diff options
author | Vishwanath Pai <vpai@akamai.com> | 2016-06-24 16:42:31 -0400 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-07-01 16:29:11 +0200 |
commit | 7070b1f3c88a0c3d4e315c00cca61f05b0fbc882 (patch) | |
tree | e779e1cba0b4a20c1a77aee009095331bfb6fc18 /extensions/libxt_NFLOG.t | |
parent | 09cad6470a1ef596876879c01bd8f9148e896dbe (diff) |
extensions: libxt_NFLOG: nflog-range does not truncate packets
The option --nflog-range has never worked, but we cannot just fix this
because users might be using this feature option and their behavior would
change. Instead add a new option --nflog-size. This option works the same
way nflog-range should have, and both of them are mutually exclusive. When
someone uses --nflog-range we print a warning message informing them that
this feature has no effect.
To indicate the kernel that the user has set --nflog-size we have to pass a
new flag XT_NFLOG_F_COPY_LEN.
Also updated the man page to reflect the new option and added tests to
extensions/libxt_NFLOG.t
Reported-by: Joe Dollard <jdollard@akamai.com>
Reviewed-by: Josh Hunt <johunt@akamai.com>
Signed-off-by: Vishwanath Pai <vpai@akamai.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libxt_NFLOG.t')
-rw-r--r-- | extensions/libxt_NFLOG.t | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/extensions/libxt_NFLOG.t b/extensions/libxt_NFLOG.t index f9768aae..78076b56 100644 --- a/extensions/libxt_NFLOG.t +++ b/extensions/libxt_NFLOG.t @@ -7,6 +7,10 @@ -j NFLOG --nflog-range 4294967295;=;OK -j NFLOG --nflog-range 4294967296;;FAIL -j NFLOG --nflog-range -1;;FAIL +-j NFLOG --nflog-size 1;=;OK +-j NFLOG --nflog-size 4294967295;=;OK +-j NFLOG --nflog-size 4294967296;;FAIL +-j NFLOG --nflog-size -1;;FAIL # ERROR: cannot find: iptables -I INPUT -j NFLOG --nflog-prefix xxxxxx [...] # -j NFLOG --nflog-prefix xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;=;OK # ERROR: should fail: iptables -A INPUT -j NFLOG --nflog-prefix xxxxxxx [...] |