From 5ba73493b0801e506fbbd344d259364e67faabb6 Mon Sep 17 00:00:00 2001 From: Bart De Schuymer Date: Sun, 1 Jun 2003 17:14:02 +0000 Subject: update to 2.5.70 --- kernel/linux2.5/net/bridge/netfilter/ebt_log.c | 95 ++++++++++++++++++++------ 1 file changed, 76 insertions(+), 19 deletions(-) (limited to 'kernel/linux2.5/net/bridge/netfilter/ebt_log.c') diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_log.c b/kernel/linux2.5/net/bridge/netfilter/ebt_log.c index cdb8449..e7a3ef4 100644 --- a/kernel/linux2.5/net/bridge/netfilter/ebt_log.c +++ b/kernel/linux2.5/net/bridge/netfilter/ebt_log.c @@ -32,48 +32,105 @@ static int ebt_log_check(const char *tablename, unsigned int hookmask, return 0; } +struct tcpudphdr +{ + uint16_t src; + uint16_t dst; +}; + +struct arppayload +{ + unsigned char mac_src[ETH_ALEN]; + unsigned char ip_src[4]; + unsigned char mac_dst[ETH_ALEN]; + unsigned char ip_dst[4]; +}; + +static void print_MAC(unsigned char *p) +{ + int i; + + for (i = 0; i < ETH_ALEN; i++, p++) + printk("%02x%c", *p, i == ETH_ALEN - 1 ? ' ':':'); +} + +#define myNIPQUAD(a) a[0], a[1], a[2], a[3] static void ebt_log(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const void *data, unsigned int datalen) { struct ebt_log_info *info = (struct ebt_log_info *)data; char level_string[4] = "< >"; - level_string[1] = '0' + info->loglevel; + union {struct iphdr iph; struct tcpudphdr ports; + struct arphdr arph; struct arppayload arpp;} u; + level_string[1] = '0' + info->loglevel; spin_lock_bh(&ebt_log_lock); printk(level_string); printk("%s IN=%s OUT=%s ", info->prefix, in ? in->name : "", out ? out->name : ""); - if (skb->dev->hard_header_len) { - int i; - unsigned char *p = (skb->mac.ethernet)->h_source; - - printk("MAC source = "); - for (i = 0; i < ETH_ALEN; i++,p++) - printk("%02x%c", *p, i == ETH_ALEN - 1 ? ' ':':'); - printk("MAC dest = "); - p = (skb->mac.ethernet)->h_dest; - for (i = 0; i < ETH_ALEN; i++,p++) - printk("%02x%c", *p, i == ETH_ALEN - 1 ? ' ':':'); - } + printk("MAC source = "); + print_MAC((skb->mac.ethernet)->h_source); + printk("MAC dest = "); + print_MAC((skb->mac.ethernet)->h_dest); + printk("proto = 0x%04x", ntohs(((*skb).mac.ethernet)->h_proto)); if ((info->bitmask & EBT_LOG_IP) && skb->mac.ethernet->h_proto == htons(ETH_P_IP)){ - struct iphdr *iph = skb->nh.iph; + if (skb_copy_bits(skb, 0, &u.iph, sizeof(u.iph))) { + printk(" INCOMPLETE IP header"); + goto out; + } printk(" IP SRC=%u.%u.%u.%u IP DST=%u.%u.%u.%u,", - NIPQUAD(iph->saddr), NIPQUAD(iph->daddr)); - printk(" IP tos=0x%02X, IP proto=%d", iph->tos, iph->protocol); + NIPQUAD(u.iph.saddr), NIPQUAD(u.iph.daddr)); + printk(" IP tos=0x%02X, IP proto=%d", u.iph.tos, + u.iph.protocol); + if (u.iph.protocol == IPPROTO_TCP || + u.iph.protocol == IPPROTO_UDP) { + if (skb_copy_bits(skb, u.iph.ihl*4, &u.ports, + sizeof(u.ports))) { + printk(" INCOMPLETE TCP/UDP header"); + goto out; + } + printk(" SPT=%u DPT=%u", ntohs(u.ports.src), + ntohs(u.ports.dst)); + } + goto out; } if ((info->bitmask & EBT_LOG_ARP) && ((skb->mac.ethernet->h_proto == __constant_htons(ETH_P_ARP)) || (skb->mac.ethernet->h_proto == __constant_htons(ETH_P_RARP)))) { - struct arphdr * arph = skb->nh.arph; + if (skb_copy_bits(skb, 0, &u.arph, sizeof(u.arph))) { + printk(" INCOMPLETE ARP header"); + goto out; + } printk(" ARP HTYPE=%d, PTYPE=0x%04x, OPCODE=%d", - ntohs(arph->ar_hrd), ntohs(arph->ar_pro), - ntohs(arph->ar_op)); + ntohs(u.arph.ar_hrd), ntohs(u.arph.ar_pro), + ntohs(u.arph.ar_op)); + + /* If it's for Ethernet and the lengths are OK, + * then log the ARP payload */ + if (u.arph.ar_hrd == __constant_htons(1) && + u.arph.ar_hln == ETH_ALEN && + u.arph.ar_pln == sizeof(uint32_t)) { + if (skb_copy_bits(skb, sizeof(u.arph), &u.arpp, + sizeof(u.arpp))) { + printk(" INCOMPLETE ARP payload"); + goto out; + } + printk(" ARP MAC SRC="); + print_MAC(u.arpp.mac_src); + printk(" ARP IP SRC=%u.%u.%u.%u", + myNIPQUAD(u.arpp.ip_src)); + printk(" ARP MAC DST="); + print_MAC(u.arpp.mac_dst); + printk(" ARP IP DST=%u.%u.%u.%u", + myNIPQUAD(u.arpp.ip_dst)); + } } +out: printk("\n"); spin_unlock_bh(&ebt_log_lock); } -- cgit v1.2.3