mirror of
https://github.com/edk2-porting/linux-next.git
synced 2025-01-15 09:03:59 +08:00
43f393caec
This patch adds a new netfilter target which creates audit records for packets traversing a certain chain. It can be used to record packets which are rejected administraively as follows: -N AUDIT_DROP -A AUDIT_DROP -j AUDIT --type DROP -A AUDIT_DROP -j DROP a rule which would typically drop or reject a packet would then invoke the new chain to record packets before dropping them. -j AUDIT_DROP The module is protocol independant and works for iptables, ip6tables and ebtables. The following information is logged: - netfilter hook - packet length - incomming/outgoing interface - MAC src/dst/proto for ethernet packets - src/dst/protocol address for IPv4/IPv6 - src/dst port for TCP/UDP/UDPLITE - icmp type/code Cc: Patrick McHardy <kaber@trash.net> Cc: Eric Paris <eparis@parisplace.org> Cc: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: Thomas Graf <tgraf@redhat.com> Signed-off-by: Patrick McHardy <kaber@trash.net> |
||
|---|---|---|
| .. | ||
| Kbuild | ||
| nf_conntrack_amanda.h | ||
| nf_conntrack_common.h | ||
| nf_conntrack_dccp.h | ||
| nf_conntrack_ftp.h | ||
| nf_conntrack_h323_asn1.h | ||
| nf_conntrack_h323_types.h | ||
| nf_conntrack_h323.h | ||
| nf_conntrack_irc.h | ||
| nf_conntrack_pptp.h | ||
| nf_conntrack_proto_gre.h | ||
| nf_conntrack_sane.h | ||
| nf_conntrack_sctp.h | ||
| nf_conntrack_sip.h | ||
| nf_conntrack_tcp.h | ||
| nf_conntrack_tftp.h | ||
| nf_conntrack_tuple_common.h | ||
| nfnetlink_compat.h | ||
| nfnetlink_conntrack.h | ||
| nfnetlink_log.h | ||
| nfnetlink_queue.h | ||
| nfnetlink.h | ||
| x_tables.h | ||
| xt_AUDIT.h | ||
| xt_CHECKSUM.h | ||
| xt_CLASSIFY.h | ||
| xt_cluster.h | ||
| xt_comment.h | ||
| xt_connbytes.h | ||
| xt_connlimit.h | ||
| xt_connmark.h | ||
| xt_CONNMARK.h | ||
| xt_CONNSECMARK.h | ||
| xt_conntrack.h | ||
| xt_cpu.h | ||
| xt_CT.h | ||
| xt_dccp.h | ||
| xt_dscp.h | ||
| xt_DSCP.h | ||
| xt_esp.h | ||
| xt_hashlimit.h | ||
| xt_helper.h | ||
| xt_IDLETIMER.h | ||
| xt_iprange.h | ||
| xt_ipvs.h | ||
| xt_LED.h | ||
| xt_length.h | ||
| xt_limit.h | ||
| xt_mac.h | ||
| xt_mark.h | ||
| xt_MARK.h | ||
| xt_multiport.h | ||
| xt_NFLOG.h | ||
| xt_NFQUEUE.h | ||
| xt_osf.h | ||
| xt_owner.h | ||
| xt_physdev.h | ||
| xt_pkttype.h | ||
| xt_policy.h | ||
| xt_quota.h | ||
| xt_rateest.h | ||
| xt_RATEEST.h | ||
| xt_realm.h | ||
| xt_recent.h | ||
| xt_sctp.h | ||
| xt_SECMARK.h | ||
| xt_socket.h | ||
| xt_state.h | ||
| xt_statistic.h | ||
| xt_string.h | ||
| xt_tcpmss.h | ||
| xt_TCPMSS.h | ||
| xt_TCPOPTSTRIP.h | ||
| xt_tcpudp.h | ||
| xt_TEE.h | ||
| xt_time.h | ||
| xt_TPROXY.h | ||
| xt_u32.h | ||