[PATCH v3 11/11] netfilter: use ns_printk in iptable context

[Rui Xiang <rui.xiang@xxxxxxxxxx>]

To containerise iptables log, use ns_printk
to report individual logs to container as
getting syslog_ns from net->user_ns.

Signed-off-by: Rui Xiang <rui.xiang@xxxxxxxxxx>
---
 include/net/netfilter/xt_log.h | 6 +++++-
 net/netfilter/xt_LOG.c         | 4 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/include/net/netfilter/xt_log.h b/include/net/netfilter/xt_log.h
index 9d9756c..834d972 100644
--- a/include/net/netfilter/xt_log.h
+++ b/include/net/netfilter/xt_log.h
@@ -39,10 +39,14 @@ static struct sbuff *sb_open(void)
 	return m;
 }
 
-static void sb_close(struct sbuff *m)
+static void sb_close(struct sbuff *m, struct net *net)
 {
 	m->buf[m->count] = 0;
+#ifdef CONFIG_NET_NS
+	ns_printk(net->user_ns->syslog_ns, "%s\n", m->buf);
+#else
 	printk("%s\n", m->buf);
+#endif
 
 	if (likely(m != &emergency))
 		kfree(m);
diff --git a/net/netfilter/xt_LOG.c b/net/netfilter/xt_LOG.c
index 5ab2484..e034a74 100644
--- a/net/netfilter/xt_LOG.c
+++ b/net/netfilter/xt_LOG.c
@@ -493,7 +493,7 @@ ipt_log_packet(struct net *net,
 
 	dump_ipv4_packet(m, loginfo, skb, 0);
 
-	sb_close(m);
+	sb_close(m, net);
 }
 
 #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
@@ -824,7 +824,7 @@ ip6t_log_packet(struct net *net,
 
 	dump_ipv6_packet(m, loginfo, skb, skb_network_offset(skb), 1);
 
-	sb_close(m);
+	sb_close(m, net);
 }
 #endif
 
-- 
1.8.2.2


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html