1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * This is a module which is used for logging packets.
4 */
5
6/* (C) 1999-2001 Paul `Rusty' Russell
7 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
8 */
9
10#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
11#include <linux/module.h>
12#include <linux/spinlock.h>
13#include <linux/skbuff.h>
14#include <linux/if_arp.h>
15#include <linux/ip.h>
16#include <net/ipv6.h>
17#include <net/icmp.h>
18#include <net/udp.h>
19#include <net/tcp.h>
20#include <net/route.h>
21
22#include <linux/netfilter.h>
23#include <linux/netfilter/x_tables.h>
24#include <linux/netfilter/xt_LOG.h>
25#include <linux/netfilter_ipv6/ip6_tables.h>
26#include <net/netfilter/nf_log.h>
27
28static unsigned int
29log_tg(struct sk_buff *skb, const struct xt_action_param *par)
30{
31 const struct xt_log_info *loginfo = par->targinfo;
32 struct net *net = xt_net(par);
33 struct nf_loginfo li;
34
35 li.type = NF_LOG_TYPE_LOG;
36 li.u.log.level = loginfo->level;
37 li.u.log.logflags = loginfo->logflags;
38
39 nf_log_packet(net, pf: xt_family(par), hooknum: xt_hooknum(par), skb, in: xt_in(par),
40 out: xt_out(par), li: &li, fmt: "%s", loginfo->prefix);
41 return XT_CONTINUE;
42}
43
44static int log_tg_check(const struct xt_tgchk_param *par)
45{
46 const struct xt_log_info *loginfo = par->targinfo;
47 int ret;
48
49 if (par->family != NFPROTO_IPV4 && par->family != NFPROTO_IPV6)
50 return -EINVAL;
51
52 if (loginfo->level >= 8) {
53 pr_debug("level %u >= 8\n", loginfo->level);
54 return -EINVAL;
55 }
56
57 if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
58 pr_debug("prefix is not null-terminated\n");
59 return -EINVAL;
60 }
61
62 ret = nf_logger_find_get(pf: par->family, type: NF_LOG_TYPE_LOG);
63 if (ret != 0 && !par->nft_compat) {
64 request_module("%s", "nf_log_syslog");
65
66 ret = nf_logger_find_get(pf: par->family, type: NF_LOG_TYPE_LOG);
67 }
68
69 return ret;
70}
71
72static void log_tg_destroy(const struct xt_tgdtor_param *par)
73{
74 nf_logger_put(pf: par->family, type: NF_LOG_TYPE_LOG);
75}
76
77static struct xt_target log_tg_regs[] __read_mostly = {
78 {
79 .name = "LOG",
80 .family = NFPROTO_IPV4,
81 .target = log_tg,
82 .targetsize = sizeof(struct xt_log_info),
83 .checkentry = log_tg_check,
84 .destroy = log_tg_destroy,
85 .me = THIS_MODULE,
86 },
87#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
88 {
89 .name = "LOG",
90 .family = NFPROTO_IPV6,
91 .target = log_tg,
92 .targetsize = sizeof(struct xt_log_info),
93 .checkentry = log_tg_check,
94 .destroy = log_tg_destroy,
95 .me = THIS_MODULE,
96 },
97#endif
98};
99
100static int __init log_tg_init(void)
101{
102 return xt_register_targets(target: log_tg_regs, ARRAY_SIZE(log_tg_regs));
103}
104
105static void __exit log_tg_exit(void)
106{
107 xt_unregister_targets(target: log_tg_regs, ARRAY_SIZE(log_tg_regs));
108}
109
110module_init(log_tg_init);
111module_exit(log_tg_exit);
112
113MODULE_LICENSE("GPL");
114MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
115MODULE_AUTHOR("Jan Rekorajski <baggins@pld.org.pl>");
116MODULE_DESCRIPTION("Xtables: IPv4/IPv6 packet logging");
117MODULE_ALIAS("ipt_LOG");
118MODULE_ALIAS("ip6t_LOG");
119MODULE_SOFTDEP("pre: nf_log_syslog");
120