![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to ip_log.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Apple XNU] / XNU / bsd / netinet|
Return to ip_log.c CVS log | Up to [Apple XNU] / XNU / bsd / netinet |
1.1 root 1: /*
2: * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
3: *
4: * @APPLE_LICENSE_HEADER_START@
5: *
6: * The contents of this file constitute Original Code as defined in and
7: * are subject to the Apple Public Source License Version 1.1 (the
8: * "License"). You may not use this file except in compliance with the
9: * License. Please obtain a copy of the License at
10: * http://www.apple.com/publicsource and read it before using this file.
11: *
12: * This Original Code and all software distributed under the License are
13: * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
14: * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15: * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
16: * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
17: * License for the specific language governing rights and limitations
18: * under the License.
19: *
20: * @APPLE_LICENSE_HEADER_END@
21: */
22: /*
23: * Copyright (C) 1997 by Darren Reed.
24: *
25: * Redistribution and use in source and binary forms are permitted
26: * provided that this notice is preserved and due credit is given
27: * to the original author and the contributors.
28: *
29: */
30: #include "opt_ipfilter.h"
31:
32: #if IPFILTER_LOG
33: # ifndef SOLARIS
34: # define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
35: # endif
36:
37: # if defined(KERNEL) && !defined(_KERNEL)
38: # define _KERNEL
39: # endif
40: # ifdef __FreeBSD__
41: # if defined(_KERNEL) && !defined(IPFILTER_LKM)
42: # define __FreeBSD_version 300000 /* this will do as a hack */
43: # else
44: # include <osreldate.h>
45: # endif
46: # endif
47: # ifndef _KERNEL
48: # include <stdio.h>
49: # include <string.h>
50: # include <stdlib.h>
51: # include <ctype.h>
52: # endif
53: # include <sys/errno.h>
54: # include <sys/types.h>
55: # include <sys/param.h>
56: # include <sys/file.h>
57: # if __FreeBSD_version >= 220000 && defined(_KERNEL)
58: # include <sys/fcntl.h>
59: # include <sys/filio.h>
60: # else
61: # include <sys/ioctl.h>
62: # endif
63: # include <sys/time.h>
64: # if defined(_KERNEL) && !defined(linux)
65: # include <sys/systm.h>
66: # endif
67: # include <sys/uio.h>
68: # if !SOLARIS
69: # if (NetBSD > 199609) || (OpenBSD > 199603) || defined(__FreeBSD__)
70: # include <sys/dirent.h>
71: # else
72: # include <sys/dir.h>
73: # endif
74: # ifndef linux
75: # include <sys/mbuf.h>
76: # endif
77: # else
78: # include <sys/filio.h>
79: # include <sys/cred.h>
80: # include <sys/ddi.h>
81: # include <sys/sunddi.h>
82: # include <sys/ksynch.h>
83: # include <sys/kmem.h>
84: # include <sys/mkdev.h>
85: # include <sys/dditypes.h>
86: # include <sys/cmn_err.h>
87: # endif
88: # ifndef linux
89: # include <sys/protosw.h>
90: # endif
91: # include <sys/socket.h>
92:
93: # include <net/if.h>
94: # ifdef sun
95: # include <net/af.h>
96: # endif
97: # if __FreeBSD_version >= 300000
98: # include <sys/malloc.h>
99: # include <machine/random.h>
100: # endif
101: # include <net/route.h>
102: # include <netinet/in.h>
103: # ifdef __sgi
104: # include <sys/ddi.h>
105: # ifdef IFF_DRVRLOCK /* IRIX6 */
106: # include <sys/hashing.h>
107: # endif
108: # endif
109: # if !defined(linux) && !(defined(__sgi) && !defined(IFF_DRVRLOCK)) /*IRIX<6*/
110: # include <netinet/in_var.h>
111: # endif
112: # include <netinet/in_systm.h>
113: # include <netinet/ip.h>
114: # include <netinet/tcp.h>
115: # include <netinet/udp.h>
116: # include <netinet/ip_icmp.h>
117: # ifndef linux
118: # include <netinet/ip_var.h>
119: # endif
120: # ifndef _KERNEL
121: # include <syslog.h>
122: # endif
123: # include "netinet/ip_compat.h"
124: # include <netinet/tcpip.h>
125: # include "netinet/ip_fil.h"
126: # include "netinet/ip_proxy.h"
127: # include "netinet/ip_nat.h"
128: # include "netinet/ip_frag.h"
129: # include "netinet/ip_state.h"
130: # include "netinet/ip_auth.h"
131: # ifndef MIN
132: # define MIN(a,b) (((a)<(b))?(a):(b))
133: # endif
134:
135:
136: # if SOLARIS || defined(__sgi)
137: extern kmutex_t ipl_mutex;
138: # if SOLARIS
139: extern kcondvar_t iplwait;
140: # endif
141: # endif
142:
143: iplog_t **iplh[IPL_LOGMAX+1], *iplt[IPL_LOGMAX+1];
144: int iplused[IPL_LOGMAX+1];
145: static u_long iplcrc[IPL_LOGMAX+1];
146: static u_long iplcrcinit;
147: #ifdef linux
148: static struct wait_queue *iplwait[IPL_LOGMAX+1];
149: #endif
150:
151:
152: /*
153: * Initialise log buffers & pointers. Also iniialised the CRC to a local
154: * secret for use in calculating the "last log checksum".
155: */
156: void ipflog_init()
157: {
158: int i;
159:
160: for (i = IPL_LOGMAX; i >= 0; i--) {
161: iplt[i] = NULL;
162: iplh[i] = &iplt[i];
163: iplused[i] = 0;
164: }
165: # if defined(__FreeBSD__) && __FreeBSD_version >= 300000
166: read_random(&iplcrcinit, sizeof iplcrcinit);
167: # else
168: {
169: struct timeval tv;
170:
171: #if BSD >= 199306 || defined(__FreeBSD__) || defined(__sgi)
172: microtime(&tv);
173: # else
174: uniqtime(&tv);
175: # endif
176: iplcrcinit = tv.tv_sec ^ (tv.tv_usec << 8) ^ tv.tv_usec;
177: }
178: # endif
179: }
180:
181:
182: /*
183: * ipflog
184: * Create a log record for a packet given that it has been triggered by a
185: * rule (or the default setting). Calculate the transport protocol header
186: * size using predetermined size of a couple of popular protocols and thus
187: * how much data to copy into the log, including part of the data body if
188: * requested.
189: */
190: int ipflog(flags, ip, fin, m)
191: u_int flags;
192: ip_t *ip;
193: fr_info_t *fin;
194: mb_t *m;
195: {
196: ipflog_t ipfl;
197: register int mlen, hlen;
198: u_long crc;
199: size_t sizes[2];
200: void *ptrs[2];
201: int types[2];
202: # if SOLARIS
203: ill_t *ifp = fin->fin_ifp;
204: # else
205: struct ifnet *ifp = fin->fin_ifp;
206: # endif
207:
208: /*
209: * calculate header size.
210: */
211: hlen = fin->fin_hlen;
212: if (ip->ip_p == IPPROTO_TCP)
213: hlen += MIN(sizeof(tcphdr_t), fin->fin_dlen);
214: else if (ip->ip_p == IPPROTO_UDP)
215: hlen += MIN(sizeof(udphdr_t), fin->fin_dlen);
216: else if (ip->ip_p == IPPROTO_ICMP) {
217: struct icmp *icmp = (struct icmp *)((char *)ip + hlen);
218:
219: /*
220: * For ICMP, if the packet is an error packet, also include
221: * the information about the packet which caused the error.
222: */
223: switch (icmp->icmp_type)
224: {
225: case ICMP_UNREACH :
226: case ICMP_SOURCEQUENCH :
227: case ICMP_REDIRECT :
228: case ICMP_TIMXCEED :
229: case ICMP_PARAMPROB :
230: hlen += MIN(sizeof(struct icmp) + 8, fin->fin_dlen);
231: break;
232: default :
233: hlen += MIN(sizeof(struct icmp), fin->fin_dlen);
234: break;
235: }
236: }
237: /*
238: * Get the interface number and name to which this packet is
239: * currently associated.
240: */
241: # if SOLARIS
242: ipfl.fl_unit = (u_char)ifp->ill_ppa;
243: bcopy(ifp->ill_name, ipfl.fl_ifname, MIN(ifp->ill_name_length, 4));
244: mlen = (flags & FR_LOGBODY) ? MIN(msgdsize(m) - hlen, 128) : 0;
245: # else
246: # if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \
247: (defined(OpenBSD) && (OpenBSD >= 199603))
248: strncpy(ipfl.fl_ifname, ifp->if_xname, IFNAMSIZ);
249: # else
250: # ifndef linux
251: ipfl.fl_unit = (u_char)ifp->if_unit;
252: # endif
253: if ((ipfl.fl_ifname[0] = ifp->if_name[0]))
254: if ((ipfl.fl_ifname[1] = ifp->if_name[1]))
255: if ((ipfl.fl_ifname[2] = ifp->if_name[2]))
256: ipfl.fl_ifname[3] = ifp->if_name[3];
257: # endif
258: mlen = (flags & FR_LOGBODY) ? MIN(ip->ip_len - hlen, 128) : 0;
259: # endif
260: ipfl.fl_plen = (u_char)mlen;
261: ipfl.fl_hlen = (u_char)hlen;
262: ipfl.fl_rule = fin->fin_rule;
263: ipfl.fl_group = fin->fin_group;
264: ipfl.fl_flags = flags;
265: ptrs[0] = (void *)&ipfl;
266: sizes[0] = sizeof(ipfl);
267: types[0] = 0;
268: #if SOLARIS
269: /*
270: * Are we copied from the mblk or an aligned array ?
271: */
272: if (ip == (ip_t *)m->b_rptr) {
273: ptrs[1] = m;
274: sizes[1] = hlen + mlen;
275: types[1] = 1;
276: } else {
277: ptrs[1] = ip;
278: sizes[1] = hlen + mlen;
279: types[1] = 0;
280: }
281: #else
282: ptrs[1] = m;
283: sizes[1] = hlen + mlen;
284: types[1] = 1;
285: #endif
286: crc = (ipf_cksum((u_short *)fin, FI_CSIZE) << 8) + iplcrcinit;
287: return ipllog(IPL_LOGIPF, crc, ptrs, sizes, types, 2);
288: }
289:
290:
291: /*
292: * ipllog
293: */
294: int ipllog(dev, crc, items, itemsz, types, cnt)
295: int dev;
296: u_long crc;
297: void **items;
298: size_t *itemsz;
299: int *types, cnt;
300: {
301: iplog_t *ipl;
302: caddr_t buf, s;
303: int len, i;
304:
305: /*
306: * Check to see if this log record has a CRC which matches the last
307: * record logged. If it does, just up the count on the previous one
308: * rather than create a new one.
309: */
310: if (crc) {
311: MUTEX_ENTER(&ipl_mutex);
312: if ((iplcrc[dev] == crc) && *iplh[dev]) {
313: (*iplh[dev])->ipl_count++;
314: MUTEX_EXIT(&ipl_mutex);
315: return 1;
316: }
317: iplcrc[dev] = crc;
318: MUTEX_EXIT(&ipl_mutex);
319: }
320:
321: /*
322: * Get the total amount of data to be logged.
323: */
324: for (i = 0, len = sizeof(iplog_t); i < cnt; i++)
325: len += itemsz[i];
326:
327: /*
328: * check that we have space to record this information and can
329: * allocate that much.
330: */
331: KMALLOC(buf, caddr_t, len);
332: if (!buf)
333: return 0;
334: MUTEX_ENTER(&ipl_mutex);
335: if ((iplused[dev] + len) > IPLLOGSIZE) {
336: MUTEX_EXIT(&ipl_mutex);
337: KFREES(buf, len);
338: return 0;
339: }
340: iplused[dev] += len;
341: MUTEX_EXIT(&ipl_mutex);
342:
343: /*
344: * advance the log pointer to the next empty record and deduct the
345: * amount of space we're going to use.
346: */
347: ipl = (iplog_t *)buf;
348: ipl->ipl_magic = IPL_MAGIC;
349: ipl->ipl_count = 1;
350: ipl->ipl_next = NULL;
351: ipl->ipl_dsize = len;
352: # if SOLARIS || defined(sun) || defined(linux)
353: uniqtime((struct timeval *)&ipl->ipl_sec);
354: # else
355: # if BSD >= 199306 || defined(__FreeBSD__) || defined(__sgi)
356: microtime((struct timeval *)&ipl->ipl_sec);
357: # endif
358: # endif
359:
360: /*
361: * Loop through all the items to be logged, copying each one to the
362: * buffer. Use bcopy for normal data or the mb_t copyout routine.
363: */
364: for (i = 0, s = buf + sizeof(*ipl); i < cnt; i++) {
365: if (types[i] == 0)
366: bcopy(items[i], s, itemsz[i]);
367: else if (types[i] == 1) {
368: # if SOLARIS
369: copyout_mblk(items[i], 0, itemsz[i], s);
370: # else
371: m_copydata(items[i], 0, itemsz[i], s);
372: # endif
373: }
374: s += itemsz[i];
375: }
376: MUTEX_ENTER(&ipl_mutex);
377: *iplh[dev] = ipl;
378: iplh[dev] = &ipl->ipl_next;
379: # if SOLARIS
380: cv_signal(&iplwait);
381: mutex_exit(&ipl_mutex);
382: # else
383: MUTEX_EXIT(&ipl_mutex);
384: # ifdef linux
385: wake_up_interruptible(&iplwait[dev]);
386: # else
387: wakeup(&iplh[dev]);
388: # endif
389: # endif
390: return 1;
391: }
392:
393:
394: int ipflog_read(unit, uio)
395: int unit;
396: struct uio *uio;
397: {
398: iplog_t *ipl;
399: int error = 0, dlen, copied;
400: # if defined(_KERNEL) && !SOLARIS
401: int s;
402: # endif
403:
404: /*
405: * Sanity checks. Make sure the minor # is valid and we're copying
406: * a valid chunk of data.
407: */
408: if ((IPL_LOGMAX < unit) || (unit < 0))
409: return ENXIO;
410: if (!uio->uio_resid)
411: return 0;
412: if ((uio->uio_resid < sizeof(iplog_t)) ||
413: (uio->uio_resid > IPLLOGSIZE))
414: return EINVAL;
415:
416: /*
417: * Lock the log so we can snapshot the variables. Wait for a signal
418: * if the log is empty.
419: */
420: SPL_NET(s);
421: MUTEX_ENTER(&ipl_mutex);
422:
423: while (!iplused[unit] || !iplt[unit]) {
424: # if SOLARIS && defined(_KERNEL)
425: if (!cv_wait_sig(&iplwait, &ipl_mutex)) {
426: MUTEX_EXIT(&ipl_mutex);
427: return EINTR;
428: }
429: # else
430: # ifdef linux
431: interruptible_sleep_on(&iplwait[unit]);
432: if (current->signal & ~current->blocked)
433: return -EINTR;
434: # else
435: MUTEX_EXIT(&ipl_mutex);
436: SPL_X(s);
437: error = SLEEP(&iplh[unit], "ipl sleep");
438: if (error)
439: return error;
440: SPL_NET(s);
441: MUTEX_ENTER(&ipl_mutex);
442: # endif /* linux */
443: # endif /* SOLARIS */
444: }
445:
446: # if BSD >= 199306 || defined(__FreeBSD__)
447: uio->uio_rw = UIO_READ;
448: # endif
449:
450: for (copied = 0; (ipl = iplt[unit]); copied += dlen) {
451: dlen = ipl->ipl_dsize;
452: if (dlen + sizeof(iplog_t) > uio->uio_resid)
453: break;
454: /*
455: * Don't hold the mutex over the uiomove call.
456: */
457: iplt[unit] = ipl->ipl_next;
458: MUTEX_EXIT(&ipl_mutex);
459: SPL_X(s);
460: error = UIOMOVE((caddr_t)ipl, ipl->ipl_dsize, UIO_READ, uio);
461: KFREES((caddr_t)ipl, ipl->ipl_dsize);
462: if (error)
463: break;
464: SPL_NET(s);
465: MUTEX_ENTER(&ipl_mutex);
466: iplused[unit] -= dlen;
467: }
468: if (!ipl) {
469: iplused[unit] = 0;
470: iplh[unit] = &iplt[unit];
471: }
472:
473: if (!error) {
474: MUTEX_EXIT(&ipl_mutex);
475: SPL_X(s);
476: }
477: #ifdef linux
478: if (!error)
479: return copied;
480: return -error;
481: #else
482: return error;
483: #endif
484: }
485:
486:
487: int ipflog_clear(unit)
488: int unit;
489: {
490: iplog_t *ipl;
491: int used;
492:
493: while ((ipl = iplt[unit])) {
494: iplt[unit] = ipl->ipl_next;
495: KFREES((caddr_t)ipl, ipl->ipl_dsize);
496: }
497: iplh[unit] = &iplt[unit];
498: used = iplused[unit];
499: iplused[unit] = 0;
500: iplcrc[unit] = 0;
501: return used;
502: }
503: #endif /* IPFILTER_LOG */
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.