From: Corubba Smith <corubba@gmx.de>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH ulogd2,v2 3/4] nflog: add network namespace support
Date: Tue, 25 Mar 2025 02:08:33 +0100 [thread overview]
Message-ID: <0e7e461d-a30a-42af-9427-96cd97eb108d@gmx.de> (raw)
In-Reply-To: <c5cd1c3a-3875-4352-8181-5081103f96f6@gmx.de>
Signed-off-by: Corubba Smith <corubba@gmx.de>
---
input/packet/ulogd_inppkt_NFLOG.c | 31 ++++++++++++++++++++++++++++++-
1 file changed, 30 insertions(+), 1 deletion(-)
diff --git a/input/packet/ulogd_inppkt_NFLOG.c b/input/packet/ulogd_inppkt_NFLOG.c
index 62b3963..f99272e 100644
--- a/input/packet/ulogd_inppkt_NFLOG.c
+++ b/input/packet/ulogd_inppkt_NFLOG.c
@@ -10,6 +10,7 @@
#include <stdbool.h>
#include <ulogd/ulogd.h>
+#include <ulogd/namespace.h>
#include <libnfnetlink/libnfnetlink.h>
#include <libnetfilter_log/libnetfilter_log.h>
#ifdef BUILD_NFCT
@@ -40,7 +41,7 @@ struct nflog_input {
/* configuration entries */
static struct config_keyset libulog_kset = {
- .num_ces = 12,
+ .num_ces = 13,
.ces = {
{
.key = "bufsize",
@@ -115,6 +116,11 @@ static struct config_keyset libulog_kset = {
.options = CONFIG_OPT_NONE,
.u.value = 0,
},
+ {
+ .key = "network_namespace_path",
+ .type = CONFIG_TYPE_STRING,
+ .options = CONFIG_OPT_NONE,
+ },
}
};
@@ -130,6 +136,7 @@ static struct config_keyset libulog_kset = {
#define nlthreshold_ce(x) (x->ces[9])
#define nltimeout_ce(x) (x->ces[10])
#define attach_conntrack_ce(x) (x->ces[11])
+#define network_namespace_path_ce(x) (x->ces[12])
enum nflog_keys {
NFLOG_KEY_RAW_MAC = 0,
@@ -585,11 +592,31 @@ static int start(struct ulogd_pluginstance *upi)
if (!ui->nfulog_buf)
goto out_buf;
+ const char *const target_netns_path =
+ network_namespace_path_ce(upi->config_kset).u.string;
+ int source_netns_fd = -1;
+ if ((strlen(target_netns_path) > 0) &&
+ (join_netns_path(target_netns_path, &source_netns_fd) != ULOGD_IRET_OK)
+ ) {
+ ulogd_log(ULOGD_FATAL, "error joining target network "
+ "namespace\n");
+ goto out_ns;
+ }
+
ulogd_log(ULOGD_DEBUG, "opening nfnetlink socket\n");
ui->nful_h = nflog_open();
if (!ui->nful_h)
goto out_handle;
+ if ((strlen(target_netns_path) > 0) &&
+ (join_netns_fd(source_netns_fd, NULL) != ULOGD_IRET_OK)
+ ) {
+ ulogd_log(ULOGD_FATAL, "error joining source network "
+ "namespace\n");
+ goto out_handle;
+ }
+ source_netns_fd = -1;
+
/* This is the system logging (conntrack, ...) facility */
if ((group_ce(upi->config_kset).u.value == 0) ||
(bind_ce(upi->config_kset).u.value > 0)) {
@@ -685,6 +712,8 @@ out_bind:
}
nflog_close(ui->nful_h);
out_handle:
+ if (source_netns_fd >= 0) close(source_netns_fd);
+out_ns:
free(ui->nfulog_buf);
out_buf:
return -1;
--
2.49.0
next prev parent reply other threads:[~2025-03-25 1:08 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-25 1:05 [PATCH ulogd2,v2 1/4] ulogd: add linux namespace helper Corubba Smith
2025-03-25 1:07 ` [PATCH ulogd2,v2 2/4] nfct: add network namespace support Corubba Smith
2025-03-25 1:08 ` Corubba Smith [this message]
2025-03-26 19:27 ` [PATCH ulogd2,v2 3/4] nflog: " Florian Westphal
2025-03-25 1:09 ` [PATCH ulogd2,v2 4/4] nfacct: " Corubba Smith
2025-03-26 19:23 ` [PATCH ulogd2,v2 1/4] ulogd: add linux namespace helper Florian Westphal
2025-04-10 20:02 ` Corubba Smith
2025-04-11 20:06 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0e7e461d-a30a-42af-9427-96cd97eb108d@gmx.de \
--to=corubba@gmx.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).