// SPDX-License-Identifier: GPL-2.0-only /* * This is a module which is used for logging packets to userspace via * nfetlink. * * (C) 2005 by Harald Welte <[email protected]> * (C) 2006-2012 Patrick McHardy <[email protected]> * * Based on the old ipv4-only ipt_ULOG.c: * (C) 2000-2004 by Harald Welte <[email protected]> */ #define pr_fmt(fmt) … #include <linux/module.h> #include <linux/skbuff.h> #include <linux/if_arp.h> #include <linux/init.h> #include <linux/ip.h> #include <linux/ipv6.h> #include <linux/netdevice.h> #include <linux/netfilter.h> #include <linux/netfilter_bridge.h> #include <net/netlink.h> #include <linux/netfilter/nfnetlink.h> #include <linux/netfilter/nfnetlink_log.h> #include <linux/netfilter/nf_conntrack_common.h> #include <linux/spinlock.h> #include <linux/sysctl.h> #include <linux/proc_fs.h> #include <linux/security.h> #include <linux/list.h> #include <linux/slab.h> #include <net/sock.h> #include <net/netfilter/nf_log.h> #include <net/netns/generic.h> #include <linux/atomic.h> #include <linux/refcount.h> #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) #include "../bridge/br_private.h" #endif #if IS_ENABLED(CONFIG_NF_CONNTRACK) #include <net/netfilter/nf_conntrack.h> #endif #define NFULNL_COPY_DISABLED … #define NFULNL_NLBUFSIZ_DEFAULT … #define NFULNL_TIMEOUT_DEFAULT … #define NFULNL_QTHRESH_DEFAULT … /* max packet size is limited by 16-bit struct nfattr nfa_len field */ #define NFULNL_COPY_RANGE_MAX … #define PRINTR(x, args...) … struct nfulnl_instance { … }; #define INSTANCE_BUCKETS … static unsigned int nfnl_log_net_id __read_mostly; struct nfnl_log_net { … }; static struct nfnl_log_net *nfnl_log_pernet(struct net *net) { … } static inline u_int8_t instance_hashfn(u_int16_t group_num) { … } static struct nfulnl_instance * __instance_lookup(const struct nfnl_log_net *log, u16 group_num) { … } static inline void instance_get(struct nfulnl_instance *inst) { … } static struct nfulnl_instance * instance_lookup_get_rcu(const struct nfnl_log_net *log, u16 group_num) { … } static struct nfulnl_instance * instance_lookup_get(const struct nfnl_log_net *log, u16 group_num) { … } static void nfulnl_instance_free_rcu(struct rcu_head *head) { … } static void instance_put(struct nfulnl_instance *inst) { … } static void nfulnl_timer(struct timer_list *t); static struct nfulnl_instance * instance_create(struct net *net, u_int16_t group_num, u32 portid, struct user_namespace *user_ns) { … } static void __nfulnl_flush(struct nfulnl_instance *inst); /* called with BH disabled */ static void __instance_destroy(struct nfulnl_instance *inst) { … } static inline void instance_destroy(struct nfnl_log_net *log, struct nfulnl_instance *inst) { … } static int nfulnl_set_mode(struct nfulnl_instance *inst, u_int8_t mode, unsigned int range) { … } static int nfulnl_set_nlbufsiz(struct nfulnl_instance *inst, u_int32_t nlbufsiz) { … } static void nfulnl_set_timeout(struct nfulnl_instance *inst, u_int32_t timeout) { … } static void nfulnl_set_qthresh(struct nfulnl_instance *inst, u_int32_t qthresh) { … } static int nfulnl_set_flags(struct nfulnl_instance *inst, u_int16_t flags) { … } static struct sk_buff * nfulnl_alloc_skb(struct net *net, u32 peer_portid, unsigned int inst_size, unsigned int pkt_size) { … } static void __nfulnl_send(struct nfulnl_instance *inst) { … } static void __nfulnl_flush(struct nfulnl_instance *inst) { … } static void nfulnl_timer(struct timer_list *t) { … } static u32 nfulnl_get_bridge_size(const struct sk_buff *skb) { … } static int nfulnl_put_bridge(struct nfulnl_instance *inst, const struct sk_buff *skb) { … } /* This is an inline function, we don't really care about a long * list of arguments */ static inline int __build_packet_message(struct nfnl_log_net *log, struct nfulnl_instance *inst, const struct sk_buff *skb, unsigned int data_len, u_int8_t pf, unsigned int hooknum, const struct net_device *indev, const struct net_device *outdev, const char *prefix, unsigned int plen, const struct nfnl_ct_hook *nfnl_ct, struct nf_conn *ct, enum ip_conntrack_info ctinfo) { … } static const struct nf_loginfo default_loginfo = …; /* log handler for internal netfilter logging api */ static void nfulnl_log_packet(struct net *net, u_int8_t pf, unsigned int hooknum, const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const struct nf_loginfo *li_user, const char *prefix) { … } static int nfulnl_rcv_nl_event(struct notifier_block *this, unsigned long event, void *ptr) { … } static struct notifier_block nfulnl_rtnl_notifier = …; static int nfulnl_recv_unsupp(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nfula[]) { … } static struct nf_logger nfulnl_logger __read_mostly = …; static const struct nla_policy nfula_cfg_policy[NFULA_CFG_MAX+1] = …; static int nfulnl_recv_config(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nfula[]) { … } static const struct nfnl_callback nfulnl_cb[NFULNL_MSG_MAX] = …; static const struct nfnetlink_subsystem nfulnl_subsys = …; #ifdef CONFIG_PROC_FS struct iter_state { … }; static struct hlist_node *get_first(struct net *net, struct iter_state *st) { … } static struct hlist_node *get_next(struct net *net, struct iter_state *st, struct hlist_node *h) { … } static struct hlist_node *get_idx(struct net *net, struct iter_state *st, loff_t pos) { … } static void *seq_start(struct seq_file *s, loff_t *pos) __acquires(rcu) { … } static void *seq_next(struct seq_file *s, void *v, loff_t *pos) { … } static void seq_stop(struct seq_file *s, void *v) __releases(rcu) { … } static int seq_show(struct seq_file *s, void *v) { … } static const struct seq_operations nful_seq_ops = …; #endif /* PROC_FS */ static int __net_init nfnl_log_net_init(struct net *net) { … } static void __net_exit nfnl_log_net_exit(struct net *net) { … } static struct pernet_operations nfnl_log_net_ops = …; static int __init nfnetlink_log_init(void) { … } static void __exit nfnetlink_log_fini(void) { … } MODULE_DESCRIPTION(…) …; MODULE_AUTHOR(…) …; MODULE_LICENSE(…) …; MODULE_ALIAS_NFNL_SUBSYS(…); MODULE_ALIAS_NF_LOGGER(…); MODULE_ALIAS_NF_LOGGER(…); MODULE_ALIAS_NF_LOGGER(…); MODULE_ALIAS_NF_LOGGER(…); /* NFPROTO_ARP */ MODULE_ALIAS_NF_LOGGER(…); /* NFPROTO_NETDEV */ module_init(…) …; module_exit(nfnetlink_log_fini);
Codebase Browser
linux