netfilter-2.6/iptables/trunk/extensions: libip6t_LOG.c libipt_LOG.c

pluto cvs at pld-linux.org
Sun Jun 26 11:13:14 CEST 2005 

Author: pluto
Date: Sun Jun 26 11:13:13 2005
New Revision: 6183

Modified:
   netfilter-2.6/iptables/trunk/extensions/libip6t_LOG.c
   netfilter-2.6/iptables/trunk/extensions/libipt_LOG.c
Log:
- add --log-uid support to libip6t_LOG (Patrick McHardy)
- don't allow newlines in LOG prefix (Phil Oester)


Modified: netfilter-2.6/iptables/trunk/extensions/libip6t_LOG.c
==============================================================================
--- netfilter-2.6/iptables/trunk/extensions/libip6t_LOG.c	(original)
+++ netfilter-2.6/iptables/trunk/extensions/libip6t_LOG.c	Sun Jun 26 11:13:13 2005
@@ -21,7 +21,8 @@
 " --log-prefix prefix		Prefix log messages with this prefix.\n\n"
 " --log-tcp-sequence		Log TCP sequence numbers.\n\n"
 " --log-tcp-options		Log TCP options.\n\n"
-" --log-ip-options		Log IP options.\n\n",
+" --log-ip-options		Log IP options.\n\n"
+" --log-uid			Log UID owning the local socket.\n\n",
 IPTABLES_VERSION);
 }
 
@@ -31,6 +32,7 @@
 	{ .name = "log-tcp-sequence", .has_arg = 0, .flag = 0, .val = '1' },
 	{ .name = "log-tcp-options",  .has_arg = 0, .flag = 0, .val = '2' },
 	{ .name = "log-ip-options",   .has_arg = 0, .flag = 0, .val = '3' },
+	{ .name = "log-uid",          .has_arg = 0, .flag = 0, .val = '4' },
 	{ .name = 0 }
 };
 
@@ -96,6 +98,7 @@
 #define IP6T_LOG_OPT_TCPSEQ 0x04
 #define IP6T_LOG_OPT_TCPOPT 0x08
 #define IP6T_LOG_OPT_IPOPT 0x10
+#define IP6T_LOG_OPT_UID 0x20
 
 /* Function which parses command options; returns true if it
    ate an option */
@@ -134,6 +137,10 @@
 				   "Maximum prefix length %u for --log-prefix",
 				   (unsigned int)sizeof(loginfo->prefix) - 1);
 
+		if (strlen(optarg) != strlen(strtok(optarg, "\n")))
+			exit_error(PARAMETER_PROBLEM,
+				   "Newlines not allowed in --log-prefix");
+
 		strcpy(loginfo->prefix, optarg);
 		*flags |= IP6T_LOG_OPT_PREFIX;
 		break;
@@ -166,6 +173,15 @@
 		*flags |= IP6T_LOG_OPT_IPOPT;
 		break;
 
+	case '4':
+		if (*flags & IP6T_LOG_OPT_UID)
+			exit_error(PARAMETER_PROBLEM,
+				   "Can't specify --log-uid twice");
+
+		loginfo->logflags |= IP6T_LOG_UID;
+		*flags |= IP6T_LOG_OPT_UID;
+		break;
+
 	default:
 		return 0;
 	}
@@ -209,6 +225,8 @@
 			printf("tcp-options ");
 		if (loginfo->logflags & IP6T_LOG_IPOPT)
 			printf("ip-options ");
+		if (loginfo->logflags & IP6T_LOG_UID)
+			printf("uid ");
 		if (loginfo->logflags & ~(IP6T_LOG_MASK))
 			printf("unknown-flags ");
 	}
@@ -236,6 +254,8 @@
 		printf("--log-tcp-options ");
 	if (loginfo->logflags & IP6T_LOG_IPOPT)
 		printf("--log-ip-options ");
+	if (loginfo->logflags & IP6T_LOG_UID)
+		printf("--log-uid ");
 }
 
 static

Modified: netfilter-2.6/iptables/trunk/extensions/libipt_LOG.c
==============================================================================
--- netfilter-2.6/iptables/trunk/extensions/libipt_LOG.c	(original)
+++ netfilter-2.6/iptables/trunk/extensions/libipt_LOG.c	Sun Jun 26 11:13:13 2005
@@ -143,6 +143,10 @@
 				   "Maximum prefix length %u for --log-prefix",
 				   (unsigned int)sizeof(loginfo->prefix) - 1);
 
+		if (strlen(optarg) != strlen(strtok(optarg, "\n")))
+			exit_error(PARAMETER_PROBLEM,
+				   "Newlines not allowed in --log-prefix");
+
 		strcpy(loginfo->prefix, optarg);
 		*flags |= IPT_LOG_OPT_PREFIX;
 		break;

More information about the pld-cvs-commit mailing list