diff options
author | Liping Zhang <liping.zhang@spreadtrum.com> | 2016-07-18 15:44:17 +0300 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-07-21 03:32:34 +0300 |
commit | cc37c1ad42ba6bc07c3d7a999f898e11d69a2580 (patch) | |
tree | 2dce1401291c22a14a982da0d46f7ce7ad91a8de /net | |
parent | 1bc4e0136cb32282d7968e11cfabc40763fdb03c (diff) | |
download | linux-cc37c1ad42ba6bc07c3d7a999f898e11d69a2580.tar.xz |
netfilter: nft_log: fix snaplen does not truncate packets
There's a similar problem in xt_NFLOG, and was fixed by commit 7643507fe8b5
("netfilter: xt_NFLOG: nflog-range does not truncate packets"). Only set
copy_len here does not work, so we should enable NF_LOG_F_COPY_LEN also.
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nft_log.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nft_log.c b/net/netfilter/nft_log.c index 5f6f088ff06e..24a73bb26e94 100644 --- a/net/netfilter/nft_log.c +++ b/net/netfilter/nft_log.c @@ -92,6 +92,7 @@ static int nft_log_init(const struct nft_ctx *ctx, case NF_LOG_TYPE_ULOG: li->u.ulog.group = ntohs(nla_get_be16(tb[NFTA_LOG_GROUP])); if (tb[NFTA_LOG_SNAPLEN] != NULL) { + li->u.ulog.flags |= NF_LOG_F_COPY_LEN; li->u.ulog.copy_len = ntohl(nla_get_be32(tb[NFTA_LOG_SNAPLEN])); } @@ -149,7 +150,7 @@ static int nft_log_dump(struct sk_buff *skb, const struct nft_expr *expr) if (nla_put_be16(skb, NFTA_LOG_GROUP, htons(li->u.ulog.group))) goto nla_put_failure; - if (li->u.ulog.copy_len) { + if (li->u.ulog.flags & NF_LOG_F_COPY_LEN) { if (nla_put_be32(skb, NFTA_LOG_SNAPLEN, htonl(li->u.ulog.copy_len))) goto nla_put_failure; |