2 * This is a module which is used for logging packets.
5 /* (C) 1999-2001 Paul `Rusty' Russell
6 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
13 #include <linux/module.h>
14 #include <linux/spinlock.h>
15 #include <linux/skbuff.h>
20 #include <net/route.h>
22 #include <linux/netfilter.h>
23 #include <linux/netfilter_ipv4/ip_tables.h>
24 #include <linux/netfilter_ipv4/ipt_LOG.h>
26 MODULE_LICENSE("GPL");
27 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
28 MODULE_DESCRIPTION("iptables syslog logging module");
30 static unsigned int nflog = 1;
31 MODULE_PARM(nflog, "i");
32 MODULE_PARM_DESC(nflog, "register as internal netfilter logging module");
37 #define DEBUGP(format, args...)
40 /* Use lock to serialize, so printks don't overlap */
41 static spinlock_t log_lock = SPIN_LOCK_UNLOCKED;
43 /* One level of recursion won't kill us */
44 static void dump_packet(const struct ipt_log_info *info,
45 const struct sk_buff *skb,
50 if (skb_copy_bits(skb, iphoff, &iph, sizeof(iph)) < 0) {
56 * TOS, len, DF/MF, fragment offset, TTL, src, dst, options. */
57 /* Max length: 40 "SRC=255.255.255.255 DST=255.255.255.255 " */
58 printk("SRC=%u.%u.%u.%u DST=%u.%u.%u.%u ",
59 NIPQUAD(iph.saddr), NIPQUAD(iph.daddr));
61 /* Max length: 46 "LEN=65535 TOS=0xFF PREC=0xFF TTL=255 ID=65535 " */
62 printk("LEN=%u TOS=0x%02X PREC=0x%02X TTL=%u ID=%u ",
63 ntohs(iph.tot_len), iph.tos & IPTOS_TOS_MASK,
64 iph.tos & IPTOS_PREC_MASK, iph.ttl, ntohs(iph.id));
66 /* Max length: 6 "CE DF MF " */
67 if (ntohs(iph.frag_off) & IP_CE)
69 if (ntohs(iph.frag_off) & IP_DF)
71 if (ntohs(iph.frag_off) & IP_MF)
74 /* Max length: 11 "FRAG:65535 " */
75 if (ntohs(iph.frag_off) & IP_OFFSET)
76 printk("FRAG:%u ", ntohs(iph.frag_off) & IP_OFFSET);
78 if ((info->logflags & IPT_LOG_IPOPT)
79 && iph.ihl * 4 != sizeof(struct iphdr)) {
80 unsigned char opt[4 * 15 - sizeof(struct iphdr)];
81 unsigned int i, optsize;
83 optsize = iph.ihl * 4 - sizeof(struct iphdr);
84 if (skb_copy_bits(skb, iphoff+sizeof(iph), opt, optsize) < 0) {
89 /* Max length: 127 "OPT (" 15*4*2chars ") " */
91 for (i = 0; i < optsize; i++)
92 printk("%02X", opt[i]);
96 switch (iph.protocol) {
100 /* Max length: 10 "PROTO=TCP " */
101 printk("PROTO=TCP ");
103 if (ntohs(iph.frag_off) & IP_OFFSET)
106 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
107 if (skb_copy_bits(skb, iphoff+iph.ihl*4, &tcph, sizeof(tcph))
109 printk("INCOMPLETE [%u bytes] ",
110 skb->len - iphoff - iph.ihl*4);
114 /* Max length: 20 "SPT=65535 DPT=65535 " */
115 printk("SPT=%u DPT=%u ",
116 ntohs(tcph.source), ntohs(tcph.dest));
117 /* Max length: 30 "SEQ=4294967295 ACK=4294967295 " */
118 if (info->logflags & IPT_LOG_TCPSEQ)
119 printk("SEQ=%u ACK=%u ",
120 ntohl(tcph.seq), ntohl(tcph.ack_seq));
121 /* Max length: 13 "WINDOW=65535 " */
122 printk("WINDOW=%u ", ntohs(tcph.window));
123 /* Max length: 9 "RES=0x3F " */
124 printk("RES=0x%02x ", (u8)(ntohl(tcp_flag_word(&tcph) & TCP_RESERVED_BITS) >> 22));
125 /* Max length: 32 "CWR ECE URG ACK PSH RST SYN FIN " */
142 /* Max length: 11 "URGP=65535 " */
143 printk("URGP=%u ", ntohs(tcph.urg_ptr));
145 if ((info->logflags & IPT_LOG_TCPOPT)
146 && tcph.doff * 4 != sizeof(struct tcphdr)) {
147 unsigned char opt[4 * 15 - sizeof(struct tcphdr)];
148 unsigned int i, optsize;
150 optsize = tcph.doff * 4 - sizeof(struct tcphdr);
151 if (skb_copy_bits(skb, iphoff+iph.ihl*4 + sizeof(tcph),
157 /* Max length: 127 "OPT (" 15*4*2chars ") " */
159 for (i = 0; i < optsize; i++)
160 printk("%02X", opt[i]);
168 /* Max length: 10 "PROTO=UDP " */
169 printk("PROTO=UDP ");
171 if (ntohs(iph.frag_off) & IP_OFFSET)
174 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
175 if (skb_copy_bits(skb, iphoff+iph.ihl*4, &udph, sizeof(udph))
177 printk("INCOMPLETE [%u bytes] ",
178 skb->len - iphoff - iph.ihl*4);
182 /* Max length: 20 "SPT=65535 DPT=65535 " */
183 printk("SPT=%u DPT=%u LEN=%u ",
184 ntohs(udph.source), ntohs(udph.dest),
189 struct icmphdr icmph;
190 static size_t required_len[NR_ICMP_TYPES+1]
191 = { [ICMP_ECHOREPLY] = 4,
193 = 8 + sizeof(struct iphdr) + 8,
195 = 8 + sizeof(struct iphdr) + 8,
197 = 8 + sizeof(struct iphdr) + 8,
200 = 8 + sizeof(struct iphdr) + 8,
202 = 8 + sizeof(struct iphdr) + 8,
203 [ICMP_TIMESTAMP] = 20,
204 [ICMP_TIMESTAMPREPLY] = 20,
206 [ICMP_ADDRESSREPLY] = 12 };
208 /* Max length: 11 "PROTO=ICMP " */
209 printk("PROTO=ICMP ");
211 if (ntohs(iph.frag_off) & IP_OFFSET)
214 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
215 if (skb_copy_bits(skb, iphoff+iph.ihl*4, &icmph, sizeof(icmph))
217 printk("INCOMPLETE [%u bytes] ",
218 skb->len - iphoff - iph.ihl*4);
222 /* Max length: 18 "TYPE=255 CODE=255 " */
223 printk("TYPE=%u CODE=%u ", icmph.type, icmph.code);
225 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
226 if (icmph.type <= NR_ICMP_TYPES
227 && required_len[icmph.type]
228 && skb->len-iphoff-iph.ihl*4 < required_len[icmph.type]) {
229 printk("INCOMPLETE [%u bytes] ",
230 skb->len - iphoff - iph.ihl*4);
234 switch (icmph.type) {
237 /* Max length: 19 "ID=65535 SEQ=65535 " */
238 printk("ID=%u SEQ=%u ",
239 ntohs(icmph.un.echo.id),
240 ntohs(icmph.un.echo.sequence));
243 case ICMP_PARAMETERPROB:
244 /* Max length: 14 "PARAMETER=255 " */
245 printk("PARAMETER=%u ",
246 ntohl(icmph.un.gateway) >> 24);
249 /* Max length: 24 "GATEWAY=255.255.255.255 " */
250 printk("GATEWAY=%u.%u.%u.%u ",
251 NIPQUAD(icmph.un.gateway));
253 case ICMP_DEST_UNREACH:
254 case ICMP_SOURCE_QUENCH:
255 case ICMP_TIME_EXCEEDED:
256 /* Max length: 3+maxlen */
257 if (!iphoff) { /* Only recurse once. */
259 dump_packet(info, skb,
260 iphoff + iph.ihl*4+sizeof(icmph));
264 /* Max length: 10 "MTU=65535 " */
265 if (icmph.type == ICMP_DEST_UNREACH
266 && icmph.code == ICMP_FRAG_NEEDED)
267 printk("MTU=%u ", ntohs(icmph.un.frag.mtu));
273 struct ip_auth_hdr ah;
275 if (ntohs(iph.frag_off) & IP_OFFSET)
278 /* Max length: 9 "PROTO=AH " */
281 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
282 if (skb_copy_bits(skb, iphoff+iph.ihl*4, &ah, sizeof(ah)) < 0) {
283 printk("INCOMPLETE [%u bytes] ",
284 skb->len - iphoff - iph.ihl*4);
288 /* Length: 15 "SPI=0xF1234567 " */
289 printk("SPI=0x%x ", ntohl(ah.spi));
293 struct ip_esp_hdr esph;
295 /* Max length: 10 "PROTO=ESP " */
296 printk("PROTO=ESP ");
298 if (ntohs(iph.frag_off) & IP_OFFSET)
301 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
302 if (skb_copy_bits(skb, iphoff+iph.ihl*4, &esph, sizeof(esph))
304 printk("INCOMPLETE [%u bytes] ",
305 skb->len - iphoff - iph.ihl*4);
309 /* Length: 15 "SPI=0xF1234567 " */
310 printk("SPI=0x%x ", ntohl(esph.spi));
313 /* Max length: 10 "PROTO 255 " */
315 printk("PROTO=%u ", iph.protocol);
318 /* Proto Max log string length */
319 /* IP: 40+46+6+11+127 = 230 */
320 /* TCP: 10+max(25,20+30+13+9+32+11+127) = 252 */
321 /* UDP: 10+max(25,20) = 35 */
322 /* ICMP: 11+max(25, 18+25+max(19,14,24+3+n+10,3+n+10)) = 91+n */
323 /* ESP: 10+max(25)+15 = 50 */
324 /* AH: 9+max(25)+15 = 49 */
327 /* (ICMP allows recursion one level deep) */
328 /* maxlen = IP + ICMP + IP + max(TCP,UDP,ICMP,unknown) */
329 /* maxlen = 230+ 91 + 230 + 252 = 803 */
333 ipt_log_packet(unsigned int hooknum,
334 const struct sk_buff *skb,
335 const struct net_device *in,
336 const struct net_device *out,
337 const struct ipt_log_info *loginfo,
338 const char *level_string,
341 spin_lock_bh(&log_lock);
342 printk(level_string);
343 printk("%sIN=%s OUT=%s ",
344 prefix == NULL ? loginfo->prefix : prefix,
346 out ? out->name : "");
347 #ifdef CONFIG_BRIDGE_NETFILTER
348 if (skb->nf_bridge) {
349 struct net_device *physindev = skb->nf_bridge->physindev;
350 struct net_device *physoutdev = skb->nf_bridge->physoutdev;
352 if (physindev && in != physindev)
353 printk("PHYSIN=%s ", physindev->name);
354 if (physoutdev && out != physoutdev)
355 printk("PHYSOUT=%s ", physoutdev->name);
360 /* MAC logging for input chain only. */
362 if (skb->dev && skb->dev->hard_header_len
363 && skb->mac.raw != (void*)skb->nh.iph) {
365 unsigned char *p = skb->mac.raw;
366 for (i = 0; i < skb->dev->hard_header_len; i++,p++)
368 i==skb->dev->hard_header_len - 1
374 dump_packet(loginfo, skb, 0);
376 spin_unlock_bh(&log_lock);
380 ipt_log_target(struct sk_buff **pskb,
381 const struct net_device *in,
382 const struct net_device *out,
383 unsigned int hooknum,
384 const void *targinfo,
387 const struct ipt_log_info *loginfo = targinfo;
388 char level_string[4] = "< >";
390 level_string[1] = '0' + (loginfo->level % 8);
391 ipt_log_packet(hooknum, *pskb, in, out, loginfo, level_string, NULL);
397 ipt_logfn(unsigned int hooknum,
398 const struct sk_buff *skb,
399 const struct net_device *in,
400 const struct net_device *out,
403 struct ipt_log_info loginfo = {
405 .logflags = IPT_LOG_MASK,
409 ipt_log_packet(hooknum, skb, in, out, &loginfo, KERN_WARNING, prefix);
412 static int ipt_log_checkentry(const char *tablename,
413 const struct ipt_entry *e,
415 unsigned int targinfosize,
416 unsigned int hook_mask)
418 const struct ipt_log_info *loginfo = targinfo;
420 if (targinfosize != IPT_ALIGN(sizeof(struct ipt_log_info))) {
421 DEBUGP("LOG: targinfosize %u != %u\n",
422 targinfosize, IPT_ALIGN(sizeof(struct ipt_log_info)));
426 if (loginfo->level >= 8) {
427 DEBUGP("LOG: level %u >= 8\n", loginfo->level);
431 if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
432 DEBUGP("LOG: prefix term %i\n",
433 loginfo->prefix[sizeof(loginfo->prefix)-1]);
440 static struct ipt_target ipt_log_reg = {
442 .target = ipt_log_target,
443 .checkentry = ipt_log_checkentry,
447 static int __init init(void)
449 if (ipt_register_target(&ipt_log_reg))
452 nf_log_register(PF_INET, &ipt_logfn);
457 static void __exit fini(void)
460 nf_log_unregister(PF_INET, &ipt_logfn);
461 ipt_unregister_target(&ipt_log_reg);
git://git.onelab.eu / linux-2.6.git / blob