Skip to content

K
kernel_linux

OpenHarmony / kernel_linux
上一次同步 4 年多

通知 15
Star 8
Fork 2
K
kernel_linux
切换分支/标签
  1. 27 6月, 2014 5 次提交
    • P
      netfilter: nft_log: request explicit logger when loading rules · 85d30e24
      Pablo Neira Ayuso 提交于 
      This includes the special handling for NFPROTO_INET. There is
no real inet logger since we don't see packets of this family.
However, rules are loaded using this special family type. So
let's just request both IPV4 and IPV6 loggers.
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      85d30e24
    • P
      netfilter: bridge: add generic packet logger · 960649d1
      Pablo Neira Ayuso 提交于 
      This adds the generic plain text packet loggger for bridged packets.
It routes the logging message to the real protocol packet logger.
I decided not to refactor the ebt_log code for two reasons:

1) The ebt_log output is not consistent with the IPv4 and IPv6
   Netfilter packet loggers. The output is different for no good
   reason and it adds redundant code to handle packet logging.

2) To avoid breaking backward compatibility for applications
   outthere that are parsing the specific ebt_log output, the ebt_log
   output has been left as is. So only nftables will use the new
   consistent logging format for logged bridged packets.

More decisions coming in this patch:

1) This also removes ebt_log as default logger for bridged packets.
   Thus, nf_log_packet() routes packet to this new packet logger
   instead. This doesn't break backward compatibility since
   nf_log_packet() is not used to log packets in plain text format
   from anywhere in the ebtables/netfilter bridge code.

2) The new bridge packet logger also performs a lazy request to
   register the real IPv4, ARP and IPv6 netfilter packet loggers.
   If the real protocol logger is no available (not compiled or the
   module is not available in the system, not packet logging happens.
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      960649d1
    • P
      netfilter: add generic ARP packet logger · 35b93951
      Pablo Neira Ayuso 提交于 
      This adds the generic plain text packet loggger for ARP packets. It is
based on the ebt_log code. Nevertheless, the output has been modified
to make it consistent with the original xt_LOG output.

This is an example output:

IN=wlan0 OUT= ARP HTYPE=1 PTYPE=0x0800 OPCODE=2 MACSRC=00:ab:12:34:55:63 IPSRC=192.168.10.1 MACDST=80:09:12:70:4f:50 IPDST=192.168.10.150

This patch enables packet logging from ARP chains, eg.

  nft add rule arp filter input log prefix "input: "
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      35b93951
    • P
      netfilter: log: nf_log_packet() as real unified interface · fab4085f
      Pablo Neira Ayuso 提交于 
      Before this patch, the nf_loginfo parameter specified the logging
configuration in case the specified default logger was loaded. This
patch updates the semantics of the nf_loginfo parameter in
nf_log_packet() which now indicates the logger that you explicitly
want to use.

Thus, nf_log_packet() is exposed as an unified interface which
internally routes the log message to the corresponding logger type
by family.

The module dependencies are expressed by the new nf_logger_find_get()
and nf_logger_put() functions which bump the logger module refcount.
Thus, you can not remove logger modules that are used by rules anymore.

Another important effect of this change is that the family specific
module is only loaded when required. Therefore, xt_LOG and nft_log
will just trigger the autoload of the nf_log_{ip,ip6} modules
according to the family.
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      fab4085f
    • P
      netfilter: log: split family specific code to nf_log_{ip,ip6,common}.c files · 83e96d44
      Pablo Neira Ayuso 提交于 
      The plain text logging is currently embedded into the xt_LOG target.
In order to be able to use the plain text logging from nft_log, as a
first step, this patch moves the family specific code to the following
files and Kconfig symbols:

1) net/ipv4/netfilter/nf_log_ip.c: CONFIG_NF_LOG_IPV4
2) net/ipv6/netfilter/nf_log_ip6.c: CONFIG_NF_LOG_IPV6
3) net/netfilter/nf_log_common.c: CONFIG_NF_LOG_COMMON

These new modules will be required by xt_LOG and nft_log. This patch
is based on original patch from Arturo Borrero Gonzalez.
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      83e96d44
  3. 26 6月, 2014 4 次提交
    • P
      netfilter: nf_log: move log buffering to core logging · 27fd8d90
      Pablo Neira Ayuso 提交于 
      This patch moves Eric Dumazet's log buffer implementation from the
xt_log.h header file to the core net/netfilter/nf_log.c. This also
includes the renaming of the structure and functions to avoid possible
undesired namespace clashes.

This change allows us to use it from the arp and bridge packet logging
implementation in follow up patches.
      27fd8d90
    • P
      netfilter: nf_log: use an array of loggers instead of list · 5962815a
      Pablo Neira Ayuso 提交于 
      Now that legacy ulog targets are not available anymore in the tree, we
can have up to two possible loggers:

1) The plain text logging via kernel logging ring.
2) The nfnetlink_log infrastructure which delivers log messages
   to userspace.

This patch replaces the list of loggers by an array of two pointers
per family for each possible logger and it also introduces a new field
to the nf_logger structure which indicates the position in the logger
array (based on the logger type).

This prepares a follow up patch that consolidates the nf_log_packet()
interface by allowing to specify the logger as parameter.
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      5962815a
    • P
      netfilter: kill ulog targets · 7200135b
      Pablo Neira Ayuso 提交于 
      This has been marked as deprecated for quite some time and the NFLOG
target replacement has been also available since 2006.
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      7200135b
    • F
      netfilter: conntrack: remove timer from ecache extension · 9500507c
      Florian Westphal 提交于 
      This brings the (per-conntrack) ecache extension back to 24 bytes in size
(was 152 byte on x86_64 with lockdep on).

When event delivery fails, re-delivery is attempted via work queue.

Redelivery is attempted at least every 0.1 seconds, but can happen
more frequently if userspace is not congested.

The nf_ct_release_dying_list() function is removed.
With this patch, ownership of the to-be-redelivered conntracks
(on-dying-list-with-DYING-bit not yet set) is with the work queue,
which will release the references once event is out.

Joint work with Pablo Neira Ayuso.
Signed-off-by: NFlorian Westphal <fw@strlen.de>
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      9500507c
  5. 25 6月, 2014 3 次提交
  7. 24 6月, 2014 11 次提交
  9. 23 6月, 2014 11 次提交
  11. 22 6月, 2014 3 次提交
    • D
      net: em_canid: remove useless statements from em_canid_change · 2b74e2ca
      Duan Jiong 提交于 
      tcf_ematch is allocated by kzalloc in function tcf_em_tree_validate(),
so cm_old is always NULL.
Signed-off-by: NDuan Jiong <duanj.fnst@cn.fujitsu.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2b74e2ca
    • L
      bridge: use list_for_each_entry_continue_reverse · a3f5ee71
      Li RongQing 提交于 
      use list_for_each_entry_continue_reverse to rollback in fdb_add_hw
when add address failed
Signed-off-by: NLi RongQing <roy.qing.li@gmail.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a3f5ee71
    • D
      Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-next · 545a112b
      David S. Miller 提交于 
      Jeff Kirsher says:

====================
Intel Wired LAN Driver Updates 2014-06-20

This series contains updates to i40e and i40evf.

Anjali provides an update to the registers to handle the updates from the
hardware.  Also provides a fix so that we do not try to access the rings
through the qvectors at the time of freeing the qvectors.

Jesse provides a workaround for some older NVM versions where the NVM
was not filling in the GLQF_HKEY register, so made sure that the
critical register is initialized.

Michal provides a fix to reset the head and tail on admin queue
initialization where head and tail are not reset by the hardware.

Neerav adds a helper routine that would wait for the Rx/Tx queue to reach
the enable or disable state that is requested.  Also provides a fix
to the debugfs command "lldp get remote" which was dumping the local
LLDPDU instead of the peer's LLDPDU.  Fixed a bug when all the Tx hang
recovery mechanisms have failed and the driver tries to bring down the
interface in the interrupt context.

Shannon provides a patch to clear the Virtual Ethernet Bridge (VEB) stats
when the PF stats are cleared.  Also cleans the service tasks so that
they do not run while a reset is in progress.

Mitch fixes an issue in i40evf_get_rxfh() where only fifteen registers
were being read instead of all sixteen.

Carolyn provides a change to the RSS configuration to set table size and
write to the hardware to confirm the RSS table size being used.

Kamil makes a change to the admin queue debug prints so that they will not
cause segmentation faults in some of our tool applications.
====================
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      545a112b
  13. 20 6月, 2014 3 次提交