X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=extensions%2Flibip6t_LOG.c;h=a9c8965dcb51fda7f3b7fba437ce5dafdcfba310;hb=6afea0b41dfbc3824956d11d960ad80097218feb;hp=997e4393c59b30eb51a51f1c391ac5f3aa405666;hpb=f7b70cf9e00324b89b02de213bcd0dde7044d035;p=iptables.git

diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c
index 997e439..a9c8965 100644
--- a/extensions/libip6t_LOG.c
+++ b/extensions/libip6t_LOG.c
@@ -9,6 +9,12 @@
 #include <linux/netfilter_ipv6/ip6_tables.h>
 #include <linux/netfilter_ipv6/ip6t_LOG.h>
 
+#ifndef IP6T_LOG_UID	/* Old kernel */
+#define IP6T_LOG_UID	0x08
+#undef  IP6T_LOG_MASK
+#define IP6T_LOG_MASK	0x0f
+#endif
+
 #define LOG_DEFAULT_LEVEL LOG_WARNING
 
 /* Function which prints out usage message. */
@@ -21,7 +27,8 @@ help(void)
 " --log-prefix prefix		Prefix log messages with this prefix.\n\n"
 " --log-tcp-sequence		Log TCP sequence numbers.\n\n"
 " --log-tcp-options		Log TCP options.\n\n"
-" --log-ip-options		Log IP options.\n\n",
+" --log-ip-options		Log IP options.\n\n"
+" --log-uid			Log UID owning the local socket.\n\n",
 IPTABLES_VERSION);
 }
 
@@ -31,6 +38,7 @@ static struct option opts[] = {
 	{ .name = "log-tcp-sequence", .has_arg = 0, .flag = 0, .val = '1' },
 	{ .name = "log-tcp-options",  .has_arg = 0, .flag = 0, .val = '2' },
 	{ .name = "log-ip-options",   .has_arg = 0, .flag = 0, .val = '3' },
+	{ .name = "log-uid",          .has_arg = 0, .flag = 0, .val = '4' },
 	{ .name = 0 }
 };
 
@@ -42,8 +50,6 @@ init(struct ip6t_entry_target *t, unsigned int *nfcache)
 
 	loginfo->level = LOG_DEFAULT_LEVEL;
 
-	/* Can't cache this */
-	*nfcache |= NFC_UNKNOWN;
 }
 
 struct ip6t_log_names {
@@ -98,6 +104,7 @@ parse_level(const char *level)
 #define IP6T_LOG_OPT_TCPSEQ 0x04
 #define IP6T_LOG_OPT_TCPOPT 0x08
 #define IP6T_LOG_OPT_IPOPT 0x10
+#define IP6T_LOG_OPT_UID 0x20
 
 /* Function which parses command options; returns true if it
    ate an option */
@@ -134,7 +141,11 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 		if (strlen(optarg) > sizeof(loginfo->prefix) - 1)
 			exit_error(PARAMETER_PROBLEM,
 				   "Maximum prefix length %u for --log-prefix",
-				   sizeof(loginfo->prefix) - 1);
+				   (unsigned int)sizeof(loginfo->prefix) - 1);
+
+		if (strlen(optarg) != strlen(strtok(optarg, "\n")))
+			exit_error(PARAMETER_PROBLEM,
+				   "Newlines not allowed in --log-prefix");
 
 		strcpy(loginfo->prefix, optarg);
 		*flags |= IP6T_LOG_OPT_PREFIX;
@@ -168,6 +179,15 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 		*flags |= IP6T_LOG_OPT_IPOPT;
 		break;
 
+	case '4':
+		if (*flags & IP6T_LOG_OPT_UID)
+			exit_error(PARAMETER_PROBLEM,
+				   "Can't specify --log-uid twice");
+
+		loginfo->logflags |= IP6T_LOG_UID;
+		*flags |= IP6T_LOG_OPT_UID;
+		break;
+
 	default:
 		return 0;
 	}
@@ -211,6 +231,8 @@ print(const struct ip6t_ip6 *ip,
 			printf("tcp-options ");
 		if (loginfo->logflags & IP6T_LOG_IPOPT)
 			printf("ip-options ");
+		if (loginfo->logflags & IP6T_LOG_UID)
+			printf("uid ");
 		if (loginfo->logflags & ~(IP6T_LOG_MASK))
 			printf("unknown-flags ");
 	}
@@ -238,6 +260,8 @@ save(const struct ip6t_ip6 *ip, const struct ip6t_entry_target *target)
 		printf("--log-tcp-options ");
 	if (loginfo->logflags & IP6T_LOG_IPOPT)
 		printf("--log-ip-options ");
+	if (loginfo->logflags & IP6T_LOG_UID)
+		printf("--log-uid ");
 }
 
 static