Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ca735b3a authored by Eric Leblond's avatar Eric Leblond Committed by Patrick McHardy
Browse files

netfilter: use a linked list of loggers 



This patch modifies nf_log to use a linked list of loggers for each
protocol. This list of loggers is read and write protected with a
mutex.

This patch separates registration and binding. To be used as
logging module, a module has to register calling nf_log_register()
and to bind to a protocol it has to call nf_log_bind_pf().
This patch also converts the logging modules to the new API. For nfnetlink_log,
it simply switchs call to register functions to call to bind function and
adds a call to nf_log_register() during init. For other modules, it just
remove a const flag from the logger structure and replace it with a
__read_mostly.

Signed-off-by: default avatarEric Leblond <eric@inl.fr>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 28337ff5

include/net/netfilter/nf_log.h

+8 −3
Original line number Diff line number Diff line 
#ifndef _NF_LOG_H

#define _NF_LOG_H



#include <linux/netfilter.h>



/* those NF_LOG_* defines and struct nf_loginfo are legacy definitios that will

 * disappear once iptables is replaced with pkttables.  Please DO NOT use them

 * for any new code! */
@@ -40,12 +42,15 @@ struct nf_logger { 
	struct module	*me;

	nf_logfn 	*logfn;

	char		*name;

	struct list_head	list[NFPROTO_NUMPROTO];

};



/* Function to register/unregister log function. */

int nf_log_register(u_int8_t pf, const struct nf_logger *logger);

void nf_log_unregister(const struct nf_logger *logger);

void nf_log_unregister_pf(u_int8_t pf);

int nf_log_register(u_int8_t pf, struct nf_logger *logger);

void nf_log_unregister(struct nf_logger *logger);



int nf_log_bind_pf(u_int8_t pf, const struct nf_logger *logger);

void nf_log_unbind_pf(u_int8_t pf);



/* Calls the registered backend logging function */

void nf_log_packet(u_int8_t pf,

net/ipv4/netfilter/ipt_LOG.c

+1 −1
Original line number Diff line number Diff line
@@ -464,7 +464,7 @@ static struct xt_target log_tg_reg __read_mostly = { 
	.me		= THIS_MODULE,

};



static const struct nf_logger ipt_log_logger ={

static struct nf_logger ipt_log_logger __read_mostly = {

	.name		= "ipt_LOG",

	.logfn		= &ipt_log_packet,

	.me		= THIS_MODULE,

net/ipv4/netfilter/ipt_ULOG.c

+1 −1
Original line number Diff line number Diff line
@@ -379,7 +379,7 @@ static struct xt_target ulog_tg_reg __read_mostly = { 
	.me		= THIS_MODULE,

};



static struct nf_logger ipt_ulog_logger = {

static struct nf_logger ipt_ulog_logger __read_mostly = {

	.name		= "ipt_ULOG",

	.logfn		= ipt_logfn,

	.me		= THIS_MODULE,

net/ipv6/netfilter/ip6t_LOG.c

+1 −1
Original line number Diff line number Diff line
@@ -477,7 +477,7 @@ static struct xt_target log_tg6_reg __read_mostly = { 
	.me 		= THIS_MODULE,

};



static const struct nf_logger ip6t_logger = {

static struct nf_logger ip6t_logger __read_mostly = {

	.name		= "ip6t_LOG",

	.logfn		= &ip6t_log_packet,

	.me		= THIS_MODULE,

net/netfilter/nf_log.c

+60 −30
Original line number Diff line number Diff line
@@ -16,56 +16,60 @@ 
#define NF_LOG_PREFIXLEN		128



static const struct nf_logger *nf_loggers[NFPROTO_NUMPROTO] __read_mostly;

static struct list_head nf_loggers_l[NFPROTO_NUMPROTO] __read_mostly;

static DEFINE_MUTEX(nf_log_mutex);



/* return EBUSY if somebody else is registered, EEXIST if the same logger

 * is registred, 0 on success. */

int nf_log_register(u_int8_t pf, const struct nf_logger *logger)

static struct nf_logger *__find_logger(int pf, const char *str_logger)

{

	int ret;

	struct nf_logger *t;



	list_for_each_entry(t, &nf_loggers_l[pf], list[pf]) {

		if (!strnicmp(str_logger, t->name, strlen(t->name)))

			return t;

	}



	return NULL;

}



/* return EEXIST if the same logger is registred, 0 on success. */

int nf_log_register(u_int8_t pf, struct nf_logger *logger)

{

	const struct nf_logger *llog;



	if (pf >= ARRAY_SIZE(nf_loggers))

		return -EINVAL;



	/* Any setup of logging members must be done before

	 * substituting pointer. */

	ret = mutex_lock_interruptible(&nf_log_mutex);

	if (ret < 0)

		return ret;

	mutex_lock(&nf_log_mutex);



	if (!nf_loggers[pf])

	if (pf == NFPROTO_UNSPEC) {

		int i;

		for (i = NFPROTO_UNSPEC; i < NFPROTO_NUMPROTO; i++)

			list_add_tail(&(logger->list[i]), &(nf_loggers_l[i]));

	} else {

		/* register at end of list to honor first register win */

		list_add_tail(&logger->list[pf], &nf_loggers_l[pf]);

		llog = rcu_dereference(nf_loggers[pf]);

		if (llog == NULL)

			rcu_assign_pointer(nf_loggers[pf], logger);

	else if (nf_loggers[pf] == logger)

		ret = -EEXIST;

	else

		ret = -EBUSY;



	mutex_unlock(&nf_log_mutex);

	return ret;

	}

EXPORT_SYMBOL(nf_log_register);



void nf_log_unregister_pf(u_int8_t pf)

{

	if (pf >= ARRAY_SIZE(nf_loggers))

		return;

	mutex_lock(&nf_log_mutex);

	rcu_assign_pointer(nf_loggers[pf], NULL);

	mutex_unlock(&nf_log_mutex);



	/* Give time to concurrent readers. */

	synchronize_rcu();

	return 0;

}

EXPORT_SYMBOL(nf_log_unregister_pf);

EXPORT_SYMBOL(nf_log_register);



void nf_log_unregister(const struct nf_logger *logger)

void nf_log_unregister(struct nf_logger *logger)

{

	const struct nf_logger *c_logger;

	int i;



	mutex_lock(&nf_log_mutex);

	for (i = 0; i < ARRAY_SIZE(nf_loggers); i++) {

		if (nf_loggers[i] == logger)

		c_logger = rcu_dereference(nf_loggers[i]);

		if (c_logger == logger)

			rcu_assign_pointer(nf_loggers[i], NULL);

		list_del(&logger->list[i]);

	}

	mutex_unlock(&nf_log_mutex);
@@ -73,6 +77,27 @@ void nf_log_unregister(const struct nf_logger *logger) 
}

EXPORT_SYMBOL(nf_log_unregister);



int nf_log_bind_pf(u_int8_t pf, const struct nf_logger *logger)

{

	mutex_lock(&nf_log_mutex);

	if (__find_logger(pf, logger->name) == NULL) {

		mutex_unlock(&nf_log_mutex);

		return -ENOENT;

	}

	rcu_assign_pointer(nf_loggers[pf], logger);

	mutex_unlock(&nf_log_mutex);

	return 0;

}

EXPORT_SYMBOL(nf_log_bind_pf);



void nf_log_unbind_pf(u_int8_t pf)

{

	mutex_lock(&nf_log_mutex);

	rcu_assign_pointer(nf_loggers[pf], NULL);

	mutex_unlock(&nf_log_mutex);

}

EXPORT_SYMBOL(nf_log_unbind_pf);



void nf_log_packet(u_int8_t pf,

		   unsigned int hooknum,

		   const struct sk_buff *skb,
@@ -163,10 +188,15 @@ static const struct file_operations nflog_file_ops = { 


int __init netfilter_log_init(void)

{

	int i;

#ifdef CONFIG_PROC_FS

	if (!proc_create("nf_log", S_IRUGO,

			 proc_net_netfilter, &nflog_file_ops))

		return -1;

#endif



	for (i = NFPROTO_UNSPEC; i < NFPROTO_NUMPROTO; i++)

		INIT_LIST_HEAD(&(nf_loggers_l[i]));



	return 0;

}