net/netfilter/xt_AUDIT.c at master

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / net / netfilter / xt_AUDIT.c
at master 102 lines 2.3 kB view raw
wrap content
  1// SPDX-License-Identifier: GPL-2.0-only
  2/*
  3 * Creates audit record for dropped/accepted packets
  4 *
  5 * (C) 2010-2011 Thomas Graf <tgraf@redhat.com>
  6 * (C) 2010-2011 Red Hat, Inc.
  7*/
  8
  9#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 10
 11#include <linux/audit.h>
 12#include <linux/module.h>
 13#include <linux/skbuff.h>
 14#include <linux/tcp.h>
 15#include <linux/udp.h>
 16#include <linux/if_arp.h>
 17#include <linux/netfilter/x_tables.h>
 18#include <linux/netfilter/xt_AUDIT.h>
 19#include <linux/netfilter_bridge/ebtables.h>
 20#include <net/ipv6.h>
 21#include <net/ip.h>
 22
 23MODULE_LICENSE("GPL");
 24MODULE_AUTHOR("Thomas Graf <tgraf@redhat.com>");
 25MODULE_DESCRIPTION("Xtables: creates audit records for dropped/accepted packets");
 26MODULE_ALIAS("ipt_AUDIT");
 27MODULE_ALIAS("ip6t_AUDIT");
 28MODULE_ALIAS("ebt_AUDIT");
 29MODULE_ALIAS("arpt_AUDIT");
 30
 31static unsigned int
 32audit_tg(struct sk_buff *skb, const struct xt_action_param *par)
 33{
 34	struct audit_buffer *ab;
 35
 36	if (audit_enabled == AUDIT_OFF)
 37		goto errout;
 38	ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
 39	if (ab == NULL)
 40		goto errout;
 41
 42	audit_log_format(ab, "mark=%#x", skb->mark);
 43
 44	audit_log_nf_skb(ab, skb, xt_family(par));
 45
 46	audit_log_end(ab);
 47
 48errout:
 49	return XT_CONTINUE;
 50}
 51
 52static unsigned int
 53audit_tg_ebt(struct sk_buff *skb, const struct xt_action_param *par)
 54{
 55	audit_tg(skb, par);
 56	return EBT_CONTINUE;
 57}
 58
 59static int audit_tg_check(const struct xt_tgchk_param *par)
 60{
 61	const struct xt_audit_info *info = par->targinfo;
 62
 63	if (info->type > XT_AUDIT_TYPE_MAX) {
 64		pr_info_ratelimited("Audit type out of range (valid range: 0..%u)\n",
 65				    XT_AUDIT_TYPE_MAX);
 66		return -ERANGE;
 67	}
 68
 69	return 0;
 70}
 71
 72static struct xt_target audit_tg_reg[] __read_mostly = {
 73	{
 74		.name		= "AUDIT",
 75		.family		= NFPROTO_UNSPEC,
 76		.target		= audit_tg,
 77		.targetsize	= sizeof(struct xt_audit_info),
 78		.checkentry	= audit_tg_check,
 79		.me		= THIS_MODULE,
 80	},
 81	{
 82		.name		= "AUDIT",
 83		.family		= NFPROTO_BRIDGE,
 84		.target		= audit_tg_ebt,
 85		.targetsize	= sizeof(struct xt_audit_info),
 86		.checkentry	= audit_tg_check,
 87		.me		= THIS_MODULE,
 88	},
 89};
 90
 91static int __init audit_tg_init(void)
 92{
 93	return xt_register_targets(audit_tg_reg, ARRAY_SIZE(audit_tg_reg));
 94}
 95
 96static void __exit audit_tg_exit(void)
 97{
 98	xt_unregister_targets(audit_tg_reg, ARRAY_SIZE(audit_tg_reg));
 99}
100
101module_init(audit_tg_init);
102module_exit(audit_tg_exit);
Configure Feed

Configure Feed
