1. 28 Jun, 2014 2 commits
  2. 27 Jun, 2014 6 commits
    • Pablo Neira Ayuso's avatar
      netfilter: nft_log: complete logging support · 09d27b88
      Pablo Neira Ayuso authored
      Use the unified nf_log_packet() interface that allows us explicit
      logger selection through the nf_loginfo structure.
      
      If you specify the group attribute, this means you want to receive
      logging messages through nfnetlink_log. In that case, the snaplen
      and qthreshold attributes allows you to tune internal aspects of
      the netlink logging infrastructure.
      
      On the other hand, if the level is specified, then the plain text
      format through the kernel logging ring is used instead, which is
      also used by default if neither group nor level are indicated.
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      09d27b88
    • Pablo Neira Ayuso's avatar
      netfilter: nft_log: request explicit logger when loading rules · 85d30e24
      Pablo Neira Ayuso authored
      This includes the special handling for NFPROTO_INET. There is
      no real inet logger since we don't see packets of this family.
      However, rules are loaded using this special family type. So
      let's just request both IPV4 and IPV6 loggers.
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      85d30e24
    • Pablo Neira Ayuso's avatar
      netfilter: bridge: add generic packet logger · 960649d1
      Pablo Neira Ayuso authored
      This adds the generic plain text packet loggger for bridged packets.
      It routes the logging message to the real protocol packet logger.
      I decided not to refactor the ebt_log code for two reasons:
      
      1) The ebt_log output is not consistent with the IPv4 and IPv6
         Netfilter packet loggers. The output is different for no good
         reason and it adds redundant code to handle packet logging.
      
      2) To avoid breaking backward compatibility for applications
         outthere that are parsing the specific ebt_log output, the ebt_log
         output has been left as is. So only nftables will use the new
         consistent logging format for logged bridged packets.
      
      More decisions coming in this patch:
      
      1) This also removes ebt_log as default logger for bridged packets.
         Thus, nf_log_packet() routes packet to this new packet logger
         instead. This doesn't break backward compatibility since
         nf_log_packet() is not used to log packets in plain text format
         from anywhere in the ebtables/netfilter bridge code.
      
      2) The new bridge packet logger also performs a lazy request to
         register the real IPv4, ARP and IPv6 netfilter packet loggers.
         If the real protocol logger is no available (not compiled or the
         module is not available in the system, not packet logging happens.
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      960649d1
    • Pablo Neira Ayuso's avatar
      netfilter: add generic ARP packet logger · 35b93951
      Pablo Neira Ayuso authored
      This adds the generic plain text packet loggger for ARP packets. It is
      based on the ebt_log code. Nevertheless, the output has been modified
      to make it consistent with the original xt_LOG output.
      
      This is an example output:
      
      IN=wlan0 OUT= ARP HTYPE=1 PTYPE=0x0800 OPCODE=2 MACSRC=00:ab:12:34:55:63 IPSRC=192.168.10.1 MACDST=80:09:12:70:4f:50 IPDST=192.168.10.150
      
      This patch enables packet logging from ARP chains, eg.
      
        nft add rule arp filter input log prefix "input: "
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      35b93951
    • Pablo Neira Ayuso's avatar
      netfilter: log: nf_log_packet() as real unified interface · fab4085f
      Pablo Neira Ayuso authored
      Before this patch, the nf_loginfo parameter specified the logging
      configuration in case the specified default logger was loaded. This
      patch updates the semantics of the nf_loginfo parameter in
      nf_log_packet() which now indicates the logger that you explicitly
      want to use.
      
      Thus, nf_log_packet() is exposed as an unified interface which
      internally routes the log message to the corresponding logger type
      by family.
      
      The module dependencies are expressed by the new nf_logger_find_get()
      and nf_logger_put() functions which bump the logger module refcount.
      Thus, you can not remove logger modules that are used by rules anymore.
      
      Another important effect of this change is that the family specific
      module is only loaded when required. Therefore, xt_LOG and nft_log
      will just trigger the autoload of the nf_log_{ip,ip6} modules
      according to the family.
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      fab4085f
    • Pablo Neira Ayuso's avatar
      netfilter: log: split family specific code to nf_log_{ip,ip6,common}.c files · 83e96d44
      Pablo Neira Ayuso authored
      The plain text logging is currently embedded into the xt_LOG target.
      In order to be able to use the plain text logging from nft_log, as a
      first step, this patch moves the family specific code to the following
      files and Kconfig symbols:
      
      1) net/ipv4/netfilter/nf_log_ip.c: CONFIG_NF_LOG_IPV4
      2) net/ipv6/netfilter/nf_log_ip6.c: CONFIG_NF_LOG_IPV6
      3) net/netfilter/nf_log_common.c: CONFIG_NF_LOG_COMMON
      
      These new modules will be required by xt_LOG and nft_log. This patch
      is based on original patch from Arturo Borrero Gonzalez.
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      83e96d44
  3. 25 Jun, 2014 6 commits
  4. 24 Jun, 2014 1 commit
  5. 23 Jun, 2014 22 commits
  6. 21 Jun, 2014 3 commits
    • Duan Jiong's avatar
      net: em_canid: remove useless statements from em_canid_change · 2b74e2ca
      Duan Jiong authored
      tcf_ematch is allocated by kzalloc in function tcf_em_tree_validate(),
      so cm_old is always NULL.
      Signed-off-by: default avatarDuan Jiong <duanj.fnst@cn.fujitsu.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2b74e2ca
    • Li RongQing's avatar
      bridge: use list_for_each_entry_continue_reverse · a3f5ee71
      Li RongQing authored
      use list_for_each_entry_continue_reverse to rollback in fdb_add_hw
      when add address failed
      Signed-off-by: default avatarLi RongQing <roy.qing.li@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a3f5ee71
    • David S. Miller's avatar
      Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-next · 545a112b
      David S. Miller authored
      Jeff Kirsher says:
      
      ====================
      Intel Wired LAN Driver Updates 2014-06-20
      
      This series contains updates to i40e and i40evf.
      
      Anjali provides an update to the registers to handle the updates from the
      hardware.  Also provides a fix so that we do not try to access the rings
      through the qvectors at the time of freeing the qvectors.
      
      Jesse provides a workaround for some older NVM versions where the NVM
      was not filling in the GLQF_HKEY register, so made sure that the
      critical register is initialized.
      
      Michal provides a fix to reset the head and tail on admin queue
      initialization where head and tail are not reset by the hardware.
      
      Neerav adds a helper routine that would wait for the Rx/Tx queue to reach
      the enable or disable state that is requested.  Also provides a fix
      to the debugfs command "lldp get remote" which was dumping the local
      LLDPDU instead of the peer's LLDPDU.  Fixed a bug when all the Tx hang
      recovery mechanisms have failed and the driver tries to bring down the
      interface in the interrupt context.
      
      Shannon provides a patch to clear the Virtual Ethernet Bridge (VEB) stats
      when the PF stats are cleared.  Also cleans the service tasks so that
      they do not run while a reset is in progress.
      
      Mitch fixes an issue in i40evf_get_rxfh() where only fifteen registers
      were being read instead of all sixteen.
      
      Carolyn provides a change to the RSS configuration to set table size and
      write to the hardware to confirm the RSS table size being used.
      
      Kamil makes a change to the admin queue debug prints so that they will not
      cause segmentation faults in some of our tool applications.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      545a112b