Fix LOGMARK

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-22 15:43:30 +01:00 · 2011-07-19 06:53:49 -07:00 · 2011-07-19 06:53:49 -07:00 · ef2f19ce35
commit ef2f19ce35
parent 36be5ed814
3 changed files with 27 additions and 4 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -3364,7 +3364,7 @@ sub log_rule_limit( $$$$$$$$ ) {
 	    $prefix = "-j $level --nflog-prefix \"$prefix\" ";
 	} elsif ( $level =~ '^LOGMARK' ) {
 	    $prefix = join( '', substr( $prefix, 0, 12 ) , ':' ) if length $prefix > 13;
-	    $prefix = "-j LOGMARK --log-level $level --log-prefix \"$prefix\" ";
+	    $prefix = "-j $level --log-prefix \"$prefix\" ";
 	} else {
 	    $prefix = "-j LOG $globals{LOGPARMS}--log-level $level --log-prefix \"$prefix\" ";
 	}
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -2132,10 +2132,21 @@ sub validate_level( $ ) {
 	    return $rawlevel;
 	}

-	if ( $level eq 'LOGMARK' ) {
+	if ( $level =~ /^LOGMARK --/ ) {
+	    require_capability ( 'LOG_TARGET' , 'A log level other than NONE', 's' );
+	    return $rawlevel;
+	}
+
+	if ( $level =~ /LOGMARK[(](.*)[)]$/ ) {
+	    my $sublevel = $1;
+	    
+	    $sublevel = $validlevels{$sublevel} unless $sublevel =~ /^[0-7]$/;
+
+	    level_error( $level ) unless defined $sublevel  =~ /^[0-7]$/; 
+	    
 	    require_capability ( 'LOG_TARGET' , 'A log level other than NONE', 's' );
 	    require_capability( 'LOGMARK_TARGET' , 'LOGMARK', 's' );
-	    return 'LOGMARK';
+	    return "LOGMARK --log-level $sublevel";
 	}

 	level_error( $rawlevel );
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@ -72,7 +72,19 @@
    from <ulink
    url="http://www.netfilter.org/projects/ulogd/index.html">http://www.netfilter.org/projects/ulogd/index.html</ulink>
    and can be configured to log all Shorewall messages to their own log
-    file</para>
+    file.</para>
+
+    <para>Beginning with Shorewall 4.4.22, LOGMARK is also a valid level which
+    logs the packet's mark value along with the other usual information. The
+    syntax is:</para>
+
+    <simplelist>
+      <member><emphasis
+      role="bold">LOGMARK</emphasis><replaceable>(priority)</replaceable></member>
+    </simplelist>
+
+    <para>where <replaceable>priority</replaceable> is one of the levels
+    listed in the list above.</para>

    <para>The following options may be set in shorewall.conf.</para>