Pablo Neira Ayuso | 960649d | 2014-06-23 00:28:18 +0200 | [diff] [blame] | 1 | /* |
| 2 | * (C) 2014 by Pablo Neira Ayuso <pablo@netfilter.org> |
| 3 | * |
| 4 | * This program is free software; you can redistribute it and/or modify |
| 5 | * it under the terms of the GNU General Public License version 2 as |
| 6 | * published by the Free Software Foundation. |
| 7 | */ |
| 8 | |
| 9 | #include <linux/module.h> |
| 10 | #include <linux/spinlock.h> |
| 11 | #include <linux/skbuff.h> |
| 12 | #include <linux/if_bridge.h> |
| 13 | #include <linux/ip.h> |
| 14 | #include <net/route.h> |
| 15 | |
| 16 | #include <linux/netfilter.h> |
| 17 | #include <net/netfilter/nf_log.h> |
| 18 | |
| 19 | static void nf_log_bridge_packet(struct net *net, u_int8_t pf, |
| 20 | unsigned int hooknum, |
| 21 | const struct sk_buff *skb, |
| 22 | const struct net_device *in, |
| 23 | const struct net_device *out, |
| 24 | const struct nf_loginfo *loginfo, |
| 25 | const char *prefix) |
| 26 | { |
| 27 | switch (eth_hdr(skb)->h_proto) { |
| 28 | case htons(ETH_P_IP): |
| 29 | nf_log_packet(net, NFPROTO_IPV4, hooknum, skb, in, out, |
| 30 | loginfo, "%s", prefix); |
| 31 | break; |
| 32 | case htons(ETH_P_IPV6): |
| 33 | nf_log_packet(net, NFPROTO_IPV6, hooknum, skb, in, out, |
| 34 | loginfo, "%s", prefix); |
| 35 | break; |
| 36 | case htons(ETH_P_ARP): |
| 37 | case htons(ETH_P_RARP): |
| 38 | nf_log_packet(net, NFPROTO_ARP, hooknum, skb, in, out, |
| 39 | loginfo, "%s", prefix); |
| 40 | break; |
| 41 | } |
| 42 | } |
| 43 | |
| 44 | static struct nf_logger nf_bridge_logger __read_mostly = { |
| 45 | .name = "nf_log_bridge", |
| 46 | .type = NF_LOG_TYPE_LOG, |
| 47 | .logfn = nf_log_bridge_packet, |
| 48 | .me = THIS_MODULE, |
| 49 | }; |
| 50 | |
| 51 | static int __net_init nf_log_bridge_net_init(struct net *net) |
| 52 | { |
Gao Feng | 779994f | 2016-08-29 18:25:28 +0800 | [diff] [blame] | 53 | return nf_log_set(net, NFPROTO_BRIDGE, &nf_bridge_logger); |
Pablo Neira Ayuso | 960649d | 2014-06-23 00:28:18 +0200 | [diff] [blame] | 54 | } |
| 55 | |
| 56 | static void __net_exit nf_log_bridge_net_exit(struct net *net) |
| 57 | { |
| 58 | nf_log_unset(net, &nf_bridge_logger); |
| 59 | } |
| 60 | |
| 61 | static struct pernet_operations nf_log_bridge_net_ops = { |
| 62 | .init = nf_log_bridge_net_init, |
| 63 | .exit = nf_log_bridge_net_exit, |
| 64 | }; |
| 65 | |
| 66 | static int __init nf_log_bridge_init(void) |
| 67 | { |
| 68 | int ret; |
| 69 | |
| 70 | /* Request to load the real packet loggers. */ |
| 71 | nf_logger_request_module(NFPROTO_IPV4, NF_LOG_TYPE_LOG); |
| 72 | nf_logger_request_module(NFPROTO_IPV6, NF_LOG_TYPE_LOG); |
| 73 | nf_logger_request_module(NFPROTO_ARP, NF_LOG_TYPE_LOG); |
| 74 | |
| 75 | ret = register_pernet_subsys(&nf_log_bridge_net_ops); |
| 76 | if (ret < 0) |
| 77 | return ret; |
| 78 | |
| 79 | nf_log_register(NFPROTO_BRIDGE, &nf_bridge_logger); |
| 80 | return 0; |
| 81 | } |
| 82 | |
| 83 | static void __exit nf_log_bridge_exit(void) |
| 84 | { |
| 85 | unregister_pernet_subsys(&nf_log_bridge_net_ops); |
| 86 | nf_log_unregister(&nf_bridge_logger); |
| 87 | } |
| 88 | |
| 89 | module_init(nf_log_bridge_init); |
| 90 | module_exit(nf_log_bridge_exit); |
| 91 | |
| 92 | MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>"); |
| 93 | MODULE_DESCRIPTION("Netfilter bridge packet logging"); |
| 94 | MODULE_LICENSE("GPL"); |
| 95 | MODULE_ALIAS_NF_LOGGER(AF_BRIDGE, 0); |