log: Add support for audit logging

This is implemented via a pseudo log level. The kernel ignores any other parameter, so reject those at evaluation stage. Audit logging is therefore simply a matter of: | log level audit Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Phil Sutter <phil@nwl.cc> 2018-06-01 17:15:07 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-06-03 11:53:06 +0200
commit: a24552c165346f087e82a52807d134e3910387a8 (patch)
tree: 378f69e8fe6c10ac6fd0d111313c3b0ed14371d5 /src/evaluate.c
parent: efc8a83e943d54e0ca88548a0eaff056ad2a650d (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index 4eb36e2d..33733c0e 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2562,6 +2562,10 @@ static int stmt_evaluate_log(struct eval_ctx *ctx, struct stmt *stmt)
 			return stmt_error(ctx, stmt,
 				  "flags and group are mutually exclusive");
 	}
+	if (stmt->log.level == LOGLEVEL_AUDIT &&
+	    (stmt->log.flags & ~STMT_LOG_LEVEL || stmt->log.logflags))
+		return stmt_error(ctx, stmt,
+				  "log level audit doesn't support any further options");
 	return 0;
 }
author	Phil Sutter <phil@nwl.cc>	2018-06-01 17:15:07 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-06-03 11:53:06 +0200
commit	a24552c165346f087e82a52807d134e3910387a8 (patch)
tree	378f69e8fe6c10ac6fd0d111313c3b0ed14371d5 /src/evaluate.c
parent	efc8a83e943d54e0ca88548a0eaff056ad2a650d (diff)