git.ipfire.org Git - thirdparty/iptables.git/commit

author	Vishwanath Pai <vpai@akamai.com>
	Fri, 24 Jun 2016 20:42:31 +0000 (16:42 -0400)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 1 Jul 2016 14:29:11 +0000 (16:29 +0200)
commit	7070b1f3c88a0c3d4e315c00cca61f05b0fbc882
tree	e779e1cba0b4a20c1a77aee009095331bfb6fc18	tree
parent	09cad6470a1ef596876879c01bd8f9148e896dbe	commit \| diff

extensions: libxt_NFLOG: nflog-range does not truncate packets

The option --nflog-range has never worked, but we cannot just fix this
because users might be using this feature option and their behavior would
change. Instead add a new option --nflog-size. This option works the same
way nflog-range should have, and both of them are mutually exclusive. When
someone uses --nflog-range we print a warning message informing them that
this feature has no effect.

To indicate the kernel that the user has set --nflog-size we have to pass a
new flag XT_NFLOG_F_COPY_LEN.

Also updated the man page to reflect the new option and added tests to
extensions/libxt_NFLOG.t

Reported-by: Joe Dollard <jdollard@akamai.com>
Reviewed-by: Josh Hunt <johunt@akamai.com>
Signed-off-by: Vishwanath Pai <vpai@akamai.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

extensions/libxt_NFLOG.c		diff \| blob \| blame \| history
extensions/libxt_NFLOG.man		diff \| blob \| blame \| history
extensions/libxt_NFLOG.t		diff \| blob \| blame \| history
include/linux/netfilter/xt_NFLOG.h		diff \| blob \| blame \| history