File: /usr/src/linux/net/ipv4/netfilter/ipt_LOG.c
1 /*
2 * This is a module which is used for logging packets.
3 */
4 #include <linux/module.h>
5 #include <linux/skbuff.h>
6 #include <linux/ip.h>
7 #include <linux/spinlock.h>
8 #include <net/icmp.h>
9 #include <net/udp.h>
10 #include <net/tcp.h>
11 #include <linux/netfilter_ipv4/ip_tables.h>
12
13 struct in_device;
14 #include <net/route.h>
15 #include <linux/netfilter_ipv4/ipt_LOG.h>
16
17 #if 0
18 #define DEBUGP printk
19 #else
20 #define DEBUGP(format, args...)
21 #endif
22
23 struct esphdr {
24 __u32 spi;
25 }; /* FIXME evil kludge */
26
27 /* Use lock to serialize, so printks don't overlap */
28 static spinlock_t log_lock = SPIN_LOCK_UNLOCKED;
29
30 /* One level of recursion won't kill us */
31 static void dump_packet(const struct ipt_log_info *info,
32 struct iphdr *iph, unsigned int len, int recurse)
33 {
34 void *protoh = (u_int32_t *)iph + iph->ihl;
35 unsigned int datalen = len - iph->ihl * 4;
36
37 /* Important fields:
38 * TOS, len, DF/MF, fragment offset, TTL, src, dst, options. */
39 /* Max length: 40 "SRC=255.255.255.255 DST=255.255.255.255 " */
40 printk("SRC=%u.%u.%u.%u DST=%u.%u.%u.%u ",
41 NIPQUAD(iph->saddr), NIPQUAD(iph->daddr));
42
43 /* Max length: 46 "LEN=65535 TOS=0xFF PREC=0xFF TTL=255 ID=65535 " */
44 printk("LEN=%u TOS=0x%02X PREC=0x%02X TTL=%u ID=%u ",
45 ntohs(iph->tot_len), iph->tos & IPTOS_TOS_MASK,
46 iph->tos & IPTOS_PREC_MASK, iph->ttl, ntohs(iph->id));
47
48 /* Max length: 6 "CE DF MF " */
49 if (ntohs(iph->frag_off) & IP_CE)
50 printk("CE ");
51 if (ntohs(iph->frag_off) & IP_DF)
52 printk("DF ");
53 if (ntohs(iph->frag_off) & IP_MF)
54 printk("MF ");
55
56 /* Max length: 11 "FRAG:65535 " */
57 if (ntohs(iph->frag_off) & IP_OFFSET)
58 printk("FRAG:%u ", ntohs(iph->frag_off) & IP_OFFSET);
59
60 if ((info->logflags & IPT_LOG_IPOPT)
61 && iph->ihl * 4 != sizeof(struct iphdr)) {
62 unsigned int i;
63
64 /* Max length: 127 "OPT (" 15*4*2chars ") " */
65 printk("OPT (");
66 for (i = sizeof(struct iphdr); i < iph->ihl * 4; i++)
67 printk("%02X", ((u_int8_t *)iph)[i]);
68 printk(") ");
69 }
70
71 switch (iph->protocol) {
72 case IPPROTO_TCP: {
73 struct tcphdr *tcph = protoh;
74
75 /* Max length: 10 "PROTO=TCP " */
76 printk("PROTO=TCP ");
77
78 if (ntohs(iph->frag_off) & IP_OFFSET)
79 break;
80
81 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
82 if (datalen < sizeof (*tcph)) {
83 printk("INCOMPLETE [%u bytes] ", datalen);
84 break;
85 }
86
87 /* Max length: 20 "SPT=65535 DPT=65535 " */
88 printk("SPT=%u DPT=%u ",
89 ntohs(tcph->source), ntohs(tcph->dest));
90 /* Max length: 30 "SEQ=4294967295 ACK=4294967295 " */
91 if (info->logflags & IPT_LOG_TCPSEQ)
92 printk("SEQ=%u ACK=%u ",
93 ntohl(tcph->seq), ntohl(tcph->ack_seq));
94 /* Max length: 13 "WINDOW=65535 " */
95 printk("WINDOW=%u ", ntohs(tcph->window));
96 /* Max length: 9 "RES=0x3F " */
97 printk("RES=0x%02x ", (u_int8_t)(ntohl(tcp_flag_word(tcph) & TCP_RESERVED_BITS) >> 22));
98 /* Max length: 36 "URG ACK PSH RST SYN FIN " */
99 if (tcph->urg)
100 printk("URG ");
101 if (tcph->ack)
102 printk("ACK ");
103 if (tcph->psh)
104 printk("PSH ");
105 if (tcph->rst)
106 printk("RST ");
107 if (tcph->syn)
108 printk("SYN ");
109 if (tcph->fin)
110 printk("FIN ");
111 /* Max length: 11 "URGP=65535 " */
112 printk("URGP=%u ", ntohs(tcph->urg_ptr));
113
114 if ((info->logflags & IPT_LOG_TCPOPT)
115 && tcph->doff * 4 != sizeof(struct tcphdr)) {
116 unsigned int i;
117
118 /* Max length: 127 "OPT (" 15*4*2chars ") " */
119 printk("OPT (");
120 for (i =sizeof(struct tcphdr); i < tcph->doff * 4; i++)
121 printk("%02X", ((u_int8_t *)tcph)[i]);
122 printk(") ");
123 }
124 break;
125 }
126 case IPPROTO_UDP: {
127 struct udphdr *udph = protoh;
128
129 /* Max length: 10 "PROTO=UDP " */
130 printk("PROTO=UDP ");
131
132 if (ntohs(iph->frag_off) & IP_OFFSET)
133 break;
134
135 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
136 if (datalen < sizeof (*udph)) {
137 printk("INCOMPLETE [%u bytes] ", datalen);
138 break;
139 }
140
141 /* Max length: 20 "SPT=65535 DPT=65535 " */
142 printk("SPT=%u DPT=%u LEN=%u ",
143 ntohs(udph->source), ntohs(udph->dest),
144 ntohs(udph->len));
145 break;
146 }
147 case IPPROTO_ICMP: {
148 struct icmphdr *icmph = protoh;
149 static size_t required_len[NR_ICMP_TYPES+1]
150 = { [ICMP_ECHOREPLY] = 4,
151 [ICMP_DEST_UNREACH]
152 = 8 + sizeof(struct iphdr) + 8,
153 [ICMP_SOURCE_QUENCH]
154 = 8 + sizeof(struct iphdr) + 8,
155 [ICMP_REDIRECT]
156 = 8 + sizeof(struct iphdr) + 8,
157 [ICMP_ECHO] = 4,
158 [ICMP_TIME_EXCEEDED]
159 = 8 + sizeof(struct iphdr) + 8,
160 [ICMP_PARAMETERPROB]
161 = 8 + sizeof(struct iphdr) + 8,
162 [ICMP_TIMESTAMP] = 20,
163 [ICMP_TIMESTAMPREPLY] = 20,
164 [ICMP_ADDRESS] = 12,
165 [ICMP_ADDRESSREPLY] = 12 };
166
167 /* Max length: 11 "PROTO=ICMP " */
168 printk("PROTO=ICMP ");
169
170 if (ntohs(iph->frag_off) & IP_OFFSET)
171 break;
172
173 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
174 if (datalen < 4) {
175 printk("INCOMPLETE [%u bytes] ", datalen);
176 break;
177 }
178
179 /* Max length: 18 "TYPE=255 CODE=255 " */
180 printk("TYPE=%u CODE=%u ", icmph->type, icmph->code);
181
182 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
183 if (icmph->type <= NR_ICMP_TYPES
184 && required_len[icmph->type]
185 && datalen < required_len[icmph->type]) {
186 printk("INCOMPLETE [%u bytes] ", datalen);
187 break;
188 }
189
190 switch (icmph->type) {
191 case ICMP_ECHOREPLY:
192 case ICMP_ECHO:
193 /* Max length: 19 "ID=65535 SEQ=65535 " */
194 printk("ID=%u SEQ=%u ",
195 ntohs(icmph->un.echo.id),
196 ntohs(icmph->un.echo.sequence));
197 break;
198
199 case ICMP_PARAMETERPROB:
200 /* Max length: 14 "PARAMETER=255 " */
201 printk("PARAMETER=%u ",
202 ntohl(icmph->un.gateway) >> 24);
203 break;
204 case ICMP_REDIRECT:
205 /* Max length: 24 "GATEWAY=255.255.255.255 " */
206 printk("GATEWAY=%u.%u.%u.%u ", NIPQUAD(icmph->un.gateway));
207 /* Fall through */
208 case ICMP_DEST_UNREACH:
209 case ICMP_SOURCE_QUENCH:
210 case ICMP_TIME_EXCEEDED:
211 /* Max length: 3+maxlen */
212 if (recurse) {
213 printk("[");
214 dump_packet(info,
215 (struct iphdr *)(icmph + 1),
216 datalen-sizeof(struct iphdr),
217 0);
218 printk("] ");
219 }
220
221 /* Max length: 10 "MTU=65535 " */
222 if (icmph->type == ICMP_DEST_UNREACH
223 && icmph->code == ICMP_FRAG_NEEDED)
224 printk("MTU=%u ", ntohs(icmph->un.frag.mtu));
225 }
226 break;
227 }
228 /* Max Length */
229 case IPPROTO_AH:
230 case IPPROTO_ESP: {
231 struct esphdr *esph = protoh;
232 int esp= (iph->protocol==IPPROTO_ESP);
233
234 /* Max length: 10 "PROTO=ESP " */
235 printk("PROTO=%s ",esp? "ESP" : "AH");
236
237 if (ntohs(iph->frag_off) & IP_OFFSET)
238 break;
239
240 /* Max length: 25 "INCOMPLETE [65535 bytes] " */
241 if (datalen < sizeof (*esph)) {
242 printk("INCOMPLETE [%u bytes] ", datalen);
243 break;
244 }
245
246 /* Length: 15 "SPI=0xF1234567 " */
247 printk("SPI=0x%x ", ntohl(esph->spi) );
248 break;
249 }
250 /* Max length: 10 "PROTO 255 " */
251 default:
252 printk("PROTO=%u ", iph->protocol);
253 }
254
255 /* Proto Max log string length */
256 /* IP: 40+46+6+11+127 = 230 */
257 /* TCP: 10+max(25,20+30+13+9+36+11+127) = 256 */
258 /* UDP: 10+max(25,20) = 35 */
259 /* ICMP: 11+max(25, 18+25+max(19,14,24+3+n+10,3+n+10)) = 91+n */
260 /* ESP: 10+max(25)+15 = 50 */
261 /* AH: 9+max(25)+15 = 49 */
262 /* unknown: 10 */
263
264 /* (ICMP allows recursion one level deep) */
265 /* maxlen = IP + ICMP + IP + max(TCP,UDP,ICMP,unknown) */
266 /* maxlen = 230+ 91 + 230 + 256 = 807 */
267 }
268
269 static unsigned int
270 ipt_log_target(struct sk_buff **pskb,
271 unsigned int hooknum,
272 const struct net_device *in,
273 const struct net_device *out,
274 const void *targinfo,
275 void *userinfo)
276 {
277 struct iphdr *iph = (*pskb)->nh.iph;
278 const struct ipt_log_info *loginfo = targinfo;
279 char level_string[4] = "< >";
280
281 level_string[1] = '0' + (loginfo->level % 8);
282 spin_lock_bh(&log_lock);
283 printk(level_string);
284 printk("%sIN=%s OUT=%s ",
285 loginfo->prefix,
286 in ? in->name : "",
287 out ? out->name : "");
288 if (in && !out) {
289 /* MAC logging for input chain only. */
290 printk("MAC=");
291 if ((*pskb)->dev && (*pskb)->dev->hard_header_len && (*pskb)->mac.raw != (void*)iph) {
292 int i;
293 unsigned char *p = (*pskb)->mac.raw;
294 for (i = 0; i < (*pskb)->dev->hard_header_len; i++,p++)
295 printk("%02x%c", *p,
296 i==(*pskb)->dev->hard_header_len - 1
297 ? ' ':':');
298 } else
299 printk(" ");
300 }
301
302 dump_packet(loginfo, iph, (*pskb)->len, 1);
303 printk("\n");
304 spin_unlock_bh(&log_lock);
305
306 return IPT_CONTINUE;
307 }
308
309 static int ipt_log_checkentry(const char *tablename,
310 const struct ipt_entry *e,
311 void *targinfo,
312 unsigned int targinfosize,
313 unsigned int hook_mask)
314 {
315 const struct ipt_log_info *loginfo = targinfo;
316
317 if (targinfosize != IPT_ALIGN(sizeof(struct ipt_log_info))) {
318 DEBUGP("LOG: targinfosize %u != %u\n",
319 targinfosize, IPT_ALIGN(sizeof(struct ipt_log_info)));
320 return 0;
321 }
322
323 if (loginfo->level >= 8) {
324 DEBUGP("LOG: level %u >= 8\n", loginfo->level);
325 return 0;
326 }
327
328 if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
329 DEBUGP("LOG: prefix term %i\n",
330 loginfo->prefix[sizeof(loginfo->prefix)-1]);
331 return 0;
332 }
333
334 return 1;
335 }
336
337 static struct ipt_target ipt_log_reg
338 = { { NULL, NULL }, "LOG", ipt_log_target, ipt_log_checkentry, NULL,
339 THIS_MODULE };
340
341 static int __init init(void)
342 {
343 if (ipt_register_target(&ipt_log_reg))
344 return -EINVAL;
345
346 return 0;
347 }
348
349 static void __exit fini(void)
350 {
351 ipt_unregister_target(&ipt_log_reg);
352 }
353
354 module_init(init);
355 module_exit(fini);
356