8194371c4d
[ Upstream commit 0d9826bc18ce356e8909919ad681ad65d0a6061e ]
Dump vlan tag and proto for the usual vlan offload case if the
NF_LOG_MACDECODE flag is set on. Without this information the logging is
misleading as there is no reference to the VLAN header.
[12716.993704] test: IN=veth0 OUT= MACSRC=86:6c:92:ea:d6:73 MACDST=0e:3b:eb:86:73:76 VPROTO=8100 VID=10 MACPROTO=0800 SRC=192.168.10.2 DST=172.217.168.163 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=2548 DF PROTO=TCP SPT=55848 DPT=80 WINDOW=501 RES=0x00 ACK FIN URGP=0
[12721.157643] test: IN=veth0 OUT= MACSRC=86:6c:92:ea:d6:73 MACDST=0e:3b:eb:86:73:76 VPROTO=8100 VID=10 MACPROTO=0806 ARP HTYPE=1 PTYPE=0x0800 OPCODE=2 MACSRC=86:6c:92:ea:d6:73 IPSRC=192.168.10.2 MACDST=0e:3b:eb:86:73:76 IPDST=192.168.10.1
Fixes: 83e96d443b
("netfilter: log: split family specific code to nf_log_{ip,ip6,common}.c files")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
127 lines
3.7 KiB
C
127 lines
3.7 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _NF_LOG_H
|
|
#define _NF_LOG_H
|
|
|
|
#include <linux/netfilter.h>
|
|
#include <linux/netfilter/nf_log.h>
|
|
|
|
/* Log tcp sequence, tcp options, ip options and uid owning local socket */
|
|
#define NF_LOG_DEFAULT_MASK 0x0f
|
|
|
|
/* This flag indicates that copy_len field in nf_loginfo is set */
|
|
#define NF_LOG_F_COPY_LEN 0x1
|
|
|
|
enum nf_log_type {
|
|
NF_LOG_TYPE_LOG = 0,
|
|
NF_LOG_TYPE_ULOG,
|
|
NF_LOG_TYPE_MAX
|
|
};
|
|
|
|
struct nf_loginfo {
|
|
u_int8_t type;
|
|
union {
|
|
struct {
|
|
/* copy_len will be used iff you set
|
|
* NF_LOG_F_COPY_LEN in flags
|
|
*/
|
|
u_int32_t copy_len;
|
|
u_int16_t group;
|
|
u_int16_t qthreshold;
|
|
u_int16_t flags;
|
|
} ulog;
|
|
struct {
|
|
u_int8_t level;
|
|
u_int8_t logflags;
|
|
} log;
|
|
} u;
|
|
};
|
|
|
|
typedef void nf_logfn(struct net *net,
|
|
u_int8_t pf,
|
|
unsigned int hooknum,
|
|
const struct sk_buff *skb,
|
|
const struct net_device *in,
|
|
const struct net_device *out,
|
|
const struct nf_loginfo *li,
|
|
const char *prefix);
|
|
|
|
struct nf_logger {
|
|
char *name;
|
|
enum nf_log_type type;
|
|
nf_logfn *logfn;
|
|
struct module *me;
|
|
};
|
|
|
|
/* sysctl_nf_log_all_netns - allow LOG target in all network namespaces */
|
|
extern int sysctl_nf_log_all_netns;
|
|
|
|
/* Function to register/unregister log function. */
|
|
int nf_log_register(u_int8_t pf, struct nf_logger *logger);
|
|
void nf_log_unregister(struct nf_logger *logger);
|
|
|
|
int nf_log_set(struct net *net, u_int8_t pf, const struct nf_logger *logger);
|
|
void nf_log_unset(struct net *net, const struct nf_logger *logger);
|
|
|
|
int nf_log_bind_pf(struct net *net, u_int8_t pf,
|
|
const struct nf_logger *logger);
|
|
void nf_log_unbind_pf(struct net *net, u_int8_t pf);
|
|
|
|
int nf_logger_find_get(int pf, enum nf_log_type type);
|
|
void nf_logger_put(int pf, enum nf_log_type type);
|
|
void nf_logger_request_module(int pf, enum nf_log_type type);
|
|
|
|
#define MODULE_ALIAS_NF_LOGGER(family, type) \
|
|
MODULE_ALIAS("nf-logger-" __stringify(family) "-" __stringify(type))
|
|
|
|
/* Calls the registered backend logging function */
|
|
__printf(8, 9)
|
|
void nf_log_packet(struct net *net,
|
|
u_int8_t pf,
|
|
unsigned int hooknum,
|
|
const struct sk_buff *skb,
|
|
const struct net_device *in,
|
|
const struct net_device *out,
|
|
const struct nf_loginfo *li,
|
|
const char *fmt, ...);
|
|
|
|
__printf(8, 9)
|
|
void nf_log_trace(struct net *net,
|
|
u_int8_t pf,
|
|
unsigned int hooknum,
|
|
const struct sk_buff *skb,
|
|
const struct net_device *in,
|
|
const struct net_device *out,
|
|
const struct nf_loginfo *li,
|
|
const char *fmt, ...);
|
|
|
|
struct nf_log_buf;
|
|
|
|
struct nf_log_buf *nf_log_buf_open(void);
|
|
__printf(2, 3) int nf_log_buf_add(struct nf_log_buf *m, const char *f, ...);
|
|
void nf_log_buf_close(struct nf_log_buf *m);
|
|
|
|
/* common logging functions */
|
|
int nf_log_dump_udp_header(struct nf_log_buf *m, const struct sk_buff *skb,
|
|
u8 proto, int fragment, unsigned int offset);
|
|
int nf_log_dump_tcp_header(struct nf_log_buf *m, const struct sk_buff *skb,
|
|
u8 proto, int fragment, unsigned int offset,
|
|
unsigned int logflags);
|
|
void nf_log_dump_sk_uid_gid(struct net *net, struct nf_log_buf *m,
|
|
struct sock *sk);
|
|
void nf_log_dump_vlan(struct nf_log_buf *m, const struct sk_buff *skb);
|
|
void nf_log_dump_packet_common(struct nf_log_buf *m, u_int8_t pf,
|
|
unsigned int hooknum, const struct sk_buff *skb,
|
|
const struct net_device *in,
|
|
const struct net_device *out,
|
|
const struct nf_loginfo *loginfo,
|
|
const char *prefix);
|
|
void nf_log_l2packet(struct net *net, u_int8_t pf,
|
|
__be16 protocol,
|
|
unsigned int hooknum,
|
|
const struct sk_buff *skb,
|
|
const struct net_device *in,
|
|
const struct net_device *out,
|
|
const struct nf_loginfo *loginfo, const char *prefix);
|
|
|
|
#endif /* _NF_LOG_H */
|