Log: new mode: none

README.md

@@ -244,7 +244,8 @@ logging class names to setting objects.
 
 A setting object may have an attribute named **mode**, which specifies
 which logging facility to use. Allowed values are **log**, **nflog**,
-and **ulog**. The default is **log**, i.e. in-kernel logging.
+**ulog**, and **none**. The default is **log**, i.e. in-kernel
+logging.
 
 The following table shows the optional attributes valid for all
 logging modes:

awall/modules/filter.lua

@@ -177,7 +177,8 @@ end
 function LoggingRule:combinelog(ofrags, log, action, target)
    local actions = self:actofrags(log, target)
    return actions[1] and
-      self:combine(ofrags, actions, 'log'..action, log) or ofrags
+      self:combine(ofrags, actions, 'log'..action, log and log:target()) or
+      ofrags
 end
 
 function LoggingRule:mangleoptfrags(ofrags)
@@ -407,7 +408,7 @@ function Filter:mangleoptfrags(ofrags)
       if ct then
 	 extend(ofs, self:actofrags(self.log))
 	 nxt = target
-      elseif sofs and not pl then nxt = false end
+      elseif sofs and not (pl and pl:target()) then nxt = false end
       extend(ofs, combinations(sofs, self:actofrags(pl, nxt)))
 
    else

awall/modules/log.lua

@@ -70,6 +70,7 @@ function Log:target()
    }
 
    local mode = self.mode or 'log'
+   if mode == 'none' then return end
    if not optmap[mode] then self:error('Invalid logging mode: '..mode) end
 
    local res = mode:upper()
@@ -84,7 +85,8 @@ function Log:target()
 end
 
 function Log:optfrags()
-   return combinations(self:matchofrags(), {{target=self:target()}})
+   local target = self:target()
+   return combinations(self:matchofrags(), {target and {target=target}})
 end
 
 function Log.get(rule, spec, default)

test/mandatory/filter-limit.json

@@ -4,6 +4,8 @@
 	{ "conn-limit": 1, "action": "pass" },
 	{ "conn-limit": 1, "log": true },
 	{ "conn-limit": 1, "log": true, "action": "pass" },
+	{ "conn-limit": 1, "log": "none" },
+	{ "conn-limit": 1, "log": "none", "action": "pass" },
 	{ "conn-limit": { "count": 1, "log": false } },
 	{ "conn-limit": { "count": 1, "log": false }, "action": "pass" },
 	{ "conn-limit": { "count": 1, "log": false }, "log": true },
@@ -12,17 +14,46 @@
 	    "log": true,
 	    "action": "pass"
 	},
+	{ "conn-limit": { "count": 1, "log": false }, "log": "none" },
+	{
+	    "conn-limit": { "count": 1, "log": false },
+	    "log": "none",
+	    "action": "pass"
+	},
+	{ "conn-limit": { "count": 1, "log": "none" } },
+	{ "conn-limit": { "count": 1, "log": "none" }, "action": "pass" },
+	{ "conn-limit": { "count": 1, "log": "none" }, "log": true },
+	{
+	    "conn-limit": { "count": 1, "log": "none" },
+	    "log": true,
+	    "action": "pass"
+	},
+	{ "conn-limit": { "count": 1, "log": "none" }, "log": "none" },
+	{
+	    "conn-limit": { "count": 1, "log": "none" },
+	    "log": "none",
+	    "action": "pass"
+	},
+	
 	{ "conn-limit": 30 },
 	{ "conn-limit": 30, "action": "pass" },
 	{ "conn-limit": 30, "log": true },
+	{ "conn-limit": 30, "log": "none" },
 	{ "conn-limit": { "count": 30, "log": false } },
 	{ "conn-limit": { "count": 30, "log": false }, "action": "pass" },
 	{ "conn-limit": { "count": 30, "log": false }, "log": true },
+	{ "conn-limit": { "count": 30, "log": false }, "log": "none" },
+	{ "conn-limit": { "count": 30, "log": "none" } },
+	{ "conn-limit": { "count": 30, "log": "none" }, "action": "pass" },
+	{ "conn-limit": { "count": 30, "log": "none" }, "log": true },
+	{ "conn-limit": { "count": 30, "log": "none" }, "log": "none" },
 
 	{ "flow-limit": 1 },
 	{ "flow-limit": 1, "action": "pass" },
 	{ "flow-limit": 1, "log": true },
 	{ "flow-limit": 1, "log": true, "action": "pass" },
+	{ "flow-limit": 1, "log": "none" },
+	{ "flow-limit": 1, "log": "none", "action": "pass" },
 	{ "flow-limit": { "count": 1, "log": false } },
 	{ "flow-limit": { "count": 1, "log": false }, "action": "pass" },
 	{ "flow-limit": { "count": 1, "log": false }, "log": true },
@@ -31,11 +62,38 @@
 	    "log": true,
 	    "action": "pass"
 	},
+	{ "flow-limit": { "count": 1, "log": false }, "log": "none" },
+	{
+	    "flow-limit": { "count": 1, "log": false },
+	    "log": "none",
+	    "action": "pass"
+	},
+	{ "flow-limit": { "count": 1, "log": "none" } },
+	{ "flow-limit": { "count": 1, "log": "none" }, "action": "pass" },
+	{ "flow-limit": { "count": 1, "log": "none" }, "log": true },
+	{
+	    "flow-limit": { "count": 1, "log": "none" },
+	    "log": true,
+	    "action": "pass"
+	},
+	{ "flow-limit": { "count": 1, "log": "none" }, "log": "none" },
+	{
+	    "flow-limit": { "count": 1, "log": "none" },
+	    "log": "none",
+	    "action": "pass"
+	},
+	
 	{ "flow-limit": 30 },
 	{ "flow-limit": 30, "action": "pass" },
 	{ "flow-limit": 30, "log": true },
+	{ "flow-limit": 30, "log": "none" },
 	{ "flow-limit": { "count": 30, "log": false } },
 	{ "flow-limit": { "count": 30, "log": false }, "action": "pass" },
-	{ "flow-limit": { "count": 30, "log": false }, "log": true }
+	{ "flow-limit": { "count": 30, "log": false }, "log": true },
+	{ "flow-limit": { "count": 30, "log": false }, "log": "none" },
+	{ "flow-limit": { "count": 30, "log": "none" } },
+	{ "flow-limit": { "count": 30, "log": "none" }, "action": "pass" },
+	{ "flow-limit": { "count": 30, "log": "none" }, "log": true },
+	{ "flow-limit": { "count": 30, "log": "none" }, "log": "none" }
     ]
 }

test/mandatory/log.json

 {
+    "log": { "none": { "mode": "none" } },
     "filter": [
 	{},
 	{ "action": "drop" },
@@ -8,6 +9,9 @@
 	{ "log": false, "action": "pass" },
 	{ "log": true },
 	{ "log": true, "action": "drop" },
-	{ "log": true, "action": "pass" }
+	{ "log": true, "action": "pass" },
+	{ "log": "none" },
+	{ "log": "none", "action": "drop" },
+	{ "log": "none", "action": "pass" }
     ]
 }