From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Cc: The netfilter developer mailinglist <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH nf-next 2/2] netfilter: nfnetlink_log: allow to attach conntrack
Date: Wed, 26 Aug 2015 21:05:53 +0200 [thread overview]
Message-ID: <20150826190553.GA18429@salvia> (raw)
In-Reply-To: <20150824231520.GC20038@gmail.com>
On Tue, Aug 25, 2015 at 08:15:20AM +0900, Ken-ichirou MATSUZAWA wrote:
> This patch enables to include the conntrack information together
> with the packet that is sent to user-space via NFLOG, then a
> user-space program can acquire NATed information by this NFULA_CT
> attribute.
>
> Including the conntrack information is optional, you can set it
> via NFULNL_CFG_F_CONNTRACK flag with the NFULA_CFG_FLAGS attribute
> like NFQUEUE.
No objections to this series, just several comments below on them.
> Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
> ---
> include/net/netfilter/nfnetlink_queue.h | 4 +-
> include/uapi/linux/netfilter/nfnetlink_log.h | 3 +
> net/netfilter/Kconfig | 9 +-
> net/netfilter/Makefile | 2 +
> net/netfilter/nfnetlink_log.c | 1123 -------------------------
> net/netfilter/nfnetlink_log_core.c | 1135 ++++++++++++++++++++++++++
> net/netfilter/nfnetlink_queue_ct.c | 2 +-
> 7 files changed, 1148 insertions(+), 1130 deletions(-)
> delete mode 100644 net/netfilter/nfnetlink_log.c
> create mode 100644 net/netfilter/nfnetlink_log_core.c
>
> diff --git a/include/net/netfilter/nfnetlink_queue.h b/include/net/netfilter/nfnetlink_queue.h
> index f94942b..05315ab 100644
> --- a/include/net/netfilter/nfnetlink_queue.h
> +++ b/include/net/netfilter/nfnetlink_queue.h
> @@ -6,7 +6,7 @@
> struct nf_conn;
>
> #ifdef CONFIG_NETFILTER_NETLINK_QUEUE_CT
> -struct nf_conn *nfqnl_ct_get(struct sk_buff *entskb, size_t *size,
> +struct nf_conn *nfqnl_ct_get(const struct sk_buff *entskb, size_t *size,
> enum ip_conntrack_info *ctinfo);
> struct nf_conn *nfqnl_ct_parse(const struct sk_buff *skb,
> const struct nlattr *attr,
> @@ -20,7 +20,7 @@ int nfqnl_attach_expect(struct nf_conn *ct, const struct nlattr *attr,
> u32 portid, u32 report);
> #else
> inline struct nf_conn *
> -nfqnl_ct_get(struct sk_buff *entskb, size_t *size, enum ip_conntrack_info *ctinfo)
> +nfqnl_ct_get(const struct sk_buff *entskb, size_t *size, enum ip_conntrack_info *ctinfo)
> {
> return NULL;
> }
> diff --git a/include/uapi/linux/netfilter/nfnetlink_log.h b/include/uapi/linux/netfilter/nfnetlink_log.h
> index 90c2c95..081e7f9 100644
> --- a/include/uapi/linux/netfilter/nfnetlink_log.h
> +++ b/include/uapi/linux/netfilter/nfnetlink_log.h
> @@ -51,6 +51,8 @@ enum nfulnl_attr_type {
> NFULA_HWTYPE, /* hardware type */
> NFULA_HWHEADER, /* hardware header */
> NFULA_HWLEN, /* hardware header length */
> + NFULA_CT, /* nf_conntrack_netlink.h */
> + NFULA_CT_INFO, /* enum ip_conntrack_info */
>
> __NFULA_MAX
> };
> @@ -93,5 +95,6 @@ enum nfulnl_attr_config {
>
> #define NFULNL_CFG_F_SEQ 0x0001
> #define NFULNL_CFG_F_SEQ_GLOBAL 0x0002
> +#define NFULNL_CFG_F_CONNTRACK 0x0004
>
> #endif /* _NFNETLINK_LOG_H */
> diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
> index 3e1b4ab..b3db079 100644
> --- a/net/netfilter/Kconfig
> +++ b/net/netfilter/Kconfig
> @@ -363,12 +363,13 @@ config NF_CT_NETLINK_HELPER
> If unsure, say `N'.
>
> config NETFILTER_NETLINK_QUEUE_CT
> - bool "NFQUEUE integration with Connection Tracking"
> + bool "NFQUEUE/NFLOG integration with Connection Tracking"
> default n
> - depends on NETFILTER_NETLINK_QUEUE
> + depends on NETFILTER_NETLINK_QUEUE || NETFILTER_NETLINK_LOG
> help
> - If this option is enabled, NFQUEUE can include Connection Tracking
> - information together with the packet is the enqueued via NFNETLINK.
> + If this option is enabled, NFQUEUE and/or NFLOG can include
> + Connection Tracking information together with the packet is
> + enqueued, logged via NFNETLINK.
You better add another Kconfig for _LOG.
> config NF_NAT
> tristate
> diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
> index 70d026d..3657898 100644
> --- a/net/netfilter/Makefile
> +++ b/net/netfilter/Makefile
> @@ -13,6 +13,8 @@ obj-$(CONFIG_NETFILTER_NETLINK_ACCT) += nfnetlink_acct.o
> nfnetlink_queue-y := nfnetlink_queue_core.o
> nfnetlink_queue-$(CONFIG_NETFILTER_NETLINK_QUEUE_CT) += nfnetlink_queue_ct.o
> obj-$(CONFIG_NETFILTER_NETLINK_QUEUE) += nfnetlink_queue.o
> +nfnetlink_log-y := nfnetlink_log_core.o
> +nfnetlink_log-$(CONFIG_NETFILTER_NETLINK_QUEUE_CT) += nfnetlink_queue_ct.o
> obj-$(CONFIG_NETFILTER_NETLINK_LOG) += nfnetlink_log.o
>
> # connection tracking
> diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
> deleted file mode 100644
> index 4670821..0000000
> --- a/net/netfilter/nfnetlink_log.c
> +++ /dev/null
Could you use -M option when generating patches?
-M[<n>], --find-renames[=<n>]
Detect renames. If n is specified, it is a
threshold on the similarity index (i.e.
amount of addition/deletions compared to
the file’s size). For example, -M90% means
git should consider a delete/add pair to be
a rename if more than 90% of the file
hasn’t changed.
It would be good if your first patch renamed the file, then you make
the changes in a follow up patch.
The idea is to make it easier for people to review your changes.
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2015-08-26 18:59 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-24 23:10 [PATCH nf-next 0/2] netfilter: nfnetlink_log attach conntrack Ken-ichirou MATSUZAWA
2015-08-24 23:13 ` [PATCH nf-next 1/2] netfilter: nfnetlink_queue: enable to specify nla type Ken-ichirou MATSUZAWA
2015-08-24 23:15 ` [PATCH nf-next 2/2] netfilter: nfnetlink_log: allow to attach conntrack Ken-ichirou MATSUZAWA
2015-08-26 19:05 ` Pablo Neira Ayuso [this message]
2015-08-28 6:43 ` Ken-ichirou MATSUZAWA
2015-09-01 0:34 ` Ken-ichirou MATSUZAWA
2015-09-01 0:37 ` [PATCHv2 nf-next 1/5] netfilter: nfnetlink_queue: enable to specify nla type Ken-ichirou MATSUZAWA
2015-09-01 0:39 ` [PATCHv2 nf-next 2/5] netfilter: nf_conntrack_netlink: rename to link ct attachment with Ken-ichirou MATSUZAWA
2015-09-01 0:41 ` [PATCHv2 nf-next 3/5] netfilter: nfnetlink_queue_ct: export functions Ken-ichirou MATSUZAWA
2015-09-03 10:10 ` Pablo Neira Ayuso
2015-09-07 7:44 ` Ken-ichirou MATSUZAWA
2015-09-01 0:52 ` [PATCHv2 nf-next 4/5] netfilter: nfnetlink_queue: rename nfnetlink_queue_core.c Ken-ichirou MATSUZAWA
2015-09-01 0:54 ` [PATCHv2 nf-next 5/5] netfilter: nfnetlink_log: allow to attach conntrack Ken-ichirou MATSUZAWA
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150826190553.GA18429@salvia \
--to=pablo@netfilter.org \
--cc=chamaken@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).