From: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx> After NF_LOG_XXX is exposed to the userspace, we can set log flags to log more things. The following iptables rule: # iptables -A OUTPUT -j LOG --log-tcp-sequence --log-tcp-options \ --log-ip-options --log-uid --log-macdecode is equal to the following nft rule: # nft add rule filter OUTPUT log tcpseq,tcpopt,ipopt,uid,macdecode The syntax supported was done by patch #1, user manual was updated by patch #2, test case was added by patch #3. After this patch set is accepted, I will send another patch to do iptables xlat. Liping Zhang (3): src: add log flags syntax support doc: add description about log flags tests: py: add some testcases for log flags doc/nft.xml | 36 ++++++++++++++++++++++++++++++++++++ include/linux/netfilter/nf_log.h | 12 ++++++++++++ include/statement.h | 1 + src/evaluate.c | 12 +++++++++--- src/netlink_delinearize.c | 4 ++++ src/netlink_linearize.c | 3 +++ src/parser_bison.y | 26 +++++++++++++++++++++++++- src/scanner.l | 5 +++++ src/statement.c | 24 ++++++++++++++++++++++++ tests/py/any/log.t | 4 ++++ tests/py/any/log.t.payload | 33 ++++++++++++++++++++------------- tests/py/ip/icmp.t.payload.ip | 2 +- tests/py/ip6/icmpv6.t.payload.ip6 | 6 +++--- 13 files changed, 147 insertions(+), 21 deletions(-) create mode 100644 include/linux/netfilter/nf_log.h -- 2.5.5 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
