netfilter: nf_log: prepare net namespace support for loggers

This patch adds netns support to nf_log and it prepares netns support for existing loggers. It is composed of four major changes. 1) nf_log_register has been split to two functions: nf_log_register and nf_log_set. The new nf_log_register is used to globally register the nf_logger and nf_log_set is used for enabling pernet support from nf_loggers. Per netns is not yet complete after this patch, it comes in separate follow up patches. 2) Add net as a parameter of nf_log_bind_pf. Per netns is not yet complete after this patch, it only allows to bind the nf_logger to the protocol family from init_net and it skips other cases. 3) Adapt all nf_log_packet callers to pass netns as parameter. After this patch, this function only works for init_net. 4) Make the sysctl net/netfilter/nf_log pernet. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Gao feng <gaofeng@cn.fujitsu.com> 2013-03-24 19:50:40 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-04-05 14:12:54 -0400
commit: 30e0c6a6bee24db0166b7ca709277cd693e179f2 (patch)
tree: 264a13fcbf0d76de9e1b3f076ac7f8b045c6c5d5 /net/bridge
parent: f3c1a44a2208d14b061ad665d9549c9b321f38e5 (diff)
2 files changed, 7 insertions, 5 deletions
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index 92de5e5f9db2..08e5ea5ec4ed 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -176,17 +176,18 @@ ebt_log_tg(struct sk_buff *skb, const struct xt_action_param *par)
 {
        const struct ebt_log_info *info = par->targinfo;
        struct nf_loginfo li;
+        struct net *net = dev_net(par->in ? par->in : par->out);
        li.type = NF_LOG_TYPE_LOG;
        li.u.log.level = info->loglevel;
        li.u.log.logflags = info->bitmask;
        if (info->bitmask & EBT_LOG_NFLOG)
-                nf_log_packet(NFPROTO_BRIDGE, par->hooknum, skb, par->in,
+                nf_log_packet(net, NFPROTO_BRIDGE, par->hooknum, skb,
-                              par->out, &li, "%s", info->prefix);
+                              par->in, par->out, &li, "%s", info->prefix);
        else
                ebt_log_packet(NFPROTO_BRIDGE, par->hooknum, skb, par->in,
-                               par->out, &li, info->prefix);
+                               par->out, &li, info->prefix);
        return EBT_CONTINUE;
 }
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c
index 5be68bbcc341..59ac7952010d 100644
--- a/net/bridge/netfilter/ebt_nflog.c
+++ b/net/bridge/netfilter/ebt_nflog.c
@@ -24,14 +24,15 @@ ebt_nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
 {
        const struct ebt_nflog_info *info = par->targinfo;
        struct nf_loginfo li;
+        struct net *net = dev_net(par->in ? par->in : par->out);
        li.type = NF_LOG_TYPE_ULOG;
        li.u.ulog.copy_len = info->len;
        li.u.ulog.group = info->group;
        li.u.ulog.qthreshold = info->threshold;
-        nf_log_packet(PF_BRIDGE, par->hooknum, skb, par->in, par->out,
+        nf_log_packet(net, PF_BRIDGE, par->hooknum, skb, par->in,
-                      &li, "%s", info->prefix);
+                      par->out, &li, "%s", info->prefix);
        return EBT_CONTINUE;
 }
author	Gao feng <gaofeng@cn.fujitsu.com>	2013-03-24 19:50:40 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-04-05 14:12:54 -0400
commit	30e0c6a6bee24db0166b7ca709277cd693e179f2 (patch)
tree	264a13fcbf0d76de9e1b3f076ac7f8b045c6c5d5 /net/bridge
parent	f3c1a44a2208d14b061ad665d9549c9b321f38e5 (diff)