diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-06-23 02:49:38 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-07-25 18:18:40 +0200 |
| commit | e0d85a97cc755d5df14cd50af33f6ea8ab017b84 (patch) | |
| tree | 30cd96afc4d1c8097d0a8e7c714880a03751602b /src/netlink_linearize.c | |
| parent | 371fdadfafd64b3e364f91a21dac231a16622736 (diff) | |
src: add level option to the log statement
This patch is required if you use upcoming Linux kernels >= 3.17
which come with a complete logging support for nf_tables.
If you use 'log' without options, the kernel logging buffer is used:
nft> add rule filter input log
You can also specify the logging prefix string:
nft> add rule filter input log prefix "input: "
You may want to specify the log level:
nft> add rule filter input log prefix "input: " level notice
By default, if not specified, the default level is 'warn' (just like
in iptables).
If you specify the group, then nft uses the nfnetlink_log instead:
nft> add rule filter input log prefix "input: " group 10
You can also specify the snaplen and qthreshold for the nfnetlink_log.
But you cannot mix level and group at the same time, they are mutually
exclusive.
Default values for both snaplen and qthreshold are 0 (just like in
iptables).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_linearize.c')
| -rw-r--r-- | src/netlink_linearize.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 5c1b46dd..075e2436 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -576,17 +576,17 @@ static void netlink_gen_log_stmt(struct netlink_linearize_ctx *ctx, nft_rule_expr_set_str(nle, NFT_EXPR_LOG_PREFIX, stmt->log.prefix); } - if (stmt->log.group) { + if (stmt->log.flags & STMT_LOG_GROUP) { nft_rule_expr_set_u16(nle, NFT_EXPR_LOG_GROUP, stmt->log.group); - } - if (stmt->log.snaplen) { - nft_rule_expr_set_u32(nle, NFT_EXPR_LOG_SNAPLEN, - stmt->log.snaplen); - } - if (stmt->log.qthreshold) { - nft_rule_expr_set_u16(nle, NFT_EXPR_LOG_QTHRESHOLD, - stmt->log.qthreshold); + if (stmt->log.flags & STMT_LOG_SNAPLEN) + nft_rule_expr_set_u32(nle, NFT_EXPR_LOG_SNAPLEN, + stmt->log.snaplen); + if (stmt->log.flags & STMT_LOG_QTHRESHOLD) + nft_rule_expr_set_u16(nle, NFT_EXPR_LOG_QTHRESHOLD, + stmt->log.qthreshold); + } else { + nft_rule_expr_set_u32(nle, NFT_EXPR_LOG_LEVEL, stmt->log.level); } nft_rule_add_expr(ctx->nlr, nle); } |