From: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx> If NFTNL_EXPR_LOG_FLAGS is not set, it's unnecessary to print out the flags value. Furthermore, it's better to print out string message instead of the hex value. Signed-off-by: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx> --- include/linux/netfilter/nf_log.h | 12 ++++++++++++ src/expr/log.c | 35 ++++++++++++++++++++++++++++++----- 2 files changed, 42 insertions(+), 5 deletions(-) create mode 100644 include/linux/netfilter/nf_log.h diff --git a/include/linux/netfilter/nf_log.h b/include/linux/netfilter/nf_log.h new file mode 100644 index 0000000..8be21e0 --- /dev/null +++ b/include/linux/netfilter/nf_log.h @@ -0,0 +1,12 @@ +#ifndef _NETFILTER_NF_LOG_H +#define _NETFILTER_NF_LOG_H + +#define NF_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */ +#define NF_LOG_TCPOPT 0x02 /* Log TCP options */ +#define NF_LOG_IPOPT 0x04 /* Log IP options */ +#define NF_LOG_UID 0x08 /* Log UID owning local socket */ +#define NF_LOG_NFLOG 0x10 /* Unsupported, don't reuse */ +#define NF_LOG_MACDECODE 0x20 /* Decode MAC header */ +#define NF_LOG_MASK 0x2f + +#endif /* _NETFILTER_NF_LOG_H */ diff --git a/src/expr/log.c b/src/expr/log.c index a231bac..b642255 100644 --- a/src/expr/log.c +++ b/src/expr/log.c @@ -15,6 +15,7 @@ #include <arpa/inet.h> #include <errno.h> #include <linux/netfilter/nf_tables.h> +#include <linux/netfilter/nf_log.h> #include "internal.h" #include <libmnl/libmnl.h> @@ -237,13 +238,37 @@ static int nftnl_expr_log_snprintf_default(char *buf, size_t size, if (e->flags & (1 << NFTNL_EXPR_LOG_GROUP)) { ret = snprintf(buf + offset, len, - "group %u snaplen %u qthreshold %u", + "group %u snaplen %u qthreshold %u ", log->group, log->snaplen, log->qthreshold); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); - } else if (e->flags & (1 << NFTNL_EXPR_LOG_LEVEL)) { - ret = snprintf(buf + offset, len, "level %u flags %u", - log->level, log->flags); - SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } else { + if (e->flags & (1 << NFTNL_EXPR_LOG_LEVEL)) { + ret = snprintf(buf + offset, len, "level %u ", + log->level); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + if (e->flags & (1 << NFTNL_EXPR_LOG_FLAGS)) { + if (log->flags & NF_LOG_TCPSEQ) { + ret = snprintf(buf + offset, len, "tcpseq "); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + if (log->flags & NF_LOG_TCPOPT) { + ret = snprintf(buf + offset, len, "tcpopt "); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + if (log->flags & NF_LOG_IPOPT) { + ret = snprintf(buf + offset, len, "ipopt "); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + if (log->flags & NF_LOG_UID) { + ret = snprintf(buf + offset, len, "uid "); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + if (log->flags & NF_LOG_MACDECODE) { + ret = snprintf(buf + offset, len, "macdecode "); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + } } return offset; -- 2.5.5 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html