aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/netfilter_bridge/ebt_log.h1
-rw-r--r--include/linux/netfilter_ipv4/ipt_LOG.h3
-rw-r--r--include/linux/netfilter_ipv6/ip6t_LOG.h3
-rw-r--r--net/bridge/netfilter/ebt_log.c7
-rw-r--r--net/ipv4/netfilter/ipt_LOG.c7
-rw-r--r--net/ipv6/netfilter/ip6t_LOG.c7
6 files changed, 23 insertions, 5 deletions
diff --git a/include/linux/netfilter_bridge/ebt_log.h b/include/linux/netfilter_bridge/ebt_log.h
index 358fbc84fb59..96e231ae7554 100644
--- a/include/linux/netfilter_bridge/ebt_log.h
+++ b/include/linux/netfilter_bridge/ebt_log.h
@@ -3,6 +3,7 @@
3 3
4#define EBT_LOG_IP 0x01 /* if the frame is made by ip, log the ip information */ 4#define EBT_LOG_IP 0x01 /* if the frame is made by ip, log the ip information */
5#define EBT_LOG_ARP 0x02 5#define EBT_LOG_ARP 0x02
6#define EBT_LOG_NFLOG 0x04
6#define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP) 7#define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP)
7#define EBT_LOG_PREFIX_SIZE 30 8#define EBT_LOG_PREFIX_SIZE 30
8#define EBT_LOG_WATCHER "log" 9#define EBT_LOG_WATCHER "log"
diff --git a/include/linux/netfilter_ipv4/ipt_LOG.h b/include/linux/netfilter_ipv4/ipt_LOG.h
index 22d16177319b..892f9a33fea8 100644
--- a/include/linux/netfilter_ipv4/ipt_LOG.h
+++ b/include/linux/netfilter_ipv4/ipt_LOG.h
@@ -6,7 +6,8 @@
6#define IPT_LOG_TCPOPT 0x02 /* Log TCP options */ 6#define IPT_LOG_TCPOPT 0x02 /* Log TCP options */
7#define IPT_LOG_IPOPT 0x04 /* Log IP options */ 7#define IPT_LOG_IPOPT 0x04 /* Log IP options */
8#define IPT_LOG_UID 0x08 /* Log UID owning local socket */ 8#define IPT_LOG_UID 0x08 /* Log UID owning local socket */
9#define IPT_LOG_MASK 0x0f 9#define IPT_LOG_NFLOG 0x10 /* Log using nf_log backend */
10#define IPT_LOG_MASK 0x1f
10 11
11struct ipt_log_info { 12struct ipt_log_info {
12 unsigned char level; 13 unsigned char level;
diff --git a/include/linux/netfilter_ipv6/ip6t_LOG.h b/include/linux/netfilter_ipv6/ip6t_LOG.h
index 9008ff5c40ae..060c1a1c6c60 100644
--- a/include/linux/netfilter_ipv6/ip6t_LOG.h
+++ b/include/linux/netfilter_ipv6/ip6t_LOG.h
@@ -6,7 +6,8 @@
6#define IP6T_LOG_TCPOPT 0x02 /* Log TCP options */ 6#define IP6T_LOG_TCPOPT 0x02 /* Log TCP options */
7#define IP6T_LOG_IPOPT 0x04 /* Log IP options */ 7#define IP6T_LOG_IPOPT 0x04 /* Log IP options */
8#define IP6T_LOG_UID 0x08 /* Log UID owning local socket */ 8#define IP6T_LOG_UID 0x08 /* Log UID owning local socket */
9#define IP6T_LOG_MASK 0x0f 9#define IP6T_LOG_NFLOG 0x10 /* Log using nf_log backend */
10#define IP6T_LOG_MASK 0x1f
10 11
11struct ip6t_log_info { 12struct ip6t_log_info {
12 unsigned char level; 13 unsigned char level;
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index 0128fbbe2328..288ff1d4ccc4 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -166,7 +166,12 @@ static void ebt_log(const struct sk_buff *skb, unsigned int hooknr,
166 li.u.log.level = info->loglevel; 166 li.u.log.level = info->loglevel;
167 li.u.log.logflags = info->bitmask; 167 li.u.log.logflags = info->bitmask;
168 168
169 nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, info->prefix); 169 if (info->bitmask & EBT_LOG_NFLOG)
170 nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li,
171 info->prefix);
172 else
173 ebt_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li,
174 info->prefix);
170} 175}
171 176
172static struct ebt_watcher log = 177static struct ebt_watcher log =
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index 6606ddb66a29..cc27545ff97f 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -425,7 +425,12 @@ ipt_log_target(struct sk_buff **pskb,
425 li.u.log.level = loginfo->level; 425 li.u.log.level = loginfo->level;
426 li.u.log.logflags = loginfo->logflags; 426 li.u.log.logflags = loginfo->logflags;
427 427
428 nf_log_packet(PF_INET, hooknum, *pskb, in, out, &li, loginfo->prefix); 428 if (loginfo->logflags & IPT_LOG_NFLOG)
429 nf_log_packet(PF_INET, hooknum, *pskb, in, out, &li,
430 loginfo->prefix);
431 else
432 ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li,
433 loginfo->prefix);
429 434
430 return IPT_CONTINUE; 435 return IPT_CONTINUE;
431} 436}
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
index 77c725832dec..6b930efa9fb9 100644
--- a/net/ipv6/netfilter/ip6t_LOG.c
+++ b/net/ipv6/netfilter/ip6t_LOG.c
@@ -436,7 +436,12 @@ ip6t_log_target(struct sk_buff **pskb,
436 li.u.log.level = loginfo->level; 436 li.u.log.level = loginfo->level;
437 li.u.log.logflags = loginfo->logflags; 437 li.u.log.logflags = loginfo->logflags;
438 438
439 nf_log_packet(PF_INET6, hooknum, *pskb, in, out, &li, loginfo->prefix); 439 if (loginfo->logflags & IP6T_LOG_NFLOG)
440 nf_log_packet(PF_INET6, hooknum, *pskb, in, out, &li,
441 loginfo->prefix);
442 else
443 ip6t_log_packet(PF_INET6, hooknum, *pskb, in, out, &li,
444 loginfo->prefix);
440 445
441 return IP6T_CONTINUE; 446 return IP6T_CONTINUE;
442} 447}