4 * Copyright (C) 1997-2003 by Darren Reed.
6 * See the IPFILTER.LICENCE file for details on licencing.
9 * Id: ip_log.c,v 2.75.2.19 2007/09/09 11:32:06 darrenr Exp $
11 #include <sys/param.h>
12 #if defined(KERNEL) || defined(_KERNEL)
18 #if defined(__NetBSD__) && (NetBSD >= 199905) && !defined(IPFILTER_LKM) && \
20 # if (__NetBSD_Version__ < 399001400)
21 # include "opt_ipfilter_log.h"
23 # include "opt_ipfilter.h"
26 #if defined(__FreeBSD__) && !defined(IPFILTER_LKM)
28 # if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
29 # include "opt_ipfilter.h"
32 # include <osreldate.h>
36 # define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
38 #include <sys/errno.h>
39 #include <sys/types.h>
55 #if __FreeBSD_version >= 220000 && defined(_KERNEL)
56 # include <sys/fcntl.h>
57 # include <sys/filio.h>
59 # include <sys/ioctl.h>
63 # include <sys/systm.h>
64 # if defined(NetBSD) && (__NetBSD_Version__ >= 104000000)
65 # include <sys/proc.h>
68 #if !SOLARIS && !defined(__hpux) && !defined(linux)
69 # if (defined(NetBSD) && NetBSD > 199609) || \
70 (defined(OpenBSD) && OpenBSD > 199603) || \
71 (__FreeBSD_version >= 300000)
72 # include <sys/dirent.h>
76 # include <sys/mbuf.h>
77 # include <sys/select.h>
78 # if __FreeBSD_version >= 500000
79 # include <sys/selinfo.h>
82 # if !defined(__hpux) && defined(_KERNEL)
83 # include <sys/filio.h>
84 # include <sys/cred.h>
86 # include <sys/sunddi.h>
87 # include <sys/ksynch.h>
88 # include <sys/kmem.h>
89 # include <sys/mkdev.h>
90 # include <sys/dditypes.h>
91 # include <sys/cmn_err.h>
93 #endif /* !SOLARIS && !__hpux */
95 # include <sys/protosw.h>
97 #include <sys/socket.h>
103 #if __FreeBSD_version >= 300000
104 # include <net/if_var.h>
106 #include <net/route.h>
107 #include <netinet/in.h>
109 # include <sys/ddi.h>
110 # ifdef IFF_DRVRLOCK /* IRIX6 */
111 # include <sys/hashing.h>
114 #if !defined(__hpux) && !defined(linux) && \
115 !(defined(__sgi) && !defined(IFF_DRVRLOCK)) /*IRIX<6*/
116 # include <netinet/in_var.h>
118 #include <netinet/in_systm.h>
119 #include <netinet/ip.h>
120 #include <netinet/tcp.h>
121 #include <netinet/udp.h>
122 #include <netinet/ip_icmp.h>
124 # include <netinet/icmp6.h>
127 # include <netinet/ip_var.h>
132 #include "netinet/ip_compat.h"
133 #include <netinet/tcpip.h>
134 #include "netinet/ip_fil.h"
135 #include "netinet/ip_nat.h"
136 #include "netinet/ip_frag.h"
137 #include "netinet/ip_state.h"
138 #include "netinet/ip_auth.h"
139 #if (__FreeBSD_version >= 300000) || defined(__NetBSD__)
140 # include <sys/malloc.h>
142 /* END OF INCLUDES */
146 # if defined(IPL_SELECT)
147 # include <machine/sys/user.h>
148 # include <sys/kthread_iface.h>
149 # define READ_COLLISION 0x001
151 iplog_select_t iplog_ss[IPL_LOGMAX+1];
154 # endif /* IPL_SELECT */
156 # if defined(linux) && defined(_KERNEL)
157 wait_queue_head_t iplh_linux[IPL_LOGSIZE];
159 # if SOLARIS && defined(_KERNEL)
160 extern kcondvar_t iplwait;
161 extern struct pollhead iplpollhead[IPL_LOGSIZE];
164 iplog_t **iplh[IPL_LOGSIZE], *iplt[IPL_LOGSIZE], *ipll[IPL_LOGSIZE];
165 int iplused[IPL_LOGSIZE];
166 static fr_info_t iplcrc[IPL_LOGSIZE];
167 int ipl_suppress = 1;
168 int ipl_logmax = IPL_LOGMAX;
170 int ipl_log_init = 0;
171 int ipl_logsize = IPFILTER_LOGSIZE;
172 int ipl_magic[IPL_LOGSIZE] = { IPL_MAGIC, IPL_MAGIC_NAT, IPL_MAGIC_STATE,
173 IPL_MAGIC, IPL_MAGIC, IPL_MAGIC,
174 IPL_MAGIC, IPL_MAGIC };
177 /* ------------------------------------------------------------------------ */
178 /* Function: fr_loginit */
179 /* Returns: int - 0 == success (always returned) */
180 /* Parameters: Nil */
182 /* Initialise log buffers & pointers. Also iniialised the CRC to a local */
183 /* secret for use in calculating the "last log checksum". */
184 /* ------------------------------------------------------------------------ */
189 for (i = IPL_LOGMAX; i >= 0; i--) {
194 bzero((char *)&iplcrc[i], sizeof(iplcrc[i]));
196 iplog_ss[i].read_waiter = 0;
197 iplog_ss[i].state = 0;
199 # if defined(linux) && defined(_KERNEL)
200 init_waitqueue_head(iplh_linux + i);
204 # if SOLARIS && defined(_KERNEL)
205 cv_init(&iplwait, "ipl condvar", CV_DRIVER, NULL);
207 MUTEX_INIT(&ipl_mutex, "ipf log mutex");
215 /* ------------------------------------------------------------------------ */
216 /* Function: fr_logunload */
218 /* Parameters: Nil */
220 /* Clean up any log data that has accumulated without being read. */
221 /* ------------------------------------------------------------------------ */
226 if (ipl_log_init == 0)
229 for (i = IPL_LOGMAX; i >= 0; i--)
230 (void) ipflog_clear(i);
232 # if SOLARIS && defined(_KERNEL)
233 cv_destroy(&iplwait);
235 MUTEX_DESTROY(&ipl_mutex);
241 /* ------------------------------------------------------------------------ */
242 /* Function: ipflog */
243 /* Returns: int - 0 == success, -1 == failure */
244 /* Parameters: fin(I) - pointer to packet information */
245 /* flags(I) - flags from filter rules */
247 /* Create a log record for a packet given that it has been triggered by a */
248 /* rule (or the default setting). Calculate the transport protocol header */
249 /* size using predetermined size of a couple of popular protocols and thus */
250 /* how much data to copy into the log, including part of the data body if */
252 /* ------------------------------------------------------------------------ */
253 int ipflog(fin, flags)
257 register size_t hlen;
264 # if (SOLARIS || defined(__hpux)) && defined(_KERNEL) && \
265 !defined(_INET_IP_STACK_H)
269 # endif /* SOLARIS || __hpux */
275 ipfl.fl_nattag.ipt_num[0] = 0;
277 if (fin->fin_exthdr != NULL)
278 hlen = (char *)fin->fin_dp - (char *)fin->fin_ip;
280 hlen = fin->fin_hlen;
282 * calculate header size.
284 if (fin->fin_off == 0) {
285 p = fin->fin_fi.fi_p;
286 if (p == IPPROTO_TCP)
287 hlen += MIN(sizeof(tcphdr_t), fin->fin_dlen);
288 else if (p == IPPROTO_UDP)
289 hlen += MIN(sizeof(udphdr_t), fin->fin_dlen);
290 else if (p == IPPROTO_ICMP) {
293 icmp = (struct icmp *)fin->fin_dp;
296 * For ICMP, if the packet is an error packet, also
297 * include the information about the packet which
300 switch (icmp->icmp_type)
303 case ICMP_SOURCEQUENCH :
306 case ICMP_PARAMPROB :
307 hlen += MIN(sizeof(struct icmp) + 8,
311 hlen += MIN(sizeof(struct icmp),
317 else if (p == IPPROTO_ICMPV6) {
318 struct icmp6_hdr *icmp;
320 icmp = (struct icmp6_hdr *)fin->fin_dp;
323 * For ICMPV6, if the packet is an error packet, also
324 * include the information about the packet which
327 if (icmp->icmp6_type < 128) {
328 hlen += MIN(sizeof(struct icmp6_hdr) + 8,
331 hlen += MIN(sizeof(struct icmp6_hdr),
338 * Get the interface number and name to which this packet is
339 * currently associated.
341 # if (SOLARIS || defined(__hpux)) && defined(_KERNEL) && \
342 !defined(_INET_IP_STACK_H)
343 ipfl.fl_unit = (u_int)ifp->qf_ppa;
344 COPYIFNAME(fin->fin_v, ifp, ipfl.fl_ifname);
346 # if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \
347 (defined(OpenBSD) && (OpenBSD >= 199603)) || defined(linux) || \
348 (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) || \
349 (SOLARIS && defined(_INET_IP_STACK_H))
350 COPYIFNAME(fin->fin_v, ifp, ipfl.fl_ifname);
352 ipfl.fl_unit = (u_int)ifp->if_unit;
353 # if defined(_KERNEL)
354 if ((ipfl.fl_ifname[0] = ifp->if_name[0]))
355 if ((ipfl.fl_ifname[1] = ifp->if_name[1]))
356 if ((ipfl.fl_ifname[2] = ifp->if_name[2]))
357 ipfl.fl_ifname[3] = ifp->if_name[3];
359 COPYIFNAME(fin->fin_v, ifp, ipfl.fl_ifname);
360 ipfl.fl_ifname[sizeof(ipfl.fl_ifname) - 1] = '\0';
363 # endif /* __hpux || SOLARIS */
364 mlen = fin->fin_plen - hlen;
366 mlen = (flags & FR_LOGBODY) ? MIN(mlen, 128) : 0;
367 } else if ((flags & FR_LOGBODY) == 0) {
372 ipfl.fl_plen = (u_char)mlen;
373 ipfl.fl_hlen = (u_char)hlen;
374 ipfl.fl_rule = fin->fin_rule;
375 (void) strncpy(ipfl.fl_group, fin->fin_group, FR_GROUPLEN);
376 if (fin->fin_fr != NULL) {
377 ipfl.fl_loglevel = fin->fin_fr->fr_loglevel;
378 ipfl.fl_logtag = fin->fin_fr->fr_logtag;
380 ipfl.fl_loglevel = 0xffff;
381 ipfl.fl_logtag = FR_NOLOGTAG;
383 if (fin->fin_nattag != NULL)
384 bcopy(fin->fin_nattag, (void *)&ipfl.fl_nattag,
385 sizeof(ipfl.fl_nattag));
386 ipfl.fl_flags = flags;
387 ipfl.fl_dir = fin->fin_out;
388 ipfl.fl_lflags = fin->fin_flx;
389 ptrs[0] = (void *)&ipfl;
390 sizes[0] = sizeof(ipfl);
392 # if defined(MENTAT) && defined(_KERNEL)
394 * Are we copied from the mblk or an aligned array ?
396 if (fin->fin_ip == (ip_t *)m->b_rptr) {
398 sizes[1] = hlen + mlen;
401 ptrs[1] = fin->fin_ip;
402 sizes[1] = hlen + mlen;
407 sizes[1] = hlen + mlen;
410 return ipllog(IPL_LOGIPF, fin, ptrs, sizes, types, 2);
414 /* ------------------------------------------------------------------------ */
415 /* Function: ipllog */
416 /* Returns: int - 0 == success, -1 == failure */
417 /* Parameters: dev(I) - device that owns this log record */
418 /* fin(I) - pointer to packet information */
419 /* items(I) - array of pointers to log data */
420 /* itemsz(I) - array of size of valid memory pointed to */
421 /* types(I) - type of data pointed to by items pointers */
422 /* cnt(I) - number of elements in arrays items/itemsz/types */
424 /* Takes an array of parameters and constructs one record to include the */
425 /* miscellaneous packet information, as well as packet data, for reading */
426 /* from the log device. */
427 /* ------------------------------------------------------------------------ */
428 int ipllog(dev, fin, items, itemsz, types, cnt)
442 * Check to see if this log record has a CRC which matches the last
443 * record logged. If it does, just up the count on the previous one
444 * rather than create a new one.
447 MUTEX_ENTER(&ipl_mutex);
448 if ((fin != NULL) && (fin->fin_off == 0)) {
449 if ((ipll[dev] != NULL) &&
450 bcmp((char *)fin, (char *)&iplcrc[dev],
452 ipll[dev]->ipl_count++;
453 MUTEX_EXIT(&ipl_mutex);
456 bcopy((char *)fin, (char *)&iplcrc[dev], FI_LCSIZE);
458 bzero((char *)&iplcrc[dev], FI_CSIZE);
459 MUTEX_EXIT(&ipl_mutex);
463 * Get the total amount of data to be logged.
465 for (i = 0, len = sizeof(iplog_t); i < cnt; i++)
469 * check that we have space to record this information and can
470 * allocate that much.
472 KMALLOCS(buf, u_char *, len);
476 MUTEX_ENTER(&ipl_mutex);
477 if ((iplused[dev] + len) > ipl_logsize) {
478 MUTEX_EXIT(&ipl_mutex);
484 MUTEX_EXIT(&ipl_mutex);
488 * advance the log pointer to the next empty record and deduct the
489 * amount of space we're going to use.
491 ipl = (iplog_t *)buf;
492 ipl->ipl_magic = ipl_magic[dev];
494 ipl->ipl_next = NULL;
495 ipl->ipl_dsize = len;
497 GETKTIME(&ipl->ipl_sec);
504 * Loop through all the items to be logged, copying each one to the
505 * buffer. Use bcopy for normal data or the mb_t copyout routine.
507 for (i = 0, ptr = buf + sizeof(*ipl); i < cnt; i++) {
509 bcopy(items[i], ptr, itemsz[i]);
510 } else if (types[i] == 1) {
511 COPYDATA(items[i], 0, itemsz[i], (char *)ptr);
516 MUTEX_ENTER(&ipl_mutex);
519 iplh[dev] = &ipl->ipl_next;
522 * Now that the log record has been completed and added to the queue,
523 * wake up any listeners who may want to read it.
525 # if SOLARIS && defined(_KERNEL)
527 MUTEX_EXIT(&ipl_mutex);
528 pollwakeup(&iplpollhead[dev], POLLRDNORM);
530 MUTEX_EXIT(&ipl_mutex);
536 iplog_input_ready(dev);
542 /* ------------------------------------------------------------------------ */
543 /* Function: ipflog_read */
544 /* Returns: int - 0 == success, else error value. */
545 /* Parameters: unit(I) - device we are reading from */
546 /* uio(O) - pointer to information about where to store data */
548 /* Called to handle a read on an IPFilter device. Returns only complete */
549 /* log messages - will not partially copy a log record out to userland. */
551 /* NOTE: This function will block and wait for a signal to return data if */
552 /* there is none present. Asynchronous I/O is not implemented. */
553 /* ------------------------------------------------------------------------ */
554 int ipflog_read(unit, uio)
564 * Sanity checks. Make sure the minor # is valid and we're copying
565 * a valid chunk of data.
567 if (IPL_LOGMAX < unit)
569 if (uio->uio_resid == 0)
571 if ((uio->uio_resid < sizeof(iplog_t)) ||
572 (uio->uio_resid > ipl_logsize))
576 * Lock the log so we can snapshot the variables. Wait for a signal
577 * if the log is empty.
580 MUTEX_ENTER(&ipl_mutex);
582 while (iplt[unit] == NULL) {
583 # if SOLARIS && defined(_KERNEL)
584 if (!cv_wait_sig(&iplwait, &ipl_mutex.ipf_lk)) {
585 MUTEX_EXIT(&ipl_mutex);
589 # if defined(__hpux) && defined(_KERNEL)
593 if (uio->uio_fpflags & (FNBLOCK|FNDELAY)) {
594 /* this is no blocking system call */
595 MUTEX_EXIT(&ipl_mutex);
600 MUTEX_EXIT(&ipl_mutex);
601 l = get_sleep_lock(&iplh[unit]);
602 error = sleep(&iplh[unit], PZERO+1);
605 # if defined(__osf__) && defined(_KERNEL)
606 error = mpsleep(&iplh[unit], PSUSP|PCATCH, "iplread", 0,
607 &ipl_mutex, MS_LOCK_SIMPLE);
609 MUTEX_EXIT(&ipl_mutex);
611 error = SLEEP(unit + iplh, "ipl sleep");
612 # endif /* __osf__ */
617 MUTEX_ENTER(&ipl_mutex);
618 # endif /* SOLARIS */
621 # if (BSD >= 199101) || defined(__FreeBSD__) || defined(__osf__)
622 uio->uio_rw = UIO_READ;
625 for (copied = 0; (ipl = iplt[unit]) != NULL; copied += dlen) {
626 dlen = ipl->ipl_dsize;
627 if (dlen > uio->uio_resid)
630 * Don't hold the mutex over the uiomove call.
632 iplt[unit] = ipl->ipl_next;
633 iplused[unit] -= dlen;
634 MUTEX_EXIT(&ipl_mutex);
636 error = UIOMOVE(ipl, dlen, UIO_READ, uio);
639 MUTEX_ENTER(&ipl_mutex);
640 ipl->ipl_next = iplt[unit];
642 iplused[unit] += dlen;
645 MUTEX_ENTER(&ipl_mutex);
651 iplh[unit] = &iplt[unit];
655 MUTEX_EXIT(&ipl_mutex);
661 /* ------------------------------------------------------------------------ */
662 /* Function: ipflog_clear */
663 /* Returns: int - number of log bytes cleared. */
664 /* Parameters: unit(I) - device we are reading from */
666 /* Deletes all queued up log records for a given output device. */
667 /* ------------------------------------------------------------------------ */
668 int ipflog_clear(unit)
676 MUTEX_ENTER(&ipl_mutex);
677 while ((ipl = iplt[unit]) != NULL) {
678 iplt[unit] = ipl->ipl_next;
679 KFREES(ipl, ipl->ipl_dsize);
681 iplh[unit] = &iplt[unit];
683 used = iplused[unit];
685 bzero((char *)&iplcrc[unit], FI_CSIZE);
686 MUTEX_EXIT(&ipl_mutex);
692 /* ------------------------------------------------------------------------ */
693 /* Function: ipflog_canread */
694 /* Returns: int - 0 == no data to read, 1 = data present */
695 /* Parameters: unit(I) - device we are reading from */
697 /* Returns an indication of whether or not there is data present in the */
698 /* current buffer for the selected ipf device. */
699 /* ------------------------------------------------------------------------ */
700 int ipflog_canread(unit)
703 return iplt[unit] != NULL;
705 #endif /* IPFILTER_LOG */