From e0d85a97cc755d5df14cd50af33f6ea8ab017b84 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 23 Jun 2014 02:49:38 +0200 Subject: src: add level option to the log statement This patch is required if you use upcoming Linux kernels >= 3.17 which come with a complete logging support for nf_tables. If you use 'log' without options, the kernel logging buffer is used: nft> add rule filter input log You can also specify the logging prefix string: nft> add rule filter input log prefix "input: " You may want to specify the log level: nft> add rule filter input log prefix "input: " level notice By default, if not specified, the default level is 'warn' (just like in iptables). If you specify the group, then nft uses the nfnetlink_log instead: nft> add rule filter input log prefix "input: " group 10 You can also specify the snaplen and qthreshold for the nfnetlink_log. But you cannot mix level and group at the same time, they are mutually exclusive. Default values for both snaplen and qthreshold are 0 (just like in iptables). Signed-off-by: Pablo Neira Ayuso --- src/statement.c | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) (limited to 'src/statement.c') diff --git a/src/statement.c b/src/statement.c index 2dd3f187..4be66251 100644 --- a/src/statement.c +++ b/src/statement.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include @@ -112,17 +113,39 @@ struct stmt *counter_stmt_alloc(const struct location *loc) return stmt_alloc(loc, &counter_stmt_ops); } +static const char *syslog_level[LOG_DEBUG + 1] = { + [LOG_EMERG] = "emerg", + [LOG_ALERT] = "alert", + [LOG_CRIT] = "crit", + [LOG_ERR] = "err", + [LOG_WARNING] = "warn", + [LOG_NOTICE] = "notice", + [LOG_INFO] = "info", + [LOG_DEBUG] = "debug", +}; + +static const char *log_level(uint32_t level) +{ + if (level > LOG_DEBUG) + return "unknown"; + + return syslog_level[level]; +} + static void log_stmt_print(const struct stmt *stmt) { printf("log"); - if (stmt->log.prefix != NULL) + if (stmt->log.flags & STMT_LOG_PREFIX) printf(" prefix \"%s\"", stmt->log.prefix); - if (stmt->log.group) + if (stmt->log.flags & STMT_LOG_GROUP) printf(" group %u", stmt->log.group); - if (stmt->log.snaplen) + if (stmt->log.flags & STMT_LOG_SNAPLEN) printf(" snaplen %u", stmt->log.snaplen); - if (stmt->log.qthreshold) + if (stmt->log.flags & STMT_LOG_QTHRESHOLD) printf(" queue-threshold %u", stmt->log.qthreshold); + if ((stmt->log.flags & STMT_LOG_LEVEL) && + stmt->log.level != LOG_WARNING) + printf(" level %s", log_level(stmt->log.level)); } static void log_stmt_destroy(struct stmt *stmt) -- cgit v1.2.3