diff options
Diffstat (limited to 'net/bridge')
-rw-r--r-- | net/bridge/netfilter/Kconfig | 14 | ||||
-rw-r--r-- | net/bridge/netfilter/Makefile | 1 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_nflog.c | 74 | ||||
-rw-r--r-- | net/bridge/netfilter/ebtable_broute.c | 2 | ||||
-rw-r--r-- | net/bridge/netfilter/ebtable_filter.c | 2 | ||||
-rw-r--r-- | net/bridge/netfilter/ebtable_nat.c | 2 |
6 files changed, 92 insertions, 3 deletions
diff --git a/net/bridge/netfilter/Kconfig b/net/bridge/netfilter/Kconfig index 4a3e2bf892c7..7beeefa0f9c0 100644 --- a/net/bridge/netfilter/Kconfig +++ b/net/bridge/netfilter/Kconfig | |||
@@ -212,4 +212,18 @@ config BRIDGE_EBT_ULOG | |||
212 | 212 | ||
213 | To compile it as a module, choose M here. If unsure, say N. | 213 | To compile it as a module, choose M here. If unsure, say N. |
214 | 214 | ||
215 | config BRIDGE_EBT_NFLOG | ||
216 | tristate "ebt: nflog support" | ||
217 | depends on BRIDGE_NF_EBTABLES | ||
218 | help | ||
219 | This option enables the nflog watcher, which allows to LOG | ||
220 | messages through the netfilter logging API, which can use | ||
221 | either the old LOG target, the old ULOG target or nfnetlink_log | ||
222 | as backend. | ||
223 | |||
224 | This option adds the ulog watcher, that you can use in any rule | ||
225 | in any ebtables table. | ||
226 | |||
227 | To compile it as a module, choose M here. If unsure, say N. | ||
228 | |||
215 | endmenu | 229 | endmenu |
diff --git a/net/bridge/netfilter/Makefile b/net/bridge/netfilter/Makefile index 905087e0d485..83715d73a503 100644 --- a/net/bridge/netfilter/Makefile +++ b/net/bridge/netfilter/Makefile | |||
@@ -30,3 +30,4 @@ obj-$(CONFIG_BRIDGE_EBT_SNAT) += ebt_snat.o | |||
30 | # watchers | 30 | # watchers |
31 | obj-$(CONFIG_BRIDGE_EBT_LOG) += ebt_log.o | 31 | obj-$(CONFIG_BRIDGE_EBT_LOG) += ebt_log.o |
32 | obj-$(CONFIG_BRIDGE_EBT_ULOG) += ebt_ulog.o | 32 | obj-$(CONFIG_BRIDGE_EBT_ULOG) += ebt_ulog.o |
33 | obj-$(CONFIG_BRIDGE_EBT_NFLOG) += ebt_nflog.o | ||
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c new file mode 100644 index 000000000000..8e799aa9e560 --- /dev/null +++ b/net/bridge/netfilter/ebt_nflog.c | |||
@@ -0,0 +1,74 @@ | |||
1 | /* | ||
2 | * ebt_nflog | ||
3 | * | ||
4 | * Author: | ||
5 | * Peter Warasin <peter@endian.com> | ||
6 | * | ||
7 | * February, 2008 | ||
8 | * | ||
9 | * Based on: | ||
10 | * xt_NFLOG.c, (C) 2006 by Patrick McHardy <kaber@trash.net> | ||
11 | * ebt_ulog.c, (C) 2004 by Bart De Schuymer <bdschuym@pandora.be> | ||
12 | * | ||
13 | */ | ||
14 | |||
15 | #include <linux/module.h> | ||
16 | #include <linux/spinlock.h> | ||
17 | #include <linux/netfilter_bridge/ebtables.h> | ||
18 | #include <linux/netfilter_bridge/ebt_nflog.h> | ||
19 | #include <net/netfilter/nf_log.h> | ||
20 | |||
21 | static void ebt_nflog(const struct sk_buff *skb, | ||
22 | unsigned int hooknr, | ||
23 | const struct net_device *in, | ||
24 | const struct net_device *out, | ||
25 | const void *data, unsigned int datalen) | ||
26 | { | ||
27 | struct ebt_nflog_info *info = (struct ebt_nflog_info *)data; | ||
28 | struct nf_loginfo li; | ||
29 | |||
30 | li.type = NF_LOG_TYPE_ULOG; | ||
31 | li.u.ulog.copy_len = info->len; | ||
32 | li.u.ulog.group = info->group; | ||
33 | li.u.ulog.qthreshold = info->threshold; | ||
34 | |||
35 | nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, "%s", info->prefix); | ||
36 | } | ||
37 | |||
38 | static int ebt_nflog_check(const char *tablename, | ||
39 | unsigned int hookmask, | ||
40 | const struct ebt_entry *e, | ||
41 | void *data, unsigned int datalen) | ||
42 | { | ||
43 | struct ebt_nflog_info *info = (struct ebt_nflog_info *)data; | ||
44 | |||
45 | if (datalen != EBT_ALIGN(sizeof(struct ebt_nflog_info))) | ||
46 | return -EINVAL; | ||
47 | if (info->flags & ~EBT_NFLOG_MASK) | ||
48 | return -EINVAL; | ||
49 | info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0'; | ||
50 | return 0; | ||
51 | } | ||
52 | |||
53 | static struct ebt_watcher nflog __read_mostly = { | ||
54 | .name = EBT_NFLOG_WATCHER, | ||
55 | .watcher = ebt_nflog, | ||
56 | .check = ebt_nflog_check, | ||
57 | .me = THIS_MODULE, | ||
58 | }; | ||
59 | |||
60 | static int __init ebt_nflog_init(void) | ||
61 | { | ||
62 | return ebt_register_watcher(&nflog); | ||
63 | } | ||
64 | |||
65 | static void __exit ebt_nflog_fini(void) | ||
66 | { | ||
67 | ebt_unregister_watcher(&nflog); | ||
68 | } | ||
69 | |||
70 | module_init(ebt_nflog_init); | ||
71 | module_exit(ebt_nflog_fini); | ||
72 | MODULE_LICENSE("GPL"); | ||
73 | MODULE_AUTHOR("Peter Warasin <peter@endian.com>"); | ||
74 | MODULE_DESCRIPTION("ebtables NFLOG netfilter logging module"); | ||
diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c index be6f18681053..246626bb0c87 100644 --- a/net/bridge/netfilter/ebtable_broute.c +++ b/net/bridge/netfilter/ebtable_broute.c | |||
@@ -46,7 +46,7 @@ static struct ebt_table broute_table = | |||
46 | .name = "broute", | 46 | .name = "broute", |
47 | .table = &initial_table, | 47 | .table = &initial_table, |
48 | .valid_hooks = 1 << NF_BR_BROUTING, | 48 | .valid_hooks = 1 << NF_BR_BROUTING, |
49 | .lock = RW_LOCK_UNLOCKED, | 49 | .lock = __RW_LOCK_UNLOCKED(broute_table.lock), |
50 | .check = check, | 50 | .check = check, |
51 | .me = THIS_MODULE, | 51 | .me = THIS_MODULE, |
52 | }; | 52 | }; |
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c index fb810908732f..690bc3ab186c 100644 --- a/net/bridge/netfilter/ebtable_filter.c +++ b/net/bridge/netfilter/ebtable_filter.c | |||
@@ -55,7 +55,7 @@ static struct ebt_table frame_filter = | |||
55 | .name = "filter", | 55 | .name = "filter", |
56 | .table = &initial_table, | 56 | .table = &initial_table, |
57 | .valid_hooks = FILTER_VALID_HOOKS, | 57 | .valid_hooks = FILTER_VALID_HOOKS, |
58 | .lock = RW_LOCK_UNLOCKED, | 58 | .lock = __RW_LOCK_UNLOCKED(frame_filter.lock), |
59 | .check = check, | 59 | .check = check, |
60 | .me = THIS_MODULE, | 60 | .me = THIS_MODULE, |
61 | }; | 61 | }; |
diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c index bc712730c54a..5b495fe2d0b6 100644 --- a/net/bridge/netfilter/ebtable_nat.c +++ b/net/bridge/netfilter/ebtable_nat.c | |||
@@ -55,7 +55,7 @@ static struct ebt_table frame_nat = | |||
55 | .name = "nat", | 55 | .name = "nat", |
56 | .table = &initial_table, | 56 | .table = &initial_table, |
57 | .valid_hooks = NAT_VALID_HOOKS, | 57 | .valid_hooks = NAT_VALID_HOOKS, |
58 | .lock = RW_LOCK_UNLOCKED, | 58 | .lock = __RW_LOCK_UNLOCKED(frame_nat.lock), |
59 | .check = check, | 59 | .check = check, |
60 | .me = THIS_MODULE, | 60 | .me = THIS_MODULE, |
61 | }; | 61 | }; |