Blame view
net/netfilter/xt_AUDIT.c
3.54 KB
d2912cb15 treewide: Replace... |
1 |
// SPDX-License-Identifier: GPL-2.0-only |
43f393cae netfilter: audit ... |
2 3 4 5 6 |
/* * Creates audit record for dropped/accepted packets * * (C) 2010-2011 Thomas Graf <tgraf@redhat.com> * (C) 2010-2011 Red Hat, Inc. |
43f393cae netfilter: audit ... |
7 8 9 10 11 12 13 14 15 16 17 18 |
*/ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include <linux/audit.h> #include <linux/module.h> #include <linux/skbuff.h> #include <linux/tcp.h> #include <linux/udp.h> #include <linux/if_arp.h> #include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_AUDIT.h> |
400b871ba netfilter ebtable... |
19 |
#include <linux/netfilter_bridge/ebtables.h> |
43f393cae netfilter: audit ... |
20 21 22 23 24 25 26 27 28 29 |
#include <net/ipv6.h> #include <net/ip.h> MODULE_LICENSE("GPL"); MODULE_AUTHOR("Thomas Graf <tgraf@redhat.com>"); MODULE_DESCRIPTION("Xtables: creates audit records for dropped/accepted packets"); MODULE_ALIAS("ipt_AUDIT"); MODULE_ALIAS("ip6t_AUDIT"); MODULE_ALIAS("ebt_AUDIT"); MODULE_ALIAS("arpt_AUDIT"); |
2173c519d audit: normalize ... |
30 |
static bool audit_ip4(struct audit_buffer *ab, struct sk_buff *skb) |
43f393cae netfilter: audit ... |
31 32 33 |
{ struct iphdr _iph; const struct iphdr *ih; |
0cb88b6ff netfilter: use co... |
34 |
ih = skb_header_pointer(skb, skb_network_offset(skb), sizeof(_iph), &_iph); |
2173c519d audit: normalize ... |
35 36 |
if (!ih) return false; |
43f393cae netfilter: audit ... |
37 |
|
2173c519d audit: normalize ... |
38 39 |
audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu", &ih->saddr, &ih->daddr, ih->protocol); |
43f393cae netfilter: audit ... |
40 |
|
2173c519d audit: normalize ... |
41 |
return true; |
43f393cae netfilter: audit ... |
42 |
} |
2173c519d audit: normalize ... |
43 |
static bool audit_ip6(struct audit_buffer *ab, struct sk_buff *skb) |
43f393cae netfilter: audit ... |
44 45 46 47 |
{ struct ipv6hdr _ip6h; const struct ipv6hdr *ih; u8 nexthdr; |
75f2811c6 ipv6: Add fragmen... |
48 |
__be16 frag_off; |
43f393cae netfilter: audit ... |
49 50 |
ih = skb_header_pointer(skb, skb_network_offset(skb), sizeof(_ip6h), &_ip6h); |
2173c519d audit: normalize ... |
51 52 |
if (!ih) return false; |
43f393cae netfilter: audit ... |
53 54 |
nexthdr = ih->nexthdr; |
2173c519d audit: normalize ... |
55 |
ipv6_skip_exthdr(skb, skb_network_offset(skb) + sizeof(_ip6h), &nexthdr, &frag_off); |
43f393cae netfilter: audit ... |
56 57 58 |
audit_log_format(ab, " saddr=%pI6c daddr=%pI6c proto=%hhu", &ih->saddr, &ih->daddr, nexthdr); |
2173c519d audit: normalize ... |
59 |
return true; |
43f393cae netfilter: audit ... |
60 61 62 63 64 |
} static unsigned int audit_tg(struct sk_buff *skb, const struct xt_action_param *par) { |
43f393cae netfilter: audit ... |
65 |
struct audit_buffer *ab; |
2173c519d audit: normalize ... |
66 |
int fam = -1; |
43f393cae netfilter: audit ... |
67 |
|
f7859590d audit: eliminate ... |
68 |
if (audit_enabled == AUDIT_OFF) |
ed018fa4d netfilter: xt_AUD... |
69 |
goto errout; |
43f393cae netfilter: audit ... |
70 71 72 |
ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT); if (ab == NULL) goto errout; |
2173c519d audit: normalize ... |
73 |
audit_log_format(ab, "mark=%#x", skb->mark); |
43f393cae netfilter: audit ... |
74 |
|
613dbd957 netfilter: x_tabl... |
75 |
switch (xt_family(par)) { |
2173c519d audit: normalize ... |
76 77 78 79 80 81 82 83 84 85 |
case NFPROTO_BRIDGE: switch (eth_hdr(skb)->h_proto) { case htons(ETH_P_IP): fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1; break; case htons(ETH_P_IPV6): fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1; break; } break; |
43f393cae netfilter: audit ... |
86 |
case NFPROTO_IPV4: |
2173c519d audit: normalize ... |
87 |
fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1; |
43f393cae netfilter: audit ... |
88 |
break; |
43f393cae netfilter: audit ... |
89 |
case NFPROTO_IPV6: |
2173c519d audit: normalize ... |
90 |
fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1; |
43f393cae netfilter: audit ... |
91 92 |
break; } |
2173c519d audit: normalize ... |
93 94 |
if (fam == -1) audit_log_format(ab, " saddr=? daddr=? proto=-1"); |
131ad62d8 netfilter: add SE... |
95 |
|
43f393cae netfilter: audit ... |
96 97 98 99 100 |
audit_log_end(ab); errout: return XT_CONTINUE; } |
400b871ba netfilter ebtable... |
101 102 103 104 105 106 |
static unsigned int audit_tg_ebt(struct sk_buff *skb, const struct xt_action_param *par) { audit_tg(skb, par); return EBT_CONTINUE; } |
43f393cae netfilter: audit ... |
107 108 109 110 111 |
static int audit_tg_check(const struct xt_tgchk_param *par) { const struct xt_audit_info *info = par->targinfo; if (info->type > XT_AUDIT_TYPE_MAX) { |
b26066447 netfilter: x_tabl... |
112 113 114 |
pr_info_ratelimited("Audit type out of range (valid range: 0..%hhu) ", XT_AUDIT_TYPE_MAX); |
43f393cae netfilter: audit ... |
115 116 117 118 119 |
return -ERANGE; } return 0; } |
400b871ba netfilter ebtable... |
120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 |
static struct xt_target audit_tg_reg[] __read_mostly = { { .name = "AUDIT", .family = NFPROTO_UNSPEC, .target = audit_tg, .targetsize = sizeof(struct xt_audit_info), .checkentry = audit_tg_check, .me = THIS_MODULE, }, { .name = "AUDIT", .family = NFPROTO_BRIDGE, .target = audit_tg_ebt, .targetsize = sizeof(struct xt_audit_info), .checkentry = audit_tg_check, .me = THIS_MODULE, }, |
43f393cae netfilter: audit ... |
137 138 139 140 |
}; static int __init audit_tg_init(void) { |
400b871ba netfilter ebtable... |
141 |
return xt_register_targets(audit_tg_reg, ARRAY_SIZE(audit_tg_reg)); |
43f393cae netfilter: audit ... |
142 143 144 145 |
} static void __exit audit_tg_exit(void) { |
400b871ba netfilter ebtable... |
146 |
xt_unregister_targets(audit_tg_reg, ARRAY_SIZE(audit_tg_reg)); |
43f393cae netfilter: audit ... |
147 148 149 150 |
} module_init(audit_tg_init); module_exit(audit_tg_exit); |