[PATCH] ebtables: Port ebt_[u]log.c to nf[netlink]_log

[PATCH] ebtables: Port ebt_[u]log.c to nf[netlink]_log

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 9794 bytes --]

Hi Bart!

The patch below is totally untested (though it compiles), and updates
ebtables to resemble the behaviour that we now have in ipv4 (and ipv6):
{ip,ip6,eb}tables just tell the nf_log core that they want to log a
packet, the mechanism (syslog, nfnetlink_log, ...) is actually decided
by nf_log.

By default, everything will behave like before.

Please review, and test that ebt_log and ebt_ulog are still working as
expected.  Thanks!

[NETFILTER] ebtables: Port ebt_[u]log.c to nf[netlink]_log

Since we now have a netfilter core logging API, we port the bridging log
and ulog watchers to this new API.

This basically means that if you use the "ebt_log" watcher, it will by
default log to the system console, but enables a userspace logging daemon
binds itself to PF_BRIDGE, and take over all logging.

ebt_ulog also registers itself as logger with nf_log, but any packets
explicitly send to ebt_ulog will always use the ulog mechanism and not
handled via the generic logging handler.

This change resembles the situation that is now present in ipv4.

Signed-off-by: Harald Welte <laforge-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org>

---
commit 0dc2bc0656b4b1c5ba3524dadc8fbf36881903b7
tree 0e43d4f7b10f022ff523ea4751546d76d53c57b7
parent 2e64e94fe8e7e4630c9d9e66c437f3ba81e99f78
author Harald Welte <laforge-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org> Sat, 08 Oct 2005 01:43:49 +0200
committer Harald Welte <laforge-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org> Sat, 08 Oct 2005 01:43:49 +0200

 net/bridge/netfilter/Kconfig    |    6 +++-
 net/bridge/netfilter/ebt_log.c  |   61 +++++++++++++++++++++++++++++++++------
 net/bridge/netfilter/ebt_ulog.c |   48 +++++++++++++++++++++++++++++--
 3 files changed, 102 insertions(+), 13 deletions(-)

diff --git a/net/bridge/netfilter/Kconfig b/net/bridge/netfilter/Kconfig
--- a/net/bridge/netfilter/Kconfig
+++ b/net/bridge/netfilter/Kconfig
@@ -196,9 +196,13 @@ config BRIDGE_EBT_LOG
 	  To compile it as a module, choose M here.  If unsure, say N.
 
 config BRIDGE_EBT_ULOG
-	tristate "ebt: ulog support"
+	tristate "ebt: ulog support (OBSOLETE)"
 	depends on BRIDGE_NF_EBTABLES
 	help
+	  This option enables the old bridge-specific "ebt_ulog" implementation
+	  which has been obsoleted by the new "nfnetlink_log" code (see
+	  CONFIG_NETFILTER_NETLINK_LOG).
+
 	  This option adds the ulog watcher, that you can use in any rule
 	  in any ebtables table. The packet is passed to a userspace
 	  logging daemon using netlink multicast sockets. This differs
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -3,6 +3,7 @@
  *
  *	Authors:
  *	Bart De Schuymer <bdschuym-LPO8gxj9N8aZIoH1IeqzKA@public.gmane.org>
+ *	Harald Welte <laforge-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org>
  *
  *  April, 2002
  *
@@ -10,6 +11,7 @@
 
 #include <linux/netfilter_bridge/ebtables.h>
 #include <linux/netfilter_bridge/ebt_log.h>
+#include <linux/netfilter.h>
 #include <linux/module.h>
 #include <linux/ip.h>
 #include <linux/if_arp.h>
@@ -55,17 +57,19 @@ static void print_MAC(unsigned char *p)
 }
 
 #define myNIPQUAD(a) a[0], a[1], a[2], a[3]
-static void ebt_log(const struct sk_buff *skb, unsigned int hooknr,
-   const struct net_device *in, const struct net_device *out,
-   const void *data, unsigned int datalen)
+static void
+ebt_log_packet(unsigned int pf, unsigned int hooknum,
+   const struct sk_buff *skb, const struct net_device *in,
+   const struct net_device *out, const struct nf_loginfo *loginfo,
+   const char *prefix)
 {
-	struct ebt_log_info *info = (struct ebt_log_info *)data;
 	char level_string[4] = "< >";
+	unsigned int bitmask;
 
-	level_string[1] = '0' + info->loglevel;
+	level_string[1] = '0' + loginfo->u.log.level;
 	spin_lock_bh(&ebt_log_lock);
 	printk(level_string);
-	printk("%s IN=%s OUT=%s ", info->prefix, in ? in->name : "",
+	printk("%s IN=%s OUT=%s ", prefix, in ? in->name : "",
 	   out ? out->name : "");
 
 	printk("MAC source = ");
@@ -75,7 +79,12 @@ static void ebt_log(const struct sk_buff
 
 	printk("proto = 0x%04x", ntohs(eth_hdr(skb)->h_proto));
 
-	if ((info->bitmask & EBT_LOG_IP) && eth_hdr(skb)->h_proto ==
+	if (loginfo->type == NF_LOG_TYPE_LOG)
+		bitmask = loginfo->u.log.logflags;
+	else
+		bitmask = NF_LOG_MASK;
+
+	if ((bitmask & EBT_LOG_IP) && eth_hdr(skb)->h_proto ==
 	   htons(ETH_P_IP)){
 		struct iphdr _iph, *ih;
 
@@ -104,7 +113,7 @@ static void ebt_log(const struct sk_buff
 		goto out;
 	}
 
-	if ((info->bitmask & EBT_LOG_ARP) &&
+	if ((bitmask & EBT_LOG_ARP) &&
 	    ((eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) ||
 	     (eth_hdr(skb)->h_proto == htons(ETH_P_RARP)))) {
 		struct arphdr _arph, *ah;
@@ -144,6 +153,21 @@ static void ebt_log(const struct sk_buff
 out:
 	printk("\n");
 	spin_unlock_bh(&ebt_log_lock);
+
+}
+
+static void ebt_log(const struct sk_buff *skb, unsigned int hooknr,
+   const struct net_device *in, const struct net_device *out,
+   const void *data, unsigned int datalen)
+{
+	struct ebt_log_info *info = (struct ebt_log_info *)data;
+	struct nf_loginfo li;
+
+	li.type = NF_LOG_TYPE_LOG;
+	li.u.log.level = info->loglevel;
+	li.u.log.logflags = info->bitmask;
+
+	nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, info->prefix);
 }
 
 static struct ebt_watcher log =
@@ -154,13 +178,32 @@ static struct ebt_watcher log =
 	.me		= THIS_MODULE,
 };
 
+static struct nf_logger ebt_log_logger = {
+	.name 		= "ebt_log",
+	.logfn		= &ebt_log_packet,
+	.me		= THIS_MODULE,
+};
+
 static int __init init(void)
 {
-	return ebt_register_watcher(&log);
+	int ret;
+
+	ret = ebt_register_watcher(&log);
+	if (ret < 0)
+		return ret;
+	if (nf_log_register(PF_BRIDGE, &ebt_log_logger) < 0) {
+		printk(KERN_WARNING "ebt_log: not logging via system console "
+		       "since somebody else already registered for PF_INET\n");
+		/* wecannot make module load fail here, since otherwise 
+		 * ebtables userspace would abort */
+	}
+
+	return 0;
 }
 
 static void __exit fini(void)
 {
+	nf_log_unregister_logger(&ebt_log_logger);
 	ebt_unregister_watcher(&log);
 }
 
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -3,6 +3,7 @@
  *
  *	Authors:
  *	Bart De Schuymer <bdschuym-LPO8gxj9N8aZIoH1IeqzKA@public.gmane.org>
+ *	Harald Welte <laforge-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org>
  *
  *  November, 2004
  *
@@ -115,14 +116,13 @@ static struct sk_buff *ulog_alloc_skb(un
 	return skb;
 }
 
-static void ebt_ulog(const struct sk_buff *skb, unsigned int hooknr,
+static void ebt_ulog_packet(unsigned int hooknr, const struct sk_buff *skb,
    const struct net_device *in, const struct net_device *out,
-   const void *data, unsigned int datalen)
+   const struct ebt_ulog_info *uloginfo, const char *prefix)
 {
 	ebt_ulog_packet_msg_t *pm;
 	size_t size, copy_len;
 	struct nlmsghdr *nlh;
-	struct ebt_ulog_info *uloginfo = (struct ebt_ulog_info *)data;
 	unsigned int group = uloginfo->nlgroup;
 	ebt_ulog_buff_t *ub = &ulog_buffers[group];
 	spinlock_t *lock = &ub->lock;
@@ -216,6 +216,39 @@ alloc_failure:
 	goto unlock;
 }
 
+/* this function is registered with the netfilter core */
+static void ebt_log_packet(unsigned int pf, unsigned int hooknum,
+   const struct sk_buff *skb, const struct net_device *in,
+   const struct net_device *out, const struct nf_loginfo *li,
+   const char *prefix)
+{
+	struct ebt_ulog_info loginfo;
+
+	if (!li || li->type != NF_LOG_TYPE_ULOG) {
+		loginfo.nlgroup = EBT_ULOG_DEFAULT_NLGROUP;
+		loginfo.cprange = 0;
+		loginfo.qthreshold = EBT_ULOG_DEFAULT_QTHRESHOLD;
+		loginfo.prefix[0] = '\0';
+	} else {
+		loginfo.nlgroup = li->u.ulog.group;
+		loginfo.cprange = li->u.ulog.copy_len;
+		loginfo.qthreshold = li->u.ulog.qthreshold;
+		strlcpy(loginfo.prefix, prefix, sizeof(loginfo.prefix));
+	}
+
+	ebt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
+}
+
+static void ebt_ulog(const struct sk_buff *skb, unsigned int hooknr,
+   const struct net_device *in, const struct net_device *out,
+   const void *data, unsigned int datalen)
+{
+	struct ebt_ulog_info *uloginfo = (struct ebt_ulog_info *)data;
+
+	ebt_ulog_packet(hooknr, skb, in, out, uloginfo, NULL);
+}
+
+
 static int ebt_ulog_check(const char *tablename, unsigned int hookmask,
    const struct ebt_entry *e, void *data, unsigned int datalen)
 {
@@ -240,6 +273,12 @@ static struct ebt_watcher ulog = {
 	.me		= THIS_MODULE,
 };
 
+static struct nf_logger ebt_ulog_logger = {
+	.name		= EBT_ULOG_WATCHER,
+	.logfn		= &ebt_log_packet,
+	.me		= THIS_MODULE,
+};
+
 static int __init init(void)
 {
 	int i, ret = 0;
@@ -265,6 +304,8 @@ static int __init init(void)
 	else if ((ret = ebt_register_watcher(&ulog)))
 		sock_release(ebtulognl->sk_socket);
 
+	nf_log_register(PF_BRIDGE, &ebt_ulog_logger);
+
 	return ret;
 }
 
@@ -273,6 +314,7 @@ static void __exit fini(void)
 	ebt_ulog_buff_t *ub;
 	int i;
 
+	nf_log_unregister_logger(&ebt_ulog_logger);
 	ebt_unregister_watcher(&ulog);
 	for (i = 0; i < EBT_ULOG_MAXNLGROUPS; i++) {
 		ub = &ulog_buffers[i];
-- 
- Harald Welte <laforge-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [PATCH] ebtables: Port ebt_[u]log.c to nf[netlink]_log

[Bart De Schuymer]

Op za, 08-10-2005 te 01:49 +0200, schreef Harald Welte:
> Hi Bart!
> 
> The patch below is totally untested (though it compiles), and updates
> ebtables to resemble the behaviour that we now have in ipv4 (and ipv6):
> {ip,ip6,eb}tables just tell the nf_log core that they want to log a
> packet, the mechanism (syslog, nfnetlink_log, ...) is actually decided
> by nf_log.
> 
> By default, everything will behave like before.
> 
> Please review, and test that ebt_log and ebt_ulog are still working as
> expected.  Thanks!
> 
> [NETFILTER] ebtables: Port ebt_[u]log.c to nf[netlink]_log
> 
> Since we now have a netfilter core logging API, we port the bridging log
> and ulog watchers to this new API.
> 
> This basically means that if you use the "ebt_log" watcher, it will by
> default log to the system console, but enables a userspace logging daemon
> binds itself to PF_BRIDGE, and take over all logging.
> 
> ebt_ulog also registers itself as logger with nf_log, but any packets
> explicitly send to ebt_ulog will always use the ulog mechanism and not
> handled via the generic logging handler.
> 
> This change resembles the situation that is now present in ipv4.

I seem to be unable to get Davem's current git tree.
This fails miserably: 
cg-clone http://www.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.git

Your patch won't apply to 2.6.13. At first I thought it was a problem
with evolution or the kernel version, but looking at the source code of
your mail, I see "=20" added here and there...

Any ideas?

cheers,
Bart




-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl

Re: [PATCH] ebtables: Port ebt_[u]log.c to nf[netlink]_log

[David S. Miller]

From: Bart De Schuymer <bdschuym-LPO8gxj9N8aZIoH1IeqzKA@public.gmane.org>
Date: Tue, 11 Oct 2005 19:31:50 +0000

> I seem to be unable to get Davem's current git tree.
> This fails miserably: 
> cg-clone http://www.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.git

I use an "alternates" file, so that Linus's tree's objects get used
and only the truly local changes actually get stored in my tree.

Unfortunately that totally doesn't work with transports such
as rsync.


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl

Re: Re: [PATCH] ebtables: Port ebt_[u]log.c to nf[netlink]_log

[Bart De Schuymer]

Op di, 11-10-2005 te 12:55 -0700, schreef David S. Miller:
> From: Bart De Schuymer <bdschuym-LPO8gxj9N8aZIoH1IeqzKA@public.gmane.org>
> Date: Tue, 11 Oct 2005 19:31:50 +0000
> 
> > I seem to be unable to get Davem's current git tree.
> > This fails miserably: 
> > cg-clone http://www.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.git
> 
> I use an "alternates" file, so that Linus's tree's objects get used
> and only the truly local changes actually get stored in my tree.
> 
> Unfortunately that totally doesn't work with transports such
> as rsync.

OK, kernel now compiling without the patch. Harald, could you send it as
attachment?

The instructions at the top of http://www.kernel.org/git/ are somewhat
outdated.

cheers,
Bart




-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl

Re: [PATCH] ebtables: Port ebt_[u]log.c to nf[netlink]_log

[Harald Welte]

[-- Attachment #1.1: Type: text/plain, Size: 1121 bytes --]

On Tue, Oct 11, 2005 at 07:31:50PM +0000, Bart De Schuymer wrote:
> I seem to be unable to get Davem's current git tree.
> This fails miserably: 
> cg-clone http://www.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.git

Try getting it via rsync, I never have successfully ran cg/git via http.

Also, a recent linus tree should be sufficient, even one of the latest
2.6.14-rc3/rc4 tarballs should be fine.

> Your patch won't apply to 2.6.13. At first I thought it was a problem
> with evolution or the kernel version, but looking at the source code of
> your mail, I see "=20" added here and there...

I've attached it to this mail again.  Since it isn't inline, saving it
as attachment should do fine.

-- 
- Harald Welte <laforge-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #1.2: 81-ebt_ulog-nf_log.patch --]
[-- Type: text/plain, Size: 8941 bytes --]

[NETFILTER] ebtables: Port ebt_[u]log.c to nf[netlink]_log

Since we now have a netfilter core logging API, we port the bridging log
and ulog watchers to this new API.

This basically means that if you use the "ebt_log" watcher, it will by
default log to the system console, but enables a userspace logging daemon
binds itself to PF_BRIDGE, and take over all logging.

ebt_ulog also registers itself as logger with nf_log, but any packets
explicitly send to ebt_ulog will always use the ulog mechanism and not
handled via the generic logging handler.

This change resembles the situation that is now present in ipv4.

Signed-off-by: Harald Welte <laforge-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org>

---
commit 0dc2bc0656b4b1c5ba3524dadc8fbf36881903b7
tree 0e43d4f7b10f022ff523ea4751546d76d53c57b7
parent 2e64e94fe8e7e4630c9d9e66c437f3ba81e99f78
author Harald Welte <laforge-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org> Sat, 08 Oct 2005 01:43:49 +0200
committer Harald Welte <laforge-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org> Sat, 08 Oct 2005 01:43:49 +0200

 net/bridge/netfilter/Kconfig    |    6 +++-
 net/bridge/netfilter/ebt_log.c  |   61 +++++++++++++++++++++++++++++++++------
 net/bridge/netfilter/ebt_ulog.c |   48 +++++++++++++++++++++++++++++--
 3 files changed, 102 insertions(+), 13 deletions(-)

diff --git a/net/bridge/netfilter/Kconfig b/net/bridge/netfilter/Kconfig
--- a/net/bridge/netfilter/Kconfig
+++ b/net/bridge/netfilter/Kconfig
@@ -196,9 +196,13 @@ config BRIDGE_EBT_LOG
 	  To compile it as a module, choose M here.  If unsure, say N.
 
 config BRIDGE_EBT_ULOG
-	tristate "ebt: ulog support"
+	tristate "ebt: ulog support (OBSOLETE)"
 	depends on BRIDGE_NF_EBTABLES
 	help
+	  This option enables the old bridge-specific "ebt_ulog" implementation
+	  which has been obsoleted by the new "nfnetlink_log" code (see
+	  CONFIG_NETFILTER_NETLINK_LOG).
+
 	  This option adds the ulog watcher, that you can use in any rule
 	  in any ebtables table. The packet is passed to a userspace
 	  logging daemon using netlink multicast sockets. This differs
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -3,6 +3,7 @@
  *
  *	Authors:
  *	Bart De Schuymer <bdschuym-LPO8gxj9N8aZIoH1IeqzKA@public.gmane.org>
+ *	Harald Welte <laforge-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org>
  *
  *  April, 2002
  *
@@ -10,6 +11,7 @@
 
 #include <linux/netfilter_bridge/ebtables.h>
 #include <linux/netfilter_bridge/ebt_log.h>
+#include <linux/netfilter.h>
 #include <linux/module.h>
 #include <linux/ip.h>
 #include <linux/if_arp.h>
@@ -55,17 +57,19 @@ static void print_MAC(unsigned char *p)
 }
 
 #define myNIPQUAD(a) a[0], a[1], a[2], a[3]
-static void ebt_log(const struct sk_buff *skb, unsigned int hooknr,
-   const struct net_device *in, const struct net_device *out,
-   const void *data, unsigned int datalen)
+static void
+ebt_log_packet(unsigned int pf, unsigned int hooknum,
+   const struct sk_buff *skb, const struct net_device *in,
+   const struct net_device *out, const struct nf_loginfo *loginfo,
+   const char *prefix)
 {
-	struct ebt_log_info *info = (struct ebt_log_info *)data;
 	char level_string[4] = "< >";
+	unsigned int bitmask;
 
-	level_string[1] = '0' + info->loglevel;
+	level_string[1] = '0' + loginfo->u.log.level;
 	spin_lock_bh(&ebt_log_lock);
 	printk(level_string);
-	printk("%s IN=%s OUT=%s ", info->prefix, in ? in->name : "",
+	printk("%s IN=%s OUT=%s ", prefix, in ? in->name : "",
 	   out ? out->name : "");
 
 	printk("MAC source = ");
@@ -75,7 +79,12 @@ static void ebt_log(const struct sk_buff
 
 	printk("proto = 0x%04x", ntohs(eth_hdr(skb)->h_proto));
 
-	if ((info->bitmask & EBT_LOG_IP) && eth_hdr(skb)->h_proto ==
+	if (loginfo->type == NF_LOG_TYPE_LOG)
+		bitmask = loginfo->u.log.logflags;
+	else
+		bitmask = NF_LOG_MASK;
+
+	if ((bitmask & EBT_LOG_IP) && eth_hdr(skb)->h_proto ==
 	   htons(ETH_P_IP)){
 		struct iphdr _iph, *ih;
 
@@ -104,7 +113,7 @@ static void ebt_log(const struct sk_buff
 		goto out;
 	}
 
-	if ((info->bitmask & EBT_LOG_ARP) &&
+	if ((bitmask & EBT_LOG_ARP) &&
 	    ((eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) ||
 	     (eth_hdr(skb)->h_proto == htons(ETH_P_RARP)))) {
 		struct arphdr _arph, *ah;
@@ -144,6 +153,21 @@ static void ebt_log(const struct sk_buff
 out:
 	printk("\n");
 	spin_unlock_bh(&ebt_log_lock);
+
+}
+
+static void ebt_log(const struct sk_buff *skb, unsigned int hooknr,
+   const struct net_device *in, const struct net_device *out,
+   const void *data, unsigned int datalen)
+{
+	struct ebt_log_info *info = (struct ebt_log_info *)data;
+	struct nf_loginfo li;
+
+	li.type = NF_LOG_TYPE_LOG;
+	li.u.log.level = info->loglevel;
+	li.u.log.logflags = info->bitmask;
+
+	nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, info->prefix);
 }
 
 static struct ebt_watcher log =
@@ -154,13 +178,32 @@ static struct ebt_watcher log =
 	.me		= THIS_MODULE,
 };
 
+static struct nf_logger ebt_log_logger = {
+	.name 		= "ebt_log",
+	.logfn		= &ebt_log_packet,
+	.me		= THIS_MODULE,
+};
+
 static int __init init(void)
 {
-	return ebt_register_watcher(&log);
+	int ret;
+
+	ret = ebt_register_watcher(&log);
+	if (ret < 0)
+		return ret;
+	if (nf_log_register(PF_BRIDGE, &ebt_log_logger) < 0) {
+		printk(KERN_WARNING "ebt_log: not logging via system console "
+		       "since somebody else already registered for PF_INET\n");
+		/* wecannot make module load fail here, since otherwise 
+		 * ebtables userspace would abort */
+	}
+
+	return 0;
 }
 
 static void __exit fini(void)
 {
+	nf_log_unregister_logger(&ebt_log_logger);
 	ebt_unregister_watcher(&log);
 }
 
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -3,6 +3,7 @@
  *
  *	Authors:
  *	Bart De Schuymer <bdschuym-LPO8gxj9N8aZIoH1IeqzKA@public.gmane.org>
+ *	Harald Welte <laforge-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org>
  *
  *  November, 2004
  *
@@ -115,14 +116,13 @@ static struct sk_buff *ulog_alloc_skb(un
 	return skb;
 }
 
-static void ebt_ulog(const struct sk_buff *skb, unsigned int hooknr,
+static void ebt_ulog_packet(unsigned int hooknr, const struct sk_buff *skb,
    const struct net_device *in, const struct net_device *out,
-   const void *data, unsigned int datalen)
+   const struct ebt_ulog_info *uloginfo, const char *prefix)
 {
 	ebt_ulog_packet_msg_t *pm;
 	size_t size, copy_len;
 	struct nlmsghdr *nlh;
-	struct ebt_ulog_info *uloginfo = (struct ebt_ulog_info *)data;
 	unsigned int group = uloginfo->nlgroup;
 	ebt_ulog_buff_t *ub = &ulog_buffers[group];
 	spinlock_t *lock = &ub->lock;
@@ -216,6 +216,39 @@ alloc_failure:
 	goto unlock;
 }
 
+/* this function is registered with the netfilter core */
+static void ebt_log_packet(unsigned int pf, unsigned int hooknum,
+   const struct sk_buff *skb, const struct net_device *in,
+   const struct net_device *out, const struct nf_loginfo *li,
+   const char *prefix)
+{
+	struct ebt_ulog_info loginfo;
+
+	if (!li || li->type != NF_LOG_TYPE_ULOG) {
+		loginfo.nlgroup = EBT_ULOG_DEFAULT_NLGROUP;
+		loginfo.cprange = 0;
+		loginfo.qthreshold = EBT_ULOG_DEFAULT_QTHRESHOLD;
+		loginfo.prefix[0] = '\0';
+	} else {
+		loginfo.nlgroup = li->u.ulog.group;
+		loginfo.cprange = li->u.ulog.copy_len;
+		loginfo.qthreshold = li->u.ulog.qthreshold;
+		strlcpy(loginfo.prefix, prefix, sizeof(loginfo.prefix));
+	}
+
+	ebt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
+}
+
+static void ebt_ulog(const struct sk_buff *skb, unsigned int hooknr,
+   const struct net_device *in, const struct net_device *out,
+   const void *data, unsigned int datalen)
+{
+	struct ebt_ulog_info *uloginfo = (struct ebt_ulog_info *)data;
+
+	ebt_ulog_packet(hooknr, skb, in, out, uloginfo, NULL);
+}
+
+
 static int ebt_ulog_check(const char *tablename, unsigned int hookmask,
    const struct ebt_entry *e, void *data, unsigned int datalen)
 {
@@ -240,6 +273,12 @@ static struct ebt_watcher ulog = {
 	.me		= THIS_MODULE,
 };
 
+static struct nf_logger ebt_ulog_logger = {
+	.name		= EBT_ULOG_WATCHER,
+	.logfn		= &ebt_log_packet,
+	.me		= THIS_MODULE,
+};
+
 static int __init init(void)
 {
 	int i, ret = 0;
@@ -265,6 +304,8 @@ static int __init init(void)
 	else if ((ret = ebt_register_watcher(&ulog)))
 		sock_release(ebtulognl->sk_socket);
 
+	nf_log_register(PF_BRIDGE, &ebt_ulog_logger);
+
 	return ret;
 }
 
@@ -273,6 +314,7 @@ static void __exit fini(void)
 	ebt_ulog_buff_t *ub;
 	int i;
 
+	nf_log_unregister_logger(&ebt_ulog_logger);
 	ebt_unregister_watcher(&ulog);
 	for (i = 0; i < EBT_ULOG_MAXNLGROUPS; i++) {
 		ub = &ulog_buffers[i];

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [PATCH] ebtables: Port ebt_[u]log.c to nf[netlink]_log

[Ian McDonald]

On 12/10/05, Harald Welte <laforge-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org> wrote:
> On Tue, Oct 11, 2005 at 07:31:50PM +0000, Bart De Schuymer wrote:
> > I seem to be unable to get Davem's current git tree.
> > This fails miserably:
> > cg-clone http://www.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.git
>
> Try getting it via rsync, I never have successfully ran cg/git via http.
>
If you want to keep using a git tree have a look at a page I put together:
http://wlug.org.nz/KernelDevelopmentWithGit

Ian


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl

Re: [PATCH] ebtables: Port ebt_[u]log.c to nf[netlink]_log

[Bart De Schuymer]

Op za, 08-10-2005 te 01:49 +0200, schreef Harald Welte:
> Hi Bart!
> 
> The patch below is totally untested (though it compiles), and updates
> ebtables to resemble the behaviour that we now have in ipv4 (and ipv6):
> {ip,ip6,eb}tables just tell the nf_log core that they want to log a
> packet, the mechanism (syslog, nfnetlink_log, ...) is actually decided
> by nf_log.
> 
> By default, everything will behave like before.
> 
> Please review, and test that ebt_log and ebt_ulog are still working as
> expected.  Thanks!

Sorry for the late reply, some hardware problems got in the way.
Apart from the comments below, the patch is fine by me (I tested both).

Thanks a lot,
Bart

> @@ -144,6 +153,21 @@ static void ebt_log(const struct sk_buff
>  out:
>  	printk("\n");
>  	spin_unlock_bh(&ebt_log_lock);
> +
> +}
> +
> +static void ebt_log(const struct sk_buff *skb, unsigned int hooknr,
> +   const struct net_device *in, const struct net_device *out,
> +   const void *data, unsigned int datalen)
> +{
> +	struct ebt_log_info *info = (struct ebt_log_info *)data;
> +	struct nf_loginfo li;
> +
> +	li.type = NF_LOG_TYPE_LOG;
> +	li.u.log.level = info->loglevel;
> +	li.u.log.logflags = info->bitmask;
> +
> +	nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, info->prefix);

Should be ebt_log_packet

>  }
>  
>  static struct ebt_watcher log =
> @@ -154,13 +178,32 @@ static struct ebt_watcher log =
>  	.me		= THIS_MODULE,
>  };
>  
> +static struct nf_logger ebt_log_logger = {
> +	.name 		= "ebt_log",
> +	.logfn		= &ebt_log_packet,
> +	.me		= THIS_MODULE,
> +};
> +
>  static int __init init(void)
>  {
> -	return ebt_register_watcher(&log);
> +	int ret;
> +
> +	ret = ebt_register_watcher(&log);
> +	if (ret < 0)
> +		return ret;
> +	if (nf_log_register(PF_BRIDGE, &ebt_log_logger) < 0) {
> +		printk(KERN_WARNING "ebt_log: not logging via system console "
> +		       "since somebody else already registered for PF_INET\n");
> +		/* wecannot make module load fail here, since otherwise 
> +		 * ebtables userspace would abort */
> +	}

Since we're using PF_BRIDGE instead of PF_INET now, this if construct
can be replaced by a simple call to nf_log_register.




-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl

Re: [PATCH] ebtables: Port ebt_[u]log.c to nf[netlink]_log

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 2815 bytes --]

On Mon, Oct 17, 2005 at 05:59:59PM +0000, Bart De Schuymer wrote:
> Op za, 08-10-2005 te 01:49 +0200, schreef Harald Welte:
> > Hi Bart!
> > 
> > The patch below is totally untested (though it compiles), and updates
> > ebtables to resemble the behaviour that we now have in ipv4 (and ipv6):
> > {ip,ip6,eb}tables just tell the nf_log core that they want to log a
> > packet, the mechanism (syslog, nfnetlink_log, ...) is actually decided
> > by nf_log.
> > 
> > By default, everything will behave like before.
> > 
> > Please review, and test that ebt_log and ebt_ulog are still working as
> > expected.  Thanks!
> 
> Sorry for the late reply, some hardware problems got in the way.

no problem, I probably hold the record of delayed responses, so I can
understand that completely ;)

> Apart from the comments below, the patch is fine by me (I tested both).

great.

> > +	nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, info->prefix);
> 
> Should be ebt_log_packet

why is that?  nf_log_packet() is a function provided by the netfilter
core in net/netfilter/.  Do you want an ebt_log_packet() wrapper function that just calls
nf_log_packet() ?

> >  {
> > -	return ebt_register_watcher(&log);
> > +	int ret;
> > +
> > +	ret = ebt_register_watcher(&log);
> > +	if (ret < 0)
> > +		return ret;
> > +	if (nf_log_register(PF_BRIDGE, &ebt_log_logger) < 0) {
> > +		printk(KERN_WARNING "ebt_log: not logging via system console "
> > +		       "since somebody else already registered for PF_INET\n");
> > +		/* wecannot make module load fail here, since otherwise 
> > +		 * ebtables userspace would abort */
> > +	}
> 
> Since we're using PF_BRIDGE instead of PF_INET now, this if construct
> can be replaced by a simple call to nf_log_register.

No, I think we only fix the comment (state PF_BRIDGE in the comment) but
leave it like it is.

The issues is, when (in chronological order)

1) someone starts their logging daemon (e.g. ulogd2)
2) the daemon is configured to nf_log_register() for PF_BRIDGE
3) then the ruleset is loaded, which automatically modprobe's ebt_log.ko
4) ebt_log wants to nf_log_register() for PF_BRIDGE

I think we should print some message to syslog to tell the use (once)
that logging will not be done via the system console, even though he
uses the "log" watcher (which traditionally always logged via syslog).

Comments?

-- 
- Harald Welte <laforge-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: Re: [PATCH] ebtables: Port ebt_[u]log.c to nf[netlink]_log

[Bart De Schuymer]

Op di, 18-10-2005 te 10:58 +0200, schreef Harald Welte:
> On Mon, Oct 17, 2005 at 05:59:59PM +0000, Bart De Schuymer wrote:
> > Op za, 08-10-2005 te 01:49 +0200, schreef Harald Welte:
> > > Hi Bart!
> > > 
> > > The patch below is totally untested (though it compiles), and updates
> > > ebtables to resemble the behaviour that we now have in ipv4 (and ipv6):
> > > {ip,ip6,eb}tables just tell the nf_log core that they want to log a
> > > packet, the mechanism (syslog, nfnetlink_log, ...) is actually decided
> > > by nf_log.
> > > 
> > > By default, everything will behave like before.
> > > 
> > > Please review, and test that ebt_log and ebt_ulog are still working as
> > > expected.  Thanks!
> > 
> > Sorry for the late reply, some hardware problems got in the way.
> 
> no problem, I probably hold the record of delayed responses, so I can
> understand that completely ;)
> 
> > Apart from the comments below, the patch is fine by me (I tested both).
> 
> great.
> 
> > > +	nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, info->prefix);
> > 
> > Should be ebt_log_packet
> 
> why is that?  nf_log_packet() is a function provided by the netfilter
> core in net/netfilter/.  Do you want an ebt_log_packet() wrapper function that just calls
> nf_log_packet() ?

I see it works with nf_log_packet() too. I just tried to mimic what
you're doing for ebt_ulog... Anyway, I'll accept your judgement on this.

> > >  {
> > > -	return ebt_register_watcher(&log);
> > > +	int ret;
> > > +
> > > +	ret = ebt_register_watcher(&log);
> > > +	if (ret < 0)
> > > +		return ret;
> > > +	if (nf_log_register(PF_BRIDGE, &ebt_log_logger) < 0) {
> > > +		printk(KERN_WARNING "ebt_log: not logging via system console "
> > > +		       "since somebody else already registered for PF_INET\n");
> > > +		/* wecannot make module load fail here, since otherwise 
> > > +		 * ebtables userspace would abort */
> > > +	}
> > 
> > Since we're using PF_BRIDGE instead of PF_INET now, this if construct
> > can be replaced by a simple call to nf_log_register.
> 
> No, I think we only fix the comment (state PF_BRIDGE in the comment) but
> leave it like it is.

OK, but please fix the typo then. Shouldn't a similar comment be in
ebt_ulog?

cheers,
Bart




-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl

Re: Re: [PATCH] ebtables: Port ebt_[u]log.c to nf[netlink]_log

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 8947 bytes --]

Sorry for this extremely delayed follow-up, but I just noticed that this
is the only patch in my 'master' branch that is not yet merged mainline.

On Tue, Oct 18, 2005 at 03:12:17PM +0000, Bart De Schuymer wrote:
> OK, but please fix the typo then. Shouldn't a similar comment be in
> ebt_ulog?

I've addressed both of your concerns (typo and similar comment/message
in ebt_ulog).

If you deem the attached patch fine, please submit it to davem.


[NETFILTER] ebtables: Support nf_log API from ebt_log and ebt_ulog

This makes ebt_log and ebt_ulog use the new nf_log api.  This enables the
bridging packet filter to log packets e.g. via nfnetlink_log.

Signed-off-by: Harald Welte <laforge-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org>

diff --git a/net/bridge/netfilter/Kconfig b/net/bridge/netfilter/Kconfig
--- a/net/bridge/netfilter/Kconfig
+++ b/net/bridge/netfilter/Kconfig
@@ -196,9 +196,13 @@ config BRIDGE_EBT_LOG
 	  To compile it as a module, choose M here.  If unsure, say N.
 
 config BRIDGE_EBT_ULOG
-	tristate "ebt: ulog support"
+	tristate "ebt: ulog support (OBSOLETE)"
 	depends on BRIDGE_NF_EBTABLES
 	help
+	  This option enables the old bridge-specific "ebt_ulog" implementation
+	  which has been obsoleted by the new "nfnetlink_log" code (see
+	  CONFIG_NETFILTER_NETLINK_LOG).
+
 	  This option adds the ulog watcher, that you can use in any rule
 	  in any ebtables table. The packet is passed to a userspace
 	  logging daemon using netlink multicast sockets. This differs
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -3,6 +3,7 @@
  *
  *	Authors:
  *	Bart De Schuymer <bdschuym-LPO8gxj9N8aZIoH1IeqzKA@public.gmane.org>
+ *	Harald Welte <laforge-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org>
  *
  *  April, 2002
  *
@@ -10,6 +11,7 @@
 
 #include <linux/netfilter_bridge/ebtables.h>
 #include <linux/netfilter_bridge/ebt_log.h>
+#include <linux/netfilter.h>
 #include <linux/module.h>
 #include <linux/ip.h>
 #include <linux/if_arp.h>
@@ -55,17 +57,19 @@ static void print_MAC(unsigned char *p)
 }
 
 #define myNIPQUAD(a) a[0], a[1], a[2], a[3]
-static void ebt_log(const struct sk_buff *skb, unsigned int hooknr,
-   const struct net_device *in, const struct net_device *out,
-   const void *data, unsigned int datalen)
+static void
+ebt_log_packet(unsigned int pf, unsigned int hooknum,
+   const struct sk_buff *skb, const struct net_device *in,
+   const struct net_device *out, const struct nf_loginfo *loginfo,
+   const char *prefix)
 {
-	struct ebt_log_info *info = (struct ebt_log_info *)data;
 	char level_string[4] = "< >";
+	unsigned int bitmask;
 
-	level_string[1] = '0' + info->loglevel;
+	level_string[1] = '0' + loginfo->u.log.level;
 	spin_lock_bh(&ebt_log_lock);
 	printk(level_string);
-	printk("%s IN=%s OUT=%s ", info->prefix, in ? in->name : "",
+	printk("%s IN=%s OUT=%s ", prefix, in ? in->name : "",
 	   out ? out->name : "");
 
 	printk("MAC source = ");
@@ -75,7 +79,12 @@ static void ebt_log(const struct sk_buff
 
 	printk("proto = 0x%04x", ntohs(eth_hdr(skb)->h_proto));
 
-	if ((info->bitmask & EBT_LOG_IP) && eth_hdr(skb)->h_proto ==
+	if (loginfo->type == NF_LOG_TYPE_LOG)
+		bitmask = loginfo->u.log.logflags;
+	else
+		bitmask = NF_LOG_MASK;
+
+	if ((bitmask & EBT_LOG_IP) && eth_hdr(skb)->h_proto ==
 	   htons(ETH_P_IP)){
 		struct iphdr _iph, *ih;
 
@@ -104,7 +113,7 @@ static void ebt_log(const struct sk_buff
 		goto out;
 	}
 
-	if ((info->bitmask & EBT_LOG_ARP) &&
+	if ((bitmask & EBT_LOG_ARP) &&
 	    ((eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) ||
 	     (eth_hdr(skb)->h_proto == htons(ETH_P_RARP)))) {
 		struct arphdr _arph, *ah;
@@ -144,6 +153,21 @@ static void ebt_log(const struct sk_buff
 out:
 	printk("\n");
 	spin_unlock_bh(&ebt_log_lock);
+
+}
+
+static void ebt_log(const struct sk_buff *skb, unsigned int hooknr,
+   const struct net_device *in, const struct net_device *out,
+   const void *data, unsigned int datalen)
+{
+	struct ebt_log_info *info = (struct ebt_log_info *)data;
+	struct nf_loginfo li;
+
+	li.type = NF_LOG_TYPE_LOG;
+	li.u.log.level = info->loglevel;
+	li.u.log.logflags = info->bitmask;
+
+	nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, info->prefix);
 }
 
 static struct ebt_watcher log =
@@ -154,13 +178,32 @@ static struct ebt_watcher log =
 	.me		= THIS_MODULE,
 };
 
+static struct nf_logger ebt_log_logger = {
+	.name 		= "ebt_log",
+	.logfn		= &ebt_log_packet,
+	.me		= THIS_MODULE,
+};
+
 static int __init init(void)
 {
-	return ebt_register_watcher(&log);
+	int ret;
+
+	ret = ebt_register_watcher(&log);
+	if (ret < 0)
+		return ret;
+	if (nf_log_register(PF_BRIDGE, &ebt_log_logger) < 0) {
+		printk(KERN_WARNING "ebt_log: not logging via system console "
+		       "since somebody else already registered for PF_INET\n");
+		/* we cannot make module load fail here, since otherwise 
+		 * ebtables userspace would abort */
+	}
+
+	return 0;
 }
 
 static void __exit fini(void)
 {
+	nf_log_unregister_logger(&ebt_log_logger);
 	ebt_unregister_watcher(&log);
 }
 
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -3,6 +3,7 @@
  *
  *	Authors:
  *	Bart De Schuymer <bdschuym-LPO8gxj9N8aZIoH1IeqzKA@public.gmane.org>
+ *	Harald Welte <laforge-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org>
  *
  *  November, 2004
  *
@@ -115,14 +116,13 @@ static struct sk_buff *ulog_alloc_skb(un
 	return skb;
 }
 
-static void ebt_ulog(const struct sk_buff *skb, unsigned int hooknr,
+static void ebt_ulog_packet(unsigned int hooknr, const struct sk_buff *skb,
    const struct net_device *in, const struct net_device *out,
-   const void *data, unsigned int datalen)
+   const struct ebt_ulog_info *uloginfo, const char *prefix)
 {
 	ebt_ulog_packet_msg_t *pm;
 	size_t size, copy_len;
 	struct nlmsghdr *nlh;
-	struct ebt_ulog_info *uloginfo = (struct ebt_ulog_info *)data;
 	unsigned int group = uloginfo->nlgroup;
 	ebt_ulog_buff_t *ub = &ulog_buffers[group];
 	spinlock_t *lock = &ub->lock;
@@ -216,6 +216,39 @@ alloc_failure:
 	goto unlock;
 }
 
+/* this function is registered with the netfilter core */
+static void ebt_log_packet(unsigned int pf, unsigned int hooknum,
+   const struct sk_buff *skb, const struct net_device *in,
+   const struct net_device *out, const struct nf_loginfo *li,
+   const char *prefix)
+{
+	struct ebt_ulog_info loginfo;
+
+	if (!li || li->type != NF_LOG_TYPE_ULOG) {
+		loginfo.nlgroup = EBT_ULOG_DEFAULT_NLGROUP;
+		loginfo.cprange = 0;
+		loginfo.qthreshold = EBT_ULOG_DEFAULT_QTHRESHOLD;
+		loginfo.prefix[0] = '\0';
+	} else {
+		loginfo.nlgroup = li->u.ulog.group;
+		loginfo.cprange = li->u.ulog.copy_len;
+		loginfo.qthreshold = li->u.ulog.qthreshold;
+		strlcpy(loginfo.prefix, prefix, sizeof(loginfo.prefix));
+	}
+
+	ebt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
+}
+
+static void ebt_ulog(const struct sk_buff *skb, unsigned int hooknr,
+   const struct net_device *in, const struct net_device *out,
+   const void *data, unsigned int datalen)
+{
+	struct ebt_ulog_info *uloginfo = (struct ebt_ulog_info *)data;
+
+	ebt_ulog_packet(hooknr, skb, in, out, uloginfo, NULL);
+}
+
+
 static int ebt_ulog_check(const char *tablename, unsigned int hookmask,
    const struct ebt_entry *e, void *data, unsigned int datalen)
 {
@@ -240,6 +273,12 @@ static struct ebt_watcher ulog = {
 	.me		= THIS_MODULE,
 };
 
+static struct nf_logger ebt_ulog_logger = {
+	.name		= EBT_ULOG_WATCHER,
+	.logfn		= &ebt_log_packet,
+	.me		= THIS_MODULE,
+};
+
 static int __init init(void)
 {
 	int i, ret = 0;
@@ -265,6 +304,13 @@ static int __init init(void)
 	else if ((ret = ebt_register_watcher(&ulog)))
 		sock_release(ebtulognl->sk_socket);
 
+	if (nf_log_register(PF_BRIDGE, &ebt_ulog_logger) < 0) {
+		printk(KERN_WARNING "ebt_ulog: not logging via ulog "
+		       "since somebody else already registered for PF_BRIDGE\n");
+		/* we cannot make module load fail here, since otherwise
+		 * ebtables userspace would abort */
+	}
+
 	return ret;
 }
 
@@ -273,6 +319,7 @@ static void __exit fini(void)
 	ebt_ulog_buff_t *ub;
 	int i;
 
+	nf_log_unregister_logger(&ebt_ulog_logger);
 	ebt_unregister_watcher(&ulog);
 	for (i = 0; i < EBT_ULOG_MAXNLGROUPS; i++) {
 		ub = &ulog_buffers[i];
-- 
- Harald Welte <laforge-TgoAw6mPHtdg9hUCZPvPmw@public.gmane.org>          	        http://gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
                                                  (ETSI EN 300 175-7 Ch. A6)

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: Re: [PATCH] ebtables: Port ebt_[u]log.c to nf[netlink]_log

[Ingo Oeser]

Hi Harald,

would you mind merging the prink()s ...

Harald Welte wrote:
> diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
> --- a/net/bridge/netfilter/ebt_log.c
> +++ b/net/bridge/netfilter/ebt_log.c
> @@ -55,17 +57,19 @@ static void print_MAC(unsigned char *p)
>  }
>  
>  #define myNIPQUAD(a) a[0], a[1], a[2], a[3]
> -static void ebt_log(const struct sk_buff *skb, unsigned int hooknr,
> -   const struct net_device *in, const struct net_device *out,
> -   const void *data, unsigned int datalen)
> +static void
> +ebt_log_packet(unsigned int pf, unsigned int hooknum,
> +   const struct sk_buff *skb, const struct net_device *in,
> +   const struct net_device *out, const struct nf_loginfo *loginfo,
> +   const char *prefix)
>  {
> -	struct ebt_log_info *info = (struct ebt_log_info *)data;
>  	char level_string[4] = "< >";
> +	unsigned int bitmask;
>  
> -	level_string[1] = '0' + info->loglevel;
> +	level_string[1] = '0' + loginfo->u.log.level;
>  	spin_lock_bh(&ebt_log_lock);
>  	printk(level_string);
> -	printk("%s IN=%s OUT=%s ", info->prefix, in ? in->name : "",
> +	printk("%s IN=%s OUT=%s ", prefix, in ? in->name : "",
>  	   out ? out->name : "");
>  
>  	printk("MAC source = ");

... here ...

> @@ -75,7 +79,12 @@ static void ebt_log(const struct sk_buff
>  
>  	printk("proto = 0x%04x", ntohs(eth_hdr(skb)->h_proto));
>  

... and here?

> -	if ((info->bitmask & EBT_LOG_IP) && eth_hdr(skb)->h_proto ==
> +	if (loginfo->type == NF_LOG_TYPE_LOG)
> +		bitmask = loginfo->u.log.logflags;
> +	else
> +		bitmask = NF_LOG_MASK;
> +
> +	if ((bitmask & EBT_LOG_IP) && eth_hdr(skb)->h_proto ==
>  	   htons(ETH_P_IP)){
>  		struct iphdr _iph, *ih;
>  

I prefer evil printk()s over multiple ones :-)


Regards

Ingo Oeser



-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click