1 #include <linux/kernel.h> 2 #include <linux/init.h> 3 #include <linux/module.h> 4 #include <linux/proc_fs.h> 5 #include <linux/skbuff.h> 6 #include <linux/netfilter.h> 7 #include <linux/seq_file.h> 8 #include <net/protocol.h> 9 #include <net/netfilter/nf_log.h> 10 11 #include "nf_internals.h" 12 13 /* Internal logging interface, which relies on the real 14 LOG target modules */ 15 16 #define NF_LOG_PREFIXLEN 128 17 #define NFLOGGER_NAME_LEN 64 18 19 static const struct nf_logger *nf_loggers[NFPROTO_NUMPROTO] __read_mostly; 20 static struct list_head nf_loggers_l[NFPROTO_NUMPROTO] __read_mostly; 21 static DEFINE_MUTEX(nf_log_mutex); 22 23 static struct nf_logger *__find_logger(int pf, const char *str_logger) 24 { 25 struct nf_logger *t; 26 27 list_for_each_entry(t, &nf_loggers_l[pf], list[pf]) { 28 if (!strnicmp(str_logger, t->name, strlen(t->name))) 29 return t; 30 } 31 32 return NULL; 33 } 34 35 /* return EEXIST if the same logger is registred, 0 on success. */ 36 int nf_log_register(u_int8_t pf, struct nf_logger *logger) 37 { 38 const struct nf_logger *llog; 39 int i; 40 41 if (pf >= ARRAY_SIZE(nf_loggers)) 42 return -EINVAL; 43 44 for (i = 0; i < ARRAY_SIZE(logger->list); i++) 45 INIT_LIST_HEAD(&logger->list[i]); 46 47 mutex_lock(&nf_log_mutex); 48 49 if (pf == NFPROTO_UNSPEC) { 50 for (i = NFPROTO_UNSPEC; i < NFPROTO_NUMPROTO; i++) 51 list_add_tail(&(logger->list[i]), &(nf_loggers_l[i])); 52 } else { 53 /* register at end of list to honor first register win */ 54 list_add_tail(&logger->list[pf], &nf_loggers_l[pf]); 55 llog = rcu_dereference_protected(nf_loggers[pf], 56 lockdep_is_held(&nf_log_mutex)); 57 if (llog == NULL) 58 rcu_assign_pointer(nf_loggers[pf], logger); 59 } 60 61 mutex_unlock(&nf_log_mutex); 62 63 return 0; 64 } 65 EXPORT_SYMBOL(nf_log_register); 66 67 void nf_log_unregister(struct nf_logger *logger) 68 { 69 const struct nf_logger *c_logger; 70 int i; 71 72 mutex_lock(&nf_log_mutex); 73 for (i = 0; i < ARRAY_SIZE(nf_loggers); i++) { 74 c_logger = rcu_dereference_protected(nf_loggers[i], 75 lockdep_is_held(&nf_log_mutex)); 76 if (c_logger == logger) 77 rcu_assign_pointer(nf_loggers[i], NULL); 78 list_del(&logger->list[i]); 79 } 80 mutex_unlock(&nf_log_mutex); 81 82 synchronize_rcu(); 83 } 84 EXPORT_SYMBOL(nf_log_unregister); 85 86 int nf_log_bind_pf(u_int8_t pf, const struct nf_logger *logger) 87 { 88 mutex_lock(&nf_log_mutex); 89 if (__find_logger(pf, logger->name) == NULL) { 90 mutex_unlock(&nf_log_mutex); 91 return -ENOENT; 92 } 93 rcu_assign_pointer(nf_loggers[pf], logger); 94 mutex_unlock(&nf_log_mutex); 95 return 0; 96 } 97 EXPORT_SYMBOL(nf_log_bind_pf); 98 99 void nf_log_unbind_pf(u_int8_t pf) 100 { 101 mutex_lock(&nf_log_mutex); 102 rcu_assign_pointer(nf_loggers[pf], NULL); 103 mutex_unlock(&nf_log_mutex); 104 } 105 EXPORT_SYMBOL(nf_log_unbind_pf); 106 107 void nf_log_packet(u_int8_t pf, 108 unsigned int hooknum, 109 const struct sk_buff *skb, 110 const struct net_device *in, 111 const struct net_device *out, 112 const struct nf_loginfo *loginfo, 113 const char *fmt, ...) 114 { 115 va_list args; 116 char prefix[NF_LOG_PREFIXLEN]; 117 const struct nf_logger *logger; 118 119 rcu_read_lock(); 120 logger = rcu_dereference(nf_loggers[pf]); 121 if (logger) { 122 va_start(args, fmt); 123 vsnprintf(prefix, sizeof(prefix), fmt, args); 124 va_end(args); 125 logger->logfn(pf, hooknum, skb, in, out, loginfo, prefix); 126 } 127 rcu_read_unlock(); 128 } 129 EXPORT_SYMBOL(nf_log_packet); 130 131 #ifdef CONFIG_PROC_FS 132 static void *seq_start(struct seq_file *seq, loff_t *pos) 133 { 134 mutex_lock(&nf_log_mutex); 135 136 if (*pos >= ARRAY_SIZE(nf_loggers)) 137 return NULL; 138 139 return pos; 140 } 141 142 static void *seq_next(struct seq_file *s, void *v, loff_t *pos) 143 { 144 (*pos)++; 145 146 if (*pos >= ARRAY_SIZE(nf_loggers)) 147 return NULL; 148 149 return pos; 150 } 151 152 static void seq_stop(struct seq_file *s, void *v) 153 { 154 mutex_unlock(&nf_log_mutex); 155 } 156 157 static int seq_show(struct seq_file *s, void *v) 158 { 159 loff_t *pos = v; 160 const struct nf_logger *logger; 161 struct nf_logger *t; 162 int ret; 163 164 logger = nf_loggers[*pos]; 165 166 if (!logger) 167 ret = seq_printf(s, "%2lld NONE (", *pos); 168 else 169 ret = seq_printf(s, "%2lld %s (", *pos, logger->name); 170 171 if (ret < 0) 172 return ret; 173 174 list_for_each_entry(t, &nf_loggers_l[*pos], list[*pos]) { 175 ret = seq_printf(s, "%s", t->name); 176 if (ret < 0) 177 return ret; 178 if (&t->list[*pos] != nf_loggers_l[*pos].prev) { 179 ret = seq_printf(s, ","); 180 if (ret < 0) 181 return ret; 182 } 183 } 184 185 return seq_printf(s, ")\n"); 186 } 187 188 static const struct seq_operations nflog_seq_ops = { 189 .start = seq_start, 190 .next = seq_next, 191 .stop = seq_stop, 192 .show = seq_show, 193 }; 194 195 static int nflog_open(struct inode *inode, struct file *file) 196 { 197 return seq_open(file, &nflog_seq_ops); 198 } 199 200 static const struct file_operations nflog_file_ops = { 201 .owner = THIS_MODULE, 202 .open = nflog_open, 203 .read = seq_read, 204 .llseek = seq_lseek, 205 .release = seq_release, 206 }; 207 208 209 #endif /* PROC_FS */ 210 211 #ifdef CONFIG_SYSCTL 212 static struct ctl_path nf_log_sysctl_path[] = { 213 { .procname = "net", }, 214 { .procname = "netfilter", }, 215 { .procname = "nf_log", }, 216 { } 217 }; 218 219 static char nf_log_sysctl_fnames[NFPROTO_NUMPROTO-NFPROTO_UNSPEC][3]; 220 static struct ctl_table nf_log_sysctl_table[NFPROTO_NUMPROTO+1]; 221 static struct ctl_table_header *nf_log_dir_header; 222 223 static int nf_log_proc_dostring(ctl_table *table, int write, 224 void __user *buffer, size_t *lenp, loff_t *ppos) 225 { 226 const struct nf_logger *logger; 227 char buf[NFLOGGER_NAME_LEN]; 228 size_t size = *lenp; 229 int r = 0; 230 int tindex = (unsigned long)table->extra1; 231 232 if (write) { 233 if (size > sizeof(buf)) 234 size = sizeof(buf); 235 if (copy_from_user(buf, buffer, size)) 236 return -EFAULT; 237 238 if (!strcmp(buf, "NONE")) { 239 nf_log_unbind_pf(tindex); 240 return 0; 241 } 242 mutex_lock(&nf_log_mutex); 243 logger = __find_logger(tindex, buf); 244 if (logger == NULL) { 245 mutex_unlock(&nf_log_mutex); 246 return -ENOENT; 247 } 248 rcu_assign_pointer(nf_loggers[tindex], logger); 249 mutex_unlock(&nf_log_mutex); 250 } else { 251 mutex_lock(&nf_log_mutex); 252 logger = nf_loggers[tindex]; 253 if (!logger) 254 table->data = "NONE"; 255 else 256 table->data = logger->name; 257 r = proc_dostring(table, write, buffer, lenp, ppos); 258 mutex_unlock(&nf_log_mutex); 259 } 260 261 return r; 262 } 263 264 static __init int netfilter_log_sysctl_init(void) 265 { 266 int i; 267 268 for (i = NFPROTO_UNSPEC; i < NFPROTO_NUMPROTO; i++) { 269 snprintf(nf_log_sysctl_fnames[i-NFPROTO_UNSPEC], 3, "%d", i); 270 nf_log_sysctl_table[i].procname = 271 nf_log_sysctl_fnames[i-NFPROTO_UNSPEC]; 272 nf_log_sysctl_table[i].data = NULL; 273 nf_log_sysctl_table[i].maxlen = 274 NFLOGGER_NAME_LEN * sizeof(char); 275 nf_log_sysctl_table[i].mode = 0644; 276 nf_log_sysctl_table[i].proc_handler = nf_log_proc_dostring; 277 nf_log_sysctl_table[i].extra1 = (void *)(unsigned long) i; 278 } 279 280 nf_log_dir_header = register_sysctl_paths(nf_log_sysctl_path, 281 nf_log_sysctl_table); 282 if (!nf_log_dir_header) 283 return -ENOMEM; 284 285 return 0; 286 } 287 #else 288 static __init int netfilter_log_sysctl_init(void) 289 { 290 return 0; 291 } 292 #endif /* CONFIG_SYSCTL */ 293 294 int __init netfilter_log_init(void) 295 { 296 int i, r; 297 #ifdef CONFIG_PROC_FS 298 if (!proc_create("nf_log", S_IRUGO, 299 proc_net_netfilter, &nflog_file_ops)) 300 return -1; 301 #endif 302 303 /* Errors will trigger panic, unroll on error is unnecessary. */ 304 r = netfilter_log_sysctl_init(); 305 if (r < 0) 306 return r; 307 308 for (i = NFPROTO_UNSPEC; i < NFPROTO_NUMPROTO; i++) 309 INIT_LIST_HEAD(&(nf_loggers_l[i])); 310 311 return 0; 312 } 313