Skip to content

Commit 83e96d4

Browse files
ummakynesummakynes
committed
netfilter: log: split family specific code to nf_log_{ip,ip6,common}.c files
The plain text logging is currently embedded into the xt_LOG target. In order to be able to use the plain text logging from nft_log, as a first step, this patch moves the family specific code to the following files and Kconfig symbols: 1) net/ipv4/netfilter/nf_log_ip.c: CONFIG_NF_LOG_IPV4 2) net/ipv6/netfilter/nf_log_ip6.c: CONFIG_NF_LOG_IPV6 3) net/netfilter/nf_log_common.c: CONFIG_NF_LOG_COMMON These new modules will be required by xt_LOG and nft_log. This patch is based on original patch from Arturo Borrero Gonzalez. Signed-off-by: Pablo Neira Ayuso <[email protected]>
1 parent 27fd8d9 commit 83e96d4

File tree

11 files changed

+1047
-874
lines changed

11 files changed

+1047
-874
lines changed

include/net/netfilter/nf_log.h

+28
Original file line numberDiff line numberDiff line change
@@ -78,4 +78,32 @@ struct nf_log_buf *nf_log_buf_open(void);
7878
__printf(2, 3) int nf_log_buf_add(struct nf_log_buf *m, const char *f, ...);
7979
void nf_log_buf_close(struct nf_log_buf *m);
8080

81+
void nf_log_ip_packet(struct net *net, u_int8_t pf,
82+
unsigned int hooknum, const struct sk_buff *skb,
83+
const struct net_device *in,
84+
const struct net_device *out,
85+
const struct nf_loginfo *loginfo,
86+
const char *prefix);
87+
88+
void nf_log_ip6_packet(struct net *net, u_int8_t pf,
89+
unsigned int hooknum, const struct sk_buff *skb,
90+
const struct net_device *in,
91+
const struct net_device *out,
92+
const struct nf_loginfo *loginfo,
93+
const char *prefix);
94+
95+
/* common logging functions */
96+
int nf_log_dump_udp_header(struct nf_log_buf *m, const struct sk_buff *skb,
97+
u8 proto, int fragment, unsigned int offset);
98+
int nf_log_dump_tcp_header(struct nf_log_buf *m, const struct sk_buff *skb,
99+
u8 proto, int fragment, unsigned int offset,
100+
unsigned int logflags);
101+
void nf_log_dump_sk_uid_gid(struct nf_log_buf *m, struct sock *sk);
102+
void nf_log_dump_packet_common(struct nf_log_buf *m, u_int8_t pf,
103+
unsigned int hooknum, const struct sk_buff *skb,
104+
const struct net_device *in,
105+
const struct net_device *out,
106+
const struct nf_loginfo *loginfo,
107+
const char *prefix);
108+
81109
#endif /* _NF_LOG_H */

net/ipv4/netfilter/Kconfig

+5
Original file line numberDiff line numberDiff line change
@@ -159,6 +159,11 @@ config IP_NF_TARGET_SYNPROXY
159159

160160
To compile it as a module, choose M here. If unsure, say N.
161161

162+
config NF_LOG_IPV4
163+
tristate "IPv4 packet logging"
164+
default m if NETFILTER_ADVANCED=n
165+
select NF_LOG_COMMON
166+
162167
# NAT + specific targets: nf_conntrack
163168
config NF_NAT_IPV4
164169
tristate "IPv4 NAT"

net/ipv4/netfilter/Makefile

+3
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,9 @@ obj-$(CONFIG_NF_NAT_IPV4) += nf_nat_ipv4.o
1919
# defrag
2020
obj-$(CONFIG_NF_DEFRAG_IPV4) += nf_defrag_ipv4.o
2121

22+
# logging
23+
obj-$(CONFIG_NF_LOG_IPV4) += nf_log_ipv4.o
24+
2225
# NAT helpers (nf_conntrack)
2326
obj-$(CONFIG_NF_NAT_H323) += nf_nat_h323.o
2427
obj-$(CONFIG_NF_NAT_PPTP) += nf_nat_pptp.o

0 commit comments

Comments
 (0)