1/*
2 * This is a module which is used for logging packets.
3 */
4
5/* (C) 1999-2001 Paul `Rusty' Russell
6 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
11 */
12
13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14#include <linux/module.h>
15#include <linux/spinlock.h>
16#include <linux/skbuff.h>
17#include <linux/if_arp.h>
18#include <linux/ip.h>
19#include <net/ipv6.h>
20#include <net/icmp.h>
21#include <net/udp.h>
22#include <net/tcp.h>
23#include <net/route.h>
24
25#include <linux/netfilter.h>
26#include <linux/netfilter/x_tables.h>
27#include <linux/netfilter/xt_LOG.h>
28#include <linux/netfilter_ipv6/ip6_tables.h>
29#include <net/netfilter/nf_log.h>
30
31static unsigned int
32log_tg(struct sk_buff *skb, const struct xt_action_param *par)
33{
34	const struct xt_log_info *loginfo = par->targinfo;
35	struct nf_loginfo li;
36	struct net *net = dev_net(par->in ? par->in : par->out);
37
38	li.type = NF_LOG_TYPE_LOG;
39	li.u.log.level = loginfo->level;
40	li.u.log.logflags = loginfo->logflags;
41
42	nf_log_packet(net, par->family, par->hooknum, skb, par->in, par->out,
43		      &li, "%s", loginfo->prefix);
44	return XT_CONTINUE;
45}
46
47static int log_tg_check(const struct xt_tgchk_param *par)
48{
49	const struct xt_log_info *loginfo = par->targinfo;
50
51	if (par->family != NFPROTO_IPV4 && par->family != NFPROTO_IPV6)
52		return -EINVAL;
53
54	if (loginfo->level >= 8) {
55		pr_debug("level %u >= 8\n", loginfo->level);
56		return -EINVAL;
57	}
58
59	if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
60		pr_debug("prefix is not null-terminated\n");
61		return -EINVAL;
62	}
63
64	return nf_logger_find_get(par->family, NF_LOG_TYPE_LOG);
65}
66
67static void log_tg_destroy(const struct xt_tgdtor_param *par)
68{
69	nf_logger_put(par->family, NF_LOG_TYPE_LOG);
70}
71
72static struct xt_target log_tg_regs[] __read_mostly = {
73	{
74		.name		= "LOG",
75		.family		= NFPROTO_IPV4,
76		.target		= log_tg,
77		.targetsize	= sizeof(struct xt_log_info),
78		.checkentry	= log_tg_check,
79		.destroy	= log_tg_destroy,
80		.me		= THIS_MODULE,
81	},
82#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
83	{
84		.name		= "LOG",
85		.family		= NFPROTO_IPV6,
86		.target		= log_tg,
87		.targetsize	= sizeof(struct xt_log_info),
88		.checkentry	= log_tg_check,
89		.destroy	= log_tg_destroy,
90		.me		= THIS_MODULE,
91	},
92#endif
93};
94
95static int __init log_tg_init(void)
96{
97	return xt_register_targets(log_tg_regs, ARRAY_SIZE(log_tg_regs));
98}
99
100static void __exit log_tg_exit(void)
101{
102	xt_unregister_targets(log_tg_regs, ARRAY_SIZE(log_tg_regs));
103}
104
105module_init(log_tg_init);
106module_exit(log_tg_exit);
107
108MODULE_LICENSE("GPL");
109MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
110MODULE_AUTHOR("Jan Rekorajski <baggins@pld.org.pl>");
111MODULE_DESCRIPTION("Xtables: IPv4/IPv6 packet logging");
112MODULE_ALIAS("ipt_LOG");
113MODULE_ALIAS("ip6t_LOG");
114