diff options
Diffstat (limited to 'net/netfilter/xt_LOG.c')
-rw-r--r-- | net/netfilter/xt_LOG.c | 39 |
1 files changed, 21 insertions, 18 deletions
diff --git a/net/netfilter/xt_LOG.c b/net/netfilter/xt_LOG.c index ff5f75fddb1..fa40096940a 100644 --- a/net/netfilter/xt_LOG.c +++ b/net/netfilter/xt_LOG.c | |||
@@ -145,6 +145,21 @@ static int dump_tcp_header(struct sbuff *m, const struct sk_buff *skb, | |||
145 | return 0; | 145 | return 0; |
146 | } | 146 | } |
147 | 147 | ||
148 | static void dump_sk_uid_gid(struct sbuff *m, struct sock *sk) | ||
149 | { | ||
150 | if (!sk || sk->sk_state == TCP_TIME_WAIT) | ||
151 | return; | ||
152 | |||
153 | read_lock_bh(&sk->sk_callback_lock); | ||
154 | if (sk->sk_socket && sk->sk_socket->file) { | ||
155 | const struct cred *cred = sk->sk_socket->file->f_cred; | ||
156 | sb_add(m, "UID=%u GID=%u ", | ||
157 | from_kuid_munged(&init_user_ns, cred->fsuid), | ||
158 | from_kgid_munged(&init_user_ns, cred->fsgid)); | ||
159 | } | ||
160 | read_unlock_bh(&sk->sk_callback_lock); | ||
161 | } | ||
162 | |||
148 | /* One level of recursion won't kill us */ | 163 | /* One level of recursion won't kill us */ |
149 | static void dump_ipv4_packet(struct sbuff *m, | 164 | static void dump_ipv4_packet(struct sbuff *m, |
150 | const struct nf_loginfo *info, | 165 | const struct nf_loginfo *info, |
@@ -361,14 +376,8 @@ static void dump_ipv4_packet(struct sbuff *m, | |||
361 | } | 376 | } |
362 | 377 | ||
363 | /* Max length: 15 "UID=4294967295 " */ | 378 | /* Max length: 15 "UID=4294967295 " */ |
364 | if ((logflags & XT_LOG_UID) && !iphoff && skb->sk) { | 379 | if ((logflags & XT_LOG_UID) && !iphoff) |
365 | read_lock_bh(&skb->sk->sk_callback_lock); | 380 | dump_sk_uid_gid(m, skb->sk); |
366 | if (skb->sk->sk_socket && skb->sk->sk_socket->file) | ||
367 | sb_add(m, "UID=%u GID=%u ", | ||
368 | skb->sk->sk_socket->file->f_cred->fsuid, | ||
369 | skb->sk->sk_socket->file->f_cred->fsgid); | ||
370 | read_unlock_bh(&skb->sk->sk_callback_lock); | ||
371 | } | ||
372 | 381 | ||
373 | /* Max length: 16 "MARK=0xFFFFFFFF " */ | 382 | /* Max length: 16 "MARK=0xFFFFFFFF " */ |
374 | if (!iphoff && skb->mark) | 383 | if (!iphoff && skb->mark) |
@@ -436,8 +445,8 @@ log_packet_common(struct sbuff *m, | |||
436 | const struct nf_loginfo *loginfo, | 445 | const struct nf_loginfo *loginfo, |
437 | const char *prefix) | 446 | const char *prefix) |
438 | { | 447 | { |
439 | sb_add(m, "<%d>%sIN=%s OUT=%s ", loginfo->u.log.level, | 448 | sb_add(m, KERN_SOH "%c%sIN=%s OUT=%s ", |
440 | prefix, | 449 | '0' + loginfo->u.log.level, prefix, |
441 | in ? in->name : "", | 450 | in ? in->name : "", |
442 | out ? out->name : ""); | 451 | out ? out->name : ""); |
443 | #ifdef CONFIG_BRIDGE_NETFILTER | 452 | #ifdef CONFIG_BRIDGE_NETFILTER |
@@ -717,14 +726,8 @@ static void dump_ipv6_packet(struct sbuff *m, | |||
717 | } | 726 | } |
718 | 727 | ||
719 | /* Max length: 15 "UID=4294967295 " */ | 728 | /* Max length: 15 "UID=4294967295 " */ |
720 | if ((logflags & XT_LOG_UID) && recurse && skb->sk) { | 729 | if ((logflags & XT_LOG_UID) && recurse) |
721 | read_lock_bh(&skb->sk->sk_callback_lock); | 730 | dump_sk_uid_gid(m, skb->sk); |
722 | if (skb->sk->sk_socket && skb->sk->sk_socket->file) | ||
723 | sb_add(m, "UID=%u GID=%u ", | ||
724 | skb->sk->sk_socket->file->f_cred->fsuid, | ||
725 | skb->sk->sk_socket->file->f_cred->fsgid); | ||
726 | read_unlock_bh(&skb->sk->sk_callback_lock); | ||
727 | } | ||
728 | 731 | ||
729 | /* Max length: 16 "MARK=0xFFFFFFFF " */ | 732 | /* Max length: 16 "MARK=0xFFFFFFFF " */ |
730 | if (!recurse && skb->mark) | 733 | if (!recurse && skb->mark) |