Skip to content

Commit 7d27892

Browse files
Gao fengummakynes
Gao feng
authored and
ummakynes
committed
netfilter: ebt_log: add net namespace support for ebt_log
Add pernet support to ebt_log by means of the new nf_log_set function added in (30e0c6a netfilter: nf_log: prepare net namespace support for loggers). Since syslog ns has yet not been implemented, we don't want the containers to DDOS host's syslogd. So only enable ebt_log only from init_net and wait for syslog ns support. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
1 parent 30e0c6a commit 7d27892

File tree

1 file changed

+35
-2
lines changed

1 file changed

+35
-2
lines changed

net/bridge/netfilter/ebt_log.c

Lines changed: 35 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,11 @@ ebt_log_packet(u_int8_t pf, unsigned int hooknum,
7878
const char *prefix)
7979
{
8080
unsigned int bitmask;
81+
struct net *net = dev_net(in ? in : out);
82+
83+
/* FIXME: Disabled from containers until syslog ns is supported */
84+
if (!net_eq(net, &init_net))
85+
return;
8186

8287
spin_lock_bh(&ebt_log_lock);
8388
printk(KERN_SOH "%c%s IN=%s OUT=%s MAC source = %pM MAC dest = %pM proto = 0x%04x",
@@ -207,19 +212,47 @@ static struct nf_logger ebt_log_logger __read_mostly = {
207212
.me = THIS_MODULE,
208213
};
209214

215+
static int __net_init ebt_log_net_init(struct net *net)
216+
{
217+
nf_log_set(net, NFPROTO_BRIDGE, &ebt_log_logger);
218+
return 0;
219+
}
220+
221+
static void __net_exit ebt_log_net_fini(struct net *net)
222+
{
223+
nf_log_unset(net, &ebt_log_logger);
224+
}
225+
226+
static struct pernet_operations ebt_log_net_ops = {
227+
.init = ebt_log_net_init,
228+
.exit = ebt_log_net_fini,
229+
};
230+
210231
static int __init ebt_log_init(void)
211232
{
212233
int ret;
213234

235+
ret = register_pernet_subsys(&ebt_log_net_ops);
236+
if (ret < 0)
237+
goto err_pernet;
238+
214239
ret = xt_register_target(&ebt_log_tg_reg);
215240
if (ret < 0)
216-
return ret;
241+
goto err_target;
242+
217243
nf_log_register(NFPROTO_BRIDGE, &ebt_log_logger);
218-
return 0;
244+
245+
return ret;
246+
247+
err_target:
248+
unregister_pernet_subsys(&ebt_log_net_ops);
249+
err_pernet:
250+
return ret;
219251
}
220252

221253
static void __exit ebt_log_fini(void)
222254
{
255+
unregister_pernet_subsys(&ebt_log_net_ops);
223256
nf_log_unregister(&ebt_log_logger);
224257
xt_unregister_target(&ebt_log_tg_reg);
225258
}

0 commit comments

Comments
 (0)