[Devel] [PATCH RHEL9 COMMIT] ve/nf_log_syslog: virtualize packet logging per-ve
Konstantin Khorenko
khorenko at virtuozzo.com
Wed Feb 2 16:17:49 MSK 2022
The commit is pushed to "branch-rh9-5.14.0-4.vz9.12.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh9-5.14.0-4.vz9.12.5
------>
commit 7816fcfb2bbfc0487a9411098c14eef5d8d8331b
Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Date: Mon Jan 31 19:38:47 2022 +0300
ve/nf_log_syslog: virtualize packet logging per-ve
This adds a helper ve_log_printk to print message into the specific ve
syslog. We need a new helper as ve_printk is useless here as it always
takes ve from current task but for logging packets we need to log to
net->owner_ve syslog, current context can be unrelated.
We already had ve_log_printk name defined in printk.h, let's reuse it.
Note: there is ebt packet logging in ebt_log_packet, but let's not
virtualize it. As a) it has multiple places where printk calls need
replacement, b) everybody is switching to nft/iptables(nft) so having
this nft-only feature should be enough.
Need in vzt-neoltp suite_net_tcp_cmds.exec.iptables/nft testcases.
Feature: ve/printk: printk virtualization
https://jira.sw.ru/browse/PSBM-138110
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
include/net/netfilter/nf_log.h | 2 +-
kernel/printk/printk.c | 26 ++++++++++++++++++++++++++
net/netfilter/nf_log.c | 4 ++--
net/netfilter/nf_log_syslog.c | 6 +++---
4 files changed, 32 insertions(+), 6 deletions(-)
diff --git a/include/net/netfilter/nf_log.h b/include/net/netfilter/nf_log.h
index e55eedc84ed7..e7599d490dbe 100644
--- a/include/net/netfilter/nf_log.h
+++ b/include/net/netfilter/nf_log.h
@@ -97,5 +97,5 @@ struct nf_log_buf;
struct nf_log_buf *nf_log_buf_open(void);
__printf(2, 3) int nf_log_buf_add(struct nf_log_buf *m, const char *f, ...);
-void nf_log_buf_close(struct nf_log_buf *m);
+void nf_log_buf_close(struct nf_log_buf *m, struct net *net);
#endif /* _NF_LOG_H */
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index 1f62085c1064..38ec09d32482 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -2316,6 +2316,32 @@ asmlinkage int ve_printk(int dst, const char *fmt, ...)
}
EXPORT_SYMBOL(ve_printk);
+asmlinkage int ve_log_vprintk(struct ve_struct *ve, const char *fmt, va_list args)
+{
+ int r = 0;
+
+ if (ve_is_super(ve))
+ r = vprintk(fmt, args);
+ else
+ r = vprintk_emit_log(ve->log_state, 0, LOGLEVEL_DEFAULT, NULL,
+ fmt, args);
+
+ return r;
+}
+
+asmlinkage int ve_log_printk(struct ve_struct *ve, const char *fmt, ...)
+{
+ va_list args;
+ int r;
+
+ va_start(args, fmt);
+ r = ve_log_vprintk(ve, fmt, args);
+ va_end(args);
+
+ return r;
+}
+EXPORT_SYMBOL(ve_log_printk);
+
/**
* printk - print a kernel message
* @fmt: format string
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index edee7fa944c1..5cf0c2b0c7c2 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -298,10 +298,10 @@ struct nf_log_buf *nf_log_buf_open(void)
}
EXPORT_SYMBOL_GPL(nf_log_buf_open);
-void nf_log_buf_close(struct nf_log_buf *m)
+void nf_log_buf_close(struct nf_log_buf *m, struct net *net)
{
m->buf[m->count] = 0;
- printk("%s\n", m->buf);
+ ve_log_printk(net->owner_ve, "%s\n", m->buf);
if (likely(m != &emergency))
kfree(m);
diff --git a/net/netfilter/nf_log_syslog.c b/net/netfilter/nf_log_syslog.c
index 13234641cdb3..187ff33b3725 100644
--- a/net/netfilter/nf_log_syslog.c
+++ b/net/netfilter/nf_log_syslog.c
@@ -146,7 +146,7 @@ static void nf_log_arp_packet(struct net *net, u_int8_t pf,
prefix);
dump_arp_packet(m, loginfo, skb, 0);
- nf_log_buf_close(m);
+ nf_log_buf_close(m, net);
}
static struct nf_logger nf_arp_logger __read_mostly = {
@@ -831,7 +831,7 @@ static void nf_log_ip_packet(struct net *net, u_int8_t pf,
dump_ipv4_packet(net, m, loginfo, skb, 0);
- nf_log_buf_close(m);
+ nf_log_buf_close(m, net);
}
static struct nf_logger nf_ip_logger __read_mostly = {
@@ -925,7 +925,7 @@ static void nf_log_ip6_packet(struct net *net, u_int8_t pf,
dump_ipv6_packet(net, m, loginfo, skb, skb_network_offset(skb), 1);
- nf_log_buf_close(m);
+ nf_log_buf_close(m, net);
}
static struct nf_logger nf_ip6_logger __read_mostly = {
More information about the Devel
mailing list