diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-06-23 02:49:38 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-07-25 18:18:40 +0200 |
commit | e0d85a97cc755d5df14cd50af33f6ea8ab017b84 (patch) | |
tree | 30cd96afc4d1c8097d0a8e7c714880a03751602b /src/parser.y | |
parent | 371fdadfafd64b3e364f91a21dac231a16622736 (diff) |
src: add level option to the log statement
This patch is required if you use upcoming Linux kernels >= 3.17
which come with a complete logging support for nf_tables.
If you use 'log' without options, the kernel logging buffer is used:
nft> add rule filter input log
You can also specify the logging prefix string:
nft> add rule filter input log prefix "input: "
You may want to specify the log level:
nft> add rule filter input log prefix "input: " level notice
By default, if not specified, the default level is 'warn' (just like
in iptables).
If you specify the group, then nft uses the nfnetlink_log instead:
nft> add rule filter input log prefix "input: " group 10
You can also specify the snaplen and qthreshold for the nfnetlink_log.
But you cannot mix level and group at the same time, they are mutually
exclusive.
Default values for both snaplen and qthreshold are 0 (just like in
iptables).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/parser.y')
-rw-r--r-- | src/parser.y | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/src/parser.y b/src/parser.y index 3e08e21e..26d28793 100644 --- a/src/parser.y +++ b/src/parser.y @@ -13,6 +13,7 @@ #include <stddef.h> #include <stdio.h> #include <inttypes.h> +#include <syslog.h> #include <netinet/ip.h> #include <netinet/if_ether.h> #include <linux/netfilter.h> @@ -345,6 +346,15 @@ static int monitor_lookup_event(const char *event) %token GROUP "group" %token SNAPLEN "snaplen" %token QUEUE_THRESHOLD "queue-threshold" +%token LEVEL "level" +%token LEVEL_EMERG "emerg" +%token LEVEL_ALERT "alert" +%token LEVEL_CRIT "crit" +%token LEVEL_ERR "err" +%token LEVEL_WARN "warn" +%token LEVEL_NOTICE "notice" +%token LEVEL_INFO "info" +%token LEVEL_DEBUG "debug" %token LIMIT "limit" %token RATE "rate" @@ -416,6 +426,7 @@ static int monitor_lookup_event(const char *event) %destructor { stmt_free($$); } meta_stmt %type <stmt> log_stmt log_stmt_alloc %destructor { stmt_free($$); } log_stmt log_stmt_alloc +%type <val> level_type %type <stmt> limit_stmt %destructor { stmt_free($$); } limit_stmt %type <val> time_unit @@ -1366,18 +1377,61 @@ log_args : log_arg log_arg : PREFIX string { $<stmt>0->log.prefix = $2; + $<stmt>0->log.flags |= STMT_LOG_PREFIX; } | GROUP NUM { $<stmt>0->log.group = $2; + $<stmt>0->log.flags |= STMT_LOG_GROUP; } | SNAPLEN NUM { $<stmt>0->log.snaplen = $2; + $<stmt>0->log.flags |= STMT_LOG_SNAPLEN; } | QUEUE_THRESHOLD NUM { $<stmt>0->log.qthreshold = $2; + $<stmt>0->log.flags |= STMT_LOG_QTHRESHOLD; + } + | LEVEL level_type + { + $<stmt>0->log.level = $2; + $<stmt>0->log.flags |= STMT_LOG_LEVEL; + } + ; + +level_type : LEVEL_EMERG + { + $$ = LOG_EMERG; + } + | LEVEL_ALERT + { + $$ = LOG_ALERT; + } + | LEVEL_CRIT + { + $$ = LOG_CRIT; + } + | LEVEL_ERR + { + $$ = LOG_ERR; + } + | LEVEL_WARN + { + $$ = LOG_WARNING; + } + | LEVEL_NOTICE + { + $$ = LOG_NOTICE; + } + | LEVEL_INFO + { + $$ = LOG_INFO; + } + | LEVEL_DEBUG + { + $$ = LOG_DEBUG; } ; |