summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorLiping Zhang <liping.zhang@spreadtrum.com>2016-07-18 20:44:17 +0800
committerPablo Neira Ayuso <pablo@netfilter.org>2016-07-21 02:32:34 +0200
commitcc37c1ad42ba6bc07c3d7a999f898e11d69a2580 (patch)
tree2dce1401291c22a14a982da0d46f7ce7ad91a8de /net
parent1bc4e0136cb32282d7968e11cfabc40763fdb03c (diff)
netfilter: nft_log: fix snaplen does not truncate packets
There's a similar problem in xt_NFLOG, and was fixed by commit 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate packets"). Only set copy_len here does not work, so we should enable NF_LOG_F_COPY_LEN also. Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/nft_log.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nft_log.c b/net/netfilter/nft_log.c
index 5f6f088ff06e..24a73bb26e94 100644
--- a/net/netfilter/nft_log.c
+++ b/net/netfilter/nft_log.c
@@ -92,6 +92,7 @@ static int nft_log_init(const struct nft_ctx *ctx,
case NF_LOG_TYPE_ULOG:
li->u.ulog.group = ntohs(nla_get_be16(tb[NFTA_LOG_GROUP]));
if (tb[NFTA_LOG_SNAPLEN] != NULL) {
+ li->u.ulog.flags |= NF_LOG_F_COPY_LEN;
li->u.ulog.copy_len =
ntohl(nla_get_be32(tb[NFTA_LOG_SNAPLEN]));
}
@@ -149,7 +150,7 @@ static int nft_log_dump(struct sk_buff *skb, const struct nft_expr *expr)
if (nla_put_be16(skb, NFTA_LOG_GROUP, htons(li->u.ulog.group)))
goto nla_put_failure;
- if (li->u.ulog.copy_len) {
+ if (li->u.ulog.flags & NF_LOG_F_COPY_LEN) {
if (nla_put_be32(skb, NFTA_LOG_SNAPLEN,
htonl(li->u.ulog.copy_len)))
goto nla_put_failure;