Patch to avoid MAC header logging
Roberto Nibali
ratz@drugphish.ch
Mon, 05 Jul 2004 12:49:18 +0200
Hello,
just my two cents ...
> I hope this is the right place to post this patch I'v made ...
Yes.
> My problem was that logs generated by "-j LOG" being full of mac
> headers that didn't have any information to me (the machine is after a
> router, so the MAC source is always from the router).
Fair enough.
> Excess of redundant information is misinformation to me ...
Ok.
> So I'v decided to make this small (tiny) modifications to the LOG
> module, adding a flag to disable MAC headers logging.
Hmm, the way I see it you added a feature to enable MAC header logging
and disabled it by default.
> I'm sure this will make other people happy too.
Not me ;).
> + case '4':
> + if (*flags & IPT_LOG_MAC)
> + exit_error(PARAMETER_PROBLEM,
> + "Can't specify --log-mac-header twice");
Side comment: Why? I mean you just copied what was there already, but
why is this a problem? Setting a flag a thousand times doesn't change
the end result of the flag being set. Am I missing something design wise?
> diff -wurNbB linux-2.4.22/net/ipv4/netfilter/ipt_LOG.c linux-2.4.22pr1/net/ipv4/netfilter/ipt_LOG.c
> --- linux-2.4.22/net/ipv4/netfilter/ipt_LOG.c 2002-02-25 19:38:14.000000000 +0000
> +++ linux-2.4.22pr1/net/ipv4/netfilter/ipt_LOG.c 2003-11-12 22:37:27.000000000 +0000
> @@ -289,7 +289,7 @@
> loginfo->prefix,
> in ? in->name : "",
> out ? out->name : "");
> - if (in && !out) {
> + if (in && !out && (loginfo->logflags & IPT_LOG_MAC)) {
Your new default (IPT_LOG_MAC unset) breaks existing userland tools that
depend on this output for parsing and further correlation.
Best regards,
Roberto Nibali, ratz
--
echo
'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc