[Devel] [PATCH RH7 2/3] netfilter: rectify nflog inside CT

Wed, 21 Dec 2016 00:53:04 -0800 

Print iptables LOG for ipv6/ipv4 packages into log buffer for VE.

https://jira.sw.ru/browse/PSBM-54183

Cc: Kirill Tkhai <ktk...@virtuozzo.com>
Signed-off-by: Dmitry Safonov <dsafo...@virtuozzo.com>
---
 include/net/netfilter/nf_log.h   | 2 +-
 net/ipv4/netfilter/nf_log_ipv4.c | 6 +-----
 net/ipv6/netfilter/nf_log_ipv6.c | 6 +-----
 net/netfilter/nf_log.c           | 4 ++--
 4 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/include/net/netfilter/nf_log.h b/include/net/netfilter/nf_log.h
index b82dd19b8f26..a3ddb3e742b6 100644
--- a/include/net/netfilter/nf_log.h
+++ b/include/net/netfilter/nf_log.h
@@ -82,7 +82,7 @@ struct nf_log_buf;
 
 struct nf_log_buf *nf_log_buf_open(void);
 __printf(2, 3) int nf_log_buf_add(struct nf_log_buf *m, const char *f, ...);
-void nf_log_buf_close(struct nf_log_buf *m);
+void nf_log_buf_close(struct nf_log_buf *m, struct ve_struct *ve);
 
 /* common logging functions */
 int nf_log_dump_udp_header(struct nf_log_buf *m, const struct sk_buff *skb,
diff --git a/net/ipv4/netfilter/nf_log_ipv4.c b/net/ipv4/netfilter/nf_log_ipv4.c
index 75101980eeee..92cdbfab77e6 100644
--- a/net/ipv4/netfilter/nf_log_ipv4.c
+++ b/net/ipv4/netfilter/nf_log_ipv4.c
@@ -316,10 +316,6 @@ static void nf_log_ip_packet(struct net *net, u_int8_t pf,
 {
        struct nf_log_buf *m;
 
-       /* FIXME: Disabled from containers until syslog ns is supported */
-       if (!net_eq(net, &init_net))
-               return;
-
        m = nf_log_buf_open();
 
        if (!loginfo)
@@ -333,7 +329,7 @@ static void nf_log_ip_packet(struct net *net, u_int8_t pf,
 
        dump_ipv4_packet(m, loginfo, skb, 0);
 
-       nf_log_buf_close(m);
+       nf_log_buf_close(m, net->owner_ve);
 }
 
 static struct nf_logger nf_ip_logger __read_mostly = {
diff --git a/net/ipv6/netfilter/nf_log_ipv6.c b/net/ipv6/netfilter/nf_log_ipv6.c
index 7fc34d1681a1..fc79ffeb5433 100644
--- a/net/ipv6/netfilter/nf_log_ipv6.c
+++ b/net/ipv6/netfilter/nf_log_ipv6.c
@@ -348,10 +348,6 @@ static void nf_log_ip6_packet(struct net *net, u_int8_t pf,
 {
        struct nf_log_buf *m;
 
-       /* FIXME: Disabled from containers until syslog ns is supported */
-       if (!net_eq(net, &init_net))
-               return;
-
        m = nf_log_buf_open();
 
        if (!loginfo)
@@ -365,7 +361,7 @@ static void nf_log_ip6_packet(struct net *net, u_int8_t pf,
 
        dump_ipv6_packet(m, loginfo, skb, skb_network_offset(skb), 1);
 
-       nf_log_buf_close(m);
+       nf_log_buf_close(m, net->owner_ve);
 }
 
 static struct nf_logger nf_ip6_logger __read_mostly = {
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index 4a888f192301..e5540ca40e50 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -249,10 +249,10 @@ struct nf_log_buf *nf_log_buf_open(void)
 }
 EXPORT_SYMBOL_GPL(nf_log_buf_open);
 
-void nf_log_buf_close(struct nf_log_buf *m)
+void nf_log_buf_close(struct nf_log_buf *m, struct ve_struct *ve)
 {
        m->buf[m->count] = 0;
-       printk("%s\n", m->buf);
+       ve_log_printk(ve, "%s\n", m->buf);
 
        if (likely(m != &emergency))
                kfree(m);
-- 
2.11.0

_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to