drtracing.org Git - deliverable/linux.git/commit - net/netfilter/nf_tables

author	Florian Westphal <fw@strlen.de>
	Sat, 28 Nov 2015 20:53:04 +0000 (21:53 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 9 Dec 2015 12:18:37 +0000 (13:18 +0100)
commit	33d5a7b14bfd02e60af9d223db8dfff0cbcabe6b
tree	c0f2892d80f78d959f3ae38c625fd03a6e5a1bb8	tree \| snapshot
parent	7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df	commit \| diff

netfilter: nf_tables: extend tracing infrastructure

nft monitor mode can then decode and display this trace data.

Parts of LL/Network/Transport headers are provided as separate
attributes.

Otherwise, printing IP address data becomes virtually impossible
for userspace since in the case of the netdev family we really don't
want userspace to have to know all the possible link layer types
and/or sizes just to display/print an ip address.

We also don't want userspace to have to follow ipv6 header chains
to get the s/dport info, the kernel already did this work for us.

To avoid bloating nft_do_chain all data required for tracing is
encapsulated in nft_traceinfo.

The structure is initialized unconditionally(!) for each nft_do_chain
invocation.

This unconditionall call will be moved under a static key in a
followup patch.

With lots of help from Patrick McHardy and Pablo Neira.

Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_tables.h		diff \| blob \| blame \| history
include/uapi/linux/netfilter/nf_tables.h		diff \| blob \| blame \| history
include/uapi/linux/netfilter/nfnetlink.h		diff \| blob \| blame \| history
net/netfilter/Makefile		diff \| blob \| blame \| history
net/netfilter/nf_tables_api.c		diff \| blob \| blame \| history
net/netfilter/nf_tables_core.c		diff \| blob \| blame \| history
net/netfilter/nf_tables_trace.c	[new file with mode: 0644]	blob
net/netfilter/nfnetlink.c		diff \| blob \| blame \| history