| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | netfilter ebtables: fix xt_AUDIT to work with ebtables | Thomas Graf | 2011-03-16 | 1 | -9/+27 |
| | | | | | | | | | | | | | | Even though ebtables uses xtables it still requires targets to return EBT_CONTINUE instead of XT_CONTINUE. This prevented xt_AUDIT to work as ebt module. Upon Jan's suggestion, use a separate struct xt_target for NFPROTO_BRIDGE having its own target callback returning EBT_CONTINUE instead of cloning the module. Signed-off-by: Thomas Graf <tgraf@redhat.com> Signed-off-by: Patrick McHardy <kaber@trash.net> | ||||
| * | netfilter: audit target to record accepted/dropped packets | Thomas Graf | 2011-01-16 | 1 | -0/+204 |
| This patch adds a new netfilter target which creates audit records for packets traversing a certain chain. It can be used to record packets which are rejected administraively as follows: -N AUDIT_DROP -A AUDIT_DROP -j AUDIT --type DROP -A AUDIT_DROP -j DROP a rule which would typically drop or reject a packet would then invoke the new chain to record packets before dropping them. -j AUDIT_DROP The module is protocol independant and works for iptables, ip6tables and ebtables. The following information is logged: - netfilter hook - packet length - incomming/outgoing interface - MAC src/dst/proto for ethernet packets - src/dst/protocol address for IPv4/IPv6 - src/dst port for TCP/UDP/UDPLITE - icmp type/code Cc: Patrick McHardy <kaber@trash.net> Cc: Eric Paris <eparis@parisplace.org> Cc: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: Thomas Graf <tgraf@redhat.com> Signed-off-by: Patrick McHardy <kaber@trash.net> | |||||
 |
index : op-kernel-dev | |
| Development kernel branch for OpenPOWER systems | Raptor Engineering, LLC |
| summaryrefslogtreecommitdiffstats |
|