[PATCH libnftnl 0/3] expr: complete log flags support

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH libnftnl 0/3] expr: complete log flags support
@ 2016-09-25  8:54 Liping Zhang
  2016-09-25  8:54 ` [PATCH libnftnl 1/3] expr: log: fix typo in nftnl_expr_log_export Liping Zhang
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Liping Zhang @ 2016-09-25  8:54 UTC (permalink / raw)
  To: pablo; +Cc: netfilter-devel, Liping Zhang

From: Liping Zhang <liping.zhang@spreadtrum.com>

After NF_LOG_XXX is exposed to the userspace, it's easy to complete log
flags support in libnftnl. Instead of print hex value of flags, it's
better to print human readable string format. This is done by patch #3.

Also there's some trivial problems to be solved:
  Fix a typo by patch #1
  Print out prefix when necessary by patch #2.

Liping Zhang (3):
  expr: log: fix typo in nftnl_expr_log_export
  expr: log: do not print prefix if it is not set
  expr: log: complete log flags support

 include/linux/netfilter/nf_log.h | 12 +++++++++++
 src/expr/log.c                   | 43 ++++++++++++++++++++++++++++++++--------
 2 files changed, 47 insertions(+), 8 deletions(-)
 create mode 100644 include/linux/netfilter/nf_log.h

-- 
2.5.5



^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH libnftnl 1/3] expr: log: fix typo in nftnl_expr_log_export
  2016-09-25  8:54 [PATCH libnftnl 0/3] expr: complete log flags support Liping Zhang
@ 2016-09-25  8:54 ` Liping Zhang
  2016-09-25  8:54 ` [PATCH libnftnl 2/3] expr: log: do not print prefix if it is not set Liping Zhang
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Liping Zhang @ 2016-09-25  8:54 UTC (permalink / raw)
  To: pablo; +Cc: netfilter-devel, Liping Zhang

From: Liping Zhang <liping.zhang@spreadtrum.com>

After test NFTNL_EXPR_LOG_FLAGS is set, we should put "log->flags"
instead of "log->level".

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
---
 src/expr/log.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/expr/log.c b/src/expr/log.c
index 57490d9..e965448 100644
--- a/src/expr/log.c
+++ b/src/expr/log.c
@@ -264,7 +264,7 @@ static int nftnl_expr_log_export(char *buf, size_t size,
 	if (e->flags & (1 << NFTNL_EXPR_LOG_LEVEL))
 		nftnl_buf_u32(&b, type, log->level, LEVEL);
 	if (e->flags & (1 << NFTNL_EXPR_LOG_FLAGS))
-		nftnl_buf_u32(&b, type, log->level, FLAGS);
+		nftnl_buf_u32(&b, type, log->flags, FLAGS);
 
 	return nftnl_buf_done(&b);
 }
-- 
2.5.5



^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH libnftnl 2/3] expr: log: do not print prefix if it is not set
  2016-09-25  8:54 [PATCH libnftnl 0/3] expr: complete log flags support Liping Zhang
  2016-09-25  8:54 ` [PATCH libnftnl 1/3] expr: log: fix typo in nftnl_expr_log_export Liping Zhang
@ 2016-09-25  8:54 ` Liping Zhang
  2016-09-25  8:54 ` [PATCH libnftnl 3/3] expr: log: complete log flags support Liping Zhang
  2016-10-04  6:50 ` [PATCH libnftnl 0/3] expr: " Pablo Neira Ayuso
  3 siblings, 0 replies; 5+ messages in thread
From: Liping Zhang @ 2016-09-25  8:54 UTC (permalink / raw)
  To: pablo; +Cc: netfilter-devel, Liping Zhang

From: Liping Zhang <liping.zhang@spreadtrum.com>

This will avoid the following ugly display output:
  [ log prefix (null) ]

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
---
 src/expr/log.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/expr/log.c b/src/expr/log.c
index e965448..a231bac 100644
--- a/src/expr/log.c
+++ b/src/expr/log.c
@@ -230,8 +230,10 @@ static int nftnl_expr_log_snprintf_default(char *buf, size_t size,
 	struct nftnl_expr_log *log = nftnl_expr_data(e);
 	int ret, offset = 0, len = size;
 
-	ret = snprintf(buf, len, "prefix %s ", log->prefix);
-	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	if (e->flags & (1 << NFTNL_EXPR_LOG_PREFIX)) {
+		ret = snprintf(buf, len, "prefix %s ", log->prefix);
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	}
 
 	if (e->flags & (1 << NFTNL_EXPR_LOG_GROUP)) {
 		ret = snprintf(buf + offset, len,
-- 
2.5.5



^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH libnftnl 3/3] expr: log: complete log flags support
  2016-09-25  8:54 [PATCH libnftnl 0/3] expr: complete log flags support Liping Zhang
  2016-09-25  8:54 ` [PATCH libnftnl 1/3] expr: log: fix typo in nftnl_expr_log_export Liping Zhang
  2016-09-25  8:54 ` [PATCH libnftnl 2/3] expr: log: do not print prefix if it is not set Liping Zhang
@ 2016-09-25  8:54 ` Liping Zhang
  2016-10-04  6:50 ` [PATCH libnftnl 0/3] expr: " Pablo Neira Ayuso
  3 siblings, 0 replies; 5+ messages in thread
From: Liping Zhang @ 2016-09-25  8:54 UTC (permalink / raw)
  To: pablo; +Cc: netfilter-devel, Liping Zhang

From: Liping Zhang <liping.zhang@spreadtrum.com>

If NFTNL_EXPR_LOG_FLAGS is not set, it's unnecessary to print out the
flags value. Furthermore, it's better to print out string message
instead of the hex value.

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
---
 include/linux/netfilter/nf_log.h | 12 ++++++++++++
 src/expr/log.c                   | 35 ++++++++++++++++++++++++++++++-----
 2 files changed, 42 insertions(+), 5 deletions(-)
 create mode 100644 include/linux/netfilter/nf_log.h

diff --git a/include/linux/netfilter/nf_log.h b/include/linux/netfilter/nf_log.h
new file mode 100644
index 0000000..8be21e0
--- /dev/null
+++ b/include/linux/netfilter/nf_log.h
@@ -0,0 +1,12 @@
+#ifndef _NETFILTER_NF_LOG_H
+#define _NETFILTER_NF_LOG_H
+
+#define NF_LOG_TCPSEQ		0x01	/* Log TCP sequence numbers */
+#define NF_LOG_TCPOPT		0x02	/* Log TCP options */
+#define NF_LOG_IPOPT		0x04	/* Log IP options */
+#define NF_LOG_UID		0x08	/* Log UID owning local socket */
+#define NF_LOG_NFLOG		0x10	/* Unsupported, don't reuse */
+#define NF_LOG_MACDECODE	0x20	/* Decode MAC header */
+#define NF_LOG_MASK		0x2f
+
+#endif /* _NETFILTER_NF_LOG_H */
diff --git a/src/expr/log.c b/src/expr/log.c
index a231bac..b642255 100644
--- a/src/expr/log.c
+++ b/src/expr/log.c
@@ -15,6 +15,7 @@
 #include <arpa/inet.h>
 #include <errno.h>
 #include <linux/netfilter/nf_tables.h>
+#include <linux/netfilter/nf_log.h>
 
 #include "internal.h"
 #include <libmnl/libmnl.h>
@@ -237,13 +238,37 @@ static int nftnl_expr_log_snprintf_default(char *buf, size_t size,
 
 	if (e->flags & (1 << NFTNL_EXPR_LOG_GROUP)) {
 		ret = snprintf(buf + offset, len,
-			       "group %u snaplen %u qthreshold %u",
+			       "group %u snaplen %u qthreshold %u ",
 			       log->group, log->snaplen, log->qthreshold);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-	} else if (e->flags & (1 << NFTNL_EXPR_LOG_LEVEL)) {
-		ret = snprintf(buf + offset, len, "level %u flags %u",
-			       log->level, log->flags);
-		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	} else {
+		if (e->flags & (1 << NFTNL_EXPR_LOG_LEVEL)) {
+			ret = snprintf(buf + offset, len, "level %u ",
+				       log->level);
+			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+		}
+		if (e->flags & (1 << NFTNL_EXPR_LOG_FLAGS)) {
+			if (log->flags & NF_LOG_TCPSEQ) {
+				ret = snprintf(buf + offset, len, "tcpseq ");
+				SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+			}
+			if (log->flags & NF_LOG_TCPOPT) {
+				ret = snprintf(buf + offset, len, "tcpopt ");
+				SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+			}
+			if (log->flags & NF_LOG_IPOPT) {
+				ret = snprintf(buf + offset, len, "ipopt ");
+				SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+			}
+			if (log->flags & NF_LOG_UID) {
+				ret = snprintf(buf + offset, len, "uid ");
+				SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+			}
+			if (log->flags & NF_LOG_MACDECODE) {
+				ret = snprintf(buf + offset, len, "macdecode ");
+				SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+			}
+		}
 	}
 
 	return offset;
-- 
2.5.5



^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH libnftnl 0/3] expr: complete log flags support
  2016-09-25  8:54 [PATCH libnftnl 0/3] expr: complete log flags support Liping Zhang
                   ` (2 preceding siblings ...)
  2016-09-25  8:54 ` [PATCH libnftnl 3/3] expr: log: complete log flags support Liping Zhang
@ 2016-10-04  6:50 ` Pablo Neira Ayuso
  3 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2016-10-04  6:50 UTC (permalink / raw)
  To: Liping Zhang; +Cc: netfilter-devel, Liping Zhang

On Sun, Sep 25, 2016 at 04:54:32PM +0800, Liping Zhang wrote:
> From: Liping Zhang <liping.zhang@spreadtrum.com>
> 
> After NF_LOG_XXX is exposed to the userspace, it's easy to complete log
> flags support in libnftnl. Instead of print hex value of flags, it's
> better to print human readable string format. This is done by patch #3.

Series applied, thanks Liping.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2016-10-04  6:50 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-09-25  8:54 [PATCH libnftnl 0/3] expr: complete log flags support Liping Zhang
2016-09-25  8:54 ` [PATCH libnftnl 1/3] expr: log: fix typo in nftnl_expr_log_export Liping Zhang
2016-09-25  8:54 ` [PATCH libnftnl 2/3] expr: log: do not print prefix if it is not set Liping Zhang
2016-09-25  8:54 ` [PATCH libnftnl 3/3] expr: log: complete log flags support Liping Zhang
2016-10-04  6:50 ` [PATCH libnftnl 0/3] expr: " Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).