#include <linux/netfilter_ipv6/ip6_tables.h>
#include <linux/netfilter_ipv6/ip6t_LOG.h>
+#ifndef IP6T_LOG_UID /* Old kernel */
+#define IP6T_LOG_UID 0x08
+#undef IP6T_LOG_MASK
+#define IP6T_LOG_MASK 0x0f
+#endif
+
#define LOG_DEFAULT_LEVEL LOG_WARNING
/* Function which prints out usage message. */
" --log-prefix prefix Prefix log messages with this prefix.\n\n"
" --log-tcp-sequence Log TCP sequence numbers.\n\n"
" --log-tcp-options Log TCP options.\n\n"
-" --log-ip-options Log IP options.\n\n",
+" --log-ip-options Log IP options.\n\n"
+" --log-uid Log UID owning the local socket.\n\n",
IPTABLES_VERSION);
}
{ .name = "log-tcp-sequence", .has_arg = 0, .flag = 0, .val = '1' },
{ .name = "log-tcp-options", .has_arg = 0, .flag = 0, .val = '2' },
{ .name = "log-ip-options", .has_arg = 0, .flag = 0, .val = '3' },
+ { .name = "log-uid", .has_arg = 0, .flag = 0, .val = '4' },
{ .name = 0 }
};
loginfo->level = LOG_DEFAULT_LEVEL;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
struct ip6t_log_names {
#define IP6T_LOG_OPT_TCPSEQ 0x04
#define IP6T_LOG_OPT_TCPOPT 0x08
#define IP6T_LOG_OPT_IPOPT 0x10
+#define IP6T_LOG_OPT_UID 0x20
/* Function which parses command options; returns true if it
ate an option */
if (strlen(optarg) > sizeof(loginfo->prefix) - 1)
exit_error(PARAMETER_PROBLEM,
"Maximum prefix length %u for --log-prefix",
- sizeof(loginfo->prefix) - 1);
+ (unsigned int)sizeof(loginfo->prefix) - 1);
+
+ if (strlen(optarg) != strlen(strtok(optarg, "\n")))
+ exit_error(PARAMETER_PROBLEM,
+ "Newlines not allowed in --log-prefix");
strcpy(loginfo->prefix, optarg);
*flags |= IP6T_LOG_OPT_PREFIX;
*flags |= IP6T_LOG_OPT_IPOPT;
break;
+ case '4':
+ if (*flags & IP6T_LOG_OPT_UID)
+ exit_error(PARAMETER_PROBLEM,
+ "Can't specify --log-uid twice");
+
+ loginfo->logflags |= IP6T_LOG_UID;
+ *flags |= IP6T_LOG_OPT_UID;
+ break;
+
default:
return 0;
}
printf("tcp-options ");
if (loginfo->logflags & IP6T_LOG_IPOPT)
printf("ip-options ");
+ if (loginfo->logflags & IP6T_LOG_UID)
+ printf("uid ");
if (loginfo->logflags & ~(IP6T_LOG_MASK))
printf("unknown-flags ");
}
printf("--log-tcp-options ");
if (loginfo->logflags & IP6T_LOG_IPOPT)
printf("--log-ip-options ");
+ if (loginfo->logflags & IP6T_LOG_UID)
+ printf("--log-uid ");
}
static