[PATCH 0/8] netfilter: merge nf_log_proto modules

Florian Westphal <fw@xxxxxxxxx> · Thu, 25 Mar 2021 18:25:04 +0100

Netfilter has multiple log modules:
 nf_log_arp
 nf_log_bridge
 nf_log_ipv4
 nf_log_ipv6
 nf_log_netdev
 nfnetlink_log
 nf_log_common

With the exception of nfnetlink_log (packet is sent to userspace for
dissection/logging) all of them log to the kernel ringbuffer.

This series merges all modules except nfnetlink_log into a single
module, nf_log_syslog.

After the series, only two log modules remain:
nfnetlink_log and nf_log_syslog. The latter provides the same
functionality as the old per-af log modules.

Last patch allows to move log backend module load
to nft_log to avoid a deadlock that can occur when request_module()
is called with the nft transaction mutex held.

Florian Westphal (8):
  netfilter: nf_log_ipv4: rename to nf_log_syslog
  netfilter: nf_log_arp: merge with nf_log_syslog
  netfilter: nf_log_ipv6: merge with nf_log_syslog
  netfilter: nf_log_netdev: merge with nf_log_syslog
  netfilter: nf_log_bridge: merge with nf_log_syslog
  netfilter: nf_log_common: merge with nf_log_syslog
  netfilter: nf_log: add module softdeps
  netfilter: nft_log: perform module load from nf_tables

 include/net/netfilter/nf_log.h       |   25 -
 include/net/netfilter/nf_tables.h    |    5 +
 net/bridge/netfilter/Kconfig         |    4 -
 net/bridge/netfilter/Makefile        |    3 -
 net/bridge/netfilter/nf_log_bridge.c |   79 --
 net/ipv4/netfilter/Kconfig           |   10 +-
 net/ipv4/netfilter/Makefile          |    4 -
 net/ipv4/netfilter/nf_log_arp.c      |  172 ----
 net/ipv4/netfilter/nf_log_ipv4.c     |  395 ----------
 net/ipv6/netfilter/Kconfig           |    5 +-
 net/ipv6/netfilter/Makefile          |    3 -
 net/ipv6/netfilter/nf_log_ipv6.c     |  427 ----------
 net/netfilter/Kconfig                |   20 +-
 net/netfilter/Makefile               |    6 +-
 net/netfilter/nf_log.c               |   10 -
 net/netfilter/nf_log_common.c        |  224 ------
 net/netfilter/nf_log_netdev.c        |   78 --
 net/netfilter/nf_log_syslog.c        | 1089 ++++++++++++++++++++++++++
 net/netfilter/nf_tables_api.c        |    5 +-
 net/netfilter/nft_log.c              |   20 +-
 net/netfilter/xt_LOG.c               |    1 +
 net/netfilter/xt_NFLOG.c             |    1 +
 net/netfilter/xt_TRACE.c             |    1 +
 23 files changed, 1144 insertions(+), 1443 deletions(-)
 delete mode 100644 net/bridge/netfilter/nf_log_bridge.c
 delete mode 100644 net/ipv4/netfilter/nf_log_arp.c
 delete mode 100644 net/ipv4/netfilter/nf_log_ipv4.c
 delete mode 100644 net/ipv6/netfilter/nf_log_ipv6.c
 delete mode 100644 net/netfilter/nf_log_common.c
 delete mode 100644 net/netfilter/nf_log_netdev.c
 create mode 100644 net/netfilter/nf_log_syslog.c

-- 
2.26.3