leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ff107d2776
linux/net/ipv6/netfilter
History
Liping Zhang ff107d2776 netfilter: nft_log: complete NFTA_LOG_FLAGS attr support 
NFTA_LOG_FLAGS attribute is already supported, but the related
NF_LOG_XXX flags are not exposed to the userspace. So we cannot
explicitly enable log flags to log uid, tcp sequence, ip options
and so on, i.e. such rule "nft add rule filter output log uid"
is not supported yet.

So move NF_LOG_XXX macro definitions to the uapi/../nf_log.h. In
order to keep consistent with other modules, change NF_LOG_MASK to
refer to all supported log flags. On the other hand, add a new
NF_LOG_DEFAULT_MASK to refer to the original default log flags.

Finally, if user specify the unsupported log flags or NFTA_LOG_GROUP
and NFTA_LOG_FLAGS are set at the same time, report EINVAL to the
userspace.

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-09-25 23:16:43 +02:00
..
ip6_tables.c netfilter: nft_log: complete NFTA_LOG_FLAGS attr support 2016-09-25 23:16:43 +02:00
ip6t_ah.c
ip6t_eui64.c
ip6t_frag.c
ip6t_hbh.c
ip6t_ipv6header.c netfilter: remove unnecessary break after return 2014-07-15 16:27:00 -07:00
ip6t_MASQUERADE.c netfilter: nf_nat: generalize IPv6 masquerading support for nf_tables 2014-09-09 16:31:29 +02:00
ip6t_mh.c
ip6t_NPT.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-07 18:37:01 -04:00
ip6t_REJECT.c netfilter: x_tables: Use par->net instead of computing from the passed net devices 2015-09-18 21:58:25 +02:00
ip6t_rpfilter.c netfilter: x_tables: Use par->net instead of computing from the passed net devices 2015-09-18 21:58:25 +02:00
ip6t_rt.c
ip6t_SYNPROXY.c netfilter: ip6t_SYNPROXY: unnecessary to check whether ip6_route_output returns NULL 2016-04-25 15:34:30 +02:00
ip6table_filter.c netfilter: xtables: don't hook tables by default 2016-03-02 20:05:24 +01:00
ip6table_mangle.c netfilter: x_tables: simplify ip{6}table_mangle_hook() 2016-07-01 16:37:02 +02:00
ip6table_nat.c netfilter: xtables: don't hook tables by default 2016-03-02 20:05:24 +01:00
ip6table_raw.c netfilter: xtables: don't hook tables by default 2016-03-02 20:05:24 +01:00
ip6table_security.c netfilter: xtables: don't hook tables by default 2016-03-02 20:05:24 +01:00
Kconfig netfilter: nf_dup: add missing dependencies with NF_CONNTRACK 2015-12-10 18:17:06 +01:00
Makefile netfilter: nf_tables: add nft_dup expression 2015-08-07 11:49:49 +02:00
nf_conntrack_l3proto_ipv6.c netfilter: Remove explicit rcu_read_lock in nf_hook_slow 2016-09-24 21:29:53 +02:00
nf_conntrack_proto_icmpv6.c netfilter: Remove explicit rcu_read_lock in nf_hook_slow 2016-09-24 21:29:53 +02:00
nf_conntrack_reasm.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-12-14 20:31:16 +01:00
nf_defrag_ipv6_hooks.c netfilter: ipv6: avoid nf_iterate recursion 2015-11-23 17:54:45 +01:00
nf_dup_ipv6.c netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags 2016-05-30 12:21:23 +02:00
nf_log_ipv6.c netfilter: nft_log: complete NFTA_LOG_FLAGS attr support 2016-09-25 23:16:43 +02:00
nf_nat_l3proto_ipv6.c netfilter: Allow calling into nat helper without skb_dst. 2016-03-14 23:47:27 +01:00
nf_nat_masquerade_ipv6.c netfilter: conntrack: resched in nf_ct_iterate_cleanup 2016-02-01 00:15:26 +01:00
nf_nat_proto_icmpv6.c net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool 2015-08-17 21:33:06 -07:00
nf_reject_ipv6.c netfilter: ipv6: unnecessary to check whether ip6_route_output() returns NULL 2016-04-07 18:53:08 +02:00
nf_tables_ipv6.c netfilter: Add the missed return value check of nft_register_chain_type 2016-09-12 19:54:45 +02:00
nft_chain_nat_ipv6.c netfilter: Pass priv instead of nf_hook_ops to netfilter hooks 2015-09-18 22:00:16 +02:00
nft_chain_route_ipv6.c netfilter: nf_tables: don't drop IPv6 packets that cannot parse transport 2016-09-12 18:52:32 +02:00
nft_dup_ipv6.c netfilter: Pass net to nf_dup_ipv4 and nf_dup_ipv6 2015-09-18 21:59:11 +02:00
nft_masq_ipv6.c netfilter: nft_masq: support port range 2016-03-02 20:05:27 +01:00
nft_redir_ipv6.c netfilter: nf_tables: kill nft_pktinfo.ops 2015-09-18 21:58:01 +02:00
nft_reject_ipv6.c netfilter: nf_tables: Use pkt->net instead of computing net from the passed net_devices 2015-09-18 21:58:49 +02:00