[PATCH] netfilter: nfnetlink_log:add support for VLAN information

Michael Braun <michael-dev@xxxxxxxxxxxxx> · Mon, 5 Aug 2019 09:28:14 +0200

Currently, there is no vlan information (e.g. when used with a vlan aware
bridge) passed to userspache, HWHEADER will contain an 08 00 (ip) suffix
even for tagged ip packets.

Therefore, add an extra netlink attribute that passes the vlan tag to
userspace. Userspace might need to handle PCP/DEI included in this field.

Signed-off-by: Michael Braun <michael-dev@xxxxxxxxxxxxx>
---
 include/uapi/linux/netfilter/nfnetlink_log.h | 1 +
 net/netfilter/nf_log_common.c                | 2 ++
 net/netfilter/nfnetlink_log.c                | 6 ++++++
 3 files changed, 9 insertions(+)

diff --git a/include/uapi/linux/netfilter/nfnetlink_log.h b/include/uapi/linux/netfilter/nfnetlink_log.h
index 20983cb195a0..d15f74d47f48 100644
--- a/include/uapi/linux/netfilter/nfnetlink_log.h
+++ b/include/uapi/linux/netfilter/nfnetlink_log.h
@@ -54,6 +54,7 @@ enum nfulnl_attr_type {
 	NFULA_HWLEN,			/* hardware header length */
 	NFULA_CT,                       /* nf_conntrack_netlink.h */
 	NFULA_CT_INFO,                  /* enum ip_conntrack_info */
+	NFULA_VLAN_TAG,                 /* __u16 vlan tag */
 
 	__NFULA_MAX
 };
diff --git a/net/netfilter/nf_log_common.c b/net/netfilter/nf_log_common.c
index ae5628ddbe6d..57c4cc8fbead 100644
--- a/net/netfilter/nf_log_common.c
+++ b/net/netfilter/nf_log_common.c
@@ -160,6 +160,8 @@ nf_log_dump_packet_common(struct nf_log_buf *m, u_int8_t pf,
 	       '0' + loginfo->u.log.level, prefix,
 	       in ? in->name : "",
 	       out ? out->name : "");
+	if (skb_vlan_tag_present(skb))
+		nf_log_buf_add(m, "VLAN=%d ", skb_vlan_tag_get_id(skb));
 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
 	physindev = nf_bridge_get_physindev(skb);
 	if (physindev && in != physindev)
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index 6dee4f9a944c..f6fe0d760816 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -16,6 +16,7 @@
 #include <linux/skbuff.h>
 #include <linux/if_arp.h>
 #include <linux/init.h>
+#include <linux/if_vlan.h>
 #include <linux/ip.h>
 #include <linux/ipv6.h>
 #include <linux/netdevice.h>
@@ -580,6 +581,11 @@ __build_packet_message(struct nfnl_log_net *log,
 				 NFULA_CT, NFULA_CT_INFO) < 0)
 		goto nla_put_failure;
 
+	if (skb_vlan_tag_present(skb) &&
+	    nla_put_be16(inst->skb, NFULA_VLAN_TAG,
+			 htons(skb_vlan_tag_get(skb))))
+		goto nla_put_failure;
+
 	if (data_len) {
 		struct nlattr *nla;
 		int size = nla_attr_size(data_len);
-- 
2.20.1







