[Devel,RH7,2/3] netfilter: rectify nflog inside CT

Submitted by Dmitry Safonov on Dec. 21, 2016, 8:48 a.m.

Details

Message ID 20161221084835.32072-3-dsafonov@virtuozzo.com
State New
Series "iptables LOG in CT"
Headers show

Commit Message

Dmitry Safonov Dec. 21, 2016, 8:48 a.m.
Print iptables LOG for ipv6/ipv4 packages into log buffer for VE.

https://jira.sw.ru/browse/PSBM-54183

Cc: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
---
 include/net/netfilter/nf_log.h   | 2 +-
 net/ipv4/netfilter/nf_log_ipv4.c | 6 +-----
 net/ipv6/netfilter/nf_log_ipv6.c | 6 +-----
 net/netfilter/nf_log.c           | 4 ++--
 4 files changed, 5 insertions(+), 13 deletions(-)

Patch hide | download patch | download mbox

diff --git a/include/net/netfilter/nf_log.h b/include/net/netfilter/nf_log.h
index b82dd19b8f26..a3ddb3e742b6 100644
--- a/include/net/netfilter/nf_log.h
+++ b/include/net/netfilter/nf_log.h
@@ -82,7 +82,7 @@  struct nf_log_buf;
 
 struct nf_log_buf *nf_log_buf_open(void);
 __printf(2, 3) int nf_log_buf_add(struct nf_log_buf *m, const char *f, ...);
-void nf_log_buf_close(struct nf_log_buf *m);
+void nf_log_buf_close(struct nf_log_buf *m, struct ve_struct *ve);
 
 /* common logging functions */
 int nf_log_dump_udp_header(struct nf_log_buf *m, const struct sk_buff *skb,
diff --git a/net/ipv4/netfilter/nf_log_ipv4.c b/net/ipv4/netfilter/nf_log_ipv4.c
index 75101980eeee..92cdbfab77e6 100644
--- a/net/ipv4/netfilter/nf_log_ipv4.c
+++ b/net/ipv4/netfilter/nf_log_ipv4.c
@@ -316,10 +316,6 @@  static void nf_log_ip_packet(struct net *net, u_int8_t pf,
 {
 	struct nf_log_buf *m;
 
-	/* FIXME: Disabled from containers until syslog ns is supported */
-	if (!net_eq(net, &init_net))
-		return;
-
 	m = nf_log_buf_open();
 
 	if (!loginfo)
@@ -333,7 +329,7 @@  static void nf_log_ip_packet(struct net *net, u_int8_t pf,
 
 	dump_ipv4_packet(m, loginfo, skb, 0);
 
-	nf_log_buf_close(m);
+	nf_log_buf_close(m, net->owner_ve);
 }
 
 static struct nf_logger nf_ip_logger __read_mostly = {
diff --git a/net/ipv6/netfilter/nf_log_ipv6.c b/net/ipv6/netfilter/nf_log_ipv6.c
index 7fc34d1681a1..fc79ffeb5433 100644
--- a/net/ipv6/netfilter/nf_log_ipv6.c
+++ b/net/ipv6/netfilter/nf_log_ipv6.c
@@ -348,10 +348,6 @@  static void nf_log_ip6_packet(struct net *net, u_int8_t pf,
 {
 	struct nf_log_buf *m;
 
-	/* FIXME: Disabled from containers until syslog ns is supported */
-	if (!net_eq(net, &init_net))
-		return;
-
 	m = nf_log_buf_open();
 
 	if (!loginfo)
@@ -365,7 +361,7 @@  static void nf_log_ip6_packet(struct net *net, u_int8_t pf,
 
 	dump_ipv6_packet(m, loginfo, skb, skb_network_offset(skb), 1);
 
-	nf_log_buf_close(m);
+	nf_log_buf_close(m, net->owner_ve);
 }
 
 static struct nf_logger nf_ip6_logger __read_mostly = {
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index 4a888f192301..e5540ca40e50 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -249,10 +249,10 @@  struct nf_log_buf *nf_log_buf_open(void)
 }
 EXPORT_SYMBOL_GPL(nf_log_buf_open);
 
-void nf_log_buf_close(struct nf_log_buf *m)
+void nf_log_buf_close(struct nf_log_buf *m, struct ve_struct *ve)
 {
 	m->buf[m->count] = 0;
-	printk("%s\n", m->buf);
+	ve_log_printk(ve, "%s\n", m->buf);
 
 	if (likely(m != &emergency))
 		kfree(m);