diff options
| author | Corubba Smith <corubba@gmx.de> | 2025-03-27 00:09:19 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2025-05-20 12:46:00 +0200 |
| commit | 512a0d4915bfd9c47196deed5ef27710b4418491 (patch) | |
| tree | b382dc9b2aa0511180a39595de53e72c75d290a0 | |
| parent | 84422327ec9c090407342d2c5ce20a65ededc83a (diff) | |
nfacct: add network namespace support
Signed-off-by: Corubba Smith <corubba@gmx.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
| -rw-r--r-- | input/sum/ulogd_inpflow_NFACCT.c | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/input/sum/ulogd_inpflow_NFACCT.c b/input/sum/ulogd_inpflow_NFACCT.c index bd45df4..e962b1d 100644 --- a/input/sum/ulogd_inpflow_NFACCT.c +++ b/input/sum/ulogd_inpflow_NFACCT.c @@ -20,6 +20,7 @@ #include <ulogd/ulogd.h> #include <ulogd/timer.h> +#include <ulogd/namespace.h> #include <libmnl/libmnl.h> #include <libnetfilter_acct/libnetfilter_acct.h> @@ -52,13 +53,19 @@ static struct config_keyset nfacct_kset = { .type = CONFIG_TYPE_INT, .options = CONFIG_OPT_NONE, .u.value = 0, - } + }, + { + .key = "network_namespace_path", + .type = CONFIG_TYPE_STRING, + .options = CONFIG_OPT_NONE, + }, }, - .num_ces = 3, + .num_ces = 4, }; #define pollint_ce(x) (x->ces[0]) #define zerocounter_ce(x) (x->ces[1]) #define timestamp_ce(x) (x->ces[2]) +#define network_namespace_path_ce(x) (x->ces[3]) enum ulogd_nfacct_keys { ULOGD_NFACCT_NAME, @@ -240,12 +247,34 @@ static int constructor_nfacct(struct ulogd_pluginstance *upi) if (pollint_ce(upi->config_kset).u.value == 0) return -1; + const char *const target_netns_path = + network_namespace_path_ce(upi->config_kset).u.string; + int source_netns_fd = -1; + if ((strlen(target_netns_path) > 0) && + (join_netns_path(target_netns_path, &source_netns_fd) != ULOGD_IRET_OK) + ) { + ulogd_log(ULOGD_FATAL, "error joining target network " + "namespace\n"); + return -1; + } + cpi->nl = mnl_socket_open(NETLINK_NETFILTER); if (cpi->nl == NULL) { ulogd_log(ULOGD_FATAL, "cannot open netlink socket\n"); return -1; } + if ((strlen(target_netns_path) > 0) && + (join_netns_fd(source_netns_fd, NULL) != ULOGD_IRET_OK) + ) { + ulogd_log(ULOGD_FATAL, "error joining source network " + "namespace\n"); + close(source_netns_fd); + return -1; + } + /* join_netns_fd() closes the fd after successful join */ + source_netns_fd = -1; + if (mnl_socket_bind(cpi->nl, 0, MNL_SOCKET_AUTOPID) < 0) { ulogd_log(ULOGD_FATAL, "cannot bind netlink socket\n"); return -1; |