From: Eric Leblond <eric@inl.fr>
To: Patrick McHardy <kaber@trash.net>
Cc: netfilter-devel <netfilter-devel@vger.kernel.org>
Subject: [netfilter 0/5] nf_log refactoring
Date: Fri, 02 Jan 2009 18:04:35 +0100 [thread overview]
Message-ID: <1230915875.28326.87.camel@ice-age> (raw)
[-- Attachment #1: Type: text/plain, Size: 2823 bytes --]
Hi,
As discussed during netfilter workshop, I've worked on changing the way
netfilter system logger can be used. This patchset has been tested and
seems to work fine but I'm not yet familiar things like rcu and mistakes
can have been done.
Background:
Some Netfilter components are using nf_log_packet() to send information
packet to userspace. This is mainly the case of connection tracking
modules which are using this to log invalid packets. Currently the first
loaded module wins the logger function race (loggers are stored in a
per-protocol array of function pointer).
nfnetlink_log has introduced a minor difference because it has a
unbinding and binding capability. But, this is the only logging module
with this capability and there is a issue here as this is currently not
possible to switch back to another module when nfnetlink_log has been
choosen (unbind operation leads to NONE as existence of other module has
been forgotten).
Patchset description:
The goal of this patchset is to replace the first registered win
strategy with something more flexible and intuitive. It thus modify the
binding strategy by providing a register and a bind operation. A module
has first to register and then it can bind to a given pf family. The
registration phase adds the logger structure to a per-protocol chained
list. The binding is pure nf_log operation and thus it will be possible
to change at will the used logger without direct interaction with
logging modules. The first three patches implements this:
- netfilter: use a linked list of loggers.
- netfilter: suppress nf_log_unregister_pf function.
- netfilter: convert logger modules to new API.
The fourth patch modifies the output of /proc/net/netfilter/nf_log to
also give the list of registered logger for a protocol. And the fith
patch fixes the registration problem by adding support of modification
via sysctl of the logger fonction:
- netfilter: print the list of register loggers.
- netfilter: sysctl support of logger choice.
List of patches:
- netfilter: use a linked list of loggers.
- netfilter: suppress nf_log_unregister_pf function.
- netfilter: convert logger modules to new API.
- netfilter: print the list of register loggers.
- netfilter: sysctl support of logger choice.
Patchset statistics:
include/linux/sysctl.h | 1 +
include/net/netfilter/nf_log.h | 11 ++-
net/ipv4/netfilter/ipt_LOG.c | 4 +-
net/ipv4/netfilter/ipt_ULOG.c | 4 +-
net/ipv6/netfilter/ip6t_LOG.c | 1 +
net/netfilter/nf_log.c | 201 ++++++++++++++++++++++++++++++++-------
net/netfilter/nfnetlink_log.c | 11 ++-
7 files changed, 189 insertions(+), 44 deletions(-)
BR,
--
Eric Leblond <eric@inl.fr>
INL: http://www.inl.fr/
NuFW: http://www.nufw.org/
[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next reply other threads:[~2009-01-02 17:04 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-02 17:04 Eric Leblond [this message]
2009-01-02 17:07 ` [PATCH 1/5] netfilter: use a linked list of loggers Eric Leblond
2009-01-02 17:07 ` [PATCH 2/5] netfilter: suppress nf_log_unregister_pf function Eric Leblond
2009-01-02 17:07 ` [PATCH 3/5] netfilter: convert logger modules to new API Eric Leblond
2009-01-07 7:17 ` Eric Leblond
2009-01-07 20:05 ` [PATCH 1/6] netfilter: use a linked list of loggers Eric Leblond
2009-01-07 20:05 ` [PATCH 2/6] netfilter: suppress nf_log_unregister_pf function Eric Leblond
2009-01-07 20:05 ` [PATCH 3/6] netfilter: bind at registration if no logger is already set Eric Leblond
2009-01-07 20:05 ` [PATCH 4/6] netfilter: convert logger modules to new API Eric Leblond
2009-01-07 23:53 ` Jan Engelhardt
2009-01-07 20:05 ` [PATCH 5/6] netfilter: print the list of register loggers Eric Leblond
2009-01-07 23:56 ` Jan Engelhardt
2009-01-08 22:01 ` [PATCH 0/6] rework of nf_log refactoring Eric Leblond
2009-01-08 22:03 ` [PATCH 1/6] netfilter: use a linked list of loggers Eric Leblond
2009-01-08 22:03 ` [PATCH 2/6] netfilter: suppress nf_log_unregister_pf function Eric Leblond
2009-01-08 22:03 ` [PATCH 3/6] netfilter: bind at registration if no logger is already set Eric Leblond
2009-01-08 22:03 ` [PATCH 4/6] netfilter: convert logger modules to new API Eric Leblond
2009-01-08 22:03 ` [PATCH 5/6] netfilter: print the list of register loggers Eric Leblond
2009-01-08 22:03 ` [PATCH 6/6] netfilter: sysctl support of logger choice Eric Leblond
2009-01-12 7:14 ` [PATCH] netfilter: desactivate nf_log logger via sysctl Eric Leblond
2009-02-09 17:43 ` [PATCH 0/6] rework of nf_log refactoring Patrick McHardy
2009-02-09 21:08 ` Eric Leblond
2009-02-09 21:11 ` [PATCH 1/7] netfilter: use a linked list of loggers Eric Leblond
2009-02-11 14:13 ` Patrick McHardy
2009-02-15 12:33 ` Eric Leblond
2009-02-15 12:37 ` [PATCH 1/4] " Eric Leblond
2009-02-18 16:08 ` Patrick McHardy
2009-02-15 12:37 ` [PATCH 2/4] netfilter: suppress now unused nf_log_unregister_pf() function Eric Leblond
2009-02-18 16:10 ` Patrick McHardy
2009-02-15 12:37 ` [PATCH 3/4] netfilter: print the list of register loggers Eric Leblond
2009-02-16 17:01 ` Jan Engelhardt
2009-02-16 17:11 ` Patrick McHardy
2009-02-15 12:37 ` [PATCH 4/4] netfilter: sysctl support of logger choice Eric Leblond
2009-02-18 15:56 ` Patrick McHardy
2009-02-19 20:59 ` Eric Leblond
2009-02-19 21:02 ` Patrick McHardy
2009-02-19 21:52 ` Eric Leblond
2009-02-19 21:54 ` [PATCH 1/3] netfilter: use a linked list of loggers Eric Leblond
2009-03-16 13:54 ` Patrick McHardy
2009-02-19 21:54 ` [PATCH 2/3] netfilter: print the list of register loggers Eric Leblond
2009-03-16 13:56 ` Patrick McHardy
2009-02-19 21:54 ` [PATCH 3/3] netfilter: sysctl support of logger choice Eric Leblond
2009-03-16 13:58 ` Patrick McHardy
2009-03-17 23:15 ` Eric Leblond
2009-03-17 23:27 ` [PATCH] " Eric Leblond
2009-03-19 9:45 ` Patrick McHardy
2009-03-19 21:46 ` Eric Leblond
2009-03-23 12:17 ` Patrick McHardy
2009-02-09 21:11 ` [PATCH 2/7] netfilter: suppress nf_log_unregister_pf function Eric Leblond
2009-02-09 21:11 ` [PATCH 3/7] netfilter: bind at registration if no logger is already set Eric Leblond
2009-02-09 21:11 ` [PATCH 4/7] netfilter: convert logger modules to new API Eric Leblond
2009-02-09 21:11 ` [PATCH 5/7] netfilter: print the list of register loggers Eric Leblond
2009-02-09 21:11 ` [PATCH 6/7] netfilter: sysctl support of logger choice Eric Leblond
2009-02-11 14:21 ` Patrick McHardy
2009-02-09 21:11 ` [PATCH 7/7] netfilter: fix nflog timeout handling Eric Leblond
2009-02-11 14:33 ` Patrick McHardy
2009-01-07 20:05 ` [PATCH 6/6] netfilter: sysctl support of logger choice Eric Leblond
2009-01-02 17:07 ` [PATCH 4/5] netfilter: print the list of register loggers Eric Leblond
2009-01-02 17:07 ` [PATCH 5/5] netfilter: sysctl support of logger choice Eric Leblond
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1230915875.28326.87.camel@ice-age \
--to=eric@inl.fr \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).