diff options
| -rw-r--r-- | include/net/netfilter/nf_log.h | 10 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 6 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 6 | ||||
| -rw-r--r-- | net/netfilter/nf_log.c | 24 | ||||
| -rw-r--r-- | net/netfilter/nf_tables_core.c | 8 |
5 files changed, 44 insertions, 10 deletions
diff --git a/include/net/netfilter/nf_log.h b/include/net/netfilter/nf_log.h index 534e1f2ac4fc..57639fca223a 100644 --- a/include/net/netfilter/nf_log.h +++ b/include/net/netfilter/nf_log.h | |||
| @@ -79,6 +79,16 @@ void nf_log_packet(struct net *net, | |||
| 79 | const struct nf_loginfo *li, | 79 | const struct nf_loginfo *li, |
| 80 | const char *fmt, ...); | 80 | const char *fmt, ...); |
| 81 | 81 | ||
| 82 | __printf(8, 9) | ||
| 83 | void nf_log_trace(struct net *net, | ||
| 84 | u_int8_t pf, | ||
| 85 | unsigned int hooknum, | ||
| 86 | const struct sk_buff *skb, | ||
| 87 | const struct net_device *in, | ||
| 88 | const struct net_device *out, | ||
| 89 | const struct nf_loginfo *li, | ||
| 90 | const char *fmt, ...); | ||
| 91 | |||
| 82 | struct nf_log_buf; | 92 | struct nf_log_buf; |
| 83 | 93 | ||
| 84 | struct nf_log_buf *nf_log_buf_open(void); | 94 | struct nf_log_buf *nf_log_buf_open(void); |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 99e810f84671..cf5e82f39d3b 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -272,9 +272,9 @@ static void trace_packet(const struct sk_buff *skb, | |||
| 272 | &chainname, &comment, &rulenum) != 0) | 272 | &chainname, &comment, &rulenum) != 0) |
| 273 | break; | 273 | break; |
| 274 | 274 | ||
| 275 | nf_log_packet(net, AF_INET, hook, skb, in, out, &trace_loginfo, | 275 | nf_log_trace(net, AF_INET, hook, skb, in, out, &trace_loginfo, |
| 276 | "TRACE: %s:%s:%s:%u ", | 276 | "TRACE: %s:%s:%s:%u ", |
| 277 | tablename, chainname, comment, rulenum); | 277 | tablename, chainname, comment, rulenum); |
| 278 | } | 278 | } |
| 279 | #endif | 279 | #endif |
| 280 | 280 | ||
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index e080fbbbc0e5..bb00c6f2a885 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -298,9 +298,9 @@ static void trace_packet(const struct sk_buff *skb, | |||
| 298 | &chainname, &comment, &rulenum) != 0) | 298 | &chainname, &comment, &rulenum) != 0) |
| 299 | break; | 299 | break; |
| 300 | 300 | ||
| 301 | nf_log_packet(net, AF_INET6, hook, skb, in, out, &trace_loginfo, | 301 | nf_log_trace(net, AF_INET6, hook, skb, in, out, &trace_loginfo, |
| 302 | "TRACE: %s:%s:%s:%u ", | 302 | "TRACE: %s:%s:%s:%u ", |
| 303 | tablename, chainname, comment, rulenum); | 303 | tablename, chainname, comment, rulenum); |
| 304 | } | 304 | } |
| 305 | #endif | 305 | #endif |
| 306 | 306 | ||
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c index 0d8448f19dfe..675d12c69e32 100644 --- a/net/netfilter/nf_log.c +++ b/net/netfilter/nf_log.c | |||
| @@ -212,6 +212,30 @@ void nf_log_packet(struct net *net, | |||
| 212 | } | 212 | } |
| 213 | EXPORT_SYMBOL(nf_log_packet); | 213 | EXPORT_SYMBOL(nf_log_packet); |
| 214 | 214 | ||
| 215 | void nf_log_trace(struct net *net, | ||
| 216 | u_int8_t pf, | ||
| 217 | unsigned int hooknum, | ||
| 218 | const struct sk_buff *skb, | ||
| 219 | const struct net_device *in, | ||
| 220 | const struct net_device *out, | ||
| 221 | const struct nf_loginfo *loginfo, const char *fmt, ...) | ||
| 222 | { | ||
| 223 | va_list args; | ||
| 224 | char prefix[NF_LOG_PREFIXLEN]; | ||
| 225 | const struct nf_logger *logger; | ||
| 226 | |||
| 227 | rcu_read_lock(); | ||
| 228 | logger = rcu_dereference(net->nf.nf_loggers[pf]); | ||
| 229 | if (logger) { | ||
| 230 | va_start(args, fmt); | ||
| 231 | vsnprintf(prefix, sizeof(prefix), fmt, args); | ||
| 232 | va_end(args); | ||
| 233 | logger->logfn(net, pf, hooknum, skb, in, out, loginfo, prefix); | ||
| 234 | } | ||
| 235 | rcu_read_unlock(); | ||
| 236 | } | ||
| 237 | EXPORT_SYMBOL(nf_log_trace); | ||
| 238 | |||
| 215 | #define S_SIZE (1024 - (sizeof(unsigned int) + 1)) | 239 | #define S_SIZE (1024 - (sizeof(unsigned int) + 1)) |
| 216 | 240 | ||
| 217 | struct nf_log_buf { | 241 | struct nf_log_buf { |
diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c index 3b90eb2b2c55..2d298dccb6dd 100644 --- a/net/netfilter/nf_tables_core.c +++ b/net/netfilter/nf_tables_core.c | |||
| @@ -94,10 +94,10 @@ static void nft_trace_packet(const struct nft_pktinfo *pkt, | |||
| 94 | { | 94 | { |
| 95 | struct net *net = dev_net(pkt->in ? pkt->in : pkt->out); | 95 | struct net *net = dev_net(pkt->in ? pkt->in : pkt->out); |
| 96 | 96 | ||
| 97 | nf_log_packet(net, pkt->xt.family, pkt->ops->hooknum, pkt->skb, pkt->in, | 97 | nf_log_trace(net, pkt->xt.family, pkt->ops->hooknum, pkt->skb, pkt->in, |
| 98 | pkt->out, &trace_loginfo, "TRACE: %s:%s:%s:%u ", | 98 | pkt->out, &trace_loginfo, "TRACE: %s:%s:%s:%u ", |
| 99 | chain->table->name, chain->name, comments[type], | 99 | chain->table->name, chain->name, comments[type], |
| 100 | rulenum); | 100 | rulenum); |
| 101 | } | 101 | } |
| 102 | 102 | ||
| 103 | unsigned int | 103 | unsigned int |