diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-06-23 02:49:38 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-07-25 18:18:40 +0200 |
commit | e0d85a97cc755d5df14cd50af33f6ea8ab017b84 (patch) | |
tree | 30cd96afc4d1c8097d0a8e7c714880a03751602b /include/statement.h | |
parent | 371fdadfafd64b3e364f91a21dac231a16622736 (diff) |
src: add level option to the log statement
This patch is required if you use upcoming Linux kernels >= 3.17
which come with a complete logging support for nf_tables.
If you use 'log' without options, the kernel logging buffer is used:
nft> add rule filter input log
You can also specify the logging prefix string:
nft> add rule filter input log prefix "input: "
You may want to specify the log level:
nft> add rule filter input log prefix "input: " level notice
By default, if not specified, the default level is 'warn' (just like
in iptables).
If you specify the group, then nft uses the nfnetlink_log instead:
nft> add rule filter input log prefix "input: " group 10
You can also specify the snaplen and qthreshold for the nfnetlink_log.
But you cannot mix level and group at the same time, they are mutually
exclusive.
Default values for both snaplen and qthreshold are 0 (just like in
iptables).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/statement.h')
-rw-r--r-- | include/statement.h | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/include/statement.h b/include/statement.h index 480b7190..12336bc0 100644 --- a/include/statement.h +++ b/include/statement.h @@ -28,11 +28,21 @@ extern struct stmt *meta_stmt_alloc(const struct location *loc, enum nft_meta_keys key, struct expr *expr); +enum { + STMT_LOG_PREFIX = (1 << 0), + STMT_LOG_SNAPLEN = (1 << 1), + STMT_LOG_GROUP = (1 << 2), + STMT_LOG_QTHRESHOLD = (1 << 3), + STMT_LOG_LEVEL = (1 << 4), +}; + struct log_stmt { const char *prefix; unsigned int snaplen; uint16_t group; uint16_t qthreshold; + uint32_t level; + uint32_t flags; }; extern struct stmt *log_stmt_alloc(const struct location *loc); |