9 files changed, 69 insertions, 152 deletions
diff --git a/include/net/netfilter/nf_conntrack_ecache.h b/include/net/netfilter/nf_conntrack_ecache.h
index 0e3d08e4b1d3..57c880378443 100644
--- a/include/net/netfilter/nf_conntrack_ecache.h
+++ b/include/net/netfilter/nf_conntrack_ecache.h
@@ -18,7 +18,6 @@ struct nf_conntrack_ecache {
        u16 ctmask;             /* bitmask of ct events to be delivered */
        u16 expmask;            /* bitmask of expect events to be delivered */
        u32 portid;             /* netlink portid of destroyer */
-        struct timer_list timeout;
 };
 static inline struct nf_conntrack_ecache *
@@ -216,8 +215,23 @@ void nf_conntrack_ecache_pernet_fini(struct net *net);
 int nf_conntrack_ecache_init(void);
 void nf_conntrack_ecache_fini(void);
-#else /* CONFIG_NF_CONNTRACK_EVENTS */
+static inline void nf_conntrack_ecache_delayed_work(struct net *net)
+{
+        if (!delayed_work_pending(&net->ct.ecache_dwork)) {
+                schedule_delayed_work(&net->ct.ecache_dwork, HZ);
+                net->ct.ecache_dwork_pending = true;
+        }
+}
+static inline void nf_conntrack_ecache_work(struct net *net)
+{
+        if (net->ct.ecache_dwork_pending) {
+                net->ct.ecache_dwork_pending = false;
+                mod_delayed_work(system_wq, &net->ct.ecache_dwork, 0);
+        }
+}
+#else /* CONFIG_NF_CONNTRACK_EVENTS */
 static inline void nf_conntrack_event_cache(enum ip_conntrack_events event,
                                            struct nf_conn *ct) {}
 static inline int nf_conntrack_eventmask_report(unsigned int eventmask,
@@ -255,6 +269,14 @@ static inline int nf_conntrack_ecache_init(void)
 static inline void nf_conntrack_ecache_fini(void)
 {
 }
+static inline void nf_conntrack_ecache_delayed_work(struct net *net)
+{
+}
+static inline void nf_conntrack_ecache_work(struct net *net)
+{
+}
 #endif /* CONFIG_NF_CONNTRACK_EVENTS */
 #endif /*_NF_CONNTRACK_ECACHE_H*/
diff --git a/include/net/netfilter/nf_log.h b/include/net/netfilter/nf_log.h
index 99eac12d040b..534e1f2ac4fc 100644
--- a/include/net/netfilter/nf_log.h
+++ b/include/net/netfilter/nf_log.h
@@ -12,8 +12,11 @@
 #define NF_LOG_UID              0x08    /* Log UID owning local socket */
 #define NF_LOG_MASK             0x0f
-#define NF_LOG_TYPE_LOG         0x01
+enum nf_log_type {
-#define NF_LOG_TYPE_ULOG        0x02
+        NF_LOG_TYPE_LOG         = 0,
+        NF_LOG_TYPE_ULOG,
+        NF_LOG_TYPE_MAX
+};
 struct nf_loginfo {
        u_int8_t type;
@@ -40,10 +43,10 @@ typedef void nf_logfn(struct net *net,
                      const char *prefix);
 struct nf_logger {
-        struct module   *me;
+        char                    *name;
-        nf_logfn        *logfn;
+        enum nf_log_type        type;
-        char            *name;
+        nf_logfn                *logfn;
-        struct list_head        list[NFPROTO_NUMPROTO];
+        struct module           *me;
 };
 /* Function to register/unregister log function. */
@@ -58,6 +61,13 @@ int nf_log_bind_pf(struct net *net, u_int8_t pf,
                   const struct nf_logger *logger);
 void nf_log_unbind_pf(struct net *net, u_int8_t pf);
+int nf_logger_find_get(int pf, enum nf_log_type type);
+void nf_logger_put(int pf, enum nf_log_type type);
+void nf_logger_request_module(int pf, enum nf_log_type type);
+#define MODULE_ALIAS_NF_LOGGER(family, type) \
+        MODULE_ALIAS("nf-logger-" __stringify(family) "-" __stringify(type))
 /* Calls the registered backend logging function */
 __printf(8, 9)
 void nf_log_packet(struct net *net,
@@ -69,4 +79,24 @@ void nf_log_packet(struct net *net,
                   const struct nf_loginfo *li,
                   const char *fmt, ...);
+struct nf_log_buf;
+struct nf_log_buf *nf_log_buf_open(void);
+__printf(2, 3) int nf_log_buf_add(struct nf_log_buf *m, const char *f, ...);
+void nf_log_buf_close(struct nf_log_buf *m);
+/* common logging functions */
+int nf_log_dump_udp_header(struct nf_log_buf *m, const struct sk_buff *skb,
+                           u8 proto, int fragment, unsigned int offset);
+int nf_log_dump_tcp_header(struct nf_log_buf *m, const struct sk_buff *skb,
+                           u8 proto, int fragment, unsigned int offset,
+                           unsigned int logflags);
+void nf_log_dump_sk_uid_gid(struct nf_log_buf *m, struct sock *sk);
+void nf_log_dump_packet_common(struct nf_log_buf *m, u_int8_t pf,
+                               unsigned int hooknum, const struct sk_buff *skb,
+                               const struct net_device *in,
+                               const struct net_device *out,
+                               const struct nf_loginfo *loginfo,
+                               const char *prefix);
 #endif /* _NF_LOG_H */
diff --git a/include/net/netfilter/xt_log.h b/include/net/netfilter/xt_log.h
deleted file mode 100644
index 9d9756cca013..000000000000
--- a/include/net/netfilter/xt_log.h
+++ /dev/null
@@ -1,54 +0,0 @@
-#define S_SIZE (1024 - (sizeof(unsigned int) + 1))
-struct sbuff {
-        unsigned int    count;
-        char            buf[S_SIZE + 1];
-};
-static struct sbuff emergency, *emergency_ptr = &emergency;
-static __printf(2, 3) int sb_add(struct sbuff *m, const char *f, ...)
-{
-        va_list args;
-        int len;
-        if (likely(m->count < S_SIZE)) {
-                va_start(args, f);
-                len = vsnprintf(m->buf + m->count, S_SIZE - m->count, f, args);
-                va_end(args);
-                if (likely(m->count + len < S_SIZE)) {
-                        m->count += len;
-                        return 0;
-                }
-        }
-        m->count = S_SIZE;
-        printk_once(KERN_ERR KBUILD_MODNAME " please increase S_SIZE\n");
-        return -1;
-}
-static struct sbuff *sb_open(void)
-{
-        struct sbuff *m = kmalloc(sizeof(*m), GFP_ATOMIC);
-        if (unlikely(!m)) {
-                local_bh_disable();
-                do {
-                        m = xchg(&emergency_ptr, NULL);
-                } while (!m);
-        }
-        m->count = 0;
-        return m;
-}
-static void sb_close(struct sbuff *m)
-{
-        m->buf[m->count] = 0;
-        printk("%s\n", m->buf);
-        if (likely(m != &emergency))
-                kfree(m);
-        else {
-                emergency_ptr = m;
-                local_bh_enable();
-        }
-}
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h
index 773cce308bc6..29d6a94db54d 100644
--- a/include/net/netns/conntrack.h
+++ b/include/net/netns/conntrack.h
@@ -4,6 +4,7 @@
 #include <linux/list.h>
 #include <linux/list_nulls.h>
 #include <linux/atomic.h>
+#include <linux/workqueue.h>
 #include <linux/netfilter/nf_conntrack_tcp.h>
 #include <linux/seqlock.h>
@@ -73,6 +74,10 @@ struct ct_pcpu {
 struct netns_ct {
        atomic_t                count;
        unsigned int            expect_count;
+#ifdef CONFIG_NF_CONNTRACK_EVENTS
+        struct delayed_work ecache_dwork;
+        bool ecache_dwork_pending;
+#endif
 #ifdef CONFIG_SYSCTL
        struct ctl_table_header *sysctl_header;
        struct ctl_table_header *acct_sysctl_header;
@@ -82,7 +87,6 @@ struct netns_ct {
 #endif
        char                    *slabname;
        unsigned int            sysctl_log_invalid; /* Log invalid packets */
-        unsigned int            sysctl_events_retry_timeout;
        int                     sysctl_events;
        int                     sysctl_acct;
        int                     sysctl_auto_assign_helper;
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index 2a88f645a5d8..801bdd1e56e3 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -697,6 +697,8 @@ enum nft_counter_attributes {
 * @NFTA_LOG_PREFIX: prefix to prepend to log messages (NLA_STRING)
 * @NFTA_LOG_SNAPLEN: length of payload to include in netlink message (NLA_U32)
 * @NFTA_LOG_QTHRESHOLD: queue threshold (NLA_U32)
+ * @NFTA_LOG_LEVEL: log level (NLA_U32)
+ * @NFTA_LOG_FLAGS: logging flags (NLA_U32)
 */
 enum nft_log_attributes {
        NFTA_LOG_UNSPEC,
@@ -704,6 +706,8 @@ enum nft_log_attributes {
        NFTA_LOG_PREFIX,
        NFTA_LOG_SNAPLEN,
        NFTA_LOG_QTHRESHOLD,
+        NFTA_LOG_LEVEL,
+        NFTA_LOG_FLAGS,
        __NFTA_LOG_MAX
 };
 #define NFTA_LOG_MAX            (__NFTA_LOG_MAX - 1)
diff --git a/include/uapi/linux/netfilter_bridge/Kbuild b/include/uapi/linux/netfilter_bridge/Kbuild
index 348717c3a22f..0fbad8ef96de 100644
--- a/include/uapi/linux/netfilter_bridge/Kbuild
+++ b/include/uapi/linux/netfilter_bridge/Kbuild
@@ -14,6 +14,5 @@ header-y += ebt_nflog.h
 header-y += ebt_pkttype.h
 header-y += ebt_redirect.h
 header-y += ebt_stp.h
-header-y += ebt_ulog.h
 header-y += ebt_vlan.h
 header-y += ebtables.h
diff --git a/include/uapi/linux/netfilter_bridge/ebt_ulog.h b/include/uapi/linux/netfilter_bridge/ebt_ulog.h
deleted file mode 100644
index 89a6becb5269..000000000000
--- a/include/uapi/linux/netfilter_bridge/ebt_ulog.h
+++ /dev/null
@@ -1,38 +0,0 @@
-#ifndef _EBT_ULOG_H
-#define _EBT_ULOG_H
-#include <linux/types.h>
-#define EBT_ULOG_DEFAULT_NLGROUP 0
-#define EBT_ULOG_DEFAULT_QTHRESHOLD 1
-#define EBT_ULOG_MAXNLGROUPS 32 /* hardcoded netlink max */
-#define EBT_ULOG_PREFIX_LEN 32
-#define EBT_ULOG_MAX_QLEN 50
-#define EBT_ULOG_WATCHER "ulog"
-#define EBT_ULOG_VERSION 1
-struct ebt_ulog_info {
-        __u32 nlgroup;
-        unsigned int cprange;
-        unsigned int qthreshold;
-        char prefix[EBT_ULOG_PREFIX_LEN];
-};
-typedef struct ebt_ulog_packet_msg {
-        int version;
-        char indev[IFNAMSIZ];
-        char outdev[IFNAMSIZ];
-        char physindev[IFNAMSIZ];
-        char physoutdev[IFNAMSIZ];
-        char prefix[EBT_ULOG_PREFIX_LEN];
-        struct timeval stamp;
-        unsigned long mark;
-        unsigned int hook;
-        size_t data_len;
-        /* The complete packet, including Ethernet header and perhaps
-         * the VLAN header is appended */
-        unsigned char data[0] __attribute__
-                              ((aligned (__alignof__(struct ebt_ulog_info))));
-} ebt_ulog_packet_msg_t;
-#endif /* _EBT_ULOG_H */
diff --git a/include/uapi/linux/netfilter_ipv4/Kbuild b/include/uapi/linux/netfilter_ipv4/Kbuild
index fb008437dde1..ecb291df390e 100644
--- a/include/uapi/linux/netfilter_ipv4/Kbuild
+++ b/include/uapi/linux/netfilter_ipv4/Kbuild
@@ -5,7 +5,6 @@ header-y += ipt_ECN.h
 header-y += ipt_LOG.h
 header-y += ipt_REJECT.h
 header-y += ipt_TTL.h
-header-y += ipt_ULOG.h
 header-y += ipt_ah.h
 header-y += ipt_ecn.h
 header-y += ipt_ttl.h
diff --git a/include/uapi/linux/netfilter_ipv4/ipt_ULOG.h b/include/uapi/linux/netfilter_ipv4/ipt_ULOG.h
deleted file mode 100644
index 417aad280bcc..000000000000
--- a/include/uapi/linux/netfilter_ipv4/ipt_ULOG.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/* Header file for IP tables userspace logging, Version 1.8
- *
- * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org>
- * 
- * Distributed under the terms of GNU GPL */
-#ifndef _IPT_ULOG_H
-#define _IPT_ULOG_H
-#ifndef NETLINK_NFLOG
-#define NETLINK_NFLOG   5
-#endif
-#define ULOG_DEFAULT_NLGROUP    1
-#define ULOG_DEFAULT_QTHRESHOLD 1
-#define ULOG_MAC_LEN    80
-#define ULOG_PREFIX_LEN 32
-#define ULOG_MAX_QLEN   50
-/* Why 50? Well... there is a limit imposed by the slab cache 131000
- * bytes. So the multipart netlink-message has to be < 131000 bytes.
- * Assuming a standard ethernet-mtu of 1500, we could define this up
- * to 80... but even 50 seems to be big enough. */
-/* private data structure for each rule with a ULOG target */
-struct ipt_ulog_info {
-        unsigned int nl_group;
-        size_t copy_range;
-        size_t qthreshold;
-        char prefix[ULOG_PREFIX_LEN];
-};
-/* Format of the ULOG packets passed through netlink */
-typedef struct ulog_packet_msg {
-        unsigned long mark;
-        long timestamp_sec;
-        long timestamp_usec;
-        unsigned int hook;
-        char indev_name[IFNAMSIZ];
-        char outdev_name[IFNAMSIZ];
-        size_t data_len;
-        char prefix[ULOG_PREFIX_LEN];
-        unsigned char mac_len;
-        unsigned char mac[ULOG_MAC_LEN];
-        unsigned char payload[0];
-} ulog_packet_msg_t;
-#endif /*_IPT_ULOG_H*/