2 * This is a module which is used for logging packets.
5 /* (C) 1999-2001 Paul `Rusty' Russell
6 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14 #include <linux/module.h>
15 #include <linux/spinlock.h>
16 #include <linux/skbuff.h>
17 #include <linux/if_arp.h>
23 #include <net/route.h>
25 #include <linux/netfilter.h>
26 #include <linux/netfilter/x_tables.h>
27 #include <linux/netfilter/xt_LOG.h>
28 #include <linux/netfilter_ipv6/ip6_tables.h>
29 #include <net/netfilter/nf_log.h>
30 #include <net/netfilter/xt_log.h>
32 static struct nf_loginfo default_loginfo = {
33 .type = NF_LOG_TYPE_LOG,
37 .logflags = NF_LOG_MASK,
42 static int dump_udp_header(struct sbuff *m, const struct sk_buff *skb,
43 u8 proto, int fragment, unsigned int offset)
46 const struct udphdr *uh;
48 if (proto == IPPROTO_UDP)
49 /* Max length: 10 "PROTO=UDP " */
50 sb_add(m, "PROTO=UDP ");
51 else /* Max length: 14 "PROTO=UDPLITE " */
52 sb_add(m, "PROTO=UDPLITE ");
57 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
58 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
60 sb_add(m, "INCOMPLETE [%u bytes] ", skb->len - offset);
65 /* Max length: 20 "SPT=65535 DPT=65535 " */
66 sb_add(m, "SPT=%u DPT=%u LEN=%u ", ntohs(uh->source), ntohs(uh->dest),
73 static int dump_tcp_header(struct sbuff *m, const struct sk_buff *skb,
74 u8 proto, int fragment, unsigned int offset,
75 unsigned int logflags)
78 const struct tcphdr *th;
80 /* Max length: 10 "PROTO=TCP " */
81 sb_add(m, "PROTO=TCP ");
86 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
87 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
89 sb_add(m, "INCOMPLETE [%u bytes] ", skb->len - offset);
93 /* Max length: 20 "SPT=65535 DPT=65535 " */
94 sb_add(m, "SPT=%u DPT=%u ", ntohs(th->source), ntohs(th->dest));
95 /* Max length: 30 "SEQ=4294967295 ACK=4294967295 " */
96 if (logflags & XT_LOG_TCPSEQ)
97 sb_add(m, "SEQ=%u ACK=%u ", ntohl(th->seq), ntohl(th->ack_seq));
99 /* Max length: 13 "WINDOW=65535 " */
100 sb_add(m, "WINDOW=%u ", ntohs(th->window));
101 /* Max length: 9 "RES=0x3C " */
102 sb_add(m, "RES=0x%02x ", (u_int8_t)(ntohl(tcp_flag_word(th) &
103 TCP_RESERVED_BITS) >> 22));
104 /* Max length: 32 "CWR ECE URG ACK PSH RST SYN FIN " */
121 /* Max length: 11 "URGP=65535 " */
122 sb_add(m, "URGP=%u ", ntohs(th->urg_ptr));
124 if ((logflags & XT_LOG_TCPOPT) && th->doff*4 > sizeof(struct tcphdr)) {
125 u_int8_t _opt[60 - sizeof(struct tcphdr)];
128 unsigned int optsize = th->doff*4 - sizeof(struct tcphdr);
130 op = skb_header_pointer(skb, offset + sizeof(struct tcphdr),
133 sb_add(m, "OPT (TRUNCATED)");
137 /* Max length: 127 "OPT (" 15*4*2chars ") " */
139 for (i = 0; i < optsize; i++)
140 sb_add(m, "%02X", op[i]);
148 /* One level of recursion won't kill us */
149 static void dump_ipv4_packet(struct sbuff *m,
150 const struct nf_loginfo *info,
151 const struct sk_buff *skb,
155 const struct iphdr *ih;
156 unsigned int logflags;
158 if (info->type == NF_LOG_TYPE_LOG)
159 logflags = info->u.log.logflags;
161 logflags = NF_LOG_MASK;
163 ih = skb_header_pointer(skb, iphoff, sizeof(_iph), &_iph);
165 sb_add(m, "TRUNCATED");
170 * TOS, len, DF/MF, fragment offset, TTL, src, dst, options. */
171 /* Max length: 40 "SRC=255.255.255.255 DST=255.255.255.255 " */
172 sb_add(m, "SRC=%pI4 DST=%pI4 ",
173 &ih->saddr, &ih->daddr);
175 /* Max length: 46 "LEN=65535 TOS=0xFF PREC=0xFF TTL=255 ID=65535 " */
176 sb_add(m, "LEN=%u TOS=0x%02X PREC=0x%02X TTL=%u ID=%u ",
177 ntohs(ih->tot_len), ih->tos & IPTOS_TOS_MASK,
178 ih->tos & IPTOS_PREC_MASK, ih->ttl, ntohs(ih->id));
180 /* Max length: 6 "CE DF MF " */
181 if (ntohs(ih->frag_off) & IP_CE)
183 if (ntohs(ih->frag_off) & IP_DF)
185 if (ntohs(ih->frag_off) & IP_MF)
188 /* Max length: 11 "FRAG:65535 " */
189 if (ntohs(ih->frag_off) & IP_OFFSET)
190 sb_add(m, "FRAG:%u ", ntohs(ih->frag_off) & IP_OFFSET);
192 if ((logflags & XT_LOG_IPOPT) &&
193 ih->ihl * 4 > sizeof(struct iphdr)) {
194 const unsigned char *op;
195 unsigned char _opt[4 * 15 - sizeof(struct iphdr)];
196 unsigned int i, optsize;
198 optsize = ih->ihl * 4 - sizeof(struct iphdr);
199 op = skb_header_pointer(skb, iphoff+sizeof(_iph),
202 sb_add(m, "TRUNCATED");
206 /* Max length: 127 "OPT (" 15*4*2chars ") " */
208 for (i = 0; i < optsize; i++)
209 sb_add(m, "%02X", op[i]);
213 switch (ih->protocol) {
215 if (dump_tcp_header(m, skb, ih->protocol,
216 ntohs(ih->frag_off) & IP_OFFSET,
217 iphoff+ih->ihl*4, logflags))
220 case IPPROTO_UDPLITE:
221 if (dump_udp_header(m, skb, ih->protocol,
222 ntohs(ih->frag_off) & IP_OFFSET,
226 struct icmphdr _icmph;
227 const struct icmphdr *ich;
228 static const size_t required_len[NR_ICMP_TYPES+1]
229 = { [ICMP_ECHOREPLY] = 4,
231 = 8 + sizeof(struct iphdr),
233 = 8 + sizeof(struct iphdr),
235 = 8 + sizeof(struct iphdr),
238 = 8 + sizeof(struct iphdr),
240 = 8 + sizeof(struct iphdr),
241 [ICMP_TIMESTAMP] = 20,
242 [ICMP_TIMESTAMPREPLY] = 20,
244 [ICMP_ADDRESSREPLY] = 12 };
246 /* Max length: 11 "PROTO=ICMP " */
247 sb_add(m, "PROTO=ICMP ");
249 if (ntohs(ih->frag_off) & IP_OFFSET)
252 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
253 ich = skb_header_pointer(skb, iphoff + ih->ihl * 4,
254 sizeof(_icmph), &_icmph);
256 sb_add(m, "INCOMPLETE [%u bytes] ",
257 skb->len - iphoff - ih->ihl*4);
261 /* Max length: 18 "TYPE=255 CODE=255 " */
262 sb_add(m, "TYPE=%u CODE=%u ", ich->type, ich->code);
264 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
265 if (ich->type <= NR_ICMP_TYPES &&
266 required_len[ich->type] &&
267 skb->len-iphoff-ih->ihl*4 < required_len[ich->type]) {
268 sb_add(m, "INCOMPLETE [%u bytes] ",
269 skb->len - iphoff - ih->ihl*4);
276 /* Max length: 19 "ID=65535 SEQ=65535 " */
277 sb_add(m, "ID=%u SEQ=%u ",
278 ntohs(ich->un.echo.id),
279 ntohs(ich->un.echo.sequence));
282 case ICMP_PARAMETERPROB:
283 /* Max length: 14 "PARAMETER=255 " */
284 sb_add(m, "PARAMETER=%u ",
285 ntohl(ich->un.gateway) >> 24);
288 /* Max length: 24 "GATEWAY=255.255.255.255 " */
289 sb_add(m, "GATEWAY=%pI4 ", &ich->un.gateway);
291 case ICMP_DEST_UNREACH:
292 case ICMP_SOURCE_QUENCH:
293 case ICMP_TIME_EXCEEDED:
294 /* Max length: 3+maxlen */
295 if (!iphoff) { /* Only recurse once. */
297 dump_ipv4_packet(m, info, skb,
298 iphoff + ih->ihl*4+sizeof(_icmph));
302 /* Max length: 10 "MTU=65535 " */
303 if (ich->type == ICMP_DEST_UNREACH &&
304 ich->code == ICMP_FRAG_NEEDED)
305 sb_add(m, "MTU=%u ", ntohs(ich->un.frag.mtu));
311 struct ip_auth_hdr _ahdr;
312 const struct ip_auth_hdr *ah;
314 if (ntohs(ih->frag_off) & IP_OFFSET)
317 /* Max length: 9 "PROTO=AH " */
318 sb_add(m, "PROTO=AH ");
320 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
321 ah = skb_header_pointer(skb, iphoff+ih->ihl*4,
322 sizeof(_ahdr), &_ahdr);
324 sb_add(m, "INCOMPLETE [%u bytes] ",
325 skb->len - iphoff - ih->ihl*4);
329 /* Length: 15 "SPI=0xF1234567 " */
330 sb_add(m, "SPI=0x%x ", ntohl(ah->spi));
334 struct ip_esp_hdr _esph;
335 const struct ip_esp_hdr *eh;
337 /* Max length: 10 "PROTO=ESP " */
338 sb_add(m, "PROTO=ESP ");
340 if (ntohs(ih->frag_off) & IP_OFFSET)
343 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
344 eh = skb_header_pointer(skb, iphoff+ih->ihl*4,
345 sizeof(_esph), &_esph);
347 sb_add(m, "INCOMPLETE [%u bytes] ",
348 skb->len - iphoff - ih->ihl*4);
352 /* Length: 15 "SPI=0xF1234567 " */
353 sb_add(m, "SPI=0x%x ", ntohl(eh->spi));
356 /* Max length: 10 "PROTO 255 " */
358 sb_add(m, "PROTO=%u ", ih->protocol);
361 /* Max length: 15 "UID=4294967295 " */
362 if ((logflags & XT_LOG_UID) && !iphoff && skb->sk) {
363 read_lock_bh(&skb->sk->sk_callback_lock);
364 if (skb->sk->sk_socket && skb->sk->sk_socket->file)
365 sb_add(m, "UID=%u GID=%u ",
366 skb->sk->sk_socket->file->f_cred->fsuid,
367 skb->sk->sk_socket->file->f_cred->fsgid);
368 read_unlock_bh(&skb->sk->sk_callback_lock);
371 /* Max length: 16 "MARK=0xFFFFFFFF " */
372 if (!iphoff && skb->mark)
373 sb_add(m, "MARK=0x%x ", skb->mark);
375 /* Proto Max log string length */
376 /* IP: 40+46+6+11+127 = 230 */
377 /* TCP: 10+max(25,20+30+13+9+32+11+127) = 252 */
378 /* UDP: 10+max(25,20) = 35 */
379 /* UDPLITE: 14+max(25,20) = 39 */
380 /* ICMP: 11+max(25, 18+25+max(19,14,24+3+n+10,3+n+10)) = 91+n */
381 /* ESP: 10+max(25)+15 = 50 */
382 /* AH: 9+max(25)+15 = 49 */
385 /* (ICMP allows recursion one level deep) */
386 /* maxlen = IP + ICMP + IP + max(TCP,UDP,ICMP,unknown) */
387 /* maxlen = 230+ 91 + 230 + 252 = 803 */
390 static void dump_ipv4_mac_header(struct sbuff *m,
391 const struct nf_loginfo *info,
392 const struct sk_buff *skb)
394 struct net_device *dev = skb->dev;
395 unsigned int logflags = 0;
397 if (info->type == NF_LOG_TYPE_LOG)
398 logflags = info->u.log.logflags;
400 if (!(logflags & XT_LOG_MACDECODE))
405 sb_add(m, "MACSRC=%pM MACDST=%pM MACPROTO=%04x ",
406 eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
407 ntohs(eth_hdr(skb)->h_proto));
415 if (dev->hard_header_len &&
416 skb->mac_header != skb->network_header) {
417 const unsigned char *p = skb_mac_header(skb);
420 sb_add(m, "%02x", *p++);
421 for (i = 1; i < dev->hard_header_len; i++, p++)
422 sb_add(m, ":%02x", *p);
428 log_packet_common(struct sbuff *m,
430 unsigned int hooknum,
431 const struct sk_buff *skb,
432 const struct net_device *in,
433 const struct net_device *out,
434 const struct nf_loginfo *loginfo,
437 sb_add(m, "<%d>%sIN=%s OUT=%s ", loginfo->u.log.level,
440 out ? out->name : "");
441 #ifdef CONFIG_BRIDGE_NETFILTER
442 if (skb->nf_bridge) {
443 const struct net_device *physindev;
444 const struct net_device *physoutdev;
446 physindev = skb->nf_bridge->physindev;
447 if (physindev && in != physindev)
448 sb_add(m, "PHYSIN=%s ", physindev->name);
449 physoutdev = skb->nf_bridge->physoutdev;
450 if (physoutdev && out != physoutdev)
451 sb_add(m, "PHYSOUT=%s ", physoutdev->name);
458 ipt_log_packet(u_int8_t pf,
459 unsigned int hooknum,
460 const struct sk_buff *skb,
461 const struct net_device *in,
462 const struct net_device *out,
463 const struct nf_loginfo *loginfo,
466 struct sbuff *m = sb_open();
469 loginfo = &default_loginfo;
471 log_packet_common(m, pf, hooknum, skb, in, out, loginfo, prefix);
474 dump_ipv4_mac_header(m, loginfo, skb);
476 dump_ipv4_packet(m, loginfo, skb, 0);
481 #if IS_ENABLED(CONFIG_IPV6)
482 /* One level of recursion won't kill us */
483 static void dump_ipv6_packet(struct sbuff *m,
484 const struct nf_loginfo *info,
485 const struct sk_buff *skb, unsigned int ip6hoff,
490 struct ipv6hdr _ip6h;
491 const struct ipv6hdr *ih;
493 unsigned int hdrlen = 0;
494 unsigned int logflags;
496 if (info->type == NF_LOG_TYPE_LOG)
497 logflags = info->u.log.logflags;
499 logflags = NF_LOG_MASK;
501 ih = skb_header_pointer(skb, ip6hoff, sizeof(_ip6h), &_ip6h);
503 sb_add(m, "TRUNCATED");
507 /* Max length: 88 "SRC=0000.0000.0000.0000.0000.0000.0000.0000 DST=0000.0000.0000.0000.0000.0000.0000.0000 " */
508 sb_add(m, "SRC=%pI6 DST=%pI6 ", &ih->saddr, &ih->daddr);
510 /* Max length: 44 "LEN=65535 TC=255 HOPLIMIT=255 FLOWLBL=FFFFF " */
511 sb_add(m, "LEN=%Zu TC=%u HOPLIMIT=%u FLOWLBL=%u ",
512 ntohs(ih->payload_len) + sizeof(struct ipv6hdr),
513 (ntohl(*(__be32 *)ih) & 0x0ff00000) >> 20,
515 (ntohl(*(__be32 *)ih) & 0x000fffff));
518 ptr = ip6hoff + sizeof(struct ipv6hdr);
519 currenthdr = ih->nexthdr;
520 while (currenthdr != NEXTHDR_NONE && ip6t_ext_hdr(currenthdr)) {
521 struct ipv6_opt_hdr _hdr;
522 const struct ipv6_opt_hdr *hp;
524 hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
526 sb_add(m, "TRUNCATED");
530 /* Max length: 48 "OPT (...) " */
531 if (logflags & XT_LOG_IPOPT)
534 switch (currenthdr) {
535 case IPPROTO_FRAGMENT: {
536 struct frag_hdr _fhdr;
537 const struct frag_hdr *fh;
540 fh = skb_header_pointer(skb, ptr, sizeof(_fhdr),
543 sb_add(m, "TRUNCATED ");
547 /* Max length: 6 "65535 " */
548 sb_add(m, "%u ", ntohs(fh->frag_off) & 0xFFF8);
550 /* Max length: 11 "INCOMPLETE " */
551 if (fh->frag_off & htons(0x0001))
552 sb_add(m, "INCOMPLETE ");
554 sb_add(m, "ID:%08x ", ntohl(fh->identification));
556 if (ntohs(fh->frag_off) & 0xFFF8)
563 case IPPROTO_DSTOPTS:
564 case IPPROTO_ROUTING:
565 case IPPROTO_HOPOPTS:
567 if (logflags & XT_LOG_IPOPT)
571 hdrlen = ipv6_optlen(hp);
575 if (logflags & XT_LOG_IPOPT) {
576 struct ip_auth_hdr _ahdr;
577 const struct ip_auth_hdr *ah;
579 /* Max length: 3 "AH " */
587 ah = skb_header_pointer(skb, ptr, sizeof(_ahdr),
591 * Max length: 26 "INCOMPLETE [65535
594 sb_add(m, "INCOMPLETE [%u bytes] )",
599 /* Length: 15 "SPI=0xF1234567 */
600 sb_add(m, "SPI=0x%x ", ntohl(ah->spi));
604 hdrlen = (hp->hdrlen+2)<<2;
607 if (logflags & XT_LOG_IPOPT) {
608 struct ip_esp_hdr _esph;
609 const struct ip_esp_hdr *eh;
611 /* Max length: 4 "ESP " */
620 * Max length: 26 "INCOMPLETE [65535 bytes] )"
622 eh = skb_header_pointer(skb, ptr, sizeof(_esph),
625 sb_add(m, "INCOMPLETE [%u bytes] )",
630 /* Length: 16 "SPI=0xF1234567 )" */
631 sb_add(m, "SPI=0x%x )", ntohl(eh->spi));
636 /* Max length: 20 "Unknown Ext Hdr 255" */
637 sb_add(m, "Unknown Ext Hdr %u", currenthdr);
640 if (logflags & XT_LOG_IPOPT)
643 currenthdr = hp->nexthdr;
647 switch (currenthdr) {
649 if (dump_tcp_header(m, skb, currenthdr, fragment, ptr,
653 case IPPROTO_UDPLITE:
654 if (dump_udp_header(m, skb, currenthdr, fragment, ptr))
656 case IPPROTO_ICMPV6: {
657 struct icmp6hdr _icmp6h;
658 const struct icmp6hdr *ic;
660 /* Max length: 13 "PROTO=ICMPv6 " */
661 sb_add(m, "PROTO=ICMPv6 ");
666 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
667 ic = skb_header_pointer(skb, ptr, sizeof(_icmp6h), &_icmp6h);
669 sb_add(m, "INCOMPLETE [%u bytes] ", skb->len - ptr);
673 /* Max length: 18 "TYPE=255 CODE=255 " */
674 sb_add(m, "TYPE=%u CODE=%u ", ic->icmp6_type, ic->icmp6_code);
676 switch (ic->icmp6_type) {
677 case ICMPV6_ECHO_REQUEST:
678 case ICMPV6_ECHO_REPLY:
679 /* Max length: 19 "ID=65535 SEQ=65535 " */
680 sb_add(m, "ID=%u SEQ=%u ",
681 ntohs(ic->icmp6_identifier),
682 ntohs(ic->icmp6_sequence));
684 case ICMPV6_MGM_QUERY:
685 case ICMPV6_MGM_REPORT:
686 case ICMPV6_MGM_REDUCTION:
689 case ICMPV6_PARAMPROB:
690 /* Max length: 17 "POINTER=ffffffff " */
691 sb_add(m, "POINTER=%08x ", ntohl(ic->icmp6_pointer));
693 case ICMPV6_DEST_UNREACH:
694 case ICMPV6_PKT_TOOBIG:
695 case ICMPV6_TIME_EXCEED:
696 /* Max length: 3+maxlen */
699 dump_ipv6_packet(m, info, skb,
700 ptr + sizeof(_icmp6h), 0);
704 /* Max length: 10 "MTU=65535 " */
705 if (ic->icmp6_type == ICMPV6_PKT_TOOBIG)
706 sb_add(m, "MTU=%u ", ntohl(ic->icmp6_mtu));
710 /* Max length: 10 "PROTO=255 " */
712 sb_add(m, "PROTO=%u ", currenthdr);
715 /* Max length: 15 "UID=4294967295 " */
716 if ((logflags & XT_LOG_UID) && recurse && skb->sk) {
717 read_lock_bh(&skb->sk->sk_callback_lock);
718 if (skb->sk->sk_socket && skb->sk->sk_socket->file)
719 sb_add(m, "UID=%u GID=%u ",
720 skb->sk->sk_socket->file->f_cred->fsuid,
721 skb->sk->sk_socket->file->f_cred->fsgid);
722 read_unlock_bh(&skb->sk->sk_callback_lock);
725 /* Max length: 16 "MARK=0xFFFFFFFF " */
726 if (!recurse && skb->mark)
727 sb_add(m, "MARK=0x%x ", skb->mark);
730 static void dump_ipv6_mac_header(struct sbuff *m,
731 const struct nf_loginfo *info,
732 const struct sk_buff *skb)
734 struct net_device *dev = skb->dev;
735 unsigned int logflags = 0;
737 if (info->type == NF_LOG_TYPE_LOG)
738 logflags = info->u.log.logflags;
740 if (!(logflags & XT_LOG_MACDECODE))
745 sb_add(m, "MACSRC=%pM MACDST=%pM MACPROTO=%04x ",
746 eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
747 ntohs(eth_hdr(skb)->h_proto));
755 if (dev->hard_header_len &&
756 skb->mac_header != skb->network_header) {
757 const unsigned char *p = skb_mac_header(skb);
758 unsigned int len = dev->hard_header_len;
761 if (dev->type == ARPHRD_SIT) {
769 sb_add(m, "%02x", *p++);
770 for (i = 1; i < len; i++)
771 sb_add(m, ":%02x", *p++);
775 if (dev->type == ARPHRD_SIT) {
776 const struct iphdr *iph =
777 (struct iphdr *)skb_mac_header(skb);
778 sb_add(m, "TUNNEL=%pI4->%pI4 ", &iph->saddr,
786 ip6t_log_packet(u_int8_t pf,
787 unsigned int hooknum,
788 const struct sk_buff *skb,
789 const struct net_device *in,
790 const struct net_device *out,
791 const struct nf_loginfo *loginfo,
794 struct sbuff *m = sb_open();
797 loginfo = &default_loginfo;
799 log_packet_common(m, pf, hooknum, skb, in, out, loginfo, prefix);
802 dump_ipv6_mac_header(m, loginfo, skb);
804 dump_ipv6_packet(m, loginfo, skb, skb_network_offset(skb), 1);
811 log_tg(struct sk_buff *skb, const struct xt_action_param *par)
813 const struct xt_log_info *loginfo = par->targinfo;
814 struct nf_loginfo li;
816 li.type = NF_LOG_TYPE_LOG;
817 li.u.log.level = loginfo->level;
818 li.u.log.logflags = loginfo->logflags;
820 if (par->family == NFPROTO_IPV4)
821 ipt_log_packet(NFPROTO_IPV4, par->hooknum, skb, par->in,
822 par->out, &li, loginfo->prefix);
823 #if IS_ENABLED(CONFIG_IPV6)
824 else if (par->family == NFPROTO_IPV6)
825 ip6t_log_packet(NFPROTO_IPV6, par->hooknum, skb, par->in,
826 par->out, &li, loginfo->prefix);
834 static int log_tg_check(const struct xt_tgchk_param *par)
836 const struct xt_log_info *loginfo = par->targinfo;
838 if (par->family != NFPROTO_IPV4 && par->family != NFPROTO_IPV6)
841 if (loginfo->level >= 8) {
842 pr_debug("level %u >= 8\n", loginfo->level);
846 if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
847 pr_debug("prefix is not null-terminated\n");
854 static struct xt_target log_tg_regs[] __read_mostly = {
857 .family = NFPROTO_IPV4,
859 .targetsize = sizeof(struct xt_log_info),
860 .checkentry = log_tg_check,
863 #if IS_ENABLED(CONFIG_IPV6)
866 .family = NFPROTO_IPV6,
868 .targetsize = sizeof(struct xt_log_info),
869 .checkentry = log_tg_check,
875 static struct nf_logger ipt_log_logger __read_mostly = {
877 .logfn = &ipt_log_packet,
881 #if IS_ENABLED(CONFIG_IPV6)
882 static struct nf_logger ip6t_log_logger __read_mostly = {
884 .logfn = &ip6t_log_packet,
889 static int __init log_tg_init(void)
893 ret = xt_register_targets(log_tg_regs, ARRAY_SIZE(log_tg_regs));
897 nf_log_register(NFPROTO_IPV4, &ipt_log_logger);
898 #if IS_ENABLED(CONFIG_IPV6)
899 nf_log_register(NFPROTO_IPV6, &ip6t_log_logger);
904 static void __exit log_tg_exit(void)
906 nf_log_unregister(&ipt_log_logger);
907 #if IS_ENABLED(CONFIG_IPV6)
908 nf_log_unregister(&ip6t_log_logger);
910 xt_unregister_targets(log_tg_regs, ARRAY_SIZE(log_tg_regs));
913 module_init(log_tg_init);
914 module_exit(log_tg_exit);
916 MODULE_LICENSE("GPL");
917 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
918 MODULE_AUTHOR("Jan Rekorajski <baggins@pld.org.pl>");
919 MODULE_DESCRIPTION("Xtables: IPv4/IPv6 packet logging");
920 MODULE_ALIAS("ipt_LOG");
921 MODULE_ALIAS("ip6t_LOG");