summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2018-06-01 17:15:07 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2018-06-03 11:53:06 +0200
commita24552c165346f087e82a52807d134e3910387a8 (patch)
tree378f69e8fe6c10ac6fd0d111313c3b0ed14371d5 /include
parentefc8a83e943d54e0ca88548a0eaff056ad2a650d (diff)
log: Add support for audit logging
This is implemented via a pseudo log level. The kernel ignores any other parameter, so reject those at evaluation stage. Audit logging is therefore simply a matter of: | log level audit Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter/nf_tables.h5
1 files changed, 5 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 660168ab..51d54d67 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -1056,6 +1056,11 @@ enum nft_log_attributes {
#define NFTA_LOG_MAX (__NFTA_LOG_MAX - 1)
/**
+ * LOGLEVEL_AUDIT - a pseudo log level enabling audit logging
+ */
+#define LOGLEVEL_AUDIT 8
+
+/**
* enum nft_queue_attributes - nf_tables queue expression netlink attributes
*
* @NFTA_QUEUE_NUM: netlink queue to send messages to (NLA_U16)