src: add level option to the log statement

This patch is required if you use upcoming Linux kernels >= 3.17
which come with a complete logging support for nf_tables.

If you use 'log' without options, the kernel logging buffer is used:

nft> add rule filter input log

You can also specify the logging prefix string:

nft> add rule filter input log prefix "input: "

You may want to specify the log level:

nft> add rule filter input log prefix "input: " level notice

By default, if not specified, the default level is 'warn' (just like
in iptables).

If you specify the group, then nft uses the nfnetlink_log instead:

nft> add rule filter input log prefix "input: " group 10

You can also specify the snaplen and qthreshold for the nfnetlink_log.
But you cannot mix level and group at the same time, they are mutually
exclusive.

Default values for both snaplen and qthreshold are 0 (just like in
iptables).

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 9 insertions, 0 deletions

diff --git a/src/scanner.l b/src/scanner.l
index 73a1a3f1..4eec92f5 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -276,6 +276,15 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
 "group"			{ return GROUP; }
 "snaplen"		{ return SNAPLEN; }
 "queue-threshold"	{ return QUEUE_THRESHOLD; }
+"level"			{ return LEVEL; }
+"emerg"			{ return LEVEL_EMERG; }
+"alert"			{ return LEVEL_ALERT; }
+"crit"			{ return LEVEL_CRIT; }
+"err"			{ return LEVEL_ERR; }
+"warn"			{ return LEVEL_WARN; }
+"notice"		{ return LEVEL_NOTICE; }
+"info"			{ return LEVEL_INFO; }
+"debug"			{ return LEVEL_DEBUG; }
 
 "queue"			{ return QUEUE;}
 "num"			{ return QUEUENUM;}