2 * This is a module which is used for logging packets.
4 #include <linux/module.h>
5 #include <linux/skbuff.h>
7 #include <linux/spinlock.h>
8 #include <linux/icmpv6.h>
12 #include <linux/netfilter_ipv6/ip6_tables.h>
14 MODULE_AUTHOR("Jan Rekorajski <baggins@pld.org.pl>");
15 MODULE_DESCRIPTION("IP6 tables LOG target module");
16 MODULE_LICENSE("GPL");
19 #include <net/route.h>
20 #include <linux/netfilter_ipv6/ip6t_LOG.h>
25 #define DEBUGP(format, args...)
29 ntohs((addr).s6_addr16[0]), \
30 ntohs((addr).s6_addr16[1]), \
31 ntohs((addr).s6_addr16[2]), \
32 ntohs((addr).s6_addr16[3]), \
33 ntohs((addr).s6_addr16[4]), \
34 ntohs((addr).s6_addr16[5]), \
35 ntohs((addr).s6_addr16[6]), \
36 ntohs((addr).s6_addr16[7])
38 /* FIXME evil kludge */
53 /* Use lock to serialize, so printks don't overlap */
54 static spinlock_t log_lock = SPIN_LOCK_UNLOCKED;
56 /* One level of recursion won't kill us */
57 static void dump_packet(const struct ip6t_log_info *info,
58 const struct sk_buff *skb, unsigned int ip6hoff,
63 struct ipv6hdr *ipv6h;
65 unsigned int hdrlen = 0;
67 if (skb->len - ip6hoff < sizeof(*ipv6h)) {
71 ipv6h = (struct ipv6hdr *)(skb->data + ip6hoff);
73 /* Max length: 88 "SRC=0000.0000.0000.0000.0000.0000.0000.0000 DST=0000.0000.0000.0000.0000.0000.0000.0000" */
74 printk("SRC=%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x ", NIP6(ipv6h->saddr));
75 printk("DST=%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x ", NIP6(ipv6h->daddr));
77 /* Max length: 44 "LEN=65535 TC=255 HOPLIMIT=255 FLOWLBL=FFFFF " */
78 printk("LEN=%Zu TC=%u HOPLIMIT=%u FLOWLBL=%u ",
79 ntohs(ipv6h->payload_len) + sizeof(struct ipv6hdr),
80 (ntohl(*(u_int32_t *)ipv6h) & 0x0ff00000) >> 20,
82 (ntohl(*(u_int32_t *)ipv6h) & 0x000fffff));
85 ptr = ip6hoff + sizeof(struct ipv6hdr);
86 currenthdr = ipv6h->nexthdr;
87 while (currenthdr != NEXTHDR_NONE && ip6t_ext_hdr(currenthdr)) {
88 struct ipv6_opt_hdr *hdr;
90 if (skb->len - ptr < sizeof(*hdr)) {
94 hdr = (struct ipv6_opt_hdr *)(skb->data + ptr);
96 /* Max length: 48 "OPT (...) " */
97 if (info->logflags & IP6T_LOG_IPOPT)
100 switch (currenthdr) {
101 case IPPROTO_FRAGMENT: {
102 struct frag_hdr *fhdr;
105 if (skb->len - ptr < sizeof(*fhdr)) {
106 printk("TRUNCATED ");
109 fhdr = (struct frag_hdr *)(skb->data + ptr);
111 /* Max length: 6 "65535 " */
112 printk("%u ", ntohs(fhdr->frag_off) & 0xFFF8);
114 /* Max length: 11 "INCOMPLETE " */
115 if (fhdr->frag_off & htons(0x0001))
116 printk("INCOMPLETE ");
118 printk("ID:%08x ", ntohl(fhdr->identification));
120 if (ntohs(fhdr->frag_off) & 0xFFF8)
127 case IPPROTO_DSTOPTS:
128 case IPPROTO_ROUTING:
129 case IPPROTO_HOPOPTS:
131 if (info->logflags & IP6T_LOG_IPOPT)
135 hdrlen = ipv6_optlen(hdr);
139 if (info->logflags & IP6T_LOG_IPOPT) {
142 /* Max length: 3 "AH " */
150 if (skb->len - ptr < sizeof(*ah)) {
152 * Max length: 26 "INCOMPLETE [65535
155 printk("INCOMPLETE [%u bytes] )",
159 ah = (struct ahhdr *)(skb->data + ptr);
161 /* Length: 15 "SPI=0xF1234567 */
162 printk("SPI=0x%x ", ntohl(ah->spi));
166 hdrlen = (hdr->hdrlen+2)<<2;
169 if (info->logflags & IP6T_LOG_IPOPT) {
172 /* Max length: 4 "ESP " */
181 * Max length: 26 "INCOMPLETE [65535 bytes] )"
183 if (skb->len - ptr < sizeof(*esph)) {
184 printk("INCOMPLETE [%u bytes] )",
188 esph = (struct esphdr *)(skb->data + ptr);
190 /* Length: 16 "SPI=0xF1234567 )" */
191 printk("SPI=0x%x )", ntohl(esph->spi) );
196 /* Max length: 20 "Unknown Ext Hdr 255" */
197 printk("Unknown Ext Hdr %u", currenthdr);
200 if (info->logflags & IP6T_LOG_IPOPT)
203 currenthdr = hdr->nexthdr;
207 switch (currenthdr) {
211 /* Max length: 10 "PROTO=TCP " */
212 printk("PROTO=TCP ");
217 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
218 if (skb->len - ptr < sizeof(*tcph)) {
219 printk("INCOMPLETE [%u bytes] ", skb->len - ptr);
222 tcph = (struct tcphdr *)(skb->data + ptr);
224 /* Max length: 20 "SPT=65535 DPT=65535 " */
225 printk("SPT=%u DPT=%u ",
226 ntohs(tcph->source), ntohs(tcph->dest));
227 /* Max length: 30 "SEQ=4294967295 ACK=4294967295 " */
228 if (info->logflags & IP6T_LOG_TCPSEQ)
229 printk("SEQ=%u ACK=%u ",
230 ntohl(tcph->seq), ntohl(tcph->ack_seq));
231 /* Max length: 13 "WINDOW=65535 " */
232 printk("WINDOW=%u ", ntohs(tcph->window));
233 /* Max length: 9 "RES=0x3C " */
234 printk("RES=0x%02x ", (u_int8_t)(ntohl(tcp_flag_word(tcph) & TCP_RESERVED_BITS) >> 22));
235 /* Max length: 32 "CWR ECE URG ACK PSH RST SYN FIN " */
252 /* Max length: 11 "URGP=65535 " */
253 printk("URGP=%u ", ntohs(tcph->urg_ptr));
255 if ((info->logflags & IP6T_LOG_TCPOPT)
256 && tcph->doff * 4 > sizeof(struct tcphdr)) {
259 unsigned int optsize = tcph->doff * 4
260 - sizeof(struct tcphdr);
262 if (skb->len - ptr - sizeof(struct tcphdr) < optsize) {
263 printk("OPT (TRUNCATED)");
266 op = (u_int8_t *)(skb->data + ptr
267 + sizeof(struct tcphdr));
269 /* Max length: 127 "OPT (" 15*4*2chars ") " */
271 for (i =0; i < optsize; i++)
272 printk("%02X", op[i]);
280 /* Max length: 10 "PROTO=UDP " */
281 printk("PROTO=UDP ");
286 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
287 if (skb->len - ptr < sizeof(*udph)) {
288 printk("INCOMPLETE [%u bytes] ", skb->len - ptr);
291 udph = (struct udphdr *)(skb->data + ptr);
293 /* Max length: 20 "SPT=65535 DPT=65535 " */
294 printk("SPT=%u DPT=%u LEN=%u ",
295 ntohs(udph->source), ntohs(udph->dest),
299 case IPPROTO_ICMPV6: {
300 struct icmp6hdr *icmp6h;
302 /* Max length: 13 "PROTO=ICMPv6 " */
303 printk("PROTO=ICMPv6 ");
308 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
309 if (skb->len - ptr < sizeof(*icmp6h)) {
310 printk("INCOMPLETE [%u bytes] ", skb->len - ptr);
313 icmp6h = (struct icmp6hdr *)(skb->data + ptr);
315 /* Max length: 18 "TYPE=255 CODE=255 " */
316 printk("TYPE=%u CODE=%u ", icmp6h->icmp6_type, icmp6h->icmp6_code);
318 switch (icmp6h->icmp6_type) {
319 case ICMPV6_ECHO_REQUEST:
320 case ICMPV6_ECHO_REPLY:
321 /* Max length: 19 "ID=65535 SEQ=65535 " */
322 printk("ID=%u SEQ=%u ",
323 ntohs(icmp6h->icmp6_identifier),
324 ntohs(icmp6h->icmp6_sequence));
326 case ICMPV6_MGM_QUERY:
327 case ICMPV6_MGM_REPORT:
328 case ICMPV6_MGM_REDUCTION:
331 case ICMPV6_PARAMPROB:
332 /* Max length: 17 "POINTER=ffffffff " */
333 printk("POINTER=%08x ", ntohl(icmp6h->icmp6_pointer));
335 case ICMPV6_DEST_UNREACH:
336 case ICMPV6_PKT_TOOBIG:
337 case ICMPV6_TIME_EXCEED:
338 /* Max length: 3+maxlen */
341 dump_packet(info, skb, ptr + sizeof(*icmp6h),
346 /* Max length: 10 "MTU=65535 " */
347 if (icmp6h->icmp6_type == ICMPV6_PKT_TOOBIG)
348 printk("MTU=%u ", ntohl(icmp6h->icmp6_mtu));
352 /* Max length: 10 "PROTO=255 " */
354 printk("PROTO=%u ", currenthdr);
359 ip6t_log_target(struct sk_buff **pskb,
360 unsigned int hooknum,
361 const struct net_device *in,
362 const struct net_device *out,
363 const void *targinfo,
366 const struct ip6t_log_info *loginfo = targinfo;
367 char level_string[4] = "< >";
369 level_string[1] = '0' + (loginfo->level % 8);
370 spin_lock_bh(&log_lock);
371 printk(level_string);
372 printk("%sIN=%s OUT=%s ",
375 out ? out->name : "");
378 /* MAC logging for input chain only. */
380 if ((*pskb)->dev && (len = (*pskb)->dev->hard_header_len) &&
381 (*pskb)->mac.raw != (*pskb)->nh.raw) {
382 unsigned char *p = (*pskb)->mac.raw;
385 if ((*pskb)->dev->type == ARPHRD_SIT &&
386 (p -= ETH_HLEN) < (*pskb)->head)
390 for (i = 0; i < len; i++)
391 printk("%02x%s", p[i],
392 i == len - 1 ? "" : ":");
396 if ((*pskb)->dev->type == ARPHRD_SIT) {
399 iph = (struct iphdr *)(*pskb)->mac.raw;
400 printk("TUNNEL=%u.%u.%u.%u->%u.%u.%u.%u ",
402 NIPQUAD(iph->daddr));
408 dump_packet(loginfo, (*pskb), (u8*)(*pskb)->nh.ipv6h - (*pskb)->data,
411 spin_unlock_bh(&log_lock);
413 return IP6T_CONTINUE;
416 static int ip6t_log_checkentry(const char *tablename,
417 const struct ip6t_entry *e,
419 unsigned int targinfosize,
420 unsigned int hook_mask)
422 const struct ip6t_log_info *loginfo = targinfo;
424 if (targinfosize != IP6T_ALIGN(sizeof(struct ip6t_log_info))) {
425 DEBUGP("LOG: targinfosize %u != %u\n",
426 targinfosize, IP6T_ALIGN(sizeof(struct ip6t_log_info)));
430 if (loginfo->level >= 8) {
431 DEBUGP("LOG: level %u >= 8\n", loginfo->level);
435 if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
436 DEBUGP("LOG: prefix term %i\n",
437 loginfo->prefix[sizeof(loginfo->prefix)-1]);
444 static struct ip6t_target ip6t_log_reg
445 = { { NULL, NULL }, "LOG", ip6t_log_target, ip6t_log_checkentry, NULL,
448 static int __init init(void)
450 if (ip6t_register_target(&ip6t_log_reg))
456 static void __exit fini(void)
458 ip6t_unregister_target(&ip6t_log_reg);