18082746a28588f94496f2daa050c11decb54179 |
|
14-Oct-2014 |
Rasmus Villemoes <linux@rasmusvillemoes.dk> |
netfilter: replace strnicmp with strncasecmp The kernel used to contain two functions for length-delimited, case-insensitive string comparison, strnicmp with correct semantics and a slightly buggy strncasecmp. The latter is the POSIX name, so strnicmp was renamed to strncasecmp, and strnicmp made into a wrapper for the new strncasecmp to avoid breaking existing users. To allow the compat wrapper strnicmp to be removed at some point in the future, and to avoid the extra indirection cost, do s/strnicmp/strncasecmp/g. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
960649d1923c31a7f771162fa0eef00210044262 |
|
23-Jun-2014 |
Pablo Neira Ayuso <pablo@netfilter.org> |
netfilter: bridge: add generic packet logger This adds the generic plain text packet loggger for bridged packets. It routes the logging message to the real protocol packet logger. I decided not to refactor the ebt_log code for two reasons: 1) The ebt_log output is not consistent with the IPv4 and IPv6 Netfilter packet loggers. The output is different for no good reason and it adds redundant code to handle packet logging. 2) To avoid breaking backward compatibility for applications outthere that are parsing the specific ebt_log output, the ebt_log output has been left as is. So only nftables will use the new consistent logging format for logged bridged packets. More decisions coming in this patch: 1) This also removes ebt_log as default logger for bridged packets. Thus, nf_log_packet() routes packet to this new packet logger instead. This doesn't break backward compatibility since nf_log_packet() is not used to log packets in plain text format from anywhere in the ebtables/netfilter bridge code. 2) The new bridge packet logger also performs a lazy request to register the real IPv4, ARP and IPv6 netfilter packet loggers. If the real protocol logger is no available (not compiled or the module is not available in the system, not packet logging happens. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
fab4085f4e248b8a80bb1dadbbacb2bacd8017c3 |
|
18-Jun-2014 |
Pablo Neira Ayuso <pablo@netfilter.org> |
netfilter: log: nf_log_packet() as real unified interface Before this patch, the nf_loginfo parameter specified the logging configuration in case the specified default logger was loaded. This patch updates the semantics of the nf_loginfo parameter in nf_log_packet() which now indicates the logger that you explicitly want to use. Thus, nf_log_packet() is exposed as an unified interface which internally routes the log message to the corresponding logger type by family. The module dependencies are expressed by the new nf_logger_find_get() and nf_logger_put() functions which bump the logger module refcount. Thus, you can not remove logger modules that are used by rules anymore. Another important effect of this change is that the family specific module is only loaded when required. Therefore, xt_LOG and nft_log will just trigger the autoload of the nf_log_{ip,ip6} modules according to the family. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
27fd8d90c996caa480ed6777eaaf21d9e5166cc3 |
|
19-Jun-2014 |
Pablo Neira Ayuso <pablo@netfilter.org> |
netfilter: nf_log: move log buffering to core logging This patch moves Eric Dumazet's log buffer implementation from the xt_log.h header file to the core net/netfilter/nf_log.c. This also includes the renaming of the structure and functions to avoid possible undesired namespace clashes. This change allows us to use it from the arp and bridge packet logging implementation in follow up patches.
|
5962815a6a56566318a60dc53ff8789b7e6ec71f |
|
18-Jun-2014 |
Pablo Neira Ayuso <pablo@netfilter.org> |
netfilter: nf_log: use an array of loggers instead of list Now that legacy ulog targets are not available anymore in the tree, we can have up to two possible loggers: 1) The plain text logging via kernel logging ring. 2) The nfnetlink_log infrastructure which delivers log messages to userspace. This patch replaces the list of loggers by an array of two pointers per family for each possible logger and it also introduces a new field to the nf_logger structure which indicates the position in the logger array (based on the logger type). This prepares a follow up patch that consolidates the nf_log_packet() interface by allowing to specify the logger as parameter. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
fe2c6338fd2c6f383c4d4164262f35c8f3708e1f |
|
12-Jun-2013 |
Joe Perches <joe@perches.com> |
net: Convert uses of typedef ctl_table to struct ctl_table Reduce the uses of this unnecessary typedef. Done via perl script: $ git grep --name-only -w ctl_table net | \ xargs perl -p -i -e '\ sub trim { my ($local) = @_; $local =~ s/(^\s+|\s+$)//g; return $local; } \ s/\b(?<!struct\s)ctl_table\b(\s*\*\s*|\s+\w+)/"struct ctl_table " . trim($1)/ge' Reflow the modified lines that now exceed 80 columns. Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
6d11cfdba52af08b889fd6d3ee4212930493eb38 |
|
23-May-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
netfilter: don't panic on error while walking through the init path Don't panic if we hit an error while adding the nf_log or pernet netfilter support, just bail out. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Gao feng <gaofeng@cn.fujitsu.com>
|
8cdb46da06ea94543a3b2e53e3e92736421d1093 |
|
15-May-2013 |
Hans Schillstrom <hans@schillstrom.com> |
netfilter: log: netns NULL ptr bug when calling from conntrack Since (69b34fb netfilter: xt_LOG: add net namespace support for xt_LOG), we hit this: [ 4224.708977] BUG: unable to handle kernel NULL pointer dereference at 0000000000000388 [ 4224.709074] IP: [<ffffffff8147f699>] ipt_log_packet+0x29/0x270 when callling log functions from conntrack both in and out are NULL i.e. the net pointer is invalid. Adding struct net *net in call to nf_logfn() will secure that there always is a vaild net ptr. Reported as netfilter's bugzilla bug 818: https://bugzilla.netfilter.org/show_bug.cgi?id=818 Reported-by: Ronald <ronald645@gmail.com> Signed-off-by: Hans Schillstrom <hans@schillstrom.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
e778f56e2fdf2302626f40f01b3ffa33e4fd18a4 |
|
30-Apr-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
netfilter: nf_{log,queue}: fix compilation without CONFIG_PROC_FS This patch fixes the following compilation error: net/netfilter/nf_log.c:373:38: error: 'struct netns_nf' has no member named 'proc_netfilter' if procfs is not set. The netns support for nf_log, nfnetlink_log and nfnetlink_queue_core requires CONFIG_PROC_FS in the removal path of their respective /proc interface since net->nf.proc_netfilter is undefined in that case. Reported-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Gao feng <gaofeng@cn.fujitsu.com>
|
5b023fc8d8e0997e0b7ea6506d243afd5478c96e |
|
05-Apr-2013 |
Gao feng <gaofeng@cn.fujitsu.com> |
netfilter: enable per netns support for nf_loggers After this patch, all nf_loggers support net namespace. Still xt_LOG and ebt_log require syslog netns support. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
30e0c6a6bee24db0166b7ca709277cd693e179f2 |
|
25-Mar-2013 |
Gao feng <gaofeng@cn.fujitsu.com> |
netfilter: nf_log: prepare net namespace support for loggers This patch adds netns support to nf_log and it prepares netns support for existing loggers. It is composed of four major changes. 1) nf_log_register has been split to two functions: nf_log_register and nf_log_set. The new nf_log_register is used to globally register the nf_logger and nf_log_set is used for enabling pernet support from nf_loggers. Per netns is not yet complete after this patch, it comes in separate follow up patches. 2) Add net as a parameter of nf_log_bind_pf. Per netns is not yet complete after this patch, it only allows to bind the nf_logger to the protocol family from init_net and it skips other cases. 3) Adapt all nf_log_packet callers to pass netns as parameter. After this patch, this function only works for init_net. 4) Make the sysctl net/netfilter/nf_log pernet. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
d93cf0687c9853bf91b1b9a5124ab97ebc47e00c |
|
20-Sep-2012 |
Adam Buchbinder <adam.buchbinder@gmail.com> |
various: Fix spelling of "registered" in comments. Some comments misspell "registered"; this fixes them. No code changes. Signed-off-by: Adam Buchbinder <adam.buchbinder@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
ec8f23ce0f4005b74013d4d122e0d540397a93c9 |
|
19-Apr-2012 |
Eric W. Biederman <ebiederm@xmission.com> |
net: Convert all sysctl registrations to register_net_sysctl This results in code with less boiler plate that is a bit easier to read. Additionally stops us from using compatibility code in the sysctl core, hastening the day when the compatibility code can be removed. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Acked-by: Pavel Emelyanov <xemul@parallels.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
5dd3df105b9f6cb7dd2472b59e028d0d1c878ecb |
|
19-Apr-2012 |
Eric W. Biederman <ebiederm@xmission.com> |
net: Move all of the network sysctls without a namespace into init_net. This makes it clearer which sysctls are relative to your current network namespace. This makes it a little less error prone by not exposing sysctls for the initial network namespace in other namespaces. This is the same way we handle all of our other network interfaces to userspace and I can't honestly remember why we didn't do this for sysctls right from the start. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Acked-by: Pavel Emelyanov <xemul@parallels.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
cf778b00e96df6d64f8e21b8395d1f8a859ecdc7 |
|
12-Jan-2012 |
Eric Dumazet <eric.dumazet@gmail.com> |
net: reintroduce missing rcu_assign_pointer() calls commit a9b3cd7f32 (rcu: convert uses of rcu_assign_pointer(x, NULL) to RCU_INIT_POINTER) did a lot of incorrect changes, since it did a complete conversion of rcu_assign_pointer(x, y) to RCU_INIT_POINTER(x, y). We miss needed barriers, even on x86, when y is not NULL. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: Stephen Hemminger <shemminger@vyatta.com> CC: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
a9b3cd7f323b2e57593e7215362a7b02fc933e3a |
|
01-Aug-2011 |
Stephen Hemminger <shemminger@vyatta.com> |
rcu: convert uses of rcu_assign_pointer(x, NULL) to RCU_INIT_POINTER When assigning a NULL value to an RCU protected pointer, no barrier is needed. The rcu_assign_pointer, used to handle that but will soon change to not handle the special case. Convert all rcu_assign_pointer of NULL value. //smpl @@ expression P; @@ - rcu_assign_pointer(P, NULL) + RCU_INIT_POINTER(P, NULL) // </smpl> Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
9ef0298a8e5730d9a46d640014c727f3b4152870 |
|
02-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
netfilter: nf_log: avoid oops in (un)bind with invalid nfproto values Like many other places, we have to check that the array index is within allowed limits, or otherwise, a kernel oops and other nastiness can ensue when we access memory beyond the end of the array. [ 5954.115381] BUG: unable to handle kernel paging request at 0000004000000000 [ 5954.120014] IP: __find_logger+0x6f/0xa0 [ 5954.123979] nf_log_bind_pf+0x2b/0x70 [ 5954.123979] nfulnl_recv_config+0xc0/0x4a0 [nfnetlink_log] [ 5954.123979] nfnetlink_rcv_msg+0x12c/0x1b0 [nfnetlink] ... The problem goes back to v2.6.30-rc1~1372~1342~31 where nf_log_bind was decoupled from nf_log_register. Reported-by: Miguel Di Ciurcio Filho <miguel.filho@gmail.com>, via irc.freenode.net/#netfilter Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
|
0e60ebe04c51807db972d03665651ae6b5c26d7e |
|
15-Nov-2010 |
Eric Dumazet <eric.dumazet@gmail.com> |
netfilter: add __rcu annotations Add some __rcu annotations and use helpers to reduce number of sparse warnings (CONFIG_SPARSE_RCU_POINTER=y) Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
|
0906a372f2aa0fec1e59bd12b896883b6e41307a |
|
09-Mar-2010 |
Arnd Bergmann <arnd@relay.de.ibm.com> |
net/netfilter: __rcu annotations Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Acked-by: Patrick McHardy <kaber@trash.net> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric Dumazet <eric.dumazet@gmail.com> Reviewed-by: Josh Triplett <josh@joshtriplett.org>
|
b56f2d55c6c22b0c5774b3b22e336fb6cc5f4094 |
|
10-May-2010 |
Patrick McHardy <kaber@trash.net> |
netfilter: use rcu_dereference_protected() Restore the rcu_dereference() calls in conntrack/expectation notifier and logger registration/unregistration, but use the _protected variant, which will be required by the upcoming __rcu annotations. Based on patch by Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
|
ed86308f6179d8fa6151c2d0f652aad0091548e2 |
|
09-Apr-2010 |
Patrick McHardy <kaber@trash.net> |
netfilter: remove invalid rcu_dereference() calls The CONFIG_PROVE_RCU option discovered a few invalid uses of rcu_dereference() in netfilter. In all these cases, the code code intends to check whether a pointer is already assigned when performing registration or whether the assigned pointer matches when performing unregistration. The entire registration/ unregistration is protected by a mutex, so we don't need the rcu_dereference() calls. Reported-by: Valdis Kletnieks <Valdis.Kletnieks@vt.edu> Tested-by: Valdis Kletnieks <Valdis.Kletnieks@vt.edu> Signed-off-by: Patrick McHardy <kaber@trash.net>
|
6440fe059ee8b49b548c8c2c1447530075d07e10 |
|
19-Nov-2009 |
Patrick McHardy <kaber@trash.net> |
netfilter: nf_log: fix sleeping function called from invalid context in seq_show() [ 171.925285] BUG: sleeping function called from invalid context at kernel/mutex.c:280 [ 171.925296] in_atomic(): 1, irqs_disabled(): 0, pid: 671, name: grep [ 171.925306] 2 locks held by grep/671: [ 171.925312] #0: (&p->lock){+.+.+.}, at: [<c10b8acd>] seq_read+0x25/0x36c [ 171.925340] #1: (rcu_read_lock){.+.+..}, at: [<c1391dac>] seq_start+0x0/0x44 [ 171.925372] Pid: 671, comm: grep Not tainted 2.6.31.6-4-netbook #3 [ 171.925380] Call Trace: [ 171.925398] [<c105104e>] ? __debug_show_held_locks+0x1e/0x20 [ 171.925414] [<c10264ac>] __might_sleep+0xfb/0x102 [ 171.925430] [<c1461521>] mutex_lock_nested+0x1c/0x2ad [ 171.925444] [<c1391c9e>] seq_show+0x74/0x127 [ 171.925456] [<c10b8c5c>] seq_read+0x1b4/0x36c [ 171.925469] [<c10b8aa8>] ? seq_read+0x0/0x36c [ 171.925483] [<c10d5c8e>] proc_reg_read+0x60/0x74 [ 171.925496] [<c10d5c2e>] ? proc_reg_read+0x0/0x74 [ 171.925510] [<c10a4468>] vfs_read+0x87/0x110 [ 171.925523] [<c10a458a>] sys_read+0x3b/0x60 [ 171.925538] [<c1002a49>] syscall_call+0x7/0xb Fix it by replacing RCU with nf_log_mutex. Reported-by: "Yin, Kangkai" <kangkai.yin@intel.com> Signed-off-by: Wu Fengguang <fengguang.wu@intel.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
|
7378396cd172cc058fa62220c6486419046c4e0c |
|
13-Nov-2009 |
Wu Fengguang <fengguang.wu@intel.com> |
netfilter: nf_log: fix sleeping function called from invalid context in seq_show() [ 171.925285] BUG: sleeping function called from invalid context at kernel/mutex.c:280 [ 171.925296] in_atomic(): 1, irqs_disabled(): 0, pid: 671, name: grep [ 171.925306] 2 locks held by grep/671: [ 171.925312] #0: (&p->lock){+.+.+.}, at: [<c10b8acd>] seq_read+0x25/0x36c [ 171.925340] #1: (rcu_read_lock){.+.+..}, at: [<c1391dac>] seq_start+0x0/0x44 [ 171.925372] Pid: 671, comm: grep Not tainted 2.6.31.6-4-netbook #3 [ 171.925380] Call Trace: [ 171.925398] [<c105104e>] ? __debug_show_held_locks+0x1e/0x20 [ 171.925414] [<c10264ac>] __might_sleep+0xfb/0x102 [ 171.925430] [<c1461521>] mutex_lock_nested+0x1c/0x2ad [ 171.925444] [<c1391c9e>] seq_show+0x74/0x127 [ 171.925456] [<c10b8c5c>] seq_read+0x1b4/0x36c [ 171.925469] [<c10b8aa8>] ? seq_read+0x0/0x36c [ 171.925483] [<c10d5c8e>] proc_reg_read+0x60/0x74 [ 171.925496] [<c10d5c2e>] ? proc_reg_read+0x0/0x74 [ 171.925510] [<c10a4468>] vfs_read+0x87/0x110 [ 171.925523] [<c10a458a>] sys_read+0x3b/0x60 [ 171.925538] [<c1002a49>] syscall_call+0x7/0xb Fix it by replacing RCU with nf_log_mutex. Reported-by: "Yin, Kangkai" <kangkai.yin@intel.com> Signed-off-by: Wu Fengguang <fengguang.wu@intel.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
|
f8572d8f2a2ba75408b97dc24ef47c83671795d7 |
|
05-Nov-2009 |
Eric W. Biederman <ebiederm@xmission.com> |
sysctl net: Remove unused binary sysctl code Now that sys_sysctl is a compatiblity wrapper around /proc/sys all sysctl strategy routines, and all ctl_name and strategy entries in the sysctl tables are unused, and can be revmoed. In addition neigh_sysctl_register has been modified to no longer take a strategy argument and it's callers have been modified not to pass one. Cc: "David Miller" <davem@davemloft.net> Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org> Cc: netdev@vger.kernel.org Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
|
8d65af789f3e2cf4cfbdbf71a0f7a61ebcd41d38 |
|
24-Sep-2009 |
Alexey Dobriyan <adobriyan@gmail.com> |
sysctl: remove "struct file *" argument of ->proc_handler It's unused. It isn't needed -- read or write flag is already passed and sysctl shouldn't care about the rest. It _was_ used in two places at arch/frv for some reason. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: David Howells <dhowells@redhat.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: "David S. Miller" <davem@davemloft.net> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
249556192859490b6280552d4b877064f9f5ee48 |
|
22-Jun-2009 |
Patrick McHardy <kaber@trash.net> |
netfilter: nf_log: fix direct userspace memory access in proc handler Signed-off-by: Patrick McHardy <kaber@trash.net>
|
266d07cb1c9a0c345d7d3aea889f92062894059e |
|
13-Jun-2009 |
Patrick McHardy <kaber@trash.net> |
netfilter: nf_log: fix sleeping function called from invalid context Fix regression introduced by 17625274 "netfilter: sysctl support of logger choice": BUG: sleeping function called from invalid context at /mnt/s390test/linux-2.6-tip/arch/s390/include/asm/uaccess.h:234 in_atomic(): 1, irqs_disabled(): 0, pid: 3245, name: sysctl CPU: 1 Not tainted 2.6.30-rc8-tipjun10-02053-g39ae214 #1 Process sysctl (pid: 3245, task: 000000007f675da0, ksp: 000000007eb17cf0) 0000000000000000 000000007eb17be8 0000000000000002 0000000000000000 000000007eb17c88 000000007eb17c00 000000007eb17c00 0000000000048156 00000000003e2de8 000000007f676118 000000007eb17f10 0000000000000000 0000000000000000 000000007eb17be8 000000000000000d 000000007eb17c58 00000000003e2050 000000000001635c 000000007eb17be8 000000007eb17c30 Call Trace: (�<00000000000162e6>� show_trace+0x13a/0x148) �<00000000000349ea>� __might_sleep+0x13a/0x164 �<0000000000050300>� proc_dostring+0x134/0x22c �<0000000000312b70>� nf_log_proc_dostring+0xfc/0x188 �<0000000000136f5e>� proc_sys_call_handler+0xf6/0x118 �<0000000000136fda>� proc_sys_read+0x26/0x34 �<00000000000d6e9c>� vfs_read+0xac/0x158 �<00000000000d703e>� SyS_read+0x56/0x88 �<0000000000027f42>� sysc_noemu+0x10/0x16 Use the nf_log_mutex instead of RCU to fix this. Reported-and-tested-by: Maran Pakkirisamy <maranpsamy@in.ibm.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
|
b6f0a3652ea9d2296fdc98c3b2c96603be611c4d |
|
15-Apr-2009 |
Eric Dumazet <dada1@cosmosbay.com> |
netfilter: nf_log regression fix commit ca735b3aaa945626ba65a3e51145bfe4ecd9e222 'netfilter: use a linked list of loggers' introduced an array of list_head in "struct nf_logger", but forgot to initialize it in nf_log_register(). This resulted in oops when calling nf_log_unregister() at module unload time. Reported-and-tested-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl> Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Acked-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net>
|
176252746ebbc8db97e304345af1f2563c7dc139 |
|
23-Mar-2009 |
Eric Leblond <eric@inl.fr> |
netfilter: sysctl support of logger choice This patchs adds support of modification of the used logger via sysctl. It can be used to change the logger to module that can not use the bind operation (ipt_LOG and ipt_ULOG). For this purpose, it creates a directory /proc/sys/net/netfilter/nf_log which contains a file per-protocol. The content of the file is the name current logger (NONE if not set) and a logger can be setup by simply echoing its name to the file. By echoing "NONE" to a /proc/sys/net/netfilter/nf_log/PROTO file, the logger corresponding to this PROTO is set to NULL. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net>
|
c7a913cd5535554d6f5d5e1f5ef46c4307cf2afc |
|
16-Mar-2009 |
Eric Leblond <eric@inl.fr> |
netfilter: print the list of register loggers This patch modifies the proc output to add display of registered loggers. The content of /proc/net/netfilter/nf_log is modified. Instead of displaying a protocol per line with format: proto:logger it now displays: proto:logger (comma_separated_list_of_loggers) NONE is used as keyword if no logger is used. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net>
|
ca735b3aaa945626ba65a3e51145bfe4ecd9e222 |
|
16-Mar-2009 |
Eric Leblond <eric@inl.fr> |
netfilter: use a linked list of loggers This patch modifies nf_log to use a linked list of loggers for each protocol. This list of loggers is read and write protected with a mutex. This patch separates registration and binding. To be used as logging module, a module has to register calling nf_log_register() and to bind to a protocol it has to call nf_log_bind_pf(). This patch also converts the logging modules to the new API. For nfnetlink_log, it simply switchs call to register functions to call to bind function and adds a call to nf_log_register() during init. For other modules, it just remove a const flag from the logger structure and replace it with a __read_mostly. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net>
|
7e9c6eeb136a46dfd941852803b3a9dd78939b69 |
|
08-Oct-2008 |
Jan Engelhardt <jengelh@medozas.de> |
netfilter: Introduce NFPROTO_* constants The netfilter subsystem only supports a handful of protocols (much less than PF_*) and even non-PF protocols like ARP and pseudo-protocols like PF_BRIDGE. By creating NFPROTO_*, we can earn a few memory savings on arrays that previously were always PF_MAX-sized and keep the pseudo-protocols to ourselves. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
|
76108cea065cda58366d16a7eb6ca90d717a1396 |
|
08-Oct-2008 |
Jan Engelhardt <jengelh@medozas.de> |
netfilter: Use unsigned types for hooknum and pf vars and (try to) consistently use u_int8_t for the L3 family. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
|
b66985b11b8b00e1ec65b89a3112510ac9a9ec6e |
|
12-Jun-2008 |
Eric Leblond <eric@inl.fr> |
netfilter: Make nflog quiet when no one listen in userspace. The message "nf_log_packet: can't log since no backend logging module loaded in! Please either load one, or disable logging explicitly" was displayed for each logged packet when no userspace application is listening to nflog events. The message seems to warn for a problem with a kernel module missing but as said before this is not the case. I thus propose to suppress the message (I don't see any reason to flood the log because a user application has crashed.) Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
|
8eeee8b152ae6bbe181518efaf62ba8e9c613693 |
|
28-Mar-2008 |
Denis V. Lunev <den@openvz.org> |
[NETFILTER]: Replate direct proc_fops assignment with proc_create call. This elliminates infamous race during module loading when one could lookup proc entry without proc_fops assigned. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
ca7c48ca97e5e1d9dbc26cef165814f96d38d96b |
|
31-Jan-2008 |
Eric Dumazet <dada1@cosmosbay.com> |
[NETFILTER]: Supress some sparse warnings CHECK net/netfilter/nf_conntrack_expect.c net/netfilter/nf_conntrack_expect.c:429:13: warning: context imbalance in 'exp_seq_start' - wrong count at exit net/netfilter/nf_conntrack_expect.c:441:13: warning: context imbalance in 'exp_seq_stop' - unexpected unlock CHECK net/netfilter/nf_log.c net/netfilter/nf_log.c:105:13: warning: context imbalance in 'seq_start' - wrong count at exit net/netfilter/nf_log.c:125:13: warning: context imbalance in 'seq_stop' - unexpected unlock CHECK net/netfilter/nfnetlink_queue.c net/netfilter/nfnetlink_queue.c:363:7: warning: symbol 'size' shadows an earlier one net/netfilter/nfnetlink_queue.c:217:9: originally declared here net/netfilter/nfnetlink_queue.c:847:13: warning: context imbalance in 'seq_start' - wrong count at exit net/netfilter/nfnetlink_queue.c:859:13: warning: context imbalance in 'seq_stop' - unexpected unlock Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
|
a7c42955e036127f793ad955d3ec718494efb1eb |
|
18-Dec-2007 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: nf_log: remove incomprehensible comment Whatever that comment tries to say, I don't get it and it looks like a leftover from the time when RCU wasn't used properly. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
|
7b2f9631e789c3e7d59201c21f09a24cd6ce3b1a |
|
18-Dec-2007 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: nf_log: constify struct nf_logger and nf_log_packet loginfo arg Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
|
f01ffbd6e7d001ccf9168b33507958a51ce0ffcf |
|
18-Dec-2007 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: nf_log: move logging stuff to seperate header Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
|
a5d292646ebf2ee51086f59899a377c85e5d50b2 |
|
19-Jul-2007 |
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
[NET] NETFILTER: Fix whitespace errors. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
|
56b3d975bbce65f655c5612b4822da671f9fd9b2 |
|
11-Jul-2007 |
Philippe De Muyter <phdm@macqel.be> |
[NET]: Make all initialized struct seq_operations const. Make all initialized struct seq_operations in net/ const Signed-off-by: Philippe De Muyter <phdm@macqel.be> Signed-off-by: David S. Miller <davem@davemloft.net>
|
601e68e100b6bf8ba13a32db8faf92d43acaa997 |
|
12-Feb-2007 |
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
[NETFILTER]: Fix whitespace errors Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
|
e92ad99c78de09a5ba0746e1c0ee27cc7450c64d |
|
12-Feb-2007 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: nf_log: minor cleanups - rename nf_logging to nf_loggers since its an array of registered loggers - rename nf_log_unregister_logger() to nf_log_unregister() to make it symetrical to nf_log_register() and convert all users Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
|
9b73534dc57fa2fd5ef567586adb83c16e88a52f |
|
12-Feb-2007 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: nf_log: switch logger registration/unregistration to mutex The spinlock is only used in process context (register/unregister), switch to a mutex. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
|
9dc6aa5fcfc104becd86c89c5e7ec90e840e0163 |
|
12-Feb-2007 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: nf_log: make nf_log_unregister_pf return void Since the only user of nf_log_unregister_pf (nfnetlink_log) doesn't check the return value, change it to void and bail out silently when a non-existant address family is supplied. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
|
a5ea6169f294bc33a762f7c1c240e3ac0f045f9e |
|
12-Feb-2007 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: nf_log: use rcu_assign_pointer for RCU protected pointer Also replace synchronize_net() calls by synchronize_rcu() since the RCU protected data is also used for sysfs. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
|
da7071d7e32d15149cc513f096a3638097b66387 |
|
12-Feb-2007 |
Arjan van de Ven <arjan@linux.intel.com> |
[PATCH] mark struct file_operations const 8 Many struct file_operations in the kernel can be "const". Marking them const moves these to the .rodata section, which avoids false sharing with potential dirty data. In addition it'll catch accidental writes at compile time to these shared resources. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
6ab3d5624e172c553004ecc862bfeac16d9d68b7 |
|
30-Jun-2006 |
Jörn Engel <joern@wohnheim.fh-wedel.de> |
Remove obsolete #include <linux/config.h> Signed-off-by: Jörn Engel <joern@wohnheim.fh-wedel.de> Signed-off-by: Adrian Bunk <bunk@stusta.de>
|
622439270c74f3ad4f69d1417aca4bb3b79514f4 |
|
12-Aug-2005 |
Harald Welte <laforge@netfilter.org> |
[NETFILTER]: Fix compilation when no PROC_FS enabled Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
8a61fadb3908454ccfa538aaa75eb1d22def5700 |
|
10-Aug-2005 |
Harald Welte <laforge@netfilter.org> |
[NETFILTER]: check nf_log function call arguments Check whether pf is too large in order to prevent array overflow. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
d72367b6f36e557f122beefaa8c6b80eb1c7f245 |
|
10-Aug-2005 |
Harald Welte <laforge@netfilter.org> |
[NETFILTER]: more verbose return codes from nf_{log,queue} This adds EEXIST to distinguish between the following return values: 0: nobody was registered, registration successful EEXIST: the exact same handler was already registered, no registration required EBUSY: somebody else is registered, registration unsuccessful. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
bbd86b9fc469b7e91dc7444e6abb8930811d79cb |
|
10-Aug-2005 |
Harald Welte <laforge@netfilter.org> |
[NETFILTER]: add /proc/net/netfilter interface to nf_queue This patch adds a /proc/net/netfilter/nf_queue file, similar to the recently-added /proc/net/netfilter/nf_log. It indicates which queue handler is registered to which protocol family. This is useful since there are now multiple queue handlers in the treee (ip[6]_queue, nfnetlink_queue). Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
f6ebe77f955d77a988ce726f0818ec0103b11323 |
|
10-Aug-2005 |
Harald Welte <laforge@netfilter.org> |
[NETFILTER]: split net/core/netfilter.c into net/netfilter/*.c This patch doesn't introduce any code changes, but merely splits the core netfilter code into four separate files. It also moves it from it's old location in net/core/ to the recently-created net/netfilter/ directory. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|