diff options
Diffstat (limited to 'net/netfilter/xt_LOG.c')
| -rw-r--r-- | net/netfilter/xt_LOG.c | 39 |
1 files changed, 21 insertions, 18 deletions
diff --git a/net/netfilter/xt_LOG.c b/net/netfilter/xt_LOG.c index ff5f75fddb1..fa40096940a 100644 --- a/net/netfilter/xt_LOG.c +++ b/net/netfilter/xt_LOG.c | |||
| @@ -145,6 +145,21 @@ static int dump_tcp_header(struct sbuff *m, const struct sk_buff *skb, | |||
| 145 | return 0; | 145 | return 0; |
| 146 | } | 146 | } |
| 147 | 147 | ||
| 148 | static void dump_sk_uid_gid(struct sbuff *m, struct sock *sk) | ||
| 149 | { | ||
| 150 | if (!sk || sk->sk_state == TCP_TIME_WAIT) | ||
| 151 | return; | ||
| 152 | |||
| 153 | read_lock_bh(&sk->sk_callback_lock); | ||
| 154 | if (sk->sk_socket && sk->sk_socket->file) { | ||
| 155 | const struct cred *cred = sk->sk_socket->file->f_cred; | ||
| 156 | sb_add(m, "UID=%u GID=%u ", | ||
| 157 | from_kuid_munged(&init_user_ns, cred->fsuid), | ||
| 158 | from_kgid_munged(&init_user_ns, cred->fsgid)); | ||
| 159 | } | ||
| 160 | read_unlock_bh(&sk->sk_callback_lock); | ||
| 161 | } | ||
| 162 | |||
| 148 | /* One level of recursion won't kill us */ | 163 | /* One level of recursion won't kill us */ |
| 149 | static void dump_ipv4_packet(struct sbuff *m, | 164 | static void dump_ipv4_packet(struct sbuff *m, |
| 150 | const struct nf_loginfo *info, | 165 | const struct nf_loginfo *info, |
| @@ -361,14 +376,8 @@ static void dump_ipv4_packet(struct sbuff *m, | |||
| 361 | } | 376 | } |
| 362 | 377 | ||
| 363 | /* Max length: 15 "UID=4294967295 " */ | 378 | /* Max length: 15 "UID=4294967295 " */ |
| 364 | if ((logflags & XT_LOG_UID) && !iphoff && skb->sk) { | 379 | if ((logflags & XT_LOG_UID) && !iphoff) |
| 365 | read_lock_bh(&skb->sk->sk_callback_lock); | 380 | dump_sk_uid_gid(m, skb->sk); |
| 366 | if (skb->sk->sk_socket && skb->sk->sk_socket->file) | ||
| 367 | sb_add(m, "UID=%u GID=%u ", | ||
| 368 | skb->sk->sk_socket->file->f_cred->fsuid, | ||
| 369 | skb->sk->sk_socket->file->f_cred->fsgid); | ||
| 370 | read_unlock_bh(&skb->sk->sk_callback_lock); | ||
| 371 | } | ||
| 372 | 381 | ||
| 373 | /* Max length: 16 "MARK=0xFFFFFFFF " */ | 382 | /* Max length: 16 "MARK=0xFFFFFFFF " */ |
| 374 | if (!iphoff && skb->mark) | 383 | if (!iphoff && skb->mark) |
| @@ -436,8 +445,8 @@ log_packet_common(struct sbuff *m, | |||
| 436 | const struct nf_loginfo *loginfo, | 445 | const struct nf_loginfo *loginfo, |
| 437 | const char *prefix) | 446 | const char *prefix) |
| 438 | { | 447 | { |
| 439 | sb_add(m, "<%d>%sIN=%s OUT=%s ", loginfo->u.log.level, | 448 | sb_add(m, KERN_SOH "%c%sIN=%s OUT=%s ", |
| 440 | prefix, | 449 | '0' + loginfo->u.log.level, prefix, |
| 441 | in ? in->name : "", | 450 | in ? in->name : "", |
| 442 | out ? out->name : ""); | 451 | out ? out->name : ""); |
| 443 | #ifdef CONFIG_BRIDGE_NETFILTER | 452 | #ifdef CONFIG_BRIDGE_NETFILTER |
| @@ -717,14 +726,8 @@ static void dump_ipv6_packet(struct sbuff *m, | |||
| 717 | } | 726 | } |
| 718 | 727 | ||
| 719 | /* Max length: 15 "UID=4294967295 " */ | 728 | /* Max length: 15 "UID=4294967295 " */ |
| 720 | if ((logflags & XT_LOG_UID) && recurse && skb->sk) { | 729 | if ((logflags & XT_LOG_UID) && recurse) |
| 721 | read_lock_bh(&skb->sk->sk_callback_lock); | 730 | dump_sk_uid_gid(m, skb->sk); |
| 722 | if (skb->sk->sk_socket && skb->sk->sk_socket->file) | ||
| 723 | sb_add(m, "UID=%u GID=%u ", | ||
| 724 | skb->sk->sk_socket->file->f_cred->fsuid, | ||
| 725 | skb->sk->sk_socket->file->f_cred->fsgid); | ||
| 726 | read_unlock_bh(&skb->sk->sk_callback_lock); | ||
| 727 | } | ||
| 728 | 731 | ||
| 729 | /* Max length: 16 "MARK=0xFFFFFFFF " */ | 732 | /* Max length: 16 "MARK=0xFFFFFFFF " */ |
| 730 | if (!recurse && skb->mark) | 733 | if (!recurse && skb->mark) |