Correctons to LOG_BACKEND implementation

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 16:35:41 -07:00 · 2014-09-24 16:35:41 -07:00 · 540eff24aa
commit 540eff24aa
parent 580e00dabd
4 changed files with 16 additions and 11 deletions
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@ -743,7 +743,7 @@ sub compiler {

    setup_source_routing($family);

-    setup_log_backend;
+    setup_log_backend($family);
    #
    # Proxy Arp/Ndp
    #
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -5750,7 +5750,7 @@ sub get_configuration( $$$$$ ) {

    if ( defined( $val = $config{LOG_BACKEND} ) ) {
 	if ( $family == F_IPV4 && $val eq 'ULOG' ) {
-	    $val = 'xt_ULOG';
+	    $val = 'ipt_ULOG';
 	} elsif ( $val eq 'netlink' ) {
 	    $val = 'nfnetlink_log';
 	} elsif ( $val eq 'LOG' ) {
--- a/Shorewall/Perl/Shorewall/Proc.pm
+++ b/Shorewall/Perl/Shorewall/Proc.pm
@ -349,17 +349,22 @@ sub setup_interface_proc( $ ) {
    }
 }

-sub setup_log_backend() {
+sub setup_log_backend($) {
    if ( my $setting = $config{LOG_BACKEND} ) {
-	my $file    = '/proc/sys/net/netfilter/nf_log';
+	my $family   = shift;
+	my $file     = '/proc/net/netfilter/nf_log';
+	my $ctl      = 'net.netfilter.nf_log.' . ( $family == F_IPV4 ? '2' : '10' );

-	emit( "if -f $file; then",
-	      "   if echo $setting > $file; then",
+	emit( 'progress_message2 "Setting up log backend"',
+	      '',
+	      "if [ -f $file ]; then",
+	      "   if sysctl $ctl=$setting; then",
 	      "       progress_message 'Log Backend set to $setting'",
-	      "   else",
-	      "       error_meessage 'WARNING: Unable to set log backend to $setting'",
-	      "else",
-	      "   error_message 'WARNING: $file does not exist - log backend not set",
+	      '   else',
+	      "       error_message 'WARNING: Unable to set log backend to $setting'",
+	      '   fi',
+	      'else',
+	      "   error_message 'WARNING: $file does not exist - log backend not set'",
 	      "fi\n" );
    }
 }
--- a/docs/shorewall_logging.xml
+++ b/docs/shorewall_logging.xml
@ -382,7 +382,7 @@ ACCEPT:NFLOG(1,0,1) vpn        fw       tcp       ssh,time,631,8080 </programlis

    <para>Example - change the IPv4 backend to LOG:</para>

-    <programlisting>echo ipt_LOG &gt; /proc/net/netfilter/nf_log.2</programlisting>
+    <programlisting>sysctl net.netfilter.nf_log.2=ipt_LOG</programlisting>

    <para>Beginning with Shorewall 4.6.4, you can configure the backend using
    the LOG_BACKEND option in <ulink