kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-hardened/net/bridge/netfilter
History
Liping Zhang ff107d2776 netfilter: nft_log: complete NFTA_LOG_FLAGS attr support 
NFTA_LOG_FLAGS attribute is already supported, but the related
NF_LOG_XXX flags are not exposed to the userspace. So we cannot
explicitly enable log flags to log uid, tcp sequence, ip options
and so on, i.e. such rule "nft add rule filter output log uid"
is not supported yet.

So move NF_LOG_XXX macro definitions to the uapi/../nf_log.h. In
order to keep consistent with other modules, change NF_LOG_MASK to
refer to all supported log flags. On the other hand, add a new
NF_LOG_DEFAULT_MASK to refer to the original default log flags.

Finally, if user specify the unsupported log flags or NFTA_LOG_GROUP
and NFTA_LOG_FLAGS are set at the same time, report EINVAL to the
userspace.

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-09-25 23:16:43 +02:00
..
ebt_802_3.c netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF 2016-07-03 10:55:07 +02:00
ebt_among.c bridge: netfilter: Use ether_addr_copy 2014-02-24 19:16:44 -05:00
ebt_arp.c netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF 2016-07-03 10:55:07 +02:00
ebt_arpreply.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ebt_dnat.c bridge: netfilter: Use ether_addr_copy 2014-02-24 19:16:44 -05:00
ebt_ip.c netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF 2016-07-03 10:55:07 +02:00
ebt_ip6.c netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF 2016-07-03 10:55:07 +02:00
ebt_limit.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_log.c netfilter: nft_log: complete NFTA_LOG_FLAGS attr support 2016-09-25 23:16:43 +02:00
ebt_mark.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ebt_mark_m.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_nflog.c netfilter: x_tables: Use par->net instead of computing from the passed net devices 2015-09-18 21:58:25 +02:00
ebt_pkttype.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_redirect.c netfilter: Remove explicit rcu_read_lock in nf_hook_slow 2016-09-24 21:29:53 +02:00
ebt_snat.c bridge: netfilter: Use ether_addr_copy 2014-02-24 19:16:44 -05:00
ebt_stp.c netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF 2016-07-03 10:55:07 +02:00
ebt_vlan.c netfilter-bridge: use netdev style comments 2015-11-23 17:54:39 +01:00
ebtable_broute.c netfilter: ebtables: Simplify the arguments to ebt_do_table 2015-09-18 21:57:35 +02:00
ebtable_filter.c netfilter-bridge: Cleanse indentation 2015-11-23 17:54:39 +01:00
ebtable_nat.c netfilter-bridge: Cleanse indentation 2015-11-23 17:54:39 +01:00
ebtables.c netfilter: Remove explicit rcu_read_lock in nf_hook_slow 2016-09-24 21:29:53 +02:00
Kconfig netfilter: bridge: add reject support 2014-07-22 12:00:22 +02:00
Makefile netfilter: kill remnants of ulog targets 2014-07-25 14:55:44 +02:00
nf_log_bridge.c netfilter: log: Check param to avoid overflow in nf_log_set 2016-08-30 11:52:32 +02:00
nf_tables_bridge.c netfilter: Add the missed return value check of nft_register_chain_type 2016-09-12 19:54:45 +02:00
nft_meta_bridge.c netfilter: nf_tables: wrap tracing with a static key 2015-12-09 13:23:13 +01:00
nft_reject_bridge.c netfilter: nf_tables_bridge: use nft_set_pktinfo_ipv{4, 6}_validate 2016-09-12 18:52:15 +02:00