Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit baf7b1e1 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files

[NETFILTER]: x_tables: add NFLOG target 



Add new NFLOG target to allow use of nfnetlink_log for both IPv4 and IPv6.
Currently we have two (unsupported by userspace) hacks in the LOG and ULOG
targets to optionally call to the nflog API. They lack a few features,
namely the IPv4 and IPv6 LOG targets can not specify a number of arguments
related to nfnetlink_log, while the ULOG target is only available for IPv4.
Remove those hacks and add a clean way to use nfnetlink_log.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 39b46fc6

include/linux/netfilter/Kbuild

+1 −0
Original line number Diff line number Diff line
@@ -22,6 +22,7 @@ header-y += xt_mark.h 
header-y += xt_MARK.h

header-y += xt_multiport.h

header-y += xt_NFQUEUE.h

header-y += xt_NFLOG.h

header-y += xt_pkttype.h

header-y += xt_policy.h

header-y += xt_realm.h

include/linux/netfilter/xt_NFLOG.h

0 → 100644
+18 −0
Original line number Diff line number Diff line 
#ifndef _XT_NFLOG_TARGET

#define _XT_NFLOG_TARGET



#define XT_NFLOG_DEFAULT_GROUP		0x1

#define XT_NFLOG_DEFAULT_THRESHOLD	1



#define XT_NFLOG_MASK			0x0



struct xt_nflog_info {

	u_int32_t	len;

	u_int16_t	group;

	u_int16_t	threshold;

	u_int16_t	flags;

	u_int16_t	pad;

	char		prefix[64];

};



#endif /* _XT_NFLOG_TARGET */

include/linux/netfilter_ipv4/ipt_LOG.h

+1 −1
Original line number Diff line number Diff line
@@ -6,7 +6,7 @@ 
#define IPT_LOG_TCPOPT		0x02	/* Log TCP options */

#define IPT_LOG_IPOPT		0x04	/* Log IP options */

#define IPT_LOG_UID		0x08	/* Log UID owning local socket */

#define IPT_LOG_NFLOG		0x10	/* Log using nf_log backend */

#define IPT_LOG_NFLOG		0x10	/* Unsupported, don't reuse */

#define IPT_LOG_MASK		0x1f



struct ipt_log_info {

include/linux/netfilter_ipv6/ip6t_LOG.h

+1 −1
Original line number Diff line number Diff line
@@ -6,7 +6,7 @@ 
#define IP6T_LOG_TCPOPT		0x02	/* Log TCP options */

#define IP6T_LOG_IPOPT		0x04	/* Log IP options */

#define IP6T_LOG_UID		0x08	/* Log UID owning local socket */

#define IP6T_LOG_NFLOG		0x10	/* Log using nf_log backend */

#define IP6T_LOG_NFLOG		0x10	/* Unsupported, don't use */

#define IP6T_LOG_MASK		0x1f



struct ip6t_log_info {

net/ipv4/netfilter/ipt_LOG.c

+2 −7
Original line number Diff line number Diff line
@@ -430,13 +430,8 @@ ipt_log_target(struct sk_buff **pskb, 
	li.u.log.level = loginfo->level;

	li.u.log.logflags = loginfo->logflags;



	if (loginfo->logflags & IPT_LOG_NFLOG)

		nf_log_packet(PF_INET, hooknum, *pskb, in, out, &li,

		              "%s", loginfo->prefix);

	else

	ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li,

	               loginfo->prefix);



	return IPT_CONTINUE;

}