diff options
-rw-r--r-- | net/netfilter/xt_LOG.c | 52 |
1 files changed, 49 insertions, 3 deletions
diff --git a/net/netfilter/xt_LOG.c b/net/netfilter/xt_LOG.c index fa40096940a1..fe573f6c9e91 100644 --- a/net/netfilter/xt_LOG.c +++ b/net/netfilter/xt_LOG.c | |||
@@ -474,7 +474,14 @@ ipt_log_packet(u_int8_t pf, | |||
474 | const struct nf_loginfo *loginfo, | 474 | const struct nf_loginfo *loginfo, |
475 | const char *prefix) | 475 | const char *prefix) |
476 | { | 476 | { |
477 | struct sbuff *m = sb_open(); | 477 | struct sbuff *m; |
478 | struct net *net = dev_net(in ? in : out); | ||
479 | |||
480 | /* FIXME: Disabled from containers until syslog ns is supported */ | ||
481 | if (!net_eq(net, &init_net)) | ||
482 | return; | ||
483 | |||
484 | m = sb_open(); | ||
478 | 485 | ||
479 | if (!loginfo) | 486 | if (!loginfo) |
480 | loginfo = &default_loginfo; | 487 | loginfo = &default_loginfo; |
@@ -798,7 +805,14 @@ ip6t_log_packet(u_int8_t pf, | |||
798 | const struct nf_loginfo *loginfo, | 805 | const struct nf_loginfo *loginfo, |
799 | const char *prefix) | 806 | const char *prefix) |
800 | { | 807 | { |
801 | struct sbuff *m = sb_open(); | 808 | struct sbuff *m; |
809 | struct net *net = dev_net(in ? in : out); | ||
810 | |||
811 | /* FIXME: Disabled from containers until syslog ns is supported */ | ||
812 | if (!net_eq(net, &init_net)) | ||
813 | return; | ||
814 | |||
815 | m = sb_open(); | ||
802 | 816 | ||
803 | if (!loginfo) | 817 | if (!loginfo) |
804 | loginfo = &default_loginfo; | 818 | loginfo = &default_loginfo; |
@@ -893,23 +907,55 @@ static struct nf_logger ip6t_log_logger __read_mostly = { | |||
893 | }; | 907 | }; |
894 | #endif | 908 | #endif |
895 | 909 | ||
910 | static int __net_init log_net_init(struct net *net) | ||
911 | { | ||
912 | nf_log_set(net, NFPROTO_IPV4, &ipt_log_logger); | ||
913 | #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) | ||
914 | nf_log_set(net, NFPROTO_IPV6, &ip6t_log_logger); | ||
915 | #endif | ||
916 | return 0; | ||
917 | } | ||
918 | |||
919 | static void __net_exit log_net_exit(struct net *net) | ||
920 | { | ||
921 | nf_log_unset(net, &ipt_log_logger); | ||
922 | #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) | ||
923 | nf_log_unset(net, &ip6t_log_logger); | ||
924 | #endif | ||
925 | } | ||
926 | |||
927 | static struct pernet_operations log_net_ops = { | ||
928 | .init = log_net_init, | ||
929 | .exit = log_net_exit, | ||
930 | }; | ||
931 | |||
896 | static int __init log_tg_init(void) | 932 | static int __init log_tg_init(void) |
897 | { | 933 | { |
898 | int ret; | 934 | int ret; |
899 | 935 | ||
936 | ret = register_pernet_subsys(&log_net_ops); | ||
937 | if (ret < 0) | ||
938 | goto err_pernet; | ||
939 | |||
900 | ret = xt_register_targets(log_tg_regs, ARRAY_SIZE(log_tg_regs)); | 940 | ret = xt_register_targets(log_tg_regs, ARRAY_SIZE(log_tg_regs)); |
901 | if (ret < 0) | 941 | if (ret < 0) |
902 | return ret; | 942 | goto err_target; |
903 | 943 | ||
904 | nf_log_register(NFPROTO_IPV4, &ipt_log_logger); | 944 | nf_log_register(NFPROTO_IPV4, &ipt_log_logger); |
905 | #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) | 945 | #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) |
906 | nf_log_register(NFPROTO_IPV6, &ip6t_log_logger); | 946 | nf_log_register(NFPROTO_IPV6, &ip6t_log_logger); |
907 | #endif | 947 | #endif |
908 | return 0; | 948 | return 0; |
949 | |||
950 | err_target: | ||
951 | unregister_pernet_subsys(&log_net_ops); | ||
952 | err_pernet: | ||
953 | return ret; | ||
909 | } | 954 | } |
910 | 955 | ||
911 | static void __exit log_tg_exit(void) | 956 | static void __exit log_tg_exit(void) |
912 | { | 957 | { |
958 | unregister_pernet_subsys(&log_net_ops); | ||
913 | nf_log_unregister(&ipt_log_logger); | 959 | nf_log_unregister(&ipt_log_logger); |
914 | #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) | 960 | #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) |
915 | nf_log_unregister(&ip6t_log_logger); | 961 | nf_log_unregister(&ip6t_log_logger); |