff *skb,
794 const struct net_device *in,
795 const struct net_device *out,
796 const struct nf_loginfo *loginfo,
799 struct sbuff *m = sb_open();
802 loginfo = &default_loginfo;
804 log_packet_common(m, pf, hooknum, skb, in, out, loginfo, prefix);
807 dump_ipv6_mac_header(m, loginfo, skb);
809 dump_ipv6_packet(m, loginfo, skb, skb_network_offset(skb), 1);
816 log_tg(struct sk_buff *skb, const struct xt_action_param *par)
818 const struct xt_log_info *loginfo = par->targinfo;
819 struct nf_loginfo li;
821 li.type = NF_LOG_TYPE_LOG;
822 li.u.log.level = loginfo->level;
823 li.u.log.logflags = loginfo->logflags;
825 if (par->family == NFPROTO_IPV4)
826 ipt_log_packet(NFPROTO_IPV4, par->hooknum, skb, par->in,
827 par->out, &li, loginfo->prefix);
828 #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
829 else if (par->family == NFPROTO_IPV6)
830 ip6t_log_packet(NFPROTO_IPV6, par->hooknum, skb, par->in,
831 par->out, &li, loginfo->prefix);
839 static int log_tg_check(const struct xt_tgchk_param *par)
841 const struct xt_log_info *loginfo = par->targinfo;
843 if (par->family != NFPROTO_IPV4 && par->family != NFPROTO_IPV6)
846 if (loginfo->level >= 8) {
847 pr_debug("level %u >= 8\n", loginfo->level);
851 if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
852 pr_debug("prefix is not null-terminated\n");
859 static struct xt_target log_tg_regs[] __read_mostly = {
862 .family = NFPROTO_IPV4,
864 .targetsize = sizeof(struct xt_log_info),
865 .checkentry = log_tg_check,
868 #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
871 .family = NFPROTO_IPV6,
873 .targetsize = sizeof(struct xt_log_info),
874 .checkentry = log_tg_check,
880 static struct nf_logger ipt_log_logger __read_mostly = {
882 .logfn = &ipt_log_packet,
886 #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
887 static struct nf_logger ip6t_log_logger __read_mostly = {
889 .logfn = &ip6t_log_packet,
894 static int __init log_tg_init(void)
898 ret = xt_register_targets(log_tg_regs, ARRAY_SIZE(log_tg_regs));
902 nf_log_register(NFPROTO_IPV4, &ipt_log_logger);
903 #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
904 nf_log_register(NFPROTO_IPV6, &ip6t_log_logger);
909 static void __exit log_tg_exit(void)
911 nf_log_unregister(&ipt_log_logger);
912 #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
913 nf_log_unregister(&ip6t_log_logger);
915 xt_unregister_targets(log_tg_regs, ARRAY_SIZE(log_tg_regs));
918 module_init(log_tg_init);
919 module_exit(log_tg_exit);
921 MODULE_LICENSE("GPL");
922 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
923 MODULE_AUTHOR("Jan Rekorajski <baggins@pld.org.pl>");
924 MODULE_DESCRIPTION("Xtables: IPv4/IPv6 packet logging");
925 MODULE_ALIAS("ipt_LOG");
926 MODULE_ALIAS("ip6t_LOG");
projects / ~andy / linux / blob