[Devel] [PATCH RH7 0/3] iptables LOG in CT
Kirill Tkhai
ktkhai at virtuozzo.com
Wed Dec 28 02:57:48 PST 2016
On 21.12.2016 11:48, Dmitry Safonov wrote:
> https://jira.sw.ru/browse/PSBM-54183
>
> With these patches, iptables LOG is printed into CT's dmesg buffer.
> Yet it doesn't show in /var/log/messages and I believe the reason
> is the absence of /dev/kmsg in CT (and rsyslog doesn't do redirection
> for log entries thou). Dev kmsg is virtualized, so looks like nothing
> prevents adding it to libvzctl list of devtmpfs devices:
> https://github.com/OpenVZ/libvzctl/blob/55ebf21b03d408f0faaaecaab08b74eb2dce0e70/lib/env.c#L614
> Also it should fix follow-log for `dmesg -w`.
>
> These patches make iptables LOG visible in CT's `dmesg`.
>
> Dmitry Safonov (3):
> ve/printk: add ve_log_printk() for log in !current->task_ve
> netfilter: rectify nflog inside CT
> netfilter: rectify ebtlog inside CT
>
> include/linux/printk.h | 7 +++++++
> include/net/netfilter/nf_log.h | 2 +-
> kernel/printk.c | 16 ++++++++++++++++
> net/bridge/netfilter/ebt_log.c | 35 ++++++++++++++++-------------------
> net/ipv4/netfilter/nf_log_ipv4.c | 6 +-----
> net/ipv6/netfilter/nf_log_ipv6.c | 6 +-----
> net/netfilter/nf_log.c | 4 ++--
> 7 files changed, 44 insertions(+), 32 deletions(-)
Reviewed-by: Kirill Tkhai <ktkhai at virtuozzo.com>
More information about the Devel
mailing list