Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
ipt_ULOG.c
Go to the documentation of this file.
1 /*
2  * netfilter module for userspace packet logging daemons
3  *
4  * (C) 2000-2004 by Harald Welte <[email protected]>
5  * (C) 1999-2001 Paul `Rusty' Russell
6  * (C) 2002-2004 Netfilter Core Team <[email protected]>
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License version 2 as
10  * published by the Free Software Foundation.
11  *
12  * This module accepts two parameters:
13  *
14  * nlbufsiz:
15  * The parameter specifies how big the buffer for each netlink multicast
16  * group is. e.g. If you say nlbufsiz=8192, up to eight kb of packets will
17  * get accumulated in the kernel until they are sent to userspace. It is
18  * NOT possible to allocate more than 128kB, and it is strongly discouraged,
19  * because atomically allocating 128kB inside the network rx softirq is not
20  * reliable. Please also keep in mind that this buffer size is allocated for
21  * each nlgroup you are using, so the total kernel memory usage increases
22  * by that factor.
23  *
24  * Actually you should use nlbufsiz a bit smaller than PAGE_SIZE, since
25  * nlbufsiz is used with alloc_skb, which adds another
26  * sizeof(struct skb_shared_info). Use NLMSG_GOODSIZE instead.
27  *
28  * flushtimeout:
29  * Specify, after how many hundredths of a second the queue should be
30  * flushed even if it is not full yet.
31  */
32 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
33 #include <linux/module.h>
34 #include <linux/spinlock.h>
35 #include <linux/socket.h>
36 #include <linux/slab.h>
37 #include <linux/skbuff.h>
38 #include <linux/kernel.h>
39 #include <linux/timer.h>
40 #include <linux/netlink.h>
41 #include <linux/netdevice.h>
42 #include <linux/mm.h>
43 #include <linux/moduleparam.h>
44 #include <linux/netfilter.h>
45 #include <linux/netfilter/x_tables.h>
46 #include <linux/netfilter_ipv4/ipt_ULOG.h>
47 #include <net/netfilter/nf_log.h>
48 #include <net/sock.h>
49 #include <linux/bitops.h>
50 #include <asm/unaligned.h>
51 
52 MODULE_LICENSE("GPL");
53 MODULE_AUTHOR("Harald Welte <[email protected]>");
54 MODULE_DESCRIPTION("Xtables: packet logging to netlink using ULOG");
55 MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_NFLOG);
56 
57 #define ULOG_NL_EVENT 111 /* Harald's favorite number */
58 #define ULOG_MAXNLGROUPS 32 /* numer of nlgroups */
59 
60 static unsigned int nlbufsiz = NLMSG_GOODSIZE;
61 module_param(nlbufsiz, uint, 0400);
62 MODULE_PARM_DESC(nlbufsiz, "netlink buffer size");
63 
64 static unsigned int flushtimeout = 10;
65 module_param(flushtimeout, uint, 0600);
66 MODULE_PARM_DESC(flushtimeout, "buffer flush timeout (hundredths of a second)");
67 
68 static bool nflog = true;
69 module_param(nflog, bool, 0400);
70 MODULE_PARM_DESC(nflog, "register as internal netfilter logging module");
71 
72 /* global data structures */
73 
74 typedef struct {
75  unsigned int qlen; /* number of nlmsgs' in the skb */
76  struct nlmsghdr *lastnlh; /* netlink header of last msg in skb */
77  struct sk_buff *skb; /* the pre-allocated skb */
78  struct timer_list timer; /* the timer function */
79 } ulog_buff_t;
80 
81 static ulog_buff_t ulog_buffers[ULOG_MAXNLGROUPS]; /* array of buffers */
82 
83 static struct sock *nflognl; /* our socket */
84 static DEFINE_SPINLOCK(ulog_lock); /* spinlock */
85 
86 /* send one ulog_buff_t to userspace */
87 static void ulog_send(unsigned int nlgroupnum)
88 {
89  ulog_buff_t *ub = &ulog_buffers[nlgroupnum];
90 
91  if (timer_pending(&ub->timer)) {
92  pr_debug("ulog_send: timer was pending, deleting\n");
93  del_timer(&ub->timer);
94  }
95 
96  if (!ub->skb) {
97  pr_debug("ulog_send: nothing to send\n");
98  return;
99  }
100 
101  /* last nlmsg needs NLMSG_DONE */
102  if (ub->qlen > 1)
103  ub->lastnlh->nlmsg_type = NLMSG_DONE;
104 
105  NETLINK_CB(ub->skb).dst_group = nlgroupnum + 1;
106  pr_debug("throwing %d packets to netlink group %u\n",
107  ub->qlen, nlgroupnum + 1);
108  netlink_broadcast(nflognl, ub->skb, 0, nlgroupnum + 1, GFP_ATOMIC);
109 
110  ub->qlen = 0;
111  ub->skb = NULL;
112  ub->lastnlh = NULL;
113 }
114 
115 
116 /* timer function to flush queue in flushtimeout time */
117 static void ulog_timer(unsigned long data)
118 {
119  pr_debug("timer function called, calling ulog_send\n");
120 
121  /* lock to protect against somebody modifying our structure
122  * from ipt_ulog_target at the same time */
123  spin_lock_bh(&ulog_lock);
124  ulog_send(data);
125  spin_unlock_bh(&ulog_lock);
126 }
127 
128 static struct sk_buff *ulog_alloc_skb(unsigned int size)
129 {
130  struct sk_buff *skb;
131  unsigned int n;
132 
133  /* alloc skb which should be big enough for a whole
134  * multipart message. WARNING: has to be <= 131000
135  * due to slab allocator restrictions */
136 
137  n = max(size, nlbufsiz);
138  skb = alloc_skb(n, GFP_ATOMIC | __GFP_NOWARN);
139  if (!skb) {
140  if (n > size) {
141  /* try to allocate only as much as we need for
142  * current packet */
143 
144  skb = alloc_skb(size, GFP_ATOMIC);
145  if (!skb)
146  pr_debug("cannot even allocate %ub\n", size);
147  }
148  }
149 
150  return skb;
151 }
152 
153 static void ipt_ulog_packet(unsigned int hooknum,
154  const struct sk_buff *skb,
155  const struct net_device *in,
156  const struct net_device *out,
157  const struct ipt_ulog_info *loginfo,
158  const char *prefix)
159 {
160  ulog_buff_t *ub;
161  ulog_packet_msg_t *pm;
162  size_t size, copy_len;
163  struct nlmsghdr *nlh;
164  struct timeval tv;
165 
166  /* ffs == find first bit set, necessary because userspace
167  * is already shifting groupnumber, but we need unshifted.
168  * ffs() returns [1..32], we need [0..31] */
169  unsigned int groupnum = ffs(loginfo->nl_group) - 1;
170 
171  /* calculate the size of the skb needed */
172  if (loginfo->copy_range == 0 || loginfo->copy_range > skb->len)
173  copy_len = skb->len;
174  else
175  copy_len = loginfo->copy_range;
176 
177  size = NLMSG_SPACE(sizeof(*pm) + copy_len);
178 
179  ub = &ulog_buffers[groupnum];
180 
181  spin_lock_bh(&ulog_lock);
182 
183  if (!ub->skb) {
184  if (!(ub->skb = ulog_alloc_skb(size)))
185  goto alloc_failure;
186  } else if (ub->qlen >= loginfo->qthreshold ||
187  size > skb_tailroom(ub->skb)) {
188  /* either the queue len is too high or we don't have
189  * enough room in nlskb left. send it to userspace. */
190 
191  ulog_send(groupnum);
192 
193  if (!(ub->skb = ulog_alloc_skb(size)))
194  goto alloc_failure;
195  }
196 
197  pr_debug("qlen %d, qthreshold %Zu\n", ub->qlen, loginfo->qthreshold);
198 
199  nlh = nlmsg_put(ub->skb, 0, ub->qlen, ULOG_NL_EVENT,
200  sizeof(*pm)+copy_len, 0);
201  if (!nlh) {
202  pr_debug("error during nlmsg_put\n");
203  goto out_unlock;
204  }
205  ub->qlen++;
206 
207  pm = nlmsg_data(nlh);
208 
209  /* We might not have a timestamp, get one */
210  if (skb->tstamp.tv64 == 0)
211  __net_timestamp((struct sk_buff *)skb);
212 
213  /* copy hook, prefix, timestamp, payload, etc. */
214  pm->data_len = copy_len;
215  tv = ktime_to_timeval(skb->tstamp);
216  put_unaligned(tv.tv_sec, &pm->timestamp_sec);
217  put_unaligned(tv.tv_usec, &pm->timestamp_usec);
218  put_unaligned(skb->mark, &pm->mark);
219  pm->hook = hooknum;
220  if (prefix != NULL)
221  strncpy(pm->prefix, prefix, sizeof(pm->prefix));
222  else if (loginfo->prefix[0] != '\0')
223  strncpy(pm->prefix, loginfo->prefix, sizeof(pm->prefix));
224  else
225  *(pm->prefix) = '\0';
226 
227  if (in && in->hard_header_len > 0 &&
228  skb->mac_header != skb->network_header &&
229  in->hard_header_len <= ULOG_MAC_LEN) {
230  memcpy(pm->mac, skb_mac_header(skb), in->hard_header_len);
231  pm->mac_len = in->hard_header_len;
232  } else
233  pm->mac_len = 0;
234 
235  if (in)
236  strncpy(pm->indev_name, in->name, sizeof(pm->indev_name));
237  else
238  pm->indev_name[0] = '\0';
239 
240  if (out)
241  strncpy(pm->outdev_name, out->name, sizeof(pm->outdev_name));
242  else
243  pm->outdev_name[0] = '\0';
244 
245  /* copy_len <= skb->len, so can't fail. */
246  if (skb_copy_bits(skb, 0, pm->payload, copy_len) < 0)
247  BUG();
248 
249  /* check if we are building multi-part messages */
250  if (ub->qlen > 1)
251  ub->lastnlh->nlmsg_flags |= NLM_F_MULTI;
252 
253  ub->lastnlh = nlh;
254 
255  /* if timer isn't already running, start it */
256  if (!timer_pending(&ub->timer)) {
257  ub->timer.expires = jiffies + flushtimeout * HZ / 100;
258  add_timer(&ub->timer);
259  }
260 
261  /* if threshold is reached, send message to userspace */
262  if (ub->qlen >= loginfo->qthreshold) {
263  if (loginfo->qthreshold > 1)
264  nlh->nlmsg_type = NLMSG_DONE;
265  ulog_send(groupnum);
266  }
267 out_unlock:
268  spin_unlock_bh(&ulog_lock);
269 
270  return;
271 
272 alloc_failure:
273  pr_debug("Error building netlink message\n");
274  spin_unlock_bh(&ulog_lock);
275 }
276 
277 static unsigned int
278 ulog_tg(struct sk_buff *skb, const struct xt_action_param *par)
279 {
280  ipt_ulog_packet(par->hooknum, skb, par->in, par->out,
281  par->targinfo, NULL);
282  return XT_CONTINUE;
283 }
284 
285 static void ipt_logfn(u_int8_t pf,
286  unsigned int hooknum,
287  const struct sk_buff *skb,
288  const struct net_device *in,
289  const struct net_device *out,
290  const struct nf_loginfo *li,
291  const char *prefix)
292 {
293  struct ipt_ulog_info loginfo;
294 
295  if (!li || li->type != NF_LOG_TYPE_ULOG) {
296  loginfo.nl_group = ULOG_DEFAULT_NLGROUP;
297  loginfo.copy_range = 0;
298  loginfo.qthreshold = ULOG_DEFAULT_QTHRESHOLD;
299  loginfo.prefix[0] = '\0';
300  } else {
301  loginfo.nl_group = li->u.ulog.group;
302  loginfo.copy_range = li->u.ulog.copy_len;
303  loginfo.qthreshold = li->u.ulog.qthreshold;
304  strlcpy(loginfo.prefix, prefix, sizeof(loginfo.prefix));
305  }
306 
307  ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
308 }
309 
310 static int ulog_tg_check(const struct xt_tgchk_param *par)
311 {
312  const struct ipt_ulog_info *loginfo = par->targinfo;
313 
314  if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') {
315  pr_debug("prefix not null-terminated\n");
316  return -EINVAL;
317  }
318  if (loginfo->qthreshold > ULOG_MAX_QLEN) {
319  pr_debug("queue threshold %Zu > MAX_QLEN\n",
320  loginfo->qthreshold);
321  return -EINVAL;
322  }
323  return 0;
324 }
325 
326 #ifdef CONFIG_COMPAT
327 struct compat_ipt_ulog_info {
328  compat_uint_t nl_group;
329  compat_size_t copy_range;
330  compat_size_t qthreshold;
331  char prefix[ULOG_PREFIX_LEN];
332 };
333 
334 static void ulog_tg_compat_from_user(void *dst, const void *src)
335 {
336  const struct compat_ipt_ulog_info *cl = src;
337  struct ipt_ulog_info l = {
338  .nl_group = cl->nl_group,
339  .copy_range = cl->copy_range,
340  .qthreshold = cl->qthreshold,
341  };
342 
343  memcpy(l.prefix, cl->prefix, sizeof(l.prefix));
344  memcpy(dst, &l, sizeof(l));
345 }
346 
347 static int ulog_tg_compat_to_user(void __user *dst, const void *src)
348 {
349  const struct ipt_ulog_info *l = src;
350  struct compat_ipt_ulog_info cl = {
351  .nl_group = l->nl_group,
352  .copy_range = l->copy_range,
353  .qthreshold = l->qthreshold,
354  };
355 
356  memcpy(cl.prefix, l->prefix, sizeof(cl.prefix));
357  return copy_to_user(dst, &cl, sizeof(cl)) ? -EFAULT : 0;
358 }
359 #endif /* CONFIG_COMPAT */
360 
361 static struct xt_target ulog_tg_reg __read_mostly = {
362  .name = "ULOG",
363  .family = NFPROTO_IPV4,
364  .target = ulog_tg,
365  .targetsize = sizeof(struct ipt_ulog_info),
366  .checkentry = ulog_tg_check,
367 #ifdef CONFIG_COMPAT
368  .compatsize = sizeof(struct compat_ipt_ulog_info),
369  .compat_from_user = ulog_tg_compat_from_user,
370  .compat_to_user = ulog_tg_compat_to_user,
371 #endif
372  .me = THIS_MODULE,
373 };
374 
375 static struct nf_logger ipt_ulog_logger __read_mostly = {
376  .name = "ipt_ULOG",
377  .logfn = ipt_logfn,
378  .me = THIS_MODULE,
379 };
380 
381 static int __init ulog_tg_init(void)
382 {
383  int ret, i;
384  struct netlink_kernel_cfg cfg = {
385  .groups = ULOG_MAXNLGROUPS,
386  };
387 
388  pr_debug("init module\n");
389 
390  if (nlbufsiz > 128*1024) {
391  pr_warning("Netlink buffer has to be <= 128kB\n");
392  return -EINVAL;
393  }
394 
395  /* initialize ulog_buffers */
396  for (i = 0; i < ULOG_MAXNLGROUPS; i++)
397  setup_timer(&ulog_buffers[i].timer, ulog_timer, i);
398 
399  nflognl = netlink_kernel_create(&init_net, NETLINK_NFLOG, &cfg);
400  if (!nflognl)
401  return -ENOMEM;
402 
403  ret = xt_register_target(&ulog_tg_reg);
404  if (ret < 0) {
405  netlink_kernel_release(nflognl);
406  return ret;
407  }
408  if (nflog)
409  nf_log_register(NFPROTO_IPV4, &ipt_ulog_logger);
410 
411  return 0;
412 }
413 
414 static void __exit ulog_tg_exit(void)
415 {
416  ulog_buff_t *ub;
417  int i;
418 
419  pr_debug("cleanup_module\n");
420 
421  if (nflog)
422  nf_log_unregister(&ipt_ulog_logger);
423  xt_unregister_target(&ulog_tg_reg);
424  netlink_kernel_release(nflognl);
425 
426  /* remove pending timers and free allocated skb's */
427  for (i = 0; i < ULOG_MAXNLGROUPS; i++) {
428  ub = &ulog_buffers[i];
429  if (timer_pending(&ub->timer)) {
430  pr_debug("timer was pending, deleting\n");
431  del_timer(&ub->timer);
432  }
433 
434  if (ub->skb) {
435  kfree_skb(ub->skb);
436  ub->skb = NULL;
437  }
438  }
439 }
440 
441 module_init(ulog_tg_init);
442 module_exit(ulog_tg_exit);
Generated on Thu Jan 10 2013 14:58:40 for Linux Kernel by   doxygen 1.8.2