diff options
author | Peter Warasin <peter@endian.com> | 2008-04-14 05:15:54 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-04-14 05:15:54 -0400 |
commit | e7bfd0a1a6c8f82977253dab19be9d9979c1ec1b (patch) | |
tree | 3162f621a6a17b5d80e4419a9dae031c0b93fec9 | |
parent | 3c9fba656a185cf56872a325e5594d9b4d4168ec (diff) |
[NETFILTER]: bridge: add ebt_nflog watcher
This patch adds the ebtables nflog watcher to the kernel in order to
allow ebtables log through the nfnetlink_log backend.
Signed-off-by: Peter Warasin <peter@endian.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r-- | include/linux/netfilter_bridge/ebt_nflog.h | 21 | ||||
-rw-r--r-- | net/bridge/netfilter/Kconfig | 14 | ||||
-rw-r--r-- | net/bridge/netfilter/Makefile | 1 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_nflog.c | 74 |
4 files changed, 110 insertions, 0 deletions
diff --git a/include/linux/netfilter_bridge/ebt_nflog.h b/include/linux/netfilter_bridge/ebt_nflog.h new file mode 100644 index 000000000000..052817849b83 --- /dev/null +++ b/include/linux/netfilter_bridge/ebt_nflog.h | |||
@@ -0,0 +1,21 @@ | |||
1 | #ifndef __LINUX_BRIDGE_EBT_NFLOG_H | ||
2 | #define __LINUX_BRIDGE_EBT_NFLOG_H | ||
3 | |||
4 | #define EBT_NFLOG_MASK 0x0 | ||
5 | |||
6 | #define EBT_NFLOG_PREFIX_SIZE 64 | ||
7 | #define EBT_NFLOG_WATCHER "nflog" | ||
8 | |||
9 | #define EBT_NFLOG_DEFAULT_GROUP 0x1 | ||
10 | #define EBT_NFLOG_DEFAULT_THRESHOLD 1 | ||
11 | |||
12 | struct ebt_nflog_info { | ||
13 | u_int32_t len; | ||
14 | u_int16_t group; | ||
15 | u_int16_t threshold; | ||
16 | u_int16_t flags; | ||
17 | u_int16_t pad; | ||
18 | char prefix[EBT_NFLOG_PREFIX_SIZE]; | ||
19 | }; | ||
20 | |||
21 | #endif /* __LINUX_BRIDGE_EBT_NFLOG_H */ | ||
diff --git a/net/bridge/netfilter/Kconfig b/net/bridge/netfilter/Kconfig index 4a3e2bf892c7..7beeefa0f9c0 100644 --- a/net/bridge/netfilter/Kconfig +++ b/net/bridge/netfilter/Kconfig | |||
@@ -212,4 +212,18 @@ config BRIDGE_EBT_ULOG | |||
212 | 212 | ||
213 | To compile it as a module, choose M here. If unsure, say N. | 213 | To compile it as a module, choose M here. If unsure, say N. |
214 | 214 | ||
215 | config BRIDGE_EBT_NFLOG | ||
216 | tristate "ebt: nflog support" | ||
217 | depends on BRIDGE_NF_EBTABLES | ||
218 | help | ||
219 | This option enables the nflog watcher, which allows to LOG | ||
220 | messages through the netfilter logging API, which can use | ||
221 | either the old LOG target, the old ULOG target or nfnetlink_log | ||
222 | as backend. | ||
223 | |||
224 | This option adds the ulog watcher, that you can use in any rule | ||
225 | in any ebtables table. | ||
226 | |||
227 | To compile it as a module, choose M here. If unsure, say N. | ||
228 | |||
215 | endmenu | 229 | endmenu |
diff --git a/net/bridge/netfilter/Makefile b/net/bridge/netfilter/Makefile index 905087e0d485..83715d73a503 100644 --- a/net/bridge/netfilter/Makefile +++ b/net/bridge/netfilter/Makefile | |||
@@ -30,3 +30,4 @@ obj-$(CONFIG_BRIDGE_EBT_SNAT) += ebt_snat.o | |||
30 | # watchers | 30 | # watchers |
31 | obj-$(CONFIG_BRIDGE_EBT_LOG) += ebt_log.o | 31 | obj-$(CONFIG_BRIDGE_EBT_LOG) += ebt_log.o |
32 | obj-$(CONFIG_BRIDGE_EBT_ULOG) += ebt_ulog.o | 32 | obj-$(CONFIG_BRIDGE_EBT_ULOG) += ebt_ulog.o |
33 | obj-$(CONFIG_BRIDGE_EBT_NFLOG) += ebt_nflog.o | ||
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c new file mode 100644 index 000000000000..8e799aa9e560 --- /dev/null +++ b/net/bridge/netfilter/ebt_nflog.c | |||
@@ -0,0 +1,74 @@ | |||
1 | /* | ||
2 | * ebt_nflog | ||
3 | * | ||
4 | * Author: | ||
5 | * Peter Warasin <peter@endian.com> | ||
6 | * | ||
7 | * February, 2008 | ||
8 | * | ||
9 | * Based on: | ||
10 | * xt_NFLOG.c, (C) 2006 by Patrick McHardy <kaber@trash.net> | ||
11 | * ebt_ulog.c, (C) 2004 by Bart De Schuymer <bdschuym@pandora.be> | ||
12 | * | ||
13 | */ | ||
14 | |||
15 | #include <linux/module.h> | ||
16 | #include <linux/spinlock.h> | ||
17 | #include <linux/netfilter_bridge/ebtables.h> | ||
18 | #include <linux/netfilter_bridge/ebt_nflog.h> | ||
19 | #include <net/netfilter/nf_log.h> | ||
20 | |||
21 | static void ebt_nflog(const struct sk_buff *skb, | ||
22 | unsigned int hooknr, | ||
23 | const struct net_device *in, | ||
24 | const struct net_device *out, | ||
25 | const void *data, unsigned int datalen) | ||
26 | { | ||
27 | struct ebt_nflog_info *info = (struct ebt_nflog_info *)data; | ||
28 | struct nf_loginfo li; | ||
29 | |||
30 | li.type = NF_LOG_TYPE_ULOG; | ||
31 | li.u.ulog.copy_len = info->len; | ||
32 | li.u.ulog.group = info->group; | ||
33 | li.u.ulog.qthreshold = info->threshold; | ||
34 | |||
35 | nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, "%s", info->prefix); | ||
36 | } | ||
37 | |||
38 | static int ebt_nflog_check(const char *tablename, | ||
39 | unsigned int hookmask, | ||
40 | const struct ebt_entry *e, | ||
41 | void *data, unsigned int datalen) | ||
42 | { | ||
43 | struct ebt_nflog_info *info = (struct ebt_nflog_info *)data; | ||
44 | |||
45 | if (datalen != EBT_ALIGN(sizeof(struct ebt_nflog_info))) | ||
46 | return -EINVAL; | ||
47 | if (info->flags & ~EBT_NFLOG_MASK) | ||
48 | return -EINVAL; | ||
49 | info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0'; | ||
50 | return 0; | ||
51 | } | ||
52 | |||
53 | static struct ebt_watcher nflog __read_mostly = { | ||
54 | .name = EBT_NFLOG_WATCHER, | ||
55 | .watcher = ebt_nflog, | ||
56 | .check = ebt_nflog_check, | ||
57 | .me = THIS_MODULE, | ||
58 | }; | ||
59 | |||
60 | static int __init ebt_nflog_init(void) | ||
61 | { | ||
62 | return ebt_register_watcher(&nflog); | ||
63 | } | ||
64 | |||
65 | static void __exit ebt_nflog_fini(void) | ||
66 | { | ||
67 | ebt_unregister_watcher(&nflog); | ||
68 | } | ||
69 | |||
70 | module_init(ebt_nflog_init); | ||
71 | module_exit(ebt_nflog_fini); | ||
72 | MODULE_LICENSE("GPL"); | ||
73 | MODULE_AUTHOR("Peter Warasin <peter@endian.com>"); | ||
74 | MODULE_DESCRIPTION("ebtables NFLOG netfilter logging module"); | ||