[Devel] [PATCH RHEL9 COMMIT] ve/nf_log_syslog: allow packet logging in ve init netns

Konstantin Khorenko khorenko at virtuozzo.com
Wed Feb 2 16:19:52 MSK 2022 

The commit is pushed to "branch-rh9-5.14.0-4.vz9.12.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh9-5.14.0-4.vz9.12.5
------>
commit 6a835525610cd50c70f98b49ad9470db4eb1081c
Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Date:   Wed Feb 2 16:19:52 2022 +0300

    ve/nf_log_syslog: allow packet logging in ve init netns
    
    In mainstream logging from non-init network namespaces is prohibited
    unless sysctl /proc/sys/net/netfilter/nf_log_all_netns is enabled, let's
    enable logging for init netns of container only.
    
    Note: we don't handle similar hunk in ebt_log_packet because for ebt
    log printing is not virtualized (at least for now).
    
    Feature: ve/printk: printk virtualization
    
    https://jira.sw.ru/browse/PSBM-138110
    Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
 net/netfilter/nf_log_syslog.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/nf_log_syslog.c b/net/netfilter/nf_log_syslog.c
index 187ff33b3725..e1e6a8c6aa6c 100644
--- a/net/netfilter/nf_log_syslog.c
+++ b/net/netfilter/nf_log_syslog.c
@@ -16,6 +16,7 @@
 #include <net/udp.h>
 #include <net/tcp.h>
 #include <net/route.h>
+#include <linux/ve.h>
 
 #include <linux/netfilter.h>
 #include <linux/netfilter_bridge.h>
@@ -134,7 +135,7 @@ static void nf_log_arp_packet(struct net *net, u_int8_t pf,
 	struct nf_log_buf *m;
 
 	/* FIXME: Disabled from containers until syslog ns is supported */
-	if (!net_eq(net, &init_net) && !sysctl_nf_log_all_netns)
+	if (!is_ve_init_net(net) && !sysctl_nf_log_all_netns)
 		return;
 
 	m = nf_log_buf_open();
@@ -815,7 +816,7 @@ static void nf_log_ip_packet(struct net *net, u_int8_t pf,
 	struct nf_log_buf *m;
 
 	/* FIXME: Disabled from containers until syslog ns is supported */
-	if (!net_eq(net, &init_net) && !sysctl_nf_log_all_netns)
+	if (!is_ve_init_net(net) && !sysctl_nf_log_all_netns)
 		return;
 
 	m = nf_log_buf_open();
@@ -909,7 +910,7 @@ static void nf_log_ip6_packet(struct net *net, u_int8_t pf,
 	struct nf_log_buf *m;
 
 	/* FIXME: Disabled from containers until syslog ns is supported */
-	if (!net_eq(net, &init_net) && !sysctl_nf_log_all_netns)
+	if (!is_ve_init_net(net) && !sysctl_nf_log_all_netns)
 		return;
 
 	m = nf_log_buf_open();

More information about the Devel mailing list