aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2006-11-28 20:35:38 -0500
committerDavid S. Miller <davem@sunset.davemloft.net>2006-12-03 00:31:31 -0500
commitbaf7b1e11282127e068d149825cccec002091d61 (patch)
tree33eae4a25dad2666e5b51bffb76d5c7d2db725c2 /include/linux
parent39b46fc6f0d1161a5585cd8af7b3a05e8118ab7e (diff)
[NETFILTER]: x_tables: add NFLOG target
Add new NFLOG target to allow use of nfnetlink_log for both IPv4 and IPv6. Currently we have two (unsupported by userspace) hacks in the LOG and ULOG targets to optionally call to the nflog API. They lack a few features, namely the IPv4 and IPv6 LOG targets can not specify a number of arguments related to nfnetlink_log, while the ULOG target is only available for IPv4. Remove those hacks and add a clean way to use nfnetlink_log. Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/netfilter/Kbuild1
-rw-r--r--include/linux/netfilter/xt_NFLOG.h18
-rw-r--r--include/linux/netfilter_ipv4/ipt_LOG.h2
-rw-r--r--include/linux/netfilter_ipv6/ip6t_LOG.h2
4 files changed, 21 insertions, 2 deletions
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
index e379a2d89ea0..6328175a1c3a 100644
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -22,6 +22,7 @@ header-y += xt_mark.h
22header-y += xt_MARK.h 22header-y += xt_MARK.h
23header-y += xt_multiport.h 23header-y += xt_multiport.h
24header-y += xt_NFQUEUE.h 24header-y += xt_NFQUEUE.h
25header-y += xt_NFLOG.h
25header-y += xt_pkttype.h 26header-y += xt_pkttype.h
26header-y += xt_policy.h 27header-y += xt_policy.h
27header-y += xt_realm.h 28header-y += xt_realm.h
diff --git a/include/linux/netfilter/xt_NFLOG.h b/include/linux/netfilter/xt_NFLOG.h
new file mode 100644
index 000000000000..cdcd0ed58f7a
--- /dev/null
+++ b/include/linux/netfilter/xt_NFLOG.h
@@ -0,0 +1,18 @@
1#ifndef _XT_NFLOG_TARGET
2#define _XT_NFLOG_TARGET
3
4#define XT_NFLOG_DEFAULT_GROUP 0x1
5#define XT_NFLOG_DEFAULT_THRESHOLD 1
6
7#define XT_NFLOG_MASK 0x0
8
9struct xt_nflog_info {
10 u_int32_t len;
11 u_int16_t group;
12 u_int16_t threshold;
13 u_int16_t flags;
14 u_int16_t pad;
15 char prefix[64];
16};
17
18#endif /* _XT_NFLOG_TARGET */
diff --git a/include/linux/netfilter_ipv4/ipt_LOG.h b/include/linux/netfilter_ipv4/ipt_LOG.h
index 892f9a33fea8..90fa6525ef9c 100644
--- a/include/linux/netfilter_ipv4/ipt_LOG.h
+++ b/include/linux/netfilter_ipv4/ipt_LOG.h
@@ -6,7 +6,7 @@
6#define IPT_LOG_TCPOPT 0x02 /* Log TCP options */ 6#define IPT_LOG_TCPOPT 0x02 /* Log TCP options */
7#define IPT_LOG_IPOPT 0x04 /* Log IP options */ 7#define IPT_LOG_IPOPT 0x04 /* Log IP options */
8#define IPT_LOG_UID 0x08 /* Log UID owning local socket */ 8#define IPT_LOG_UID 0x08 /* Log UID owning local socket */
9#define IPT_LOG_NFLOG 0x10 /* Log using nf_log backend */ 9#define IPT_LOG_NFLOG 0x10 /* Unsupported, don't reuse */
10#define IPT_LOG_MASK 0x1f 10#define IPT_LOG_MASK 0x1f
11 11
12struct ipt_log_info { 12struct ipt_log_info {
diff --git a/include/linux/netfilter_ipv6/ip6t_LOG.h b/include/linux/netfilter_ipv6/ip6t_LOG.h
index 060c1a1c6c60..0d0119b0458c 100644
--- a/include/linux/netfilter_ipv6/ip6t_LOG.h
+++ b/include/linux/netfilter_ipv6/ip6t_LOG.h
@@ -6,7 +6,7 @@
6#define IP6T_LOG_TCPOPT 0x02 /* Log TCP options */ 6#define IP6T_LOG_TCPOPT 0x02 /* Log TCP options */
7#define IP6T_LOG_IPOPT 0x04 /* Log IP options */ 7#define IP6T_LOG_IPOPT 0x04 /* Log IP options */
8#define IP6T_LOG_UID 0x08 /* Log UID owning local socket */ 8#define IP6T_LOG_UID 0x08 /* Log UID owning local socket */
9#define IP6T_LOG_NFLOG 0x10 /* Log using nf_log backend */ 9#define IP6T_LOG_NFLOG 0x10 /* Unsupported, don't use */
10#define IP6T_LOG_MASK 0x1f 10#define IP6T_LOG_MASK 0x1f
11 11
12struct ip6t_log_info { 12struct ip6t_log_info {