zones: allow per-table log control

When enabling logging for a zone, logging is enabled in the filter and
mangle tables. The log rule in the mangle table enables mtu_fix logging,
which has the tendency to flood logs. Allow per-table log control by
making the log boolean a bit field that can be used to enabled logging
in the filter and/or mangle tables.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

diff --git a/options.h b/options.h
index 84bafed59d374a7722adfd7e8d46b6a35f039f75..2d1080101014565b92c15d90509387c44fdfdc9f 100644 (file)
--- a/options.h
+++ b/options.h
@@ -324,7 +324,7 @@ struct fw3_zone
 
        struct list_head cthelpers;
 
-       bool log;
+       int log;
        struct fw3_limit log_limit;
 
        bool custom_chains;

diff --git a/zones.c b/zones.c
index 7638443c5b320b65125fdb6e9b1688bc4f6f06eb..9161983a80fb47f407986cda69b15cfd5fb826c9 100644 (file)
--- a/zones.c
+++ b/zones.c
@@ -53,6 +53,11 @@ static const struct fw3_chain_spec zone_chains[] = {
        { }
 };
 
+enum fw3_zone_logmask {
+       FW3_ZONE_LOG_FILTER = (1 << 0),
+       FW3_ZONE_LOG_MANGLE = (1 << 1),
+};
+
 const struct fw3_option fw3_zone_opts[] = {
        FW3_OPT("enabled",             bool,     zone,     enabled),
 
@@ -79,7 +84,7 @@ const struct fw3_option fw3_zone_opts[] = {
        FW3_OPT("mtu_fix",             bool,     zone,     mtu_fix),
        FW3_OPT("custom_chains",       bool,     zone,     custom_chains),
 
-       FW3_OPT("log",                 bool,     zone,     log),
+       FW3_OPT("log",                 int,      zone,     log),
        FW3_OPT("log_limit",           limit,    zone,     log_limit),
 
        FW3_OPT("auto_helper",         bool,     zone,     auto_helper),
@@ -496,7 +501,7 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
        {
                if (zone->mtu_fix)
                {
-                       if (zone->log)
+                       if (zone->log & FW3_ZONE_LOG_MANGLE)
                        {
                                snprintf(buf, sizeof(buf) - 1, "MSSFIX(%s): ", zone->name);
 
@@ -629,7 +634,7 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
                                     fw3_flag_names[zone->policy_output]);
                fw3_ipt_rule_append(r, "zone_%s_output", zone->name);
 
-               if (zone->log)
+               if (zone->log & FW3_ZONE_LOG_FILTER)
                {
                        for (t = FW3_FLAG_REJECT; t <= FW3_FLAG_DROP; t++)
                        {