netfilter: nft_log: request explicit logger when loading rules

This includes the special handling for NFPROTO_INET. There is no real inet logger since we don't see packets of this family. However, rules are loaded using this special family type. So let's just request both IPV4 and IPV6 loggers. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: nft_log: request explicit logger when loading rules
This includes the special handling for NFPROTO_INET. There is no real inet logger since we don't see packets of this family. However, rules are loaded using this special family type. So let's just request both IPV4 and IPV6 loggers. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso
1 parent 960649d192
Showing 1 changed file with 23 additions and 1 deletions Side-by-side Diff
net/netfilter/nft_log.c
@@ -50,6 +50,7 @@
 	struct nft_log *priv = nft_expr_priv(expr);
 	struct nf_loginfo *li = &priv->loginfo;
 	const struct nlattr *nla;
+	int ret;
  
 	nla = tb[NFTA_LOG_PREFIX];
 	if (nla != NULL) {
  
  
@@ -71,16 +72,37 @@
 			ntohs(nla_get_be16(tb[NFTA_LOG_QTHRESHOLD]));
 	}
  
-	return 0;
+	if (ctx->afi->family == NFPROTO_INET) {
+		ret = nf_logger_find_get(NFPROTO_IPV4, li->type);
+		if (ret < 0)
+			return ret;
+
+		ret = nf_logger_find_get(NFPROTO_IPV6, li->type);
+		if (ret < 0) {
+			nf_logger_put(NFPROTO_IPV4, li->type);
+			return ret;
+		}
+		return 0;
+	}
+
+	return nf_logger_find_get(ctx->afi->family, li->type);
 }
  
 static void nft_log_destroy(const struct nft_ctx *ctx,
 			    const struct nft_expr *expr)
 {
 	struct nft_log *priv = nft_expr_priv(expr);
+	struct nf_loginfo *li = &priv->loginfo;
  
 	if (priv->prefix != nft_log_null_prefix)
 		kfree(priv->prefix);
+
+	if (ctx->afi->family == NFPROTO_INET) {
+		nf_logger_put(NFPROTO_IPV4, li->type);
+		nf_logger_put(NFPROTO_IPV6, li->type);
+	} else {
+		nf_logger_put(ctx->afi->family, li->type);
+	}
 }
  
 static int nft_log_dump(struct sk_buff *skb, const struct nft_expr *expr)
...	...	@@ -50,6 +50,7 @@
50	50	struct nft_log *priv = nft_expr_priv(expr);
51	51	struct nf_loginfo *li = &priv->loginfo;
52	52	const struct nlattr *nla;
	53	+ int ret;
53	54
54	55	nla = tb[NFTA_LOG_PREFIX];
55	56	if (nla != NULL) {
56	57
57	58
...	...	@@ -71,16 +72,37 @@
71	72	ntohs(nla_get_be16(tb[NFTA_LOG_QTHRESHOLD]));
72	73	}
73	74
74		- return 0;
	75	+ if (ctx->afi->family == NFPROTO_INET) {
	76	+ ret = nf_logger_find_get(NFPROTO_IPV4, li->type);
	77	+ if (ret < 0)
	78	+ return ret;
	79	+
	80	+ ret = nf_logger_find_get(NFPROTO_IPV6, li->type);
	81	+ if (ret < 0) {
	82	+ nf_logger_put(NFPROTO_IPV4, li->type);
	83	+ return ret;
	84	+ }
	85	+ return 0;
	86	+ }
	87	+
	88	+ return nf_logger_find_get(ctx->afi->family, li->type);
75	89	}
76	90
77	91	static void nft_log_destroy(const struct nft_ctx *ctx,
78	92	const struct nft_expr *expr)
79	93	{
80	94	struct nft_log *priv = nft_expr_priv(expr);
	95	+ struct nf_loginfo *li = &priv->loginfo;
81	96
82	97	if (priv->prefix != nft_log_null_prefix)
83	98	kfree(priv->prefix);
	99	+
	100	+ if (ctx->afi->family == NFPROTO_INET) {
	101	+ nf_logger_put(NFPROTO_IPV4, li->type);
	102	+ nf_logger_put(NFPROTO_IPV6, li->type);
	103	+ } else {
	104	+ nf_logger_put(ctx->afi->family, li->type);
	105	+ }
84	106	}
85	107
86	108	static int nft_log_dump(struct sk_buff skb, const struct nft_expr expr)