iptables-1.3.2-20050720

[iptables.git] / extensions / libipt_LOG.c

diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c
index f8c8e4b..5e5d3fd 100644 (file)
--- a/extensions/libipt_LOG.c
+++ b/extensions/libipt_LOG.c
@@ -11,6 +11,12 @@
 
 #define LOG_DEFAULT_LEVEL LOG_WARNING
 
+#ifndef IPT_LOG_UID /* Old kernel */
+#define IPT_LOG_UID    0x08    /* Log UID owning local socket */
+#undef  IPT_LOG_MASK
+#define IPT_LOG_MASK   0x0f
+#endif
+
 /* Function which prints out usage message. */
 static void
 help(void)
@@ -21,7 +27,8 @@ help(void)
 " --log-prefix prefix          Prefix log messages with this prefix.\n\n"
 " --log-tcp-sequence           Log TCP sequence numbers.\n\n"
 " --log-tcp-options            Log TCP options.\n\n"
-" --log-ip-options             Log IP options.\n\n",
+" --log-ip-options             Log IP options.\n\n"
+" --log-uid                    Log UID owning the local socket.\n\n",
 IPTABLES_VERSION);
 }
 
@@ -31,6 +38,7 @@ static struct option opts[] = {
        { .name = "log-tcp-sequence", .has_arg = 0, .flag = 0, .val = '1' },
        { .name = "log-tcp-options",  .has_arg = 0, .flag = 0, .val = '2' },
        { .name = "log-ip-options",   .has_arg = 0, .flag = 0, .val = '3' },
+       { .name = "log-uid",          .has_arg = 0, .flag = 0, .val = '4' },
        { .name = 0 }
 };
 
@@ -42,8 +50,6 @@ init(struct ipt_entry_target *t, unsigned int *nfcache)
 
        loginfo->level = LOG_DEFAULT_LEVEL;
 
-       /* Can't cache this */
-       *nfcache |= NFC_UNKNOWN;
 }
 
 struct ipt_log_names {
@@ -98,6 +104,7 @@ parse_level(const char *level)
 #define IPT_LOG_OPT_TCPSEQ 0x04
 #define IPT_LOG_OPT_TCPOPT 0x08
 #define IPT_LOG_OPT_IPOPT 0x10
+#define IPT_LOG_OPT_UID 0x20
 
 /* Function which parses command options; returns true if it
    ate an option */
@@ -134,7 +141,11 @@ parse(int c, char **argv, int invert, unsigned int *flags,
                if (strlen(optarg) > sizeof(loginfo->prefix) - 1)
                        exit_error(PARAMETER_PROBLEM,
                                   "Maximum prefix length %u for --log-prefix",
-                                  sizeof(loginfo->prefix) - 1);
+                                  (unsigned int)sizeof(loginfo->prefix) - 1);
+
+               if (strlen(optarg) != strlen(strtok(optarg, "\n")))
+                       exit_error(PARAMETER_PROBLEM,
+                                  "Newlines not allowed in --log-prefix");
 
                strcpy(loginfo->prefix, optarg);
                *flags |= IPT_LOG_OPT_PREFIX;
@@ -168,6 +179,15 @@ parse(int c, char **argv, int invert, unsigned int *flags,
                *flags |= IPT_LOG_OPT_IPOPT;
                break;
 
+       case '4':
+               if (*flags & IPT_LOG_OPT_UID)
+                       exit_error(PARAMETER_PROBLEM,
+                                  "Can't specify --log-uid twice");
+
+               loginfo->logflags |= IPT_LOG_UID;
+               *flags |= IPT_LOG_OPT_UID;
+               break;
+
        default:
                return 0;
        }
@@ -211,6 +231,8 @@ print(const struct ipt_ip *ip,
                        printf("tcp-options ");
                if (loginfo->logflags & IPT_LOG_IPOPT)
                        printf("ip-options ");
+               if (loginfo->logflags & IPT_LOG_UID)
+                       printf("uid ");
                if (loginfo->logflags & ~(IPT_LOG_MASK))
                        printf("unknown-flags ");
        }
@@ -238,6 +260,8 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
                printf("--log-tcp-options ");
        if (loginfo->logflags & IPT_LOG_IPOPT)
                printf("--log-ip-options ");
+       if (loginfo->logflags & IPT_LOG_UID)
+               printf("--log-uid ");
 }
 
 static