From: Rui Xiang <rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
To: Gao feng <gaofeng-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
libo.chen-hv44wF8Li93QT0dZR+AlfA@public.gmane.org,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org,
akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org
Subject: Re: [PATCH 9/9] netfilter: use ns_printk in iptable context
Date: Mon, 29 Jul 2013 20:37:26 +0800 [thread overview]
Message-ID: <51F66206.1010504@huawei.com> (raw)
In-Reply-To: <51F63A88.4090405-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
On 2013/7/29 17:48, Gao feng wrote:
> On 07/29/2013 10:31 AM, Rui Xiang wrote:
>> To containerise iptables log, use ns_printk
>> to report individual logs to container as
>> getting syslog_ns from skb->dev->nd_net->user_ns.
>>
>> Signed-off-by: Rui Xiang <rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
>> ---
>> include/net/netfilter/xt_log.h | 6 +++++-
>> net/netfilter/xt_LOG.c | 4 ++--
>> 2 files changed, 7 insertions(+), 3 deletions(-)
>>
>> diff --git a/include/net/netfilter/xt_log.h b/include/net/netfilter/xt_log.h
>> index 9d9756c..5222cba 100644
>> --- a/include/net/netfilter/xt_log.h
>> +++ b/include/net/netfilter/xt_log.h
>> @@ -39,10 +39,14 @@ static struct sbuff *sb_open(void)
>> return m;
>> }
>>
>> -static void sb_close(struct sbuff *m)
>> +static void sb_close(struct sbuff *m, struct sk_buff *skb)
>> {
>> m->buf[m->count] = 0;
>> +#ifdef CONFIG_NET_NS
>> + ns_printk(skb->dev->nd_net->user_ns->syslog_ns, "%s\n", m->buf);
>> +#else
>> printk("%s\n", m->buf);
>> +#endif
>>
>> if (likely(m != &emergency))
>> kfree(m);
>> diff --git a/net/netfilter/xt_LOG.c b/net/netfilter/xt_LOG.c
>> index 5ab2484..f2cd2fa3 100644
>> --- a/net/netfilter/xt_LOG.c
>> +++ b/net/netfilter/xt_LOG.c
>> @@ -493,7 +493,7 @@ ipt_log_packet(struct net *net,
>>
>> dump_ipv4_packet(m, loginfo, skb, 0);
>>
>> - sb_close(m);
>> + sb_close(m, skb);
>
>
> why don't you pass net directly to sb_close here?
>
> un init net namespace will not trigger any system log through ipt_LOG/ip6t_LOG.
> You can check the FIXME in ipt_log_packet.
>
> BTW,for this patch,you should cc netfilter-devel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org too.
>
Hi Gao,
Thanks for your attention.
Yes, you are right. In the 1st version, there was no net parameter in ipt_log_packet
function. Here I didn't do any amendment. And I will alter it in next version.
Thanks.
WARNING: multiple messages have this Message-ID (diff)
From: Rui Xiang <rui.xiang@huawei.com>
To: Gao feng <gaofeng@cn.fujitsu.com>
Cc: <containers@lists.linux-foundation.org>,
<linux-kernel@vger.kernel.org>, <serge.hallyn@ubuntu.com>,
<ebiederm@xmission.com>, <akpm@linux-foundation.org>,
<libo.chen@huawei.com>
Subject: Re: [PATCH 9/9] netfilter: use ns_printk in iptable context
Date: Mon, 29 Jul 2013 20:37:26 +0800 [thread overview]
Message-ID: <51F66206.1010504@huawei.com> (raw)
In-Reply-To: <51F63A88.4090405@cn.fujitsu.com>
On 2013/7/29 17:48, Gao feng wrote:
> On 07/29/2013 10:31 AM, Rui Xiang wrote:
>> To containerise iptables log, use ns_printk
>> to report individual logs to container as
>> getting syslog_ns from skb->dev->nd_net->user_ns.
>>
>> Signed-off-by: Rui Xiang <rui.xiang@huawei.com>
>> ---
>> include/net/netfilter/xt_log.h | 6 +++++-
>> net/netfilter/xt_LOG.c | 4 ++--
>> 2 files changed, 7 insertions(+), 3 deletions(-)
>>
>> diff --git a/include/net/netfilter/xt_log.h b/include/net/netfilter/xt_log.h
>> index 9d9756c..5222cba 100644
>> --- a/include/net/netfilter/xt_log.h
>> +++ b/include/net/netfilter/xt_log.h
>> @@ -39,10 +39,14 @@ static struct sbuff *sb_open(void)
>> return m;
>> }
>>
>> -static void sb_close(struct sbuff *m)
>> +static void sb_close(struct sbuff *m, struct sk_buff *skb)
>> {
>> m->buf[m->count] = 0;
>> +#ifdef CONFIG_NET_NS
>> + ns_printk(skb->dev->nd_net->user_ns->syslog_ns, "%s\n", m->buf);
>> +#else
>> printk("%s\n", m->buf);
>> +#endif
>>
>> if (likely(m != &emergency))
>> kfree(m);
>> diff --git a/net/netfilter/xt_LOG.c b/net/netfilter/xt_LOG.c
>> index 5ab2484..f2cd2fa3 100644
>> --- a/net/netfilter/xt_LOG.c
>> +++ b/net/netfilter/xt_LOG.c
>> @@ -493,7 +493,7 @@ ipt_log_packet(struct net *net,
>>
>> dump_ipv4_packet(m, loginfo, skb, 0);
>>
>> - sb_close(m);
>> + sb_close(m, skb);
>
>
> why don't you pass net directly to sb_close here?
>
> un init net namespace will not trigger any system log through ipt_LOG/ip6t_LOG.
> You can check the FIXME in ipt_log_packet.
>
> BTW,for this patch,you should cc netfilter-devel@vger.kernel.org too.
>
Hi Gao,
Thanks for your attention.
Yes, you are right. In the 1st version, there was no net parameter in ipt_log_packet
function. Here I didn't do any amendment. And I will alter it in next version.
Thanks.
next prev parent reply other threads:[~2013-07-29 12:37 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-29 2:31 [PATCH 0/9] Add namespace support for syslog v2 Rui Xiang
2013-07-29 2:31 ` [PATCH 1/9] syslog_ns: add syslog_namespace and put/get_syslog_ns Rui Xiang
[not found] ` <1375065080-26740-2-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 9:40 ` Gu Zheng
2013-07-29 9:40 ` Gu Zheng
[not found] ` <51F6388B.8000308-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 11:47 ` Rui Xiang
2013-07-29 11:47 ` Rui Xiang
[not found] ` <51F65636.6080505-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-30 0:46 ` Gu Zheng
2013-07-30 0:46 ` Gu Zheng
2013-07-29 2:31 ` [PATCH 3/9] syslog_ns: add init syslog_ns for global syslog Rui Xiang
2013-07-29 2:31 ` [PATCH 4/9] syslog_ns: make syslog handling per namespace Rui Xiang
[not found] ` <1375065080-26740-5-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 9:50 ` Gu Zheng
2013-07-29 9:50 ` Gu Zheng
2013-08-01 1:36 ` Gao feng
2013-08-01 1:36 ` Gao feng
[not found] ` <51F9BBAB.1080306-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-08-01 3:10 ` Rui Xiang
2013-08-01 3:10 ` Rui Xiang
[not found] ` <51F9D1A2.406-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-08-01 5:38 ` Gao feng
2013-08-01 5:38 ` Gao feng
[not found] ` <51F9F452.9060308-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-08-01 6:29 ` Rui Xiang
2013-08-01 6:29 ` Rui Xiang
2013-07-29 2:31 ` [PATCH 5/9] syslog_ns: make permisiion check per user namespace Rui Xiang
2013-07-29 2:31 ` [PATCH 6/9] syslog_ns: use init syslog_ns for console action Rui Xiang
2013-07-29 2:31 ` [PATCH 8/9] syslog_ns: implement ns_printk for specific syslog_ns Rui Xiang
[not found] ` <1375065080-26740-9-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 10:37 ` Gu Zheng
2013-07-29 10:37 ` Gu Zheng
[not found] ` <51F645E4.9070507-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 12:17 ` Rui Xiang
2013-07-29 12:17 ` Rui Xiang
2013-07-29 2:31 ` [PATCH 9/9] netfilter: use ns_printk in iptable context Rui Xiang
[not found] ` <1375065080-26740-10-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 9:48 ` Gao feng
2013-07-29 9:48 ` Gao feng
[not found] ` <51F63A88.4090405-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 12:37 ` Rui Xiang [this message]
2013-07-29 12:37 ` Rui Xiang
[not found] ` <1375065080-26740-1-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 2:31 ` [PATCH 1/9] syslog_ns: add syslog_namespace and put/get_syslog_ns Rui Xiang
2013-07-29 2:31 ` [PATCH 2/9] syslog_ns: add syslog_ns into user_namespace Rui Xiang
2013-07-29 2:31 ` Rui Xiang
[not found] ` <1375065080-26740-3-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 9:46 ` Gu Zheng
2013-07-29 9:46 ` Gu Zheng
[not found] ` <51F639FB.304-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 9:54 ` Gao feng
2013-07-29 9:54 ` Gao feng
[not found] ` <51F63BD2.6090902-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 9:56 ` Gu Zheng
2013-07-29 9:56 ` Gu Zheng
2013-07-29 2:31 ` [PATCH 3/9] syslog_ns: add init syslog_ns for global syslog Rui Xiang
2013-07-29 2:31 ` [PATCH 4/9] syslog_ns: make syslog handling per namespace Rui Xiang
2013-07-29 2:31 ` [PATCH 5/9] syslog_ns: make permisiion check per user namespace Rui Xiang
2013-07-29 2:31 ` [PATCH 6/9] syslog_ns: use init syslog_ns for console action Rui Xiang
2013-07-29 2:31 ` [PATCH 7/9] syslog_ns: implement function for creating syslog ns Rui Xiang
2013-07-29 2:31 ` Rui Xiang
[not found] ` <1375065080-26740-8-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 10:25 ` Gu Zheng
2013-07-29 10:25 ` Gu Zheng
[not found] ` <51F64313.4010700-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-30 3:39 ` Rui Xiang
2013-07-30 3:39 ` Rui Xiang
[not found] ` <51F73555.1020204-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-30 3:42 ` Gu Zheng
2013-07-30 3:42 ` Gu Zheng
2013-07-29 10:39 ` Gao feng
2013-07-29 10:39 ` Gao feng
2013-07-29 2:31 ` [PATCH 8/9] syslog_ns: implement ns_printk for specific syslog_ns Rui Xiang
2013-07-29 2:31 ` [PATCH 9/9] netfilter: use ns_printk in iptable context Rui Xiang
2013-07-29 9:33 ` [PATCH 0/9] Add namespace support for syslog v2 Gu Zheng
2013-07-29 9:33 ` Gu Zheng
2013-07-29 18:58 ` Eric W. Biederman
2013-07-29 18:58 ` Eric W. Biederman
[not found] ` <87wqo9urao.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-07-30 2:11 ` Rui Xiang
2013-07-30 2:11 ` Rui Xiang
2013-07-30 6:05 ` Bruno Prémont
2013-07-30 6:05 ` Bruno Prémont
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51F66206.1010504@huawei.com \
--to=rui.xiang-hv44wf8li93qt0dzr+alfa@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=gaofeng-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org \
--cc=libo.chen-hv44wF8Li93QT0dZR+AlfA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.