30e0c6a6be
This patch adds netns support to nf_log and it prepares netns support for existing loggers. It is composed of four major changes. 1) nf_log_register has been split to two functions: nf_log_register and nf_log_set. The new nf_log_register is used to globally register the nf_logger and nf_log_set is used for enabling pernet support from nf_loggers. Per netns is not yet complete after this patch, it comes in separate follow up patches. 2) Add net as a parameter of nf_log_bind_pf. Per netns is not yet complete after this patch, it only allows to bind the nf_logger to the protocol family from init_net and it skips other cases. 3) Adapt all nf_log_packet callers to pass netns as parameter. After this patch, this function only works for init_net. 4) Make the sysctl net/netfilter/nf_log pernet. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
74 lines
1.8 KiB
C
74 lines
1.8 KiB
C
/*
|
|
* ebt_nflog
|
|
*
|
|
* Author:
|
|
* Peter Warasin <peter@endian.com>
|
|
*
|
|
* February, 2008
|
|
*
|
|
* Based on:
|
|
* xt_NFLOG.c, (C) 2006 by Patrick McHardy <kaber@trash.net>
|
|
* ebt_ulog.c, (C) 2004 by Bart De Schuymer <bdschuym@pandora.be>
|
|
*
|
|
*/
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/spinlock.h>
|
|
#include <linux/netfilter/x_tables.h>
|
|
#include <linux/netfilter_bridge/ebtables.h>
|
|
#include <linux/netfilter_bridge/ebt_nflog.h>
|
|
#include <net/netfilter/nf_log.h>
|
|
|
|
static unsigned int
|
|
ebt_nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
|
|
{
|
|
const struct ebt_nflog_info *info = par->targinfo;
|
|
struct nf_loginfo li;
|
|
struct net *net = dev_net(par->in ? par->in : par->out);
|
|
|
|
li.type = NF_LOG_TYPE_ULOG;
|
|
li.u.ulog.copy_len = info->len;
|
|
li.u.ulog.group = info->group;
|
|
li.u.ulog.qthreshold = info->threshold;
|
|
|
|
nf_log_packet(net, PF_BRIDGE, par->hooknum, skb, par->in,
|
|
par->out, &li, "%s", info->prefix);
|
|
return EBT_CONTINUE;
|
|
}
|
|
|
|
static int ebt_nflog_tg_check(const struct xt_tgchk_param *par)
|
|
{
|
|
struct ebt_nflog_info *info = par->targinfo;
|
|
|
|
if (info->flags & ~EBT_NFLOG_MASK)
|
|
return -EINVAL;
|
|
info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0';
|
|
return 0;
|
|
}
|
|
|
|
static struct xt_target ebt_nflog_tg_reg __read_mostly = {
|
|
.name = "nflog",
|
|
.revision = 0,
|
|
.family = NFPROTO_BRIDGE,
|
|
.target = ebt_nflog_tg,
|
|
.checkentry = ebt_nflog_tg_check,
|
|
.targetsize = sizeof(struct ebt_nflog_info),
|
|
.me = THIS_MODULE,
|
|
};
|
|
|
|
static int __init ebt_nflog_init(void)
|
|
{
|
|
return xt_register_target(&ebt_nflog_tg_reg);
|
|
}
|
|
|
|
static void __exit ebt_nflog_fini(void)
|
|
{
|
|
xt_unregister_target(&ebt_nflog_tg_reg);
|
|
}
|
|
|
|
module_init(ebt_nflog_init);
|
|
module_exit(ebt_nflog_fini);
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_AUTHOR("Peter Warasin <peter@endian.com>");
|
|
MODULE_DESCRIPTION("ebtables NFLOG netfilter logging module");
|