static int __init log_tg_init(void)
{
int ret;
ret = xt_register_targets(log_tg_regs, ARRAY_SIZE(log_tg_regs));
if (ret < 0)
return ret;
nf_log_register(NFPROTO_IPV4, &ipt_log_logger);
#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
nf_log_register(NFPROTO_IPV6, &ip6t_log_logger);
#endif
return 0;
}
static int __init ebt_ulog_init(void)
{
int ret;
int i;
struct netlink_kernel_cfg cfg = {
.groups = EBT_ULOG_MAXNLGROUPS,
};
if (nlbufsiz >= 128*1024) {
pr_warning("Netlink buffer has to be <= 128kB,"
" please try a smaller nlbufsiz parameter.\n");
return -EINVAL;
}
/* initialize ulog_buffers */
for (i = 0; i < EBT_ULOG_MAXNLGROUPS; i++) {
setup_timer(&ulog_buffers[i].timer, ulog_timer, i);
spin_lock_init(&ulog_buffers[i].lock);
}
ebtulognl = netlink_kernel_create(&init_net, NETLINK_NFLOG, &cfg);
if (!ebtulognl)
ret = -ENOMEM;
else if ((ret = xt_register_target(&ebt_ulog_tg_reg)) != 0)
netlink_kernel_release(ebtulognl);
if (ret == 0)
nf_log_register(NFPROTO_BRIDGE, &ebt_ulog_logger);
return ret;
}
static int __init init(void)
{
int i;
DEBUGP("ipt_ULOG: init module\n");
if (nlbufsiz >= 128*1024) {
printk("Netlink buffer has to be <= 128kB\n");
return -EINVAL;
}
/* initialize ulog_buffers */
for (i = 0; i < ULOG_MAXNLGROUPS; i++) {
init_timer(&ulog_buffers[i].timer);
ulog_buffers[i].timer.function = ulog_timer;
ulog_buffers[i].timer.data = i;
}
nflognl = netlink_kernel_create(NETLINK_NFLOG, ULOG_MAXNLGROUPS, NULL,
THIS_MODULE);
if (!nflognl)
return -ENOMEM;
if (ipt_register_target(&ipt_ulog_reg) != 0) {
sock_release(nflognl->sk_socket);
return -EINVAL;
}
if (nflog)
nf_log_register(PF_INET, &ipt_ulog_logger);
return 0;
}
static int __init ebt_ulog_init(void)
{
int i, ret = 0;
if (nlbufsiz >= 128*1024) {
printk(KERN_NOTICE "ebt_ulog: Netlink buffer has to be <= 128kB,"
" please try a smaller nlbufsiz parameter.\n");
return -EINVAL;
}
/* initialize ulog_buffers */
for (i = 0; i < EBT_ULOG_MAXNLGROUPS; i++) {
setup_timer(&ulog_buffers[i].timer, ulog_timer, i);
spin_lock_init(&ulog_buffers[i].lock);
}
ebtulognl = netlink_kernel_create(NETLINK_NFLOG, EBT_ULOG_MAXNLGROUPS,
NULL, NULL, THIS_MODULE);
if (!ebtulognl)
ret = -ENOMEM;
else if ((ret = ebt_register_watcher(&ulog)))
sock_release(ebtulognl->sk_socket);
if (nf_log_register(PF_BRIDGE, &ebt_ulog_logger) < 0) {
printk(KERN_WARNING "ebt_ulog: not logging via ulog "
"since somebody else already registered for PF_BRIDGE\n");
/* we cannot make module load fail here, since otherwise
* ebtables userspace would abort */
}
return ret;
}
static int __init ebt_ulog_init(void)
{
int i, ret = 0;
if (nlbufsiz >= 128*1024) {
printk(KERN_NOTICE "ebt_ulog: Netlink buffer has to be <= 128kB,"
" please try a smaller nlbufsiz parameter.\n");
return -EINVAL;
}
/* initialize ulog_buffers */
for (i = 0; i < EBT_ULOG_MAXNLGROUPS; i++) {
setup_timer(&ulog_buffers[i].timer, ulog_timer, i);
spin_lock_init(&ulog_buffers[i].lock);
}
ebtulognl = netlink_kernel_create(NETLINK_NFLOG, EBT_ULOG_MAXNLGROUPS,
NULL, NULL, THIS_MODULE);
if (!ebtulognl)
ret = -ENOMEM;
else if ((ret = ebt_register_watcher(&ulog)))
sock_release(ebtulognl->sk_socket);
if (ret == 0)
nf_log_register(PF_BRIDGE, &ebt_ulog_logger);
return ret;
}
static int __init ebt_ulog_init(void)
{
int ret;
if (nlbufsiz >= 128*1024) {
pr_warn("Netlink buffer has to be <= 128kB,"
"please try a smaller nlbufsiz parameter.\n");
return -EINVAL;
}
ret = register_pernet_subsys(&ebt_ulog_net_ops);
if (ret)
goto out_pernet;
ret = xt_register_target(&ebt_ulog_tg_reg);
if (ret)
goto out_target;
nf_log_register(NFPROTO_BRIDGE, &ebt_ulog_logger);
return 0;
out_target:
unregister_pernet_subsys(&ebt_ulog_net_ops);
out_pernet:
return ret;
}
static int __init ebt_log_init(void)
{
int ret;
ret = ebt_register_watcher(&log);
if (ret < 0)
return ret;
nf_log_register(PF_BRIDGE, &ebt_log_logger);
return 0;
}
static int __init ipt_log_init(void)
{
int ret;
ret = xt_register_target(&ipt_log_reg);
if (ret < 0)
return ret;
nf_log_register(PF_INET, &ipt_log_logger);
return 0;
}
static int __init log_tg6_init(void)
{
int ret;
ret = xt_register_target(&log_tg6_reg);
if (ret < 0)
return ret;
nf_log_register(PF_INET6, &ip6t_logger);
return 0;
}
static int __init ebt_log_init(void)
{
int ret;
ret = xt_register_target(&ebt_log_tg_reg);
if (ret < 0)
return ret;
nf_log_register(NFPROTO_BRIDGE, &ebt_log_logger);
return 0;
}
static int __init log_tg_init(void)
{
int ret;
ret = xt_register_target(&log_tg_reg);
if (ret < 0)
return ret;
nf_log_register(NFPROTO_IPV4, &ipt_log_logger);
return 0;
}
static int __init nf_log_arp_init(void)
{
int ret;
ret = register_pernet_subsys(&nf_log_arp_net_ops);
if (ret < 0)
return ret;
nf_log_register(NFPROTO_ARP, &nf_arp_logger);
return 0;
}
static int __init ip6t_log_init(void)
{
int ret;
ret = xt_register_target(&ip6t_log_reg);
if (ret < 0)
return ret;
ret = nf_log_register(PF_INET6, &ip6t_logger);
if (ret < 0 && ret != -EEXIST)
xt_unregister_target(&ip6t_log_reg);
return ret;
}
static int __init init(void)
{
if (ipt_register_target(&ipt_log_reg))
return -EINVAL;
if (nf_log_register(PF_INET, &ipt_log_logger) < 0) {
printk(KERN_WARNING "ipt_LOG: not logging via system console "
"since somebody else already registered for PF_INET\n");
/* we cannot make module load fail here, since otherwise
* iptables userspace would abort */
}
return 0;
}
static int __init log_tg_init(void)
{
int ret;
ret = register_pernet_subsys(&log_net_ops);
if (ret < 0)
goto err_pernet;
ret = xt_register_targets(log_tg_regs, ARRAY_SIZE(log_tg_regs));
if (ret < 0)
goto err_target;
nf_log_register(NFPROTO_IPV4, &ipt_log_logger);
#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
nf_log_register(NFPROTO_IPV6, &ip6t_log_logger);
#endif
return 0;
err_target:
unregister_pernet_subsys(&log_net_ops);
err_pernet:
return ret;
}
static int __init nf_log_bridge_init(void)
{
int ret;
/* Request to load the real packet loggers. */
nf_logger_request_module(NFPROTO_IPV4, NF_LOG_TYPE_LOG);
nf_logger_request_module(NFPROTO_IPV6, NF_LOG_TYPE_LOG);
nf_logger_request_module(NFPROTO_ARP, NF_LOG_TYPE_LOG);
ret = register_pernet_subsys(&nf_log_bridge_net_ops);
if (ret < 0)
return ret;
nf_log_register(NFPROTO_BRIDGE, &nf_bridge_logger);
return 0;
}
static int __init ebt_log_init(void)
{
int ret;
ret = ebt_register_watcher(&log);
if (ret < 0)
return ret;
if (nf_log_register(PF_BRIDGE, &ebt_log_logger) < 0) {
printk(KERN_WARNING "ebt_log: not logging via system console "
"since somebody else already registered for PF_INET\n");
/* we cannot make module load fail here, since otherwise
* ebtables userspace would abort */
}
return 0;
}
static int __init nf_log_arp_init(void)
{
int ret;
ret = register_pernet_subsys(&nf_log_arp_net_ops);
if (ret < 0)
return ret;
ret = nf_log_register(NFPROTO_ARP, &nf_arp_logger);
if (ret < 0) {
pr_err("failed to register logger\n");
goto err1;
}
return 0;
err1:
unregister_pernet_subsys(&nf_log_arp_net_ops);
return ret;
}
static int __init ipt_log_init(void)
{
int ret;
struct proc_dir_entry *proc;
ret = xt_register_target(&ipt_log_reg);
if (ret < 0)
return ret;
proc = create_proc_entry(STAT_PROC_FS_NAME, 0, init_net.proc_net);
if (proc) {
proc->owner = THIS_MODULE;
proc->proc_fops = &ip_syslogstat_proc_fops;
} else {
printk(KERN_ERR "ip_SYSLOG: failed to create proc entry\n");
goto cleanup_target;
}
ret = syslog_connect(&sl_socket);
if (ret < 0)
{
if (ret == -ECONNREFUSED)
{
timer.expires = jiffies + msecs_to_jiffies(reconnect_freq);
add_timer(&timer);
}
else
goto cleanup_proc;
}
nf_log_register(PF_INET, &ipt_log_logger);
return 0;
cleanup_proc:
proc_net_remove(&init_net, STAT_PROC_FS_NAME);
cleanup_target:
xt_unregister_target(&ipt_log_reg);
return ret;
}
static void
ip6t_logfn(unsigned int hooknum,
const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const char *prefix)
{
struct ip6t_log_info loginfo = {
.level = 0,
.logflags = IP6T_LOG_MASK,
.prefix = ""
};
ip6t_log_packet(hooknum, skb, in, out, &loginfo, KERN_WARNING, prefix);
}
static int ip6t_log_checkentry(const char *tablename,
const struct ip6t_entry *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)
{
const struct ip6t_log_info *loginfo = targinfo;
if (targinfosize != IP6T_ALIGN(sizeof(struct ip6t_log_info))) {
DEBUGP("LOG: targinfosize %u != %u\n",
targinfosize, IP6T_ALIGN(sizeof(struct ip6t_log_info)));
return 0;
}
if (loginfo->level >= 8) {
DEBUGP("LOG: level %u >= 8\n", loginfo->level);
return 0;
}
if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
DEBUGP("LOG: prefix term %i\n",
loginfo->prefix[sizeof(loginfo->prefix)-1]);
return 0;
}
return 1;
}
static struct ip6t_target ip6t_log_reg = {
.name = "LOG",
.target = ip6t_log_target,
.checkentry = ip6t_log_checkentry,
.me = THIS_MODULE,
};
static int __init init(void)
{
if (ip6t_register_target(&ip6t_log_reg))
return -EINVAL;
if (nflog)
nf_log_register(PF_INET6, &ip6t_logfn);
return 0;
}
static void __exit fini(void)
{
if (nflog)
nf_log_unregister(PF_INET6, &ip6t_logfn);
ip6t_unregister_target(&ip6t_log_reg);
}
module_init(init);
module_exit(fini);
static void ipt_logfn(unsigned int hooknum,
const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const char *prefix)
{
struct ipt_ulog_info loginfo = {
.nl_group = ULOG_DEFAULT_NLGROUP,
.copy_range = 0,
.qthreshold = ULOG_DEFAULT_QTHRESHOLD,
.prefix = ""
};
ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
}
static int ipt_ulog_checkentry(const char *tablename,
const struct ipt_entry *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hookmask)
{
struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ulog_info))) {
DEBUGP("ipt_ULOG: targinfosize %u != 0\n", targinfosize);
return 0;
}
if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') {
DEBUGP("ipt_ULOG: prefix term %i\n",
loginfo->prefix[sizeof(loginfo->prefix) - 1]);
return 0;
}
if (loginfo->qthreshold > ULOG_MAX_QLEN) {
DEBUGP("ipt_ULOG: queue threshold %i > MAX_QLEN\n",
loginfo->qthreshold);
return 0;
}
return 1;
}
static struct ipt_target ipt_ulog_reg = {
.name = "ULOG",
.target = ipt_ulog_target,
.checkentry = ipt_ulog_checkentry,
.me = THIS_MODULE,
};
static int __init init(void)
{
int i;
DEBUGP("ipt_ULOG: init module\n");
if (nlbufsiz >= 128*1024) {
printk("Netlink buffer has to be <= 128kB\n");
return -EINVAL;
}
/* initialize ulog_buffers */
for (i = 0; i < ULOG_MAXNLGROUPS; i++) {
init_timer(&ulog_buffers[i].timer);
ulog_buffers[i].timer.function = ulog_timer;
ulog_buffers[i].timer.data = i;
}
nflognl = netlink_kernel_create(NETLINK_NFLOG, NULL);
if (!nflognl)
return -ENOMEM;
if (ipt_register_target(&ipt_ulog_reg) != 0) {
sock_release(nflognl->sk_socket);
return -EINVAL;
}
if (nflog)
nf_log_register(PF_INET, &ipt_logfn);
return 0;
}
static void __exit fini(void)
{
ulog_buff_t *ub;
int i;
DEBUGP("ipt_ULOG: cleanup_module\n");
if (nflog)
nf_log_unregister(PF_INET, &ipt_logfn);
ipt_unregister_target(&ipt_ulog_reg);
sock_release(nflognl->sk_socket);
/* remove pending timers and free allocated skb's */
for (i = 0; i < ULOG_MAXNLGROUPS; i++) {
ub = &ulog_buffers[i];
if (timer_pending(&ub->timer)) {
DEBUGP("timer was pending, deleting\n");
del_timer(&ub->timer);
}
if (ub->skb) {
kfree_skb(ub->skb);
ub->skb = NULL;
}
}
}
