ebtables日志nflog
生活随笔
收集整理的這篇文章主要介紹了
ebtables日志nflog
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
內核由函數ebt_nflog_init注冊nflog目標,即結構ebt_nflog_tg_reg。
static struct xt_target ebt_nflog_tg_reg __read_mostly = {.name = "nflog",.revision = 0,.family = NFPROTO_BRIDGE,.target = ebt_nflog_tg,.checkentry = ebt_nflog_tg_check,.targetsize = sizeof(struct ebt_nflog_info),.me = THIS_MODULE, }; static int __init ebt_nflog_init(void) {return xt_register_target(&ebt_nflog_tg_reg); }函數ebt_nflog_tg_check對于配置參數進行必要的合法性檢查,確保日志前綴字符串的結束符,最長63字節(EBT_NFLOG_PREFIX_SIZE=64)。
static int ebt_nflog_tg_check(const struct xt_tgchk_param *par) {struct ebt_nflog_info *info = par->targinfo;if (info->flags & ~EBT_NFLOG_MASK)return -EINVAL;info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0';return 0; }對于匹配的報文,由ebt_log_packet函數輸出報文信息。
static unsigned int ebt_nflog_tg(struct sk_buff *skb, const struct xt_action_param *par) {const struct ebt_nflog_info *info = par->targinfo;struct net *net = xt_net(par);struct nf_loginfo li;li.type = NF_LOG_TYPE_ULOG;li.u.ulog.copy_len = info->len;li.u.ulog.group = info->group;li.u.ulog.qthreshold = info->threshold;li.u.ulog.flags = 0;nf_log_packet(net, PF_BRIDGE, xt_hooknum(par), skb, xt_in(par),xt_out(par), &li, "%s", info->prefix);return EBT_CONTINUE;日志配置
如下配置網橋,和ebtables規則nflog。
# ip link add br0 type bridge # ip link set dev br0 up # ip link set dev ens33 master br0 # ip addr add dev br0 192.168.3.143/24 # # ebtables -A INPUT --nflog-group 32 --nflog-prefix NFLOG-FW --nflog-threshold 200 # # ebtables -L Bridge table: filterBridge chain: INPUT, entries: 1, policy: ACCEPT --nflog-prefix "NFLOG-FW" --nflog-group 32 --nflog-threshold 200 -j CONTINUE如下加載了ebt_nflog模塊。
# lsmod | grep log ebt_nflog 16384 1 nfnetlink_log 20480 1 nfnetlink 20480 4 nft_compat,nf_tables,nfnetlink_log x_tables 49152 4 nft_compat,ip_tables,ebt_nflog # # sysctl -a | grep nf_log net.netfilter.nf_log.0 = NONE net.netfilter.nf_log.1 = NONE net.netfilter.nf_log.10 = nfnetlink_log net.netfilter.nf_log.11 = NONE net.netfilter.nf_log.12 = NONE net.netfilter.nf_log.2 = nfnetlink_log net.netfilter.nf_log.3 = NONE net.netfilter.nf_log.4 = NONE net.netfilter.nf_log.5 = NONE net.netfilter.nf_log.6 = NONE net.netfilter.nf_log.7 = nfnetlink_log net.netfilter.nf_log.8 = NONE net.netfilter.nf_log.9 = NONE net.netfilter.nf_log_all_netns = 0配置ulogd,將NFLOG的group修改為32,與以上配置的ebtables規則中的nflog_group相同。
# cat /etc/ulogd.conf # this is a stack for logging packet send by system via LOGEMU stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU[log1] # netlink multicast group (the same as the iptables --nflog-group param) # Group O is used by the kernel to log connection tracking invalid message group=32重啟ulogd:
# service ulogd restart日志顯示如下,包括ARP、ICMP、ICMPv6和UDP協議日志:
# tail -f /var/log/ulog/syslogemu.log Feb 20 02:22:46 localhost NFLOG-FW IN=br0 OUT= MAC=00:0c:29:e6:3f:62:00:0c:29:ea:2e:27:08:06 SRC=54.99.97.56 DST=64.99.97.56 PROTO=ARP REPLY REPLY_MAC=00:0c:29:ea:2e:27 MARK=0 Feb 20 02:22:46 localhost NFLOG-FW IN=br0 OUT= MAC=00:0c:29:e6:3f:62:00:0c:29:ea:2e:27:08:00 SRC=192.168.3.137 DST=192.168.3.139 LEN=84 TOS=00 PREC=0x00 TTL=64 ID=51721 DF PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=1394 MARK=0 Feb 20 03:51:15 localhost NFLOG-FW IN=br0 OUT= MAC=33:33:ff:ea:2e:27:fc:87:43:ad:1e:3d:86:dd SRC=fe80::1 DST=ff02::1:ffea:2e27 LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0 MARK=0 Feb 20 03:51:15 localhost NFLOG-FW IN=br0 OUT= MAC=ff:ff:ff:ff:ff:ff:54:a7:03:16:55:c2:08:00 SRC=192.168.3.123 DST=192.168.3.255 LEN=147 TOS=00 PREC=0x00 TTL=64 ID=44822 PROTO=UDP SPT=1024 DPT=5001 LEN=127 MARK=0內核版本 5.10
總結
以上是生活随笔為你收集整理的ebtables日志nflog的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 身心灵觉醒视频汇总【建议收藏】
- 下一篇: Epicor排程