netfilter: nf_log_syslog: Don't ignore unknown protocols

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

With netdev and bridge nfprotos, loggers may see arbitrary ethernet
frames. Print at least basic info like interfaces and MAC header data.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Phil Sutter and committed by

Pablo Neira Ayuso 4 years ago 0c878380 39ab798f

+31

1 changed file

expand all

net

netfilter

nf_log_syslog.c

+31

net/netfilter/nf_log_syslog.c

··· 894 894 .me = THIS_MODULE, 895 895 }; 896 896 897 + static void nf_log_unknown_packet(struct net *net, u_int8_t pf, 898 + unsigned int hooknum, 899 + const struct sk_buff *skb, 900 + const struct net_device *in, 901 + const struct net_device *out, 902 + const struct nf_loginfo *loginfo, 903 + const char *prefix) 904 + { 905 + struct nf_log_buf *m; 906 + 907 + /* FIXME: Disabled from containers until syslog ns is supported */ 908 + if (!net_eq(net, &init_net) && !sysctl_nf_log_all_netns) 909 + return; 910 + 911 + m = nf_log_buf_open(); 912 + 913 + if (!loginfo) 914 + loginfo = &default_loginfo; 915 + 916 + nf_log_dump_packet_common(m, pf, hooknum, skb, in, out, loginfo, 917 + prefix); 918 + 919 + dump_mac_header(m, loginfo, skb); 920 + 921 + nf_log_buf_close(m); 922 + } 923 + 897 924 static void nf_log_netdev_packet(struct net *net, u_int8_t pf, 898 925 unsigned int hooknum, 899 926 const struct sk_buff *skb, ··· 939 912 case htons(ETH_P_ARP): 940 913 case htons(ETH_P_RARP): 941 914 nf_log_arp_packet(net, pf, hooknum, skb, in, out, loginfo, prefix); 915 + break; 916 + default: 917 + nf_log_unknown_packet(net, pf, hooknum, skb, 918 + in, out, loginfo, prefix); 942 919 break; 943 920 } 944 921 }