[Devel] [PATCH RH9] ve/nf_log_syslog: print logged packets into their ve syslog
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Mon Jan 31 18:16:26 MSK 2022
Please drop, I will rework it to cover ebt_log_packet case too, and send v2.
On 31.01.2022 15:54, Pavel Tikhomirov wrote:
> This adds a helper ve_log_printk to print message in to selected ve
> syslog. We already had ve_log_printk defined in printk.h, probably we
> already once had something like this, ve_printk always takes ve from
> current task but for logging packets we need to log to net->owner_ve
> syslog current context can be unrelated.
>
> Need in suite_net_tcp_cmds.exec.iptables/nfs testcases of vzt-neoltp.
>
> Note: To enable this logging in containers one still need to set true
> to mainstream sysctl /proc/sys/net/netfilter/nf_log_all_netns.
>
> Feature: ve/printk: printk virtualization
>
> https://jira.sw.ru/browse/PSBM-138110
> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> ---
> include/net/netfilter/nf_log.h | 2 +-
> kernel/printk/printk.c | 28 ++++++++++++++++++++++++++++
> net/netfilter/nf_log.c | 4 ++--
> net/netfilter/nf_log_syslog.c | 6 +++---
> 4 files changed, 34 insertions(+), 6 deletions(-)
>
> diff --git a/include/net/netfilter/nf_log.h b/include/net/netfilter/nf_log.h
> index e55eedc84ed7..e7599d490dbe 100644
> --- a/include/net/netfilter/nf_log.h
> +++ b/include/net/netfilter/nf_log.h
> @@ -97,5 +97,5 @@ struct nf_log_buf;
>
> struct nf_log_buf *nf_log_buf_open(void);
> __printf(2, 3) int nf_log_buf_add(struct nf_log_buf *m, const char *f, ...);
> -void nf_log_buf_close(struct nf_log_buf *m);
> +void nf_log_buf_close(struct nf_log_buf *m, struct net *net);
> #endif /* _NF_LOG_H */
> diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
> index 1f62085c1064..432c31d3903e 100644
> --- a/kernel/printk/printk.c
> +++ b/kernel/printk/printk.c
> @@ -2316,6 +2316,34 @@ asmlinkage int ve_printk(int dst, const char *fmt, ...)
> }
> EXPORT_SYMBOL(ve_printk);
>
> +asmlinkage int ve_log_vprintk(struct ve_struct *ve, const char *fmt, va_list args)
> +{
> + va_list args2;
> + int r = 0;
> +
> + va_copy(args2, args);
> + if (ve_is_super(ve))
> + r = vprintk(fmt, args);
> + else
> + r = vprintk_emit_log(ve->log_state, 0, LOGLEVEL_DEFAULT, NULL,
> + fmt, args2);
> +
> + return r;
> +}
> +
> +asmlinkage int ve_log_printk(struct ve_struct *ve, const char *fmt, ...)
> +{
> + va_list args;
> + int r;
> +
> + va_start(args, fmt);
> + r = ve_log_vprintk(ve, fmt, args);
> + va_end(args);
> +
> + return r;
> +}
> +EXPORT_SYMBOL(ve_log_printk);
> +
> /**
> * printk - print a kernel message
> * @fmt: format string
> diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
> index edee7fa944c1..5cf0c2b0c7c2 100644
> --- a/net/netfilter/nf_log.c
> +++ b/net/netfilter/nf_log.c
> @@ -298,10 +298,10 @@ struct nf_log_buf *nf_log_buf_open(void)
> }
> EXPORT_SYMBOL_GPL(nf_log_buf_open);
>
> -void nf_log_buf_close(struct nf_log_buf *m)
> +void nf_log_buf_close(struct nf_log_buf *m, struct net *net)
> {
> m->buf[m->count] = 0;
> - printk("%s\n", m->buf);
> + ve_log_printk(net->owner_ve, "%s\n", m->buf);
>
> if (likely(m != &emergency))
> kfree(m);
> diff --git a/net/netfilter/nf_log_syslog.c b/net/netfilter/nf_log_syslog.c
> index 13234641cdb3..187ff33b3725 100644
> --- a/net/netfilter/nf_log_syslog.c
> +++ b/net/netfilter/nf_log_syslog.c
> @@ -146,7 +146,7 @@ static void nf_log_arp_packet(struct net *net, u_int8_t pf,
> prefix);
> dump_arp_packet(m, loginfo, skb, 0);
>
> - nf_log_buf_close(m);
> + nf_log_buf_close(m, net);
> }
>
> static struct nf_logger nf_arp_logger __read_mostly = {
> @@ -831,7 +831,7 @@ static void nf_log_ip_packet(struct net *net, u_int8_t pf,
>
> dump_ipv4_packet(net, m, loginfo, skb, 0);
>
> - nf_log_buf_close(m);
> + nf_log_buf_close(m, net);
> }
>
> static struct nf_logger nf_ip_logger __read_mostly = {
> @@ -925,7 +925,7 @@ static void nf_log_ip6_packet(struct net *net, u_int8_t pf,
>
> dump_ipv6_packet(net, m, loginfo, skb, skb_network_offset(skb), 1);
>
> - nf_log_buf_close(m);
> + nf_log_buf_close(m, net);
> }
>
> static struct nf_logger nf_ip6_logger __read_mostly = {
--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.
More information about the Devel
mailing list