* Implementing --log-uid in to a 2.4.x kernel
@ 2005-08-30 19:09 Kris
2005-08-30 22:31 ` Patrick McHardy
0 siblings, 1 reply; 5+ messages in thread
From: Kris @ 2005-08-30 19:09 UTC (permalink / raw)
To: netfilter-devel
Hi,
I'd like to implement this feature in to the 2.4.x kernel as it is
currently only supported in 2.6.x. However, I would like to know if
anyone can shed some light on why it isn't already included? Is this a
futile or difficult task? I'd think that since there is already
owner-match support in 2.4.x it would be trivial to hack in the --log-uid
support as the information is obviously available to the kernel and the
netfilter API. No?
Thanks, any help is appreciated!
Kris
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Implementing --log-uid in to a 2.4.x kernel
2005-08-30 19:09 Implementing --log-uid in to a 2.4.x kernel Kris
@ 2005-08-30 22:31 ` Patrick McHardy
2005-08-31 14:42 ` Kris
0 siblings, 1 reply; 5+ messages in thread
From: Patrick McHardy @ 2005-08-30 22:31 UTC (permalink / raw)
To: Kris; +Cc: netfilter-devel
Kris wrote:
> Hi,
> I'd like to implement this feature in to the 2.4.x kernel as it is
> currently only supported in 2.6.x. However, I would like to know if
> anyone can shed some light on why it isn't already included? Is this a
> futile or difficult task? I'd think that since there is already
> owner-match support in 2.4.x it would be trivial to hack in the
> --log-uid support as the information is obviously available to the
> kernel and the netfilter API. No?
2.4 is in pure maintenance mode, no new features are added. This is
why the patch was only included in 2.6. The original patch should be
trivial to port to 2.4.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Implementing --log-uid in to a 2.4.x kernel
2005-08-30 22:31 ` Patrick McHardy
@ 2005-08-31 14:42 ` Kris
2005-08-31 14:54 ` Patrick McHardy
0 siblings, 1 reply; 5+ messages in thread
From: Kris @ 2005-08-31 14:42 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel
I've actually ported it. It was quite simple. Should I post the patch
anywhere? I'm not sure what the protocol is for this sort of thing. Is
anyone interested in it?
Kris
On Wed, 31 Aug 2005, Patrick McHardy wrote:
> Kris wrote:
>> Hi,
>> I'd like to implement this feature in to the 2.4.x kernel as it is
>> currently only supported in 2.6.x. However, I would like to know if
>> anyone can shed some light on why it isn't already included? Is this a
>> futile or difficult task? I'd think that since there is already
>> owner-match support in 2.4.x it would be trivial to hack in the
>> --log-uid support as the information is obviously available to the
>> kernel and the netfilter API. No?
>
> 2.4 is in pure maintenance mode, no new features are added. This is
> why the patch was only included in 2.6. The original patch should be
> trivial to port to 2.4.
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Implementing --log-uid in to a 2.4.x kernel
2005-08-31 14:42 ` Kris
@ 2005-08-31 14:54 ` Patrick McHardy
2005-08-31 15:28 ` Patch for the addition of " Kris
0 siblings, 1 reply; 5+ messages in thread
From: Patrick McHardy @ 2005-08-31 14:54 UTC (permalink / raw)
To: Kris; +Cc: netfilter-devel
Kris wrote:
> I've actually ported it. It was quite simple. Should I post the patch
> anywhere? I'm not sure what the protocol is for this sort of thing. Is
> anyone interested in it?
You could post it to netfilter-devel. That way anyone looking for this
patch for 2.4 should be able to find it using google. You could also
post a patch for pomng, but I don't want to add new 2.4 patches, so
you would need to convince someone else to apply it :)
^ permalink raw reply [flat|nested] 5+ messages in thread
* Patch for the addition of --log-uid in to a 2.4.x kernel
2005-08-31 14:54 ` Patrick McHardy
@ 2005-08-31 15:28 ` Kris
0 siblings, 0 replies; 5+ messages in thread
From: Kris @ 2005-08-31 15:28 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel
Alrighty everyone, enjoy the patch.
--- ipt_LOG.c 2005-08-30 17:23:36.000000000 -0400
+++ ipt_LOG.patch 2005-08-30 17:58:33.000000000 -0400
@@ -43,7 +43,7 @@
/* One level of recursion won't kill us */
static void dump_packet(const struct ipt_log_info *info,
- struct iphdr *iph, unsigned int len, int recurse)
+ struct iphdr *iph, unsigned int len, int recurse,
const struct sk_buff *skb)
{
void *protoh = (u_int32_t *)iph + iph->ihl;
unsigned int datalen = len - iph->ihl * 4;
@@ -234,7 +234,8 @@
dump_packet(info,
(struct iphdr *)(icmph + 1),
datalen-sizeof(struct
icmphdr),
- 0);
+ 0,
+ skb);
printk("] ");
}
@@ -289,6 +290,12 @@
printk("PROTO=%u ", iph->protocol);
}
+ /* Max length: 15 "UID=4294967295 " */
+ if ((info->logflags & IPT_LOG_UID) && skb && skb->sk) {
+ if (skb->sk->socket && skb->sk->socket->file)
+ printk("UID=%u GID=%u ",
skb->sk->socket->file->f_uid, skb->sk->socket->file->f_gid);
+ }
+
/* Proto Max log string length */
/* IP: 40+46+6+11+127 = 230 */
/* TCP: 10+max(25,20+30+13+9+32+11+127) = 252 */
@@ -334,7 +341,7 @@
printk(" ");
}
- dump_packet(loginfo, iph, (*pskb)->len, 1);
+ dump_packet(loginfo, iph, (*pskb)->len, 1, *pskb);
printk("\n");
spin_unlock_bh(&log_lock);
}
@@ -385,7 +392,7 @@
spin_lock_bh(&log_lock);
printk(KERN_WARNING "%s", prefix);
- dump_packet(&loginfo, iph, len, 1);
+ dump_packet(&loginfo, iph, len, 1, NULL);
printk("\n");
spin_unlock_bh(&log_lock);
}
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-08-31 15:28 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-08-30 19:09 Implementing --log-uid in to a 2.4.x kernel Kris
2005-08-30 22:31 ` Patrick McHardy
2005-08-31 14:42 ` Kris
2005-08-31 14:54 ` Patrick McHardy
2005-08-31 15:28 ` Patch for the addition of " Kris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.