Fix LOGMARK

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-19 06:53:49 -07:00 · 2011-07-19 06:53:49 -07:00 · 8b56e16bf9
commit 8b56e16bf9
parent 58de3dd3c1
3 changed files with 27 additions and 4 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -3934,7 +3934,7 @@ sub log_rule_limit( $$$$$$$$ ) {
 	    $prefix = "-j $level --nflog-prefix \"$prefix\" ";
 	} elsif ( $level =~ '^LOGMARK' ) {
 	    $prefix = join( '', substr( $prefix, 0, 12 ) , ':' ) if length $prefix > 13;
-	    $prefix = "-j LOGMARK --log-level $level --log-prefix \"$prefix\" ";
+	    $prefix = "-j $level --log-prefix \"$prefix\" ";
 	} else {
 	    $prefix = "-j LOG $globals{LOGPARMS}--log-level $level --log-prefix \"$prefix\" ";
 	}
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -2132,10 +2132,21 @@ sub validate_level( $ ) {
 	    return $rawlevel;
 	}
-	if ( $level eq 'LOGMARK' ) {
+	if ( $level =~ /^LOGMARK --/ ) {
 	    require_capability ( 'LOG_TARGET' , 'A log level other than NONE', 's' );
 	    return $rawlevel;
 	}
 	if ( $level =~ /LOGMARK[(](.*)[)]$/ ) {
 	    my $sublevel = $1;
 	    $sublevel = $validlevels{$sublevel} unless $sublevel =~ /^[0-7]$/;
 	    level_error( $level ) unless defined $sublevel  =~ /^[0-7]$/; 
 	    require_capability ( 'LOG_TARGET' , 'A log level other than NONE', 's' );
 	    require_capability( 'LOGMARK_TARGET' , 'LOGMARK', 's' );
-	    return 'LOGMARK';
+	    return "LOGMARK --log-level $sublevel";
 	}
 	level_error( $rawlevel );
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@ -72,7 +72,19 @@
    from <ulink
    url="http://www.netfilter.org/projects/ulogd/index.html">http://www.netfilter.org/projects/ulogd/index.html</ulink>
    and can be configured to log all Shorewall messages to their own log
-    file</para>
+    file.</para>
    <para>Beginning with Shorewall 4.4.22, LOGMARK is also a valid level which
    logs the packet's mark value along with the other usual information. The
    syntax is:</para>
    <simplelist>
      <member><emphasis
      role="bold">LOGMARK</emphasis><replaceable>(priority)</replaceable></member>
    </simplelist>
    <para>where <replaceable>priority</replaceable> is one of the levels
    listed in the list above.</para>
    <para>The following options may be set in shorewall.conf.</para>