git://ftp.safe.ca
/
safe
/
jmp
/
linux-2.6
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
IPv6: Delete redundant counter of IPSTATS_MIB_REASMFAILS
[safe/jmp/linux-2.6]
/
net
/
netfilter
/
nfnetlink_log.c
diff --git
a/net/netfilter/nfnetlink_log.c
b/net/netfilter/nfnetlink_log.c
index
9a35b57
..
9de0470
100644
(file)
--- a/
net/netfilter/nfnetlink_log.c
+++ b/
net/netfilter/nfnetlink_log.c
@@
-30,6
+30,7
@@
#include <linux/random.h>
#include <net/sock.h>
#include <net/netfilter/nf_log.h>
#include <linux/random.h>
#include <net/sock.h>
#include <net/netfilter/nf_log.h>
+#include <net/netfilter/nfnetlink_log.h>
#include <asm/atomic.h>
#include <asm/atomic.h>
@@
-38,7
+39,7
@@
#endif
#define NFULNL_NLBUFSIZ_DEFAULT NLMSG_GOODSIZE
#endif
#define NFULNL_NLBUFSIZ_DEFAULT NLMSG_GOODSIZE
-#define NFULNL_TIMEOUT_DEFAULT
HZ
/* every second */
+#define NFULNL_TIMEOUT_DEFAULT
100
/* every second */
#define NFULNL_QTHRESH_DEFAULT 100 /* 100 packets */
#define NFULNL_COPY_RANGE_MAX 0xFFFF /* max packet size is limited by 16-bit struct nfattr nfa_len field */
#define NFULNL_QTHRESH_DEFAULT 100 /* 100 packets */
#define NFULNL_COPY_RANGE_MAX 0xFFFF /* max packet size is limited by 16-bit struct nfattr nfa_len field */
@@
-359,7
+360,7
@@
static inline int
__build_packet_message(struct nfulnl_instance *inst,
const struct sk_buff *skb,
unsigned int data_len,
__build_packet_message(struct nfulnl_instance *inst,
const struct sk_buff *skb,
unsigned int data_len,
- u
nsigned in
t pf,
+ u
_int8_
t pf,
unsigned int hooknum,
const struct net_device *indev,
const struct net_device *outdev,
unsigned int hooknum,
const struct net_device *indev,
const struct net_device *outdev,
@@
-474,8
+475,9
@@
__build_packet_message(struct nfulnl_instance *inst,
if (skb->sk) {
read_lock_bh(&skb->sk->sk_callback_lock);
if (skb->sk->sk_socket && skb->sk->sk_socket->file) {
if (skb->sk) {
read_lock_bh(&skb->sk->sk_callback_lock);
if (skb->sk->sk_socket && skb->sk->sk_socket->file) {
- __be32 uid = htonl(skb->sk->sk_socket->file->f_uid);
- __be32 gid = htonl(skb->sk->sk_socket->file->f_gid);
+ struct file *file = skb->sk->sk_socket->file;
+ __be32 uid = htonl(file->f_cred->fsuid);
+ __be32 gid = htonl(file->f_cred->fsgid);
/* need to unlock here since NLA_PUT may goto */
read_unlock_bh(&skb->sk->sk_callback_lock);
NLA_PUT_BE32(inst->skb, NFULA_UID, uid);
/* need to unlock here since NLA_PUT may goto */
read_unlock_bh(&skb->sk->sk_callback_lock);
NLA_PUT_BE32(inst->skb, NFULA_UID, uid);
@@
-533,8
+535,8
@@
static struct nf_loginfo default_loginfo = {
};
/* log handler for internal netfilter logging api */
};
/* log handler for internal netfilter logging api */
-
static
void
-nfulnl_log_packet(u
nsigned in
t pf,
+void
+nfulnl_log_packet(u
_int8_
t pf,
unsigned int hooknum,
const struct sk_buff *skb,
const struct net_device *in,
unsigned int hooknum,
const struct sk_buff *skb,
const struct net_device *in,
@@
-579,6
+581,12
@@
nfulnl_log_packet(unsigned int pf,
+ nla_total_size(sizeof(struct nfulnl_msg_packet_hw))
+ nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp));
+ nla_total_size(sizeof(struct nfulnl_msg_packet_hw))
+ nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp));
+ if (in && skb_mac_header_was_set(skb)) {
+ size += nla_total_size(skb->dev->hard_header_len)
+ + nla_total_size(sizeof(u_int16_t)) /* hwtype */
+ + nla_total_size(sizeof(u_int16_t)); /* hwlen */
+ }
+
spin_lock_bh(&inst->lock);
if (inst->flags & NFULNL_CFG_F_SEQ)
spin_lock_bh(&inst->lock);
if (inst->flags & NFULNL_CFG_F_SEQ)
@@
-588,8
+596,10
@@
nfulnl_log_packet(unsigned int pf,
qthreshold = inst->qthreshold;
/* per-rule qthreshold overrides per-instance */
qthreshold = inst->qthreshold;
/* per-rule qthreshold overrides per-instance */
- if (qthreshold > li->u.ulog.qthreshold)
- qthreshold = li->u.ulog.qthreshold;
+ if (li->u.ulog.qthreshold)
+ if (qthreshold > li->u.ulog.qthreshold)
+ qthreshold = li->u.ulog.qthreshold;
+
switch (inst->copy_mode) {
case NFULNL_COPY_META:
switch (inst->copy_mode) {
case NFULNL_COPY_META:
@@
-648,6
+658,7
@@
alloc_failure:
/* FIXME: statistics */
goto unlock_and_release;
}
/* FIXME: statistics */
goto unlock_and_release;
}
+EXPORT_SYMBOL_GPL(nfulnl_log_packet);
static int
nfulnl_rcv_nl_event(struct notifier_block *this,
static int
nfulnl_rcv_nl_event(struct notifier_block *this,
@@
-655,8
+666,7
@@
nfulnl_rcv_nl_event(struct notifier_block *this,
{
struct netlink_notify *n = ptr;
{
struct netlink_notify *n = ptr;
- if (event == NETLINK_URELEASE &&
- n->protocol == NETLINK_NETFILTER && n->pid) {
+ if (event == NETLINK_URELEASE && n->protocol == NETLINK_NETFILTER) {
int i;
/* destroy all instances for this pid */
int i;
/* destroy all instances for this pid */
@@
-667,7
+677,7
@@
nfulnl_rcv_nl_event(struct notifier_block *this,
struct hlist_head *head = &instance_table[i];
hlist_for_each_entry_safe(inst, tmp, t2, head, hlist) {
struct hlist_head *head = &instance_table[i];
hlist_for_each_entry_safe(inst, tmp, t2, head, hlist) {
- if ((n
->net == &init_net
) &&
+ if ((n
et_eq(n->net, &init_net)
) &&
(n->pid == inst->peer_pid))
__instance_destroy(inst);
}
(n->pid == inst->peer_pid))
__instance_destroy(inst);
}
@@
-683,12
+693,13
@@
static struct notifier_block nfulnl_rtnl_notifier = {
static int
nfulnl_recv_unsupp(struct sock *ctnl, struct sk_buff *skb,
static int
nfulnl_recv_unsupp(struct sock *ctnl, struct sk_buff *skb,
- struct nlmsghdr *nlh, struct nlattr *nfqa[])
+ const struct nlmsghdr *nlh,
+ const struct nlattr * const nfqa[])
{
return -ENOTSUPP;
}
{
return -ENOTSUPP;
}
-static
const struct nf_logger nfulnl_logger
= {
+static
struct nf_logger nfulnl_logger __read_mostly
= {
.name = "nfnetlink_log",
.logfn = &nfulnl_log_packet,
.me = THIS_MODULE,
.name = "nfnetlink_log",
.logfn = &nfulnl_log_packet,
.me = THIS_MODULE,
@@
-705,7
+716,8
@@
static const struct nla_policy nfula_cfg_policy[NFULA_CFG_MAX+1] = {
static int
nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
static int
nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
- struct nlmsghdr *nlh, struct nlattr *nfula[])
+ const struct nlmsghdr *nlh,
+ const struct nlattr * const nfula[])
{
struct nfgenmsg *nfmsg = NLMSG_DATA(nlh);
u_int16_t group_num = ntohs(nfmsg->res_id);
{
struct nfgenmsg *nfmsg = NLMSG_DATA(nlh);
u_int16_t group_num = ntohs(nfmsg->res_id);
@@
-720,9
+732,9
@@
nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
/* Commands without queue context */
switch (cmd->command) {
case NFULNL_CFG_CMD_PF_BIND:
/* Commands without queue context */
switch (cmd->command) {
case NFULNL_CFG_CMD_PF_BIND:
- return nf_log_
register
(pf, &nfulnl_logger);
+ return nf_log_
bind_pf
(pf, &nfulnl_logger);
case NFULNL_CFG_CMD_PF_UNBIND:
case NFULNL_CFG_CMD_PF_UNBIND:
- nf_log_un
register
_pf(pf);
+ nf_log_un
bind
_pf(pf);
return 0;
}
}
return 0;
}
}
@@
-947,17
+959,25
@@
static int __init nfnetlink_log_init(void)
goto cleanup_netlink_notifier;
}
goto cleanup_netlink_notifier;
}
+ status = nf_log_register(NFPROTO_UNSPEC, &nfulnl_logger);
+ if (status < 0) {
+ printk(KERN_ERR "log: failed to register logger\n");
+ goto cleanup_subsys;
+ }
+
#ifdef CONFIG_PROC_FS
if (!proc_create("nfnetlink_log", 0440,
proc_net_netfilter, &nful_file_ops))
#ifdef CONFIG_PROC_FS
if (!proc_create("nfnetlink_log", 0440,
proc_net_netfilter, &nful_file_ops))
- goto cleanup_
subsys
;
+ goto cleanup_
logger
;
#endif
return status;
#ifdef CONFIG_PROC_FS
#endif
return status;
#ifdef CONFIG_PROC_FS
+cleanup_logger:
+ nf_log_unregister(&nfulnl_logger);
+#endif
cleanup_subsys:
nfnetlink_subsys_unregister(&nfulnl_subsys);
cleanup_subsys:
nfnetlink_subsys_unregister(&nfulnl_subsys);
-#endif
cleanup_netlink_notifier:
netlink_unregister_notifier(&nfulnl_rtnl_notifier);
return status;
cleanup_netlink_notifier:
netlink_unregister_notifier(&nfulnl_rtnl_notifier);
return status;