static void
ip6t_log_packet(unsigned int pf,
unsigned int hooknum,
const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const struct nf_loginfo *loginfo,
const char *prefix)
{
struct sbuff *m = sb_open();
if (!loginfo)
loginfo = &default_loginfo;
sb_add(m, "<%d>%sIN=%s OUT=%s ", loginfo->u.log.level,
prefix,
in ? in->name : "",
out ? out->name : "");
/* MAC logging for input path only. */
if (in && !out)
dump_mac_header(m, loginfo, skb);
dump_packet(m, loginfo, skb, skb_network_offset(skb), 1);
sb_close(m);
}
static void
ip6t_log_packet(u_int8_t pf,
unsigned int hooknum,
const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const struct nf_loginfo *loginfo,
const char *prefix)
{
struct sbuff *m;
struct net *net = dev_net(in ? in : out);
/* FIXME: Disabled from containers until syslog ns is supported */
if (!net_eq(net, &init_net))
return;
m = sb_open();
if (!loginfo)
loginfo = &default_loginfo;
log_packet_common(m, pf, hooknum, skb, in, out, loginfo, prefix);
if (in != NULL)
dump_ipv6_mac_header(m, loginfo, skb);
dump_ipv6_packet(m, loginfo, skb, skb_network_offset(skb), 1);
sb_close(m);
}
static void print_sandbox_log(char *sandbox_log)
{
int sandbox_log_file;
size_t len;
char buffer[8192];
sandbox_log_file = sb_open(sandbox_log, O_RDONLY, 0);
if (-1 == sandbox_log_file) {
sb_pwarn("could not open log file: %s", sandbox_log);
return;
}
sb_eerror("--------------------------- ACCESS VIOLATION SUMMARY ---------------------------\n");
sb_eerror("LOG FILE: \"%s\"\n", sandbox_log);
while (1) {
len = sb_read(sandbox_log_file, buffer, sizeof(buffer));
if (len == -1) {
sb_pwarn("sb_read(logfile) failed");
break;
} else if (!len)
break;
sb_eerror("\n%s", buffer);
}
sb_close(sandbox_log_file);
sb_eerror("--------------------------------------------------------------------------------\n");
}
static int open_test_file()
{
int fd;
fd = sb_open(path, O_RDWR|O_CREAT, S_IREAD|S_IWRITE);
if (fd == -1) {
error("cannot open file[%s]: %s", path, strerror(errno));
return -1;
}
return fd;
}
static void
ipt_log_packet(u_int8_t pf,
unsigned int hooknum,
const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const struct nf_loginfo *loginfo,
const char *prefix)
{
struct sbuff *m = sb_open();
if (!loginfo)
loginfo = &default_loginfo;
sb_add(m, "<%d>%sIN=%s OUT=%s ", loginfo->u.log.level,
prefix,
in ? in->name : "",
out ? out->name : "");
#ifdef CONFIG_BRIDGE_NETFILTER
if (skb->nf_bridge) {
const struct net_device *physindev;
const struct net_device *physoutdev;
physindev = skb->nf_bridge->physindev;
if (physindev && in != physindev)
sb_add(m, "PHYSIN=%s ", physindev->name);
physoutdev = skb->nf_bridge->physoutdev;
if (physoutdev && out != physoutdev)
sb_add(m, "PHYSOUT=%s ", physoutdev->name);
}
#endif
if (in && !out) {
/* MAC logging for input chain only. */
sb_add(m, "MAC=");
if (skb->dev && skb->dev->hard_header_len
&& skb->mac_header != skb->network_header) {
int i;
const unsigned char *p = skb_mac_header(skb);
for (i = 0; i < skb->dev->hard_header_len; i++,p++)
sb_add(m, "%02x%c", *p,
i==skb->dev->hard_header_len - 1
? ' ':':');
} else
sb_add(m, " ");
}
dump_packet(m, loginfo, skb, 0);
sb_close(m);
}
static void
ipt_log_packet(u_int8_t pf,
unsigned int hooknum,
const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const struct nf_loginfo *loginfo,
const char *prefix)
{
struct sbuff *m = sb_open();
if (!loginfo)
loginfo = &default_loginfo;
sb_add(m, "<%d>%sIN=%s OUT=%s ", loginfo->u.log.level,
prefix,
in ? in->name : "",
out ? out->name : "");
#ifdef CONFIG_BRIDGE_NETFILTER
if (skb->nf_bridge) {
const struct net_device *physindev;
const struct net_device *physoutdev;
physindev = skb->nf_bridge->physindev;
if (physindev && in != physindev)
sb_add(m, "PHYSIN=%s ", physindev->name);
physoutdev = skb->nf_bridge->physoutdev;
if (physoutdev && out != physoutdev)
sb_add(m, "PHYSOUT=%s ", physoutdev->name);
}
#endif
if (in != NULL)
dump_mac_header(m, loginfo, skb);
dump_packet(m, loginfo, skb, 0);
sb_close(m);
}
static void
ip6t_log_packet(u_int8_t pf,
unsigned int hooknum,
const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const struct nf_loginfo *loginfo,
const char *prefix)
{
struct sbuff *m = sb_open();
if (!loginfo)
loginfo = &default_loginfo;
log_packet_common(m, pf, hooknum, skb, in, out, loginfo, prefix);
if (in != NULL)
dump_ipv6_mac_header(m, loginfo, skb);
dump_ipv6_packet(m, loginfo, skb, skb_network_offset(skb), 1);
sb_close(m);
}
/**
* path 에 해당하는 파일을 만들고 lock을 건다.
*
* RETURN VALUE
* 생성된 파일의 fd
* 에러시 FAIL(-1)
**/
int sb_lockfile(const char *path)
{
int fd;
struct flock lock;
fd = sb_open( path, O_CREAT|O_TRUNC|O_RDWR, 0666 );
if ( fd == -1 ) {
error("lockfile[%s] open failed: %s", path, strerror(errno));
return FAIL;
}
lock.l_type = F_WRLCK;
lock.l_whence = SEEK_SET;
lock.l_start = (long)0;
lock.l_len = (long)0;
if ( fcntl( fd, F_SETLK, &lock ) != 0 ) {
error("lock failed: %s", strerror(errno));
close( fd );
return FAIL;
}
return fd;
}
