From 1419b0003fccca32bf61ed40265a5539e2465497 Mon Sep 17 00:00:00 2001
From: Liping Zhang <zlpnobody@gmail.com>
Date: Sat, 19 Nov 2016 19:31:15 +0800
Subject: src: add log flags syntax support

Now NF_LOG_XXX is exposed to the userspace, we can set it explicitly.
Like iptables LOG target, we can log TCP sequence numbers, TCP options,
IP options, UID owning local socket and decode MAC header. Note the
log flags are mutually exclusive with group.

Some examples are listed below:
 # nft add rule t c log flags tcp sequence,options
 # nft add rule t c log flags ip options
 # nft add rule t c log flags skuid
 # nft add rule t c log flags ether
 # nft add rule t c log flags all
 # nft add rule t c log flags all group 1
 <cmdline>:1:14-16: Error: flags and group are mutually exclusive
 add rule t c log flags all group 1
              ^^^

Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/netlink_delinearize.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/netlink_delinearize.c')

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 66d38caa..0ebe3683 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -738,6 +738,10 @@ static void netlink_parse_log(struct netlink_parse_ctx *ctx,
 			nftnl_expr_get_u32(nle, NFTNL_EXPR_LOG_LEVEL);
 		stmt->log.flags |= STMT_LOG_LEVEL;
 	}
+	if (nftnl_expr_is_set(nle, NFTNL_EXPR_LOG_FLAGS)) {
+		stmt->log.logflags =
+			nftnl_expr_get_u32(nle, NFTNL_EXPR_LOG_FLAGS);
+	}
 
 	ctx->stmt = stmt;
 }
-- 
cgit v1.2.3