git.ipfire.org Git - thirdparty/nftables.git/commit

author	Liping Zhang <zlpnobody@gmail.com>
	Sat, 19 Nov 2016 11:31:15 +0000 (19:31 +0800)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 24 Nov 2016 12:32:52 +0000 (13:32 +0100)
commit	1419b0003fccca32bf61ed40265a5539e2465497
tree	c35bd0c06398f71f26c8a81d49152920c84e22cd	tree \| snapshot
parent	9e20fcb72dbf25fd41e4636aa580d05e4791650d	commit \| diff

src: add log flags syntax support

Now NF_LOG_XXX is exposed to the userspace, we can set it explicitly.
Like iptables LOG target, we can log TCP sequence numbers, TCP options,
IP options, UID owning local socket and decode MAC header. Note the
log flags are mutually exclusive with group.

Some examples are listed below:
# nft add rule t c log flags tcp sequence,options
# nft add rule t c log flags ip options
# nft add rule t c log flags skuid
# nft add rule t c log flags ether
# nft add rule t c log flags all
# nft add rule t c log flags all group 1
<cmdline>:1:14-16: Error: flags and group are mutually exclusive
add rule t c log flags all group 1
^^^

Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

doc/nft.xml		diff \| blob \| blame \| history
include/linux/netfilter/nf_log.h	[new file with mode: 0644]	blob
include/statement.h		diff \| blob \| blame \| history
src/evaluate.c		diff \| blob \| blame \| history
src/netlink_delinearize.c		diff \| blob \| blame \| history
src/netlink_linearize.c		diff \| blob \| blame \| history
src/parser_bison.y		diff \| blob \| blame \| history
src/scanner.l		diff \| blob \| blame \| history
src/statement.c		diff \| blob \| blame \| history
tests/py/any/log.t		diff \| blob \| blame \| history
tests/py/any/log.t.payload		diff \| blob \| blame \| history