From 7070b1f3c88a0c3d4e315c00cca61f05b0fbc882 Mon Sep 17 00:00:00 2001 From: Vishwanath Pai Date: Fri, 24 Jun 2016 16:42:31 -0400 Subject: extensions: libxt_NFLOG: nflog-range does not truncate packets The option --nflog-range has never worked, but we cannot just fix this because users might be using this feature option and their behavior would change. Instead add a new option --nflog-size. This option works the same way nflog-range should have, and both of them are mutually exclusive. When someone uses --nflog-range we print a warning message informing them that this feature has no effect. To indicate the kernel that the user has set --nflog-size we have to pass a new flag XT_NFLOG_F_COPY_LEN. Also updated the man page to reflect the new option and added tests to extensions/libxt_NFLOG.t Reported-by: Joe Dollard Reviewed-by: Josh Hunt Signed-off-by: Vishwanath Pai Signed-off-by: Pablo Neira Ayuso --- include/linux/netfilter/xt_NFLOG.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'include/linux/netfilter/xt_NFLOG.h') diff --git a/include/linux/netfilter/xt_NFLOG.h b/include/linux/netfilter/xt_NFLOG.h index 87b58311..f3307073 100644 --- a/include/linux/netfilter/xt_NFLOG.h +++ b/include/linux/netfilter/xt_NFLOG.h @@ -6,9 +6,13 @@ #define XT_NFLOG_DEFAULT_GROUP 0x1 #define XT_NFLOG_DEFAULT_THRESHOLD 0 -#define XT_NFLOG_MASK 0x0 +#define XT_NFLOG_MASK 0x1 + +/* This flag indicates that 'len' field in xt_nflog_info is set*/ +#define XT_NFLOG_F_COPY_LEN 0x1 struct xt_nflog_info { + /* 'len' will be used iff you set XT_NFLOG_F_COPY_LEN in flags */ __u32 len; __u16 group; __u16 threshold; -- cgit v1.2.3