[Devel] [PATCH RH9 v2 3/3] ve/nf_log_syslog: allow packet logging in ve init netns

[Pavel Tikhomirov]

In mainstream logging from non-init network namespaces is prohibited
unless sysctl /proc/sys/net/netfilter/nf_log_all_netns is enabled, let's
enable logging for init netns of container only.

Note: we don't handle similar hunk in ebt_log_packet because for ebt
log printing is not virtualized (at least for now).

Feature: ve/printk: printk virtualization

https://jira.sw.ru/browse/PSBM-138110
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
 net/netfilter/nf_log_syslog.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/nf_log_syslog.c b/net/netfilter/nf_log_syslog.c
index 187ff33b3725..e1e6a8c6aa6c 100644
--- a/net/netfilter/nf_log_syslog.c
+++ b/net/netfilter/nf_log_syslog.c
@@ -16,6 +16,7 @@
 #include <net/udp.h>
 #include <net/tcp.h>
 #include <net/route.h>
+#include <linux/ve.h>
 
 #include <linux/netfilter.h>
 #include <linux/netfilter_bridge.h>
@@ -134,7 +135,7 @@ static void nf_log_arp_packet(struct net *net, u_int8_t pf,
 	struct nf_log_buf *m;
 
 	/* FIXME: Disabled from containers until syslog ns is supported */
-	if (!net_eq(net, &init_net) && !sysctl_nf_log_all_netns)
+	if (!is_ve_init_net(net) && !sysctl_nf_log_all_netns)
 		return;
 
 	m = nf_log_buf_open();
@@ -815,7 +816,7 @@ static void nf_log_ip_packet(struct net *net, u_int8_t pf,
 	struct nf_log_buf *m;
 
 	/* FIXME: Disabled from containers until syslog ns is supported */
-	if (!net_eq(net, &init_net) && !sysctl_nf_log_all_netns)
+	if (!is_ve_init_net(net) && !sysctl_nf_log_all_netns)
 		return;
 
 	m = nf_log_buf_open();
@@ -909,7 +910,7 @@ static void nf_log_ip6_packet(struct net *net, u_int8_t pf,
 	struct nf_log_buf *m;
 
 	/* FIXME: Disabled from containers until syslog ns is supported */
-	if (!net_eq(net, &init_net) && !sysctl_nf_log_all_netns)
+	if (!is_ve_init_net(net) && !sysctl_nf_log_all_netns)
 		return;
 
 	m = nf_log_buf_open();
-- 
2.33.1