netfilter: nf_log: prepare net namespace support for loggers (30e0c6a6) · Commits · e / devices / android_kernel_fairphone_FP3

include/net/netfilter/nf_log.h

+10 −4

Original line number	Original line	Diff line number	Diff line
	@@ -49,12 +49,18 @@ struct nf_logger {
	int nf_log_register(u_int8_t pf, struct nf_logger *logger);		int nf_log_register(u_int8_t pf, struct nf_logger *logger);
	void nf_log_unregister(struct nf_logger *logger);		void nf_log_unregister(struct nf_logger *logger);

	int nf_log_bind_pf(u_int8_t pf, const struct nf_logger *logger);		void nf_log_set(struct net *net, u_int8_t pf,
	void nf_log_unbind_pf(u_int8_t pf);		const struct nf_logger *logger);
			void nf_log_unset(struct net net, const struct nf_logger logger);

			int nf_log_bind_pf(struct net *net, u_int8_t pf,
			const struct nf_logger *logger);
			void nf_log_unbind_pf(struct net *net, u_int8_t pf);

	/* Calls the registered backend logging function */		/* Calls the registered backend logging function */
	__printf(7, 8)		__printf(8, 9)
	void nf_log_packet(u_int8_t pf,		void nf_log_packet(struct net *net,
			u_int8_t pf,
	unsigned int hooknum,		unsigned int hooknum,
	const struct sk_buff *skb,		const struct sk_buff *skb,
	const struct net_device *in,		const struct net_device *in,

+7 −0

Original line number	Original line	Diff line number	Diff line
	@@ -2,10 +2,17 @@
	#define __NETNS_NETFILTER_H		#define __NETNS_NETFILTER_H

	#include <linux/proc_fs.h>		#include <linux/proc_fs.h>
			#include <linux/netfilter.h>

			struct nf_logger;

	struct netns_nf {		struct netns_nf {
	#if defined CONFIG_PROC_FS		#if defined CONFIG_PROC_FS
	struct proc_dir_entry *proc_netfilter;		struct proc_dir_entry *proc_netfilter;
			#endif
			const struct nf_logger __rcu *nf_loggers[NFPROTO_NUMPROTO];
			#ifdef CONFIG_SYSCTL
			struct ctl_table_header *nf_log_dir_header;
	#endif		#endif
	};		};
	#endif		#endif

+4 −3

Original line number	Original line	Diff line number	Diff line
	@@ -176,14 +176,15 @@ ebt_log_tg(struct sk_buff skb, const struct xt_action_param par)
	{		{
	const struct ebt_log_info *info = par->targinfo;		const struct ebt_log_info *info = par->targinfo;
	struct nf_loginfo li;		struct nf_loginfo li;
			struct net *net = dev_net(par->in ? par->in : par->out);

	li.type = NF_LOG_TYPE_LOG;		li.type = NF_LOG_TYPE_LOG;
	li.u.log.level = info->loglevel;		li.u.log.level = info->loglevel;
	li.u.log.logflags = info->bitmask;		li.u.log.logflags = info->bitmask;

	if (info->bitmask & EBT_LOG_NFLOG)		if (info->bitmask & EBT_LOG_NFLOG)
	nf_log_packet(NFPROTO_BRIDGE, par->hooknum, skb, par->in,		nf_log_packet(net, NFPROTO_BRIDGE, par->hooknum, skb,
	par->out, &li, "%s", info->prefix);		par->in, par->out, &li, "%s", info->prefix);
	else		else
	ebt_log_packet(NFPROTO_BRIDGE, par->hooknum, skb, par->in,		ebt_log_packet(NFPROTO_BRIDGE, par->hooknum, skb, par->in,
	par->out, &li, info->prefix);		par->out, &li, info->prefix);

+3 −2

Original line number	Original line	Diff line number	Diff line
	@@ -24,14 +24,15 @@ ebt_nflog_tg(struct sk_buff skb, const struct xt_action_param par)
	{		{
	const struct ebt_nflog_info *info = par->targinfo;		const struct ebt_nflog_info *info = par->targinfo;
	struct nf_loginfo li;		struct nf_loginfo li;
			struct net *net = dev_net(par->in ? par->in : par->out);

	li.type = NF_LOG_TYPE_ULOG;		li.type = NF_LOG_TYPE_ULOG;
	li.u.ulog.copy_len = info->len;		li.u.ulog.copy_len = info->len;
	li.u.ulog.group = info->group;		li.u.ulog.group = info->group;
	li.u.ulog.qthreshold = info->threshold;		li.u.ulog.qthreshold = info->threshold;

	nf_log_packet(PF_BRIDGE, par->hooknum, skb, par->in, par->out,		nf_log_packet(net, PF_BRIDGE, par->hooknum, skb, par->in,
	&li, "%s", info->prefix);		par->out, &li, "%s", info->prefix);
	return EBT_CONTINUE;		return EBT_CONTINUE;
	}		}

+2 −1

Original line number	Original line	Diff line number	Diff line
	@@ -258,6 +258,7 @@ static void trace_packet(const struct sk_buff *skb,
	const char hookname, chainname, *comment;		const char hookname, chainname, *comment;
	const struct ipt_entry *iter;		const struct ipt_entry *iter;
	unsigned int rulenum = 0;		unsigned int rulenum = 0;
			struct net *net = dev_net(in ? in : out);

	table_base = private->entries[smp_processor_id()];		table_base = private->entries[smp_processor_id()];
	root = get_entry(table_base, private->hook_entry[hook]);		root = get_entry(table_base, private->hook_entry[hook]);
	@@ -270,7 +271,7 @@ static void trace_packet(const struct sk_buff *skb,
	&chainname, &comment, &rulenum) != 0)		&chainname, &comment, &rulenum) != 0)
	break;		break;

	nf_log_packet(AF_INET, hook, skb, in, out, &trace_loginfo,		nf_log_packet(net, AF_INET, hook, skb, in, out, &trace_loginfo,
	"TRACE: %s:%s:%s:%u ",		"TRACE: %s:%s:%s:%u ",
	tablename, chainname, comment, rulenum);		tablename, chainname, comment, rulenum);
	}		}