FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2025-01-01 06:42:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
ff107d2776
linux/net/netfilter
History
Liping Zhang ff107d2776 netfilter: nft_log: complete NFTA_LOG_FLAGS attr support 
NFTA_LOG_FLAGS attribute is already supported, but the related
NF_LOG_XXX flags are not exposed to the userspace. So we cannot
explicitly enable log flags to log uid, tcp sequence, ip options
and so on, i.e. such rule "nft add rule filter output log uid"
is not supported yet.

So move NF_LOG_XXX macro definitions to the uapi/../nf_log.h. In
order to keep consistent with other modules, change NF_LOG_MASK to
refer to all supported log flags. On the other hand, add a new
NF_LOG_DEFAULT_MASK to refer to the original default log flags.

Finally, if user specify the unsupported log flags or NFTA_LOG_GROUP
and NFTA_LOG_FLAGS are set at the same time, report EINVAL to the
userspace.

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-09-25 23:16:43 +02:00
..
ipset netfilter: ipset: fix race condition in ipset save, swap and delete 2016-03-28 17:57:45 +02:00
ipvs ipvs: use nf_ct_kill helper 2016-08-12 00:43:52 +02:00
core.c netfilter: replace list_head with single linked list 2016-09-25 14:38:48 +02:00
Kconfig netfilter: nf_tables: add number generator expression 2016-08-22 11:42:22 +02:00
Makefile netfilter: nf_tables: add range expression 2016-09-25 23:16:42 +02:00
nf_conntrack_acct.c netfilter: Remove uses of seq_<foo> return values 2015-03-18 10:51:35 +01:00
nf_conntrack_amanda.c net: Remove state argument from skb_find_text() 2015-02-22 15:59:54 -05:00
nf_conntrack_broadcast.c
nf_conntrack_core.c netfilter: Remove explicit rcu_read_lock in nf_hook_slow 2016-09-24 21:29:53 +02:00
nf_conntrack_ecache.c netfilter: don't rely on DYING bit to detect when destroy event was sent 2016-08-30 11:43:08 +02:00
nf_conntrack_expect.c netfilter: nf_ct_expect: remove the redundant slash when policy name is empty 2016-08-09 10:38:46 +02:00
nf_conntrack_extend.c netfilter: move nat hlist_head to nf_conn 2016-07-11 11:47:50 +02:00
nf_conntrack_ftp.c netfilter: ftp: Remove the useless code 2016-09-07 10:38:00 +02:00
nf_conntrack_h323_asn1.c netfilter: nf_conntrack_h323: fix off-by-one in DecodeQ931 2016-07-11 12:32:45 +02:00
nf_conntrack_h323_main.c netfilter: Remove explicit rcu_read_lock in nf_hook_slow 2016-09-24 21:29:53 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: Remove explicit rcu_read_lock in nf_hook_slow 2016-09-24 21:29:53 +02:00
nf_conntrack_irc.c netfilter: Add helper array register/unregister functions 2016-07-21 02:31:53 +02:00
nf_conntrack_l3proto_generic.c netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_conntrack_labels.c netfilter: connlabels: move set helper to xt_connlabel 2016-07-22 17:05:10 +02:00
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c netfilter: conntrack: remove packet hotpath stats 2016-09-12 19:59:39 +02:00
nf_conntrack_pptp.c netfilter: conntrack: get rid of conntrack timer 2016-08-30 11:43:09 +02:00
nf_conntrack_proto_dccp.c netfilter: conntrack: Only need first 4 bytes to get l4proto ports 2016-08-12 00:41:08 +02:00
nf_conntrack_proto_generic.c netfilter: remove ip_conntrack* sysctl compat code 2016-08-13 13:27:13 +02:00
nf_conntrack_proto_gre.c netfilter: gre: Use consistent GRE and PTTP header structure instead of the ones defined by netfilter 2016-09-07 10:36:52 +02:00
nf_conntrack_proto_sctp.c netfilter: remove ip_conntrack* sysctl compat code 2016-08-13 13:27:13 +02:00
nf_conntrack_proto_tcp.c netfilter: remove ip_conntrack* sysctl compat code 2016-08-13 13:27:13 +02:00
nf_conntrack_proto_udp.c netfilter: remove ip_conntrack* sysctl compat code 2016-08-13 13:27:13 +02:00
nf_conntrack_proto_udplite.c netfilter: conntrack: Only need first 4 bytes to get l4proto ports 2016-08-12 00:41:08 +02:00
nf_conntrack_proto.c netfilter: remove ip_conntrack* sysctl compat code 2016-08-13 13:27:13 +02:00
nf_conntrack_sane.c netfilter: Add helper array register/unregister functions 2016-07-21 02:31:53 +02:00
nf_conntrack_seqadj.c netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack 2016-09-25 14:54:01 +02:00
nf_conntrack_sip.c netfilter: nf_ct_sip: allow tab character in SIP headers 2016-09-07 13:53:43 +02:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c netfilter: evict stale entries when user reads /proc/net/nf_conntrack 2016-09-25 14:54:08 +02:00
nf_conntrack_tftp.c netfilter: Add helper array register/unregister functions 2016-07-21 02:31:53 +02:00
nf_conntrack_timeout.c netfilter: cttimeout: add netns support 2015-12-14 12:48:58 +01:00
nf_conntrack_timestamp.c netfilter: nf_ct_timestamp: Fix BUG_ON after netns deletion 2013-12-20 14:58:29 +01:00
nf_dup_netdev.c net: remove skb_sender_cpu_clear() 2016-03-01 17:36:47 -05:00
nf_internals.h netfilter: replace list_head with single linked list 2016-09-25 14:38:48 +02:00
nf_log_common.c netfilter: bridge: add helpers for fetching physin/outdev 2015-04-08 16:49:08 +02:00
nf_log.c netfilter: log: Check param to avoid overflow in nf_log_set 2016-08-30 11:52:32 +02:00
nf_nat_amanda.c
nf_nat_core.c netfilter: conntrack: get rid of conntrack timer 2016-08-30 11:43:09 +02:00
nf_nat_ftp.c
nf_nat_helper.c
nf_nat_irc.c netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper 2014-01-06 14:17:17 +01:00
nf_nat_proto_common.c netfilter: use IS_ENABLED() macro 2014-06-30 11:38:03 +02:00
nf_nat_proto_dccp.c net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool 2015-08-17 21:33:06 -07:00
nf_nat_proto_sctp.c netfilter: use IS_ENABLED() macro 2014-06-30 11:38:03 +02:00
nf_nat_proto_tcp.c net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool 2015-08-17 21:33:06 -07:00
nf_nat_proto_udp.c net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool 2015-08-17 21:33:06 -07:00
nf_nat_proto_udplite.c net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool 2015-08-17 21:33:06 -07:00
nf_nat_proto_unknown.c
nf_nat_redirect.c netfilter: nf_nat_redirect: add missing NULL pointer check 2015-10-27 06:54:56 +01:00
nf_nat_sip.c netfilter: replace strnicmp with strncasecmp 2014-10-14 02:18:24 +02:00
nf_nat_tftp.c
nf_queue.c netfilter: replace list_head with single linked list 2016-09-25 14:38:48 +02:00
nf_sockopt.c netfilter: don't use mutex_lock_interruptible() 2014-08-08 16:47:23 +02:00
nf_synproxy_core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2015-09-05 21:57:42 -07:00
nf_tables_api.c netfilter: nf_tables: validate maximum value of u32 netlink attributes 2016-09-23 09:29:02 +02:00
nf_tables_core.c netfilter: nft_log: complete NFTA_LOG_FLAGS attr support 2016-09-25 23:16:43 +02:00
nf_tables_inet.c netfilter: Add the missed return value check of nft_register_chain_type 2016-09-12 19:54:45 +02:00
nf_tables_netdev.c netfilter: Add the missed return value check of nft_register_chain_type 2016-09-12 19:54:45 +02:00
nf_tables_trace.c netfilter: nf_tables: check tprot_set first when we use xt.thoff 2016-09-23 09:30:26 +02:00
nfnetlink_acct.c netfilter: nfnetlink_acct: fix race between nfacct del and xt_nfacct destroy 2016-08-18 15:16:36 +02:00
nfnetlink_cthelper.c netfilter: Remove explicit rcu_read_lock in nf_hook_slow 2016-09-24 21:29:53 +02:00
nfnetlink_cttimeout.c netfilter: cttimeout: fix use after free error when delete netns 2016-08-18 15:17:00 +02:00
nfnetlink_log.c netfilter: Remove explicit rcu_read_lock in nf_hook_slow 2016-09-24 21:29:53 +02:00
nfnetlink_queue.c netfilter: replace list_head with single linked list 2016-09-25 14:38:48 +02:00
nfnetlink.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-02-23 00:09:14 -05:00
nft_bitwise.c netfilter: nf_tables: validate maximum value of u32 netlink attributes 2016-09-23 09:29:02 +02:00
nft_byteorder.c netfilter: nf_tables: validate maximum value of u32 netlink attributes 2016-09-23 09:29:02 +02:00
nft_cmp.c netfilter: nf_tables: validate maximum value of u32 netlink attributes 2016-09-23 09:29:02 +02:00
nft_compat.c netfilter: nft_compat: fix crash when related match/target module is removed 2016-07-23 12:25:00 +02:00
nft_counter.c libnl: nla_put_be64(): align on a 64-bit area 2016-04-23 20:13:24 -04:00
nft_ct.c netfilter: nft_ct: report error if mark and dir specified simultaneously 2016-09-25 14:54:04 +02:00
nft_dup_netdev.c netfilter: nf_tables: add packet duplication to the netdev family 2016-01-03 21:04:23 +01:00
nft_dynset.c netfilter: nft_dynset: allow to invert match criteria 2016-09-12 18:49:50 +02:00
nft_exthdr.c netfilter: nf_tables: validate maximum value of u32 netlink attributes 2016-09-23 09:29:02 +02:00
nft_fwd_netdev.c netfilter: nf_tables: add forward expression to the netdev family 2016-01-04 17:48:38 +01:00
nft_hash.c netfilter: nft_hash: fix hash overflow validation 2016-09-13 10:49:23 +02:00
nft_immediate.c netfilter: nf_tables: validate maximum value of u32 netlink attributes 2016-09-23 09:29:02 +02:00
nft_limit.c libnl: nla_put_be64(): align on a 64-bit area 2016-04-23 20:13:24 -04:00
nft_log.c netfilter: nft_log: complete NFTA_LOG_FLAGS attr support 2016-09-25 23:16:43 +02:00
nft_lookup.c netfilter: nft_lookup: remove superfluous element found check 2016-09-23 09:30:48 +02:00
nft_masq.c netfilter: nft_masq: support port range 2016-03-02 20:05:27 +01:00
nft_meta.c netfilter: nf_tables: ensure proper initialization of nft_pktinfo fields 2016-09-12 18:51:57 +02:00
nft_nat.c netfilter: nf_tables: switch registers to 32 bit addressing 2015-04-13 17:17:29 +02:00
nft_numgen.c netfilter: nft_numgen: add number generation offset 2016-09-22 16:33:05 +02:00
nft_payload.c netfilter: nf_tables: check tprot_set first when we use xt.thoff 2016-09-23 09:30:26 +02:00
nft_queue.c netfilter: nft_queue: add _SREG_QNUM attr to select the queue number 2016-09-23 09:29:50 +02:00
nft_quota.c netfilter: nft_quota: introduce nft_overquota() 2016-09-07 11:02:06 +02:00
nft_range.c netfilter: nf_tables: add range expression 2016-09-25 23:16:42 +02:00
nft_redir.c netfilter: nf_tables: add register parsing/dumping helpers 2015-04-13 17:17:28 +02:00
nft_reject_inet.c ipv4: Push struct net down into nf_send_reset 2015-09-29 20:21:31 +02:00
nft_reject.c netfilter; Add some missing default cases to switch statements in nft_reject. 2015-04-27 13:20:34 -04:00
nft_set_hash.c netfilter: nf_tables: honor NLM_F_EXCL flag in set element insertion 2016-08-26 17:30:20 +02:00
nft_set_rbtree.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2016-09-06 12:45:26 -07:00
x_tables.c netfilter: x_tables: speed up jump target validation 2016-07-18 21:35:23 +02:00
xt_addrtype.c netfilter: x_tables: Use par->net instead of computing from the passed net devices 2015-09-18 21:58:25 +02:00
xt_AUDIT.c netfilter: Convert uses of __constant_<foo> to <foo> 2014-03-13 14:13:19 +01:00
xt_bpf.c net: filter: split 'struct sk_filter' into socket and bpf parts 2014-08-02 15:03:58 -07:00
xt_cgroup.c netfilter: implement xt_cgroup cgroup2 path match 2015-12-14 20:34:55 +01:00
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c net: use reciprocal_scale() helper 2014-08-23 12:21:21 -07:00
xt_comment.c
xt_connbytes.c netfilter: Convert pr_warning to pr_warn 2014-09-10 12:40:10 -07:00
xt_connlabel.c netfilter: connlabels: move set helper to xt_connlabel 2016-07-22 17:05:10 +02:00
xt_connlimit.c netfilter: Enhance the codes used to get random once 2016-09-23 09:30:36 +02:00
xt_connmark.c netfilter: Fix FSF address in file headers 2013-12-06 12:37:57 -05:00
xt_CONNSECMARK.c
xt_conntrack.c netfilter: use_nf_conn_expires helper in more places 2016-08-12 00:43:13 +02:00
xt_cpu.c
xt_CT.c netfilter: cttimeout: add netns support 2015-12-14 12:48:58 +01:00
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_DSCP.c netfilter: fix various sparse warnings 2014-11-13 12:14:42 +01:00
xt_ecn.c
xt_esp.c
xt_hashlimit.c netfilter: xt_hashlimit: Create revision 2 to support higher pps rates 2016-09-25 14:54:06 +02:00
xt_helper.c netfilter: Remove explicit rcu_read_lock in nf_hook_slow 2016-09-24 21:29:53 +02:00
xt_hl.c
xt_HL.c
xt_HMARK.c net: use reciprocal_scale() helper 2014-08-23 12:21:21 -07:00
xt_IDLETIMER.c netfilter: IDLETIMER: fix race condition when destroy the target 2016-04-29 14:28:48 +02:00
xt_ipcomp.c netfilter: xt_ipcomp: Use ntohs to ease sparse warning 2014-02-19 11:41:25 +01:00
xt_iprange.c
xt_ipvs.c ipvs: Pass ipvs into conn_out_get 2015-09-24 09:34:41 +09:00
xt_l2tp.c netfilter: introduce l2tp match extension 2014-01-09 21:36:39 +01:00
xt_LED.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-08-05 18:46:26 -07:00
xt_length.c
xt_limit.c
xt_LOG.c netfilter: x_tables: Use par->net instead of computing from the passed net devices 2015-09-18 21:58:25 +02:00
xt_mac.c
xt_mark.c netfilter: xt_MARK: Add ARP support 2015-05-14 13:00:27 +02:00
xt_multiport.c
xt_nat.c
xt_NETMAP.c
xt_nfacct.c netfilter: nfnetlink_acct: report overquota to the right netns 2016-08-18 00:38:23 +02:00
xt_NFLOG.c netfilter: xt_NFLOG: nflog-range does not truncate packets 2016-06-24 11:03:23 +02:00
xt_NFQUEUE.c netfilter: xt_NFQUEUE: separate reusable code 2013-12-07 23:20:45 +01:00
xt_osf.c netfilter: xt_osf: remove unused variable 2016-02-29 13:59:43 +01:00
xt_owner.c netfilter: Allow xt_owner in any user namespace 2016-06-23 13:58:55 +02:00
xt_physdev.c netfilter: physdev: add missed blank 2016-08-12 00:42:14 +02:00
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_RATEEST.c netfilter: Enhance the codes used to get random once 2016-09-23 09:30:36 +02:00
xt_realm.c
xt_recent.c netfilter: Enhance the codes used to get random once 2016-09-23 09:30:36 +02:00
xt_REDIRECT.c netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module 2014-11-27 13:08:42 +01:00
xt_repldata.h net: netfilter: LLVMLinux: vlais-netfilter 2014-06-07 11:44:39 -07:00
xt_sctp.c
xt_SECMARK.c
xt_set.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
xt_socket.c tcp/dccp: do not touch listener sk_refcnt under synflood 2016-04-04 22:11:20 -04:00
xt_state.c
xt_statistic.c net: replace macros net_random and net_srandom with direct calls to prandom 2014-01-14 15:15:25 -08:00
xt_string.c net: Remove state argument from skb_find_text() 2015-02-22 15:59:54 -05:00
xt_tcpmss.c
xt_TCPMSS.c netfilter: xt_TCPMSS: Refactor the codes to decrease one condition check and more readable 2016-09-24 21:13:21 +02:00
xt_TCPOPTSTRIP.c net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool 2015-08-17 21:33:06 -07:00
xt_tcpudp.c netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF 2016-07-03 10:55:07 +02:00
xt_TEE.c netfilter: Add the missed return value check of register_netdevice_notifier 2016-09-12 19:54:43 +02:00
xt_time.c
xt_TPROXY.c netfilter: tproxy: properly refcount tcp listeners 2016-08-18 00:51:13 +02:00
xt_TRACE.c netfilter: xt_TRACE: add explicitly nf_logger_find_get call 2016-06-23 13:26:49 +02:00
xt_u32.c