npf_ext_log.c revision 1.14
1/* $NetBSD: npf_ext_log.c,v 1.14 2018/06/26 06:48:02 msaitoh Exp $ */ 2 3/*- 4 * Copyright (c) 2010-2012 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This material is based upon work partially supported by The 8 * NetBSD Foundation under a contract with Mindaugas Rasiukevicius. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32/* 33 * NPF logging extension. 34 */ 35 36#ifdef _KERNEL 37#include <sys/cdefs.h> 38__KERNEL_RCSID(0, "$NetBSD: npf_ext_log.c,v 1.14 2018/06/26 06:48:02 msaitoh Exp $"); 39 40#include <sys/types.h> 41#include <sys/module.h> 42 43#include <sys/conf.h> 44#include <sys/kmem.h> 45#include <sys/mbuf.h> 46#include <sys/mutex.h> 47#include <sys/queue.h> 48 49#include <net/if.h> 50#include <net/if_types.h> 51#include <net/bpf.h> 52#endif 53 54#include "npf_impl.h" 55#include "if_npflog.h" 56 57NPF_EXT_MODULE(npf_ext_log, ""); 58 59#define NPFEXT_LOG_VER 1 60 61static void * npf_ext_log_id; 62 63typedef struct { 64 unsigned int if_idx; 65} npf_ext_log_t; 66 67static int 68npf_log_ctor(npf_rproc_t *rp, prop_dictionary_t params) 69{ 70 npf_ext_log_t *meta; 71 72 meta = kmem_zalloc(sizeof(npf_ext_log_t), KM_SLEEP); 73 prop_dictionary_get_uint32(params, "log-interface", &meta->if_idx); 74 npf_rproc_assign(rp, meta); 75 return 0; 76} 77 78static void 79npf_log_dtor(npf_rproc_t *rp, void *meta) 80{ 81 kmem_free(meta, sizeof(npf_ext_log_t)); 82} 83 84static bool 85npf_log(npf_cache_t *npc, void *meta, const npf_match_info_t *mi, int *decision) 86{ 87 struct mbuf *m = nbuf_head_mbuf(npc->npc_nbuf); 88 const npf_ext_log_t *log = meta; 89 struct psref psref; 90 ifnet_t *ifp; 91 struct npfloghdr hdr; 92 93 memset(&hdr, 0, sizeof(hdr)); 94 /* Set the address family. */ 95 if (npf_iscached(npc, NPC_IP4)) { 96 hdr.af = AF_INET; 97 } else if (npf_iscached(npc, NPC_IP6)) { 98 hdr.af = AF_INET6; 99 } else { 100 hdr.af = AF_UNSPEC; 101 } 102 103 hdr.length = NPFLOG_REAL_HDRLEN; 104 hdr.action = *decision == NPF_DECISION_PASS ? 105 0 /* pass */ : 1 /* block */; 106 hdr.reason = 0; /* match */ 107 108 struct nbuf *nb = npc->npc_nbuf; 109 npf_ifmap_copyname(npc->npc_ctx, nb ? nb->nb_ifid : 0, 110 hdr.ifname, sizeof(hdr.ifname)); 111 112 hdr.rulenr = htonl((uint32_t)mi->mi_rid); 113 hdr.subrulenr = htonl((uint32_t)(mi->mi_rid >> 32)); 114 strlcpy(hdr.ruleset, "rules", sizeof(hdr.ruleset)); 115 116 hdr.uid = UID_MAX; 117 hdr.pid = (pid_t)-1; 118 hdr.rule_uid = UID_MAX; 119 hdr.rule_pid = (pid_t)-1; 120 121 switch (mi->mi_di) { 122 default: 123 case PFIL_IN|PFIL_OUT: 124 hdr.dir = 0; 125 break; 126 case PFIL_IN: 127 hdr.dir = 1; 128 break; 129 case PFIL_OUT: 130 hdr.dir = 2; 131 break; 132 } 133 134 KERNEL_LOCK(1, NULL); 135 136 /* Find a pseudo-interface to log. */ 137 ifp = if_get_byindex(log->if_idx, &psref); 138 if (ifp == NULL) { 139 /* No interface. */ 140 KERNEL_UNLOCK_ONE(NULL); 141 return true; 142 } 143 144 /* Pass through BPF. */ 145 ifp->if_opackets++; 146 ifp->if_obytes += m->m_pkthdr.len; 147 if (ifp->if_bpf) 148 bpf_mtap2(ifp->if_bpf, &hdr, NPFLOG_HDRLEN, m, BPF_D_OUT); 149 if_put(ifp, &psref); 150 151 KERNEL_UNLOCK_ONE(NULL); 152 153 return true; 154} 155 156/* 157 * Module interface. 158 */ 159static int 160npf_ext_log_modcmd(modcmd_t cmd, void *arg) 161{ 162 static const npf_ext_ops_t npf_log_ops = { 163 .version = NPFEXT_LOG_VER, 164 .ctx = NULL, 165 .ctor = npf_log_ctor, 166 .dtor = npf_log_dtor, 167 .proc = npf_log 168 }; 169 npf_t *npf = npf_getkernctx(); 170 int error; 171 172 switch (cmd) { 173 case MODULE_CMD_INIT: 174 /* 175 * Initialise the NPF logging extension. 176 */ 177 npf_ext_log_id = npf_ext_register(npf, "log", &npf_log_ops); 178 if (!npf_ext_log_id) { 179 return EEXIST; 180 } 181 break; 182 183 case MODULE_CMD_FINI: 184 error = npf_ext_unregister(npf, npf_ext_log_id); 185 if (error) { 186 return error; 187 } 188 break; 189 190 case MODULE_CMD_AUTOUNLOAD: 191 /* Allow auto-unload only if NPF permits it. */ 192 return npf_autounload_p() ? 0 : EBUSY; 193 194 default: 195 return ENOTTY; 196 } 197 return 0; 198} 199