Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/net/if_pflog.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $OpenBSD: if_pflog.c,v 1.97 2021/01/20 23:25:19 bluhm Exp $ */ 2 /* 3 * The authors of this code are John Ioannidis (ji@tla.org), 4 * Angelos D. Keromytis (kermit@csd.uch.gr) and 5 * Niels Provos (provos@physnet.uni-hamburg.de). 6 * 7 * This code was written by John Ioannidis for BSD/OS in Athens, Greece, 8 * in November 1995. 9 * 10 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 11 * by Angelos D. Keromytis. 12 * 13 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis 14 * and Niels Provos. 15 * 16 * Copyright (C) 1995, 1996, 1997, 1998 by John Ioannidis, Angelos D. Keromytis 17 * and Niels Provos. 18 * Copyright (c) 2001, Angelos D. Keromytis, Niels Provos. 19 * Copyright (c) 2002 - 2010 Henning Brauer 20 * 21 * Permission to use, copy, and modify this software with or without fee 22 * is hereby granted, provided that this entire notice is included in 23 * all copies of any software which is or includes a copy or 24 * modification of this software. 25 * You may use this code under the GNU public license if you so wish. Please 26 * contribute changes back to the authors under this freer than GPL license 27 * so that we may further the use of strong encryption without limitations to 28 * all. 29 * 30 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 31 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 32 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 33 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 34 * PURPOSE. 35 */ 36 37 #include "bpfilter.h" 38 #include "pflog.h" 39 40 #include <sys/param.h> 41 #include <sys/systm.h> 42 #include <sys/mbuf.h> 43 #include <sys/proc.h> 44 #include <sys/socket.h> 45 #include <sys/stdint.h> 46 #include <sys/ioctl.h> 47 48 #include <net/if.h> 49 #include <net/if_var.h> 50 #include <net/if_types.h> 51 #if NBPFILTER > 0 52 #include <net/bpf.h> 53 #endif 54 55 #include <netinet/in.h> 56 #include <netinet/ip.h> 57 #include <netinet/ip_icmp.h> 58 #include <netinet/tcp.h> 59 #include <netinet/udp.h> 60 61 #ifdef INET6 62 #include <netinet/ip6.h> 63 #include <netinet/icmp6.h> 64 #endif /* INET6 */ 65 66 #include <net/pfvar.h> 67 #include <net/pfvar_priv.h> 68 #include <net/if_pflog.h> 69 70 #define PFLOGMTU (32768 + MHLEN + MLEN) 71 72 #ifdef PFLOGDEBUG 73 #define DPRINTF(x) do { if (pflogdebug) printf x ; } while (0) 74 #else 75 #define DPRINTF(x) 76 #endif 77 78 void pflogattach(int); 79 int pflogoutput(struct ifnet *, struct mbuf *, struct sockaddr *, 80 struct rtentry *); 81 int pflogioctl(struct ifnet *, u_long, caddr_t); 82 int pflog_clone_create(struct if_clone *, int); 83 int pflog_clone_destroy(struct ifnet *); 84 struct pflog_softc *pflog_getif(int); 85 86 struct if_clone pflog_cloner = 87 IF_CLONE_INITIALIZER("pflog", pflog_clone_create, pflog_clone_destroy); 88 89 LIST_HEAD(, pflog_softc) pflog_ifs = LIST_HEAD_INITIALIZER(pflog_ifs); 90 91 void 92 pflogattach(int npflog) 93 { 94 if_clone_attach(&pflog_cloner); 95 } 96 97 int 98 pflog_clone_create(struct if_clone *ifc, int unit) 99 { 100 struct ifnet *ifp; 101 struct pflog_softc *pflogif; 102 103 pflogif = malloc(sizeof(*pflogif), M_DEVBUF, M_WAITOK|M_ZERO); 104 pflogif->sc_unit = unit; 105 ifp = &pflogif->sc_if; 106 snprintf(ifp->if_xname, sizeof ifp->if_xname, "pflog%d", unit); 107 ifp->if_softc = pflogif; 108 ifp->if_mtu = PFLOGMTU; 109 ifp->if_ioctl = pflogioctl; 110 ifp->if_output = pflogoutput; 111 ifp->if_xflags = IFXF_CLONED; 112 ifp->if_type = IFT_PFLOG; 113 ifp->if_hdrlen = PFLOG_HDRLEN; 114 if_attach(ifp); 115 if_alloc_sadl(ifp); 116 117 #if NBPFILTER > 0 118 bpfattach(&pflogif->sc_if.if_bpf, ifp, DLT_PFLOG, PFLOG_HDRLEN); 119 #endif 120 121 NET_LOCK(); 122 LIST_INSERT_HEAD(&pflog_ifs, pflogif, sc_entry); 123 NET_UNLOCK(); 124 125 return (0); 126 } 127 128 int 129 pflog_clone_destroy(struct ifnet *ifp) 130 { 131 struct pflog_softc *pflogif = ifp->if_softc; 132 133 NET_LOCK(); 134 LIST_REMOVE(pflogif, sc_entry); 135 NET_UNLOCK(); 136 137 if_detach(ifp); 138 free(pflogif, M_DEVBUF, sizeof(*pflogif)); 139 140 return (0); 141 } 142 143 int 144 pflogoutput(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 145 struct rtentry *rt) 146 { 147 m_freem(m); /* drop packet */ 148 return (EAFNOSUPPORT); 149 } 150 151 int 152 pflogioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 153 { 154 switch (cmd) { 155 case SIOCSIFFLAGS: 156 if (ifp->if_flags & IFF_UP) 157 ifp->if_flags |= IFF_RUNNING; 158 else 159 ifp->if_flags &= ~IFF_RUNNING; 160 break; 161 default: 162 return (ENOTTY); 163 } 164 165 return (0); 166 } 167 168 struct pflog_softc * 169 pflog_getif(int unit) 170 { 171 struct pflog_softc *pflogif; 172 173 NET_ASSERT_LOCKED(); 174 175 LIST_FOREACH(pflogif, &pflog_ifs, sc_entry) { 176 if (pflogif->sc_unit == unit) 177 break; 178 } 179 180 return pflogif; 181 } 182 183 int 184 pflog_packet(struct pf_pdesc *pd, u_int8_t reason, struct pf_rule *rm, 185 struct pf_rule *am, struct pf_ruleset *ruleset, struct pf_rule *trigger) 186 { 187 #if NBPFILTER > 0 188 struct pflog_softc *pflogif; 189 struct ifnet *ifn; 190 caddr_t if_bpf; 191 struct pfloghdr hdr; 192 193 if (rm == NULL || pd == NULL || pd->kif == NULL || pd->m == NULL) 194 return (-1); 195 if (trigger == NULL) 196 trigger = rm; 197 pflogif = pflog_getif(trigger->logif); 198 if (pflogif == NULL) 199 return (0); 200 ifn = &pflogif->sc_if; 201 if_bpf = ifn->if_bpf; 202 if (!if_bpf) 203 return (0); 204 205 bzero(&hdr, sizeof(hdr)); 206 hdr.length = PFLOG_REAL_HDRLEN; 207 hdr.action = rm->action; 208 hdr.reason = reason; 209 memcpy(hdr.ifname, pd->kif->pfik_name, sizeof(hdr.ifname)); 210 211 if (am == NULL) { 212 hdr.rulenr = htonl(rm->nr); 213 hdr.subrulenr = -1; 214 } else { 215 hdr.rulenr = htonl(am->nr); 216 hdr.subrulenr = htonl(rm->nr); 217 if (ruleset != NULL && ruleset->anchor != NULL) 218 strlcpy(hdr.ruleset, ruleset->anchor->name, 219 sizeof(hdr.ruleset)); 220 } 221 if (trigger->log & PF_LOG_USER && !pd->lookup.done) 222 pd->lookup.done = pf_socket_lookup(pd); 223 if (trigger->log & PF_LOG_USER && pd->lookup.done > 0) { 224 hdr.uid = pd->lookup.uid; 225 hdr.pid = pd->lookup.pid; 226 } else { 227 hdr.uid = -1; 228 hdr.pid = NO_PID; 229 } 230 hdr.rule_uid = rm->cuid; 231 hdr.rule_pid = rm->cpid; 232 hdr.dir = pd->dir; 233 hdr.af = pd->af; 234 235 if (pd->src != NULL && pd->dst != NULL) { 236 if (pd->af != pd->naf || 237 pf_addr_compare(pd->src, &pd->nsaddr, pd->naf) != 0 || 238 pf_addr_compare(pd->dst, &pd->ndaddr, pd->naf) != 0 || 239 pd->osport != pd->nsport || 240 pd->odport != pd->ndport) { 241 hdr.rewritten = 1; 242 } 243 } 244 hdr.naf = pd->naf; 245 pf_addrcpy(&hdr.saddr, &pd->nsaddr, pd->naf); 246 pf_addrcpy(&hdr.daddr, &pd->ndaddr, pd->naf); 247 hdr.sport = pd->nsport; 248 hdr.dport = pd->ndport; 249 250 ifn->if_opackets++; 251 ifn->if_obytes += pd->m->m_pkthdr.len; 252 253 bpf_mtap_hdr(if_bpf, &hdr, sizeof(hdr), pd->m, BPF_DIRECTION_OUT); 254 #endif 255 256 return (0); 257 }
Cache object: 03ebdf41031fa63fb523934853d29c21
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]