netfilter: ipt_LOG/ip6t_LOG: add option to print decoded MAC header

The LOG targets print the entire MAC header as one long string, which is not
readable very well:

IN=eth0 OUT= MAC=00:15:f2:24:91:f8:00:1b:24:dc:61:e6:08:00 ...

Add an option to decode known header formats (currently just ARPHRD_ETHER devices)
in their individual fields:

IN=eth0 OUT= MACSRC=00:1b:24:dc:61:e6 MACDST=00:15:f2:24:91:f8 MACPROTO=0800 ...
IN=eth0 OUT= MACSRC=00:1b:24:dc:61:e6 MACDST=00:15:f2:24:91:f8 MACPROTO=86dd ...

The option needs to be explicitly enabled by userspace to avoid breaking
existing parsers.

Signed-off-by: Patrick McHardy <kaber@trash.net>

2 files changed, 4 insertions, 2 deletions

diff --git a/include/linux/netfilter_ipv4/ipt_LOG.h b/include/linux/netfilter_ipv4/ipt_LOG.h
index 90fa6525ef9c..dcdbadf9fd4a 100644
--- a/include/linux/netfilter_ipv4/ipt_LOG.h
+++ b/include/linux/netfilter_ipv4/ipt_LOG.h
@@ -7,7 +7,8 @@
 #define IPT_LOG_IPOPT           0x04    /* Log IP options */
 #define IPT_LOG_UID             0x08    /* Log UID owning local socket */
 #define IPT_LOG_NFLOG           0x10    /* Unsupported, don't reuse */
-#define IPT_LOG_MASK            0x1f
+#define IPT_LOG_MACDECODE       0x20    /* Decode MAC header */
+#define IPT_LOG_MASK            0x2f
 
 struct ipt_log_info {
         unsigned char level;
diff --git a/include/linux/netfilter_ipv6/ip6t_LOG.h b/include/linux/netfilter_ipv6/ip6t_LOG.h
index 0d0119b0458c..9dd5579e02ec 100644
--- a/include/linux/netfilter_ipv6/ip6t_LOG.h
+++ b/include/linux/netfilter_ipv6/ip6t_LOG.h
@@ -7,7 +7,8 @@
 #define IP6T_LOG_IPOPT          0x04    /* Log IP options */
 #define IP6T_LOG_UID            0x08    /* Log UID owning local socket */
 #define IP6T_LOG_NFLOG          0x10    /* Unsupported, don't use */
-#define IP6T_LOG_MASK           0x1f
+#define IP6T_LOG_MACDECODE      0x20    /* Decode MAC header */
+#define IP6T_LOG_MASK           0x2f
 
 struct ip6t_log_info {
         unsigned char level;