tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1#include <linux/kernel.h>
2#include <linux/init.h>
3#include <linux/module.h>
4#include <linux/proc_fs.h>
5#include <linux/skbuff.h>
6#include <linux/netfilter.h>
7#include <linux/seq_file.h>
8#include <net/protocol.h>
9#include <net/netfilter/nf_log.h>
10
11#include "nf_internals.h"
12
13/* Internal logging interface, which relies on the real
14 LOG target modules */
15
16#define NF_LOG_PREFIXLEN 128
17#define NFLOGGER_NAME_LEN 64
18
19static const struct nf_logger *nf_loggers[NFPROTO_NUMPROTO] __read_mostly;
20static struct list_head nf_loggers_l[NFPROTO_NUMPROTO] __read_mostly;
21static DEFINE_MUTEX(nf_log_mutex);
22
23static struct nf_logger *__find_logger(int pf, const char *str_logger)
24{
25 struct nf_logger *t;
26
27 list_for_each_entry(t, &nf_loggers_l[pf], list[pf]) {
28 if (!strnicmp(str_logger, t->name, strlen(t->name)))
29 return t;
30 }
31
32 return NULL;
33}
34
35/* return EEXIST if the same logger is registred, 0 on success. */
36int nf_log_register(u_int8_t pf, struct nf_logger *logger)
37{
38 const struct nf_logger *llog;
39 int i;
40
41 if (pf >= ARRAY_SIZE(nf_loggers))
42 return -EINVAL;
43
44 for (i = 0; i < ARRAY_SIZE(logger->list); i++)
45 INIT_LIST_HEAD(&logger->list[i]);
46
47 mutex_lock(&nf_log_mutex);
48
49 if (pf == NFPROTO_UNSPEC) {
50 for (i = NFPROTO_UNSPEC; i < NFPROTO_NUMPROTO; i++)
51 list_add_tail(&(logger->list[i]), &(nf_loggers_l[i]));
52 } else {
53 /* register at end of list to honor first register win */
54 list_add_tail(&logger->list[pf], &nf_loggers_l[pf]);
55 llog = rcu_dereference(nf_loggers[pf]);
56 if (llog == NULL)
57 rcu_assign_pointer(nf_loggers[pf], logger);
58 }
59
60 mutex_unlock(&nf_log_mutex);
61
62 return 0;
63}
64EXPORT_SYMBOL(nf_log_register);
65
66void nf_log_unregister(struct nf_logger *logger)
67{
68 const struct nf_logger *c_logger;
69 int i;
70
71 mutex_lock(&nf_log_mutex);
72 for (i = 0; i < ARRAY_SIZE(nf_loggers); i++) {
73 c_logger = rcu_dereference(nf_loggers[i]);
74 if (c_logger == logger)
75 rcu_assign_pointer(nf_loggers[i], NULL);
76 list_del(&logger->list[i]);
77 }
78 mutex_unlock(&nf_log_mutex);
79
80 synchronize_rcu();
81}
82EXPORT_SYMBOL(nf_log_unregister);
83
84int nf_log_bind_pf(u_int8_t pf, const struct nf_logger *logger)
85{
86 mutex_lock(&nf_log_mutex);
87 if (__find_logger(pf, logger->name) == NULL) {
88 mutex_unlock(&nf_log_mutex);
89 return -ENOENT;
90 }
91 rcu_assign_pointer(nf_loggers[pf], logger);
92 mutex_unlock(&nf_log_mutex);
93 return 0;
94}
95EXPORT_SYMBOL(nf_log_bind_pf);
96
97void nf_log_unbind_pf(u_int8_t pf)
98{
99 mutex_lock(&nf_log_mutex);
100 rcu_assign_pointer(nf_loggers[pf], NULL);
101 mutex_unlock(&nf_log_mutex);
102}
103EXPORT_SYMBOL(nf_log_unbind_pf);
104
105void nf_log_packet(u_int8_t pf,
106 unsigned int hooknum,
107 const struct sk_buff *skb,
108 const struct net_device *in,
109 const struct net_device *out,
110 const struct nf_loginfo *loginfo,
111 const char *fmt, ...)
112{
113 va_list args;
114 char prefix[NF_LOG_PREFIXLEN];
115 const struct nf_logger *logger;
116
117 rcu_read_lock();
118 logger = rcu_dereference(nf_loggers[pf]);
119 if (logger) {
120 va_start(args, fmt);
121 vsnprintf(prefix, sizeof(prefix), fmt, args);
122 va_end(args);
123 logger->logfn(pf, hooknum, skb, in, out, loginfo, prefix);
124 }
125 rcu_read_unlock();
126}
127EXPORT_SYMBOL(nf_log_packet);
128
129#ifdef CONFIG_PROC_FS
130static void *seq_start(struct seq_file *seq, loff_t *pos)
131{
132 mutex_lock(&nf_log_mutex);
133
134 if (*pos >= ARRAY_SIZE(nf_loggers))
135 return NULL;
136
137 return pos;
138}
139
140static void *seq_next(struct seq_file *s, void *v, loff_t *pos)
141{
142 (*pos)++;
143
144 if (*pos >= ARRAY_SIZE(nf_loggers))
145 return NULL;
146
147 return pos;
148}
149
150static void seq_stop(struct seq_file *s, void *v)
151{
152 mutex_unlock(&nf_log_mutex);
153}
154
155static int seq_show(struct seq_file *s, void *v)
156{
157 loff_t *pos = v;
158 const struct nf_logger *logger;
159 struct nf_logger *t;
160 int ret;
161
162 logger = nf_loggers[*pos];
163
164 if (!logger)
165 ret = seq_printf(s, "%2lld NONE (", *pos);
166 else
167 ret = seq_printf(s, "%2lld %s (", *pos, logger->name);
168
169 if (ret < 0)
170 return ret;
171
172 list_for_each_entry(t, &nf_loggers_l[*pos], list[*pos]) {
173 ret = seq_printf(s, "%s", t->name);
174 if (ret < 0)
175 return ret;
176 if (&t->list[*pos] != nf_loggers_l[*pos].prev) {
177 ret = seq_printf(s, ",");
178 if (ret < 0)
179 return ret;
180 }
181 }
182
183 return seq_printf(s, ")\n");
184}
185
186static const struct seq_operations nflog_seq_ops = {
187 .start = seq_start,
188 .next = seq_next,
189 .stop = seq_stop,
190 .show = seq_show,
191};
192
193static int nflog_open(struct inode *inode, struct file *file)
194{
195 return seq_open(file, &nflog_seq_ops);
196}
197
198static const struct file_operations nflog_file_ops = {
199 .owner = THIS_MODULE,
200 .open = nflog_open,
201 .read = seq_read,
202 .llseek = seq_lseek,
203 .release = seq_release,
204};
205
206
207#endif /* PROC_FS */
208
209#ifdef CONFIG_SYSCTL
210static struct ctl_path nf_log_sysctl_path[] = {
211 { .procname = "net", },
212 { .procname = "netfilter", },
213 { .procname = "nf_log", },
214 { }
215};
216
217static char nf_log_sysctl_fnames[NFPROTO_NUMPROTO-NFPROTO_UNSPEC][3];
218static struct ctl_table nf_log_sysctl_table[NFPROTO_NUMPROTO+1];
219static struct ctl_table_header *nf_log_dir_header;
220
221static int nf_log_proc_dostring(ctl_table *table, int write,
222 void __user *buffer, size_t *lenp, loff_t *ppos)
223{
224 const struct nf_logger *logger;
225 char buf[NFLOGGER_NAME_LEN];
226 size_t size = *lenp;
227 int r = 0;
228 int tindex = (unsigned long)table->extra1;
229
230 if (write) {
231 if (size > sizeof(buf))
232 size = sizeof(buf);
233 if (copy_from_user(buf, buffer, size))
234 return -EFAULT;
235
236 if (!strcmp(buf, "NONE")) {
237 nf_log_unbind_pf(tindex);
238 return 0;
239 }
240 mutex_lock(&nf_log_mutex);
241 logger = __find_logger(tindex, buf);
242 if (logger == NULL) {
243 mutex_unlock(&nf_log_mutex);
244 return -ENOENT;
245 }
246 rcu_assign_pointer(nf_loggers[tindex], logger);
247 mutex_unlock(&nf_log_mutex);
248 } else {
249 mutex_lock(&nf_log_mutex);
250 logger = nf_loggers[tindex];
251 if (!logger)
252 table->data = "NONE";
253 else
254 table->data = logger->name;
255 r = proc_dostring(table, write, buffer, lenp, ppos);
256 mutex_unlock(&nf_log_mutex);
257 }
258
259 return r;
260}
261
262static __init int netfilter_log_sysctl_init(void)
263{
264 int i;
265
266 for (i = NFPROTO_UNSPEC; i < NFPROTO_NUMPROTO; i++) {
267 snprintf(nf_log_sysctl_fnames[i-NFPROTO_UNSPEC], 3, "%d", i);
268 nf_log_sysctl_table[i].procname =
269 nf_log_sysctl_fnames[i-NFPROTO_UNSPEC];
270 nf_log_sysctl_table[i].data = NULL;
271 nf_log_sysctl_table[i].maxlen =
272 NFLOGGER_NAME_LEN * sizeof(char);
273 nf_log_sysctl_table[i].mode = 0644;
274 nf_log_sysctl_table[i].proc_handler = nf_log_proc_dostring;
275 nf_log_sysctl_table[i].extra1 = (void *)(unsigned long) i;
276 }
277
278 nf_log_dir_header = register_sysctl_paths(nf_log_sysctl_path,
279 nf_log_sysctl_table);
280 if (!nf_log_dir_header)
281 return -ENOMEM;
282
283 return 0;
284}
285#else
286static __init int netfilter_log_sysctl_init(void)
287{
288 return 0;
289}
290#endif /* CONFIG_SYSCTL */
291
292int __init netfilter_log_init(void)
293{
294 int i, r;
295#ifdef CONFIG_PROC_FS
296 if (!proc_create("nf_log", S_IRUGO,
297 proc_net_netfilter, &nflog_file_ops))
298 return -1;
299#endif
300
301 /* Errors will trigger panic, unroll on error is unnecessary. */
302 r = netfilter_log_sysctl_init();
303 if (r < 0)
304 return r;
305
306 for (i = NFPROTO_UNSPEC; i < NFPROTO_NUMPROTO; i++)
307 INIT_LIST_HEAD(&(nf_loggers_l[i]));
308
309 return 0;
310}