netfilter: nf_tables: Add audit support to log statement

This extends log statement to support the behaviour achieved with AUDIT target in iptables. Audit logging is enabled via a pseudo log level 8. In this case any other settings like log prefix are ignored since audit log format is fixed. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Phil Sutter <phil@nwl.cc> 2018-05-30 11:06:22 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-06-01 09:46:21 +0200
commit: 1a893b44de4528887e7dabcdce7151ca2a8ee238 (patch)
tree: fbfad17596fd8a2d5fd63428cb76108e793cb409 /include
parent: netfilter: nf_tables: add support for native socket matching (diff)
download: linux-dev-1a893b44de4528887e7dabcdce7151ca2a8ee238.tar.xz
linux-dev-1a893b44de4528887e7dabcdce7151ca2a8ee238.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index 3d46c82a5ebd..5c7eb9b9f6d6 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -1081,6 +1081,11 @@ enum nft_log_attributes {
 #define NFTA_LOG_MAX		(__NFTA_LOG_MAX - 1)
 
 /**
+ * LOGLEVEL_AUDIT - a pseudo log level enabling audit logging
+ */
+#define LOGLEVEL_AUDIT		8
+
+/**
  * enum nft_queue_attributes - nf_tables queue expression netlink attributes
  *
  * @NFTA_QUEUE_NUM: netlink queue to send messages to (NLA_U16)
author	Phil Sutter <phil@nwl.cc>	2018-05-30 11:06:22 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-06-01 09:46:21 +0200
commit	1a893b44de4528887e7dabcdce7151ca2a8ee238 (patch)
tree	fbfad17596fd8a2d5fd63428cb76108e793cb409 /include
parent	netfilter: nf_tables: add support for native socket matching (diff)
download	linux-dev-1a893b44de4528887e7dabcdce7151ca2a8ee238.tar.xz linux-dev-1a893b44de4528887e7dabcdce7151ca2a8ee238.zip