* Implementing --log-uid in to a 2.4.x kernel @ 2005-08-30 19:09 Kris 2005-08-30 22:31 ` Patrick McHardy 0 siblings, 1 reply; 5+ messages in thread From: Kris @ 2005-08-30 19:09 UTC (permalink / raw) To: netfilter-devel Hi, I'd like to implement this feature in to the 2.4.x kernel as it is currently only supported in 2.6.x. However, I would like to know if anyone can shed some light on why it isn't already included? Is this a futile or difficult task? I'd think that since there is already owner-match support in 2.4.x it would be trivial to hack in the --log-uid support as the information is obviously available to the kernel and the netfilter API. No? Thanks, any help is appreciated! Kris ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Implementing --log-uid in to a 2.4.x kernel 2005-08-30 19:09 Implementing --log-uid in to a 2.4.x kernel Kris @ 2005-08-30 22:31 ` Patrick McHardy 2005-08-31 14:42 ` Kris 0 siblings, 1 reply; 5+ messages in thread From: Patrick McHardy @ 2005-08-30 22:31 UTC (permalink / raw) To: Kris; +Cc: netfilter-devel Kris wrote: > Hi, > I'd like to implement this feature in to the 2.4.x kernel as it is > currently only supported in 2.6.x. However, I would like to know if > anyone can shed some light on why it isn't already included? Is this a > futile or difficult task? I'd think that since there is already > owner-match support in 2.4.x it would be trivial to hack in the > --log-uid support as the information is obviously available to the > kernel and the netfilter API. No? 2.4 is in pure maintenance mode, no new features are added. This is why the patch was only included in 2.6. The original patch should be trivial to port to 2.4. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Implementing --log-uid in to a 2.4.x kernel 2005-08-30 22:31 ` Patrick McHardy @ 2005-08-31 14:42 ` Kris 2005-08-31 14:54 ` Patrick McHardy 0 siblings, 1 reply; 5+ messages in thread From: Kris @ 2005-08-31 14:42 UTC (permalink / raw) To: Patrick McHardy; +Cc: netfilter-devel I've actually ported it. It was quite simple. Should I post the patch anywhere? I'm not sure what the protocol is for this sort of thing. Is anyone interested in it? Kris On Wed, 31 Aug 2005, Patrick McHardy wrote: > Kris wrote: >> Hi, >> I'd like to implement this feature in to the 2.4.x kernel as it is >> currently only supported in 2.6.x. However, I would like to know if >> anyone can shed some light on why it isn't already included? Is this a >> futile or difficult task? I'd think that since there is already >> owner-match support in 2.4.x it would be trivial to hack in the >> --log-uid support as the information is obviously available to the >> kernel and the netfilter API. No? > > 2.4 is in pure maintenance mode, no new features are added. This is > why the patch was only included in 2.6. The original patch should be > trivial to port to 2.4. > ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Implementing --log-uid in to a 2.4.x kernel 2005-08-31 14:42 ` Kris @ 2005-08-31 14:54 ` Patrick McHardy 2005-08-31 15:28 ` Patch for the addition of " Kris 0 siblings, 1 reply; 5+ messages in thread From: Patrick McHardy @ 2005-08-31 14:54 UTC (permalink / raw) To: Kris; +Cc: netfilter-devel Kris wrote: > I've actually ported it. It was quite simple. Should I post the patch > anywhere? I'm not sure what the protocol is for this sort of thing. Is > anyone interested in it? You could post it to netfilter-devel. That way anyone looking for this patch for 2.4 should be able to find it using google. You could also post a patch for pomng, but I don't want to add new 2.4 patches, so you would need to convince someone else to apply it :) ^ permalink raw reply [flat|nested] 5+ messages in thread
* Patch for the addition of --log-uid in to a 2.4.x kernel 2005-08-31 14:54 ` Patrick McHardy @ 2005-08-31 15:28 ` Kris 0 siblings, 0 replies; 5+ messages in thread From: Kris @ 2005-08-31 15:28 UTC (permalink / raw) To: Patrick McHardy; +Cc: netfilter-devel Alrighty everyone, enjoy the patch. --- ipt_LOG.c 2005-08-30 17:23:36.000000000 -0400 +++ ipt_LOG.patch 2005-08-30 17:58:33.000000000 -0400 @@ -43,7 +43,7 @@ /* One level of recursion won't kill us */ static void dump_packet(const struct ipt_log_info *info, - struct iphdr *iph, unsigned int len, int recurse) + struct iphdr *iph, unsigned int len, int recurse, const struct sk_buff *skb) { void *protoh = (u_int32_t *)iph + iph->ihl; unsigned int datalen = len - iph->ihl * 4; @@ -234,7 +234,8 @@ dump_packet(info, (struct iphdr *)(icmph + 1), datalen-sizeof(struct icmphdr), - 0); + 0, + skb); printk("] "); } @@ -289,6 +290,12 @@ printk("PROTO=%u ", iph->protocol); } + /* Max length: 15 "UID=4294967295 " */ + if ((info->logflags & IPT_LOG_UID) && skb && skb->sk) { + if (skb->sk->socket && skb->sk->socket->file) + printk("UID=%u GID=%u ", skb->sk->socket->file->f_uid, skb->sk->socket->file->f_gid); + } + /* Proto Max log string length */ /* IP: 40+46+6+11+127 = 230 */ /* TCP: 10+max(25,20+30+13+9+32+11+127) = 252 */ @@ -334,7 +341,7 @@ printk(" "); } - dump_packet(loginfo, iph, (*pskb)->len, 1); + dump_packet(loginfo, iph, (*pskb)->len, 1, *pskb); printk("\n"); spin_unlock_bh(&log_lock); } @@ -385,7 +392,7 @@ spin_lock_bh(&log_lock); printk(KERN_WARNING "%s", prefix); - dump_packet(&loginfo, iph, len, 1); + dump_packet(&loginfo, iph, len, 1, NULL); printk("\n"); spin_unlock_bh(&log_lock); } ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-08-31 15:28 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2005-08-30 19:09 Implementing --log-uid in to a 2.4.x kernel Kris 2005-08-30 22:31 ` Patrick McHardy 2005-08-31 14:42 ` Kris 2005-08-31 14:54 ` Patrick McHardy 2005-08-31 15:28 ` Patch for the addition of " Kris
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.