diff options
author | Liping Zhang <liping.zhang@spreadtrum.com> | 2016-09-25 16:54:35 +0800 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-10-04 08:49:50 +0200 |
commit | c11103944cee05fbd1bba7ed60b017b6bd4ad57b (patch) | |
tree | 8da337bcb1b6762e666ec31ac2a9d05e6f4ad3df | |
parent | 1d74732a3917781510153fcf05cf654cda554b8e (diff) |
expr: log: complete log flags support
If NFTNL_EXPR_LOG_FLAGS is not set, it's unnecessary to print out the
flags value. Furthermore, it's better to print out string message
instead of the hex value.
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | include/linux/netfilter/nf_log.h | 12 | ||||
-rw-r--r-- | src/expr/log.c | 35 |
2 files changed, 42 insertions, 5 deletions
diff --git a/include/linux/netfilter/nf_log.h b/include/linux/netfilter/nf_log.h new file mode 100644 index 0000000..8be21e0 --- /dev/null +++ b/include/linux/netfilter/nf_log.h @@ -0,0 +1,12 @@ +#ifndef _NETFILTER_NF_LOG_H +#define _NETFILTER_NF_LOG_H + +#define NF_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */ +#define NF_LOG_TCPOPT 0x02 /* Log TCP options */ +#define NF_LOG_IPOPT 0x04 /* Log IP options */ +#define NF_LOG_UID 0x08 /* Log UID owning local socket */ +#define NF_LOG_NFLOG 0x10 /* Unsupported, don't reuse */ +#define NF_LOG_MACDECODE 0x20 /* Decode MAC header */ +#define NF_LOG_MASK 0x2f + +#endif /* _NETFILTER_NF_LOG_H */ diff --git a/src/expr/log.c b/src/expr/log.c index a231bac..b642255 100644 --- a/src/expr/log.c +++ b/src/expr/log.c @@ -15,6 +15,7 @@ #include <arpa/inet.h> #include <errno.h> #include <linux/netfilter/nf_tables.h> +#include <linux/netfilter/nf_log.h> #include "internal.h" #include <libmnl/libmnl.h> @@ -237,13 +238,37 @@ static int nftnl_expr_log_snprintf_default(char *buf, size_t size, if (e->flags & (1 << NFTNL_EXPR_LOG_GROUP)) { ret = snprintf(buf + offset, len, - "group %u snaplen %u qthreshold %u", + "group %u snaplen %u qthreshold %u ", log->group, log->snaplen, log->qthreshold); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); - } else if (e->flags & (1 << NFTNL_EXPR_LOG_LEVEL)) { - ret = snprintf(buf + offset, len, "level %u flags %u", - log->level, log->flags); - SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } else { + if (e->flags & (1 << NFTNL_EXPR_LOG_LEVEL)) { + ret = snprintf(buf + offset, len, "level %u ", + log->level); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + if (e->flags & (1 << NFTNL_EXPR_LOG_FLAGS)) { + if (log->flags & NF_LOG_TCPSEQ) { + ret = snprintf(buf + offset, len, "tcpseq "); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + if (log->flags & NF_LOG_TCPOPT) { + ret = snprintf(buf + offset, len, "tcpopt "); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + if (log->flags & NF_LOG_IPOPT) { + ret = snprintf(buf + offset, len, "ipopt "); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + if (log->flags & NF_LOG_UID) { + ret = snprintf(buf + offset, len, "uid "); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + if (log->flags & NF_LOG_MACDECODE) { + ret = snprintf(buf + offset, len, "macdecode "); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + } } return offset; |