On Mon, May 15, 2017 at 05:53:31PM +0200, Pablo Neira Ayuso wrote:
> On Mon, May 15, 2017 at 04:51:49PM +0200, Phil Sutter wrote:
> > When committing a transaction, report PID and name of user space process
> > which initiated it.
> >
> > Signed-off-by: Phil Sutter <phil@xxxxxx>
> > ---
> > include/uapi/linux/netfilter/nf_tables.h | 16 +++++++++++
> > net/netfilter/nf_tables_api.c | 49 ++++++++++++++++++++++++++++++++
> > 2 files changed, 65 insertions(+)
> >
> > diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
> > index 683f6f88fcace..7c012690a5f02 100644
> > --- a/include/uapi/linux/netfilter/nf_tables.h
> > +++ b/include/uapi/linux/netfilter/nf_tables.h
> > @@ -90,6 +90,7 @@ enum nft_verdicts {
> > * @NFT_MSG_GETOBJ: get a stateful object (enum nft_obj_attributes)
> > * @NFT_MSG_DELOBJ: delete a stateful object (enum nft_obj_attributes)
> > * @NFT_MSG_GETOBJ_RESET: get and reset a stateful object (enum nft_obj_attributes)
> > + * @NFT_MSG_PROC_INFO: get info about user space process which initiated the transaction
> > */
> > enum nf_tables_msg_types {
> > NFT_MSG_NEWTABLE,
> > @@ -114,6 +115,7 @@ enum nf_tables_msg_types {
> > NFT_MSG_GETOBJ,
> > NFT_MSG_DELOBJ,
> > NFT_MSG_GETOBJ_RESET,
> > + NFT_MSG_PROC_INFO,
>
> No need for a new message. You can place this into existing the NEWGEN
> messages.
But that message is sent last and so at the time nft sees it, the events
will have been printed already, no?
Thanks, Phil
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
