test: log: nflog

d47507f3 · Kaarle Ritvanen · eb1673e9 · d47507f3 · d47507f3 · d47507f3
Commit d47507f3 authored Sep 04, 2018 by Kaarle Ritvanen
19 changed files
--- a/test/mandatory/log.json
+++ b/test/mandatory/log.json
@@ -2,12 +2,14 @@
    "log": {
 	"dual": { "mode": "log", "mirror": "fc00::1" },
 	"mirror": { "mirror": [ "10.0.0.1", "10.0.0.2", "fc00::2" ] },
+	"nflog": { "mode": "nflog", "group": 1, "range": 128 },
 	"none": { "mode": "none" },
 	"ulog": { "mode": "ulog", "limit": { "interval": 5 } }
    },
    "packet-log": [
 	{ "out": "_fw" },
 	{ "out": "_fw", "log": "mirror" },
+	{ "out": "_fw", "log": "nflog" },
 	{ "out": "_fw", "log": "ulog" }
    ],
    "filter": [

--- a/test/output/address/dump
+++ b/test/output/address/dump
@@ -8085,6 +8085,9 @@ Log dual      {"mirror":"fc00::1","mode":"log"}
 Log mirror    {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]}
 (log)         

+Log nflog     {"group":1,"mode":"nflog","range":128}
+(log)         
+
 Log none      {"mode":"none"}
 (log)         

@@ -8141,7 +8144,12 @@ Packet-log 2          {"log":"mirror","out":"_fw"}
  inet/filter/INPUT   -j TEE --gateway 10.0.0.2
  inet6/filter/INPUT  -j TEE --gateway fc00::2

-Packet-log 3          {"log":"ulog","out":"_fw"}
+Packet-log 3          {"log":"nflog","out":"_fw"}
+(log)                 
+  inet/filter/INPUT   -j NFLOG --nflog-group 1 --nflog-size 128
+  inet6/filter/INPUT  -j NFLOG --nflog-group 1 --nflog-size 128
+
+Packet-log 4          {"log":"ulog","out":"_fw"}
 (log)                 
  inet/filter/INPUT   -m limit --limit 12/minute -j ULOG

@@ -10306,6 +10314,7 @@ hash:net family inet
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
 -A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway 10.0.0.2
 -A INPUT -j TEE --gateway 10.0.0.1
 -A INPUT -m limit --limit 1/second -j LOG
@@ -13186,6 +13195,7 @@ COMMIT
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway fc00::2
 -A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT

--- a/test/output/address/rules-save
+++ b/test/output/address/rules-save
@@ -1950,6 +1950,7 @@
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
 -A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway 10.0.0.2
 -A INPUT -j TEE --gateway 10.0.0.1
 -A INPUT -m limit --limit 1/second -j LOG

--- a/test/output/address/rules6-save
+++ b/test/output/address/rules6-save
@@ -571,6 +571,7 @@
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway fc00::2
 -A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT

--- a/test/output/filter-limit/dump
+++ b/test/output/filter-limit/dump
@@ -59513,6 +59513,9 @@ Log dual      {"mirror":"fc00::1","mode":"log"}
 Log mirror    {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]}
 (log)         

+Log nflog     {"group":1,"mode":"nflog","range":128}
+(log)         
+
 Log none      {"mode":"none"}
 (log)         

@@ -59569,7 +59572,12 @@ Packet-log 2          {"log":"mirror","out":"_fw"}
  inet/filter/INPUT   -j TEE --gateway 10.0.0.2
  inet6/filter/INPUT  -j TEE --gateway fc00::2

-Packet-log 3          {"log":"ulog","out":"_fw"}
+Packet-log 3          {"log":"nflog","out":"_fw"}
+(log)                 
+  inet/filter/INPUT   -j NFLOG --nflog-group 1 --nflog-size 128
+  inet6/filter/INPUT  -j NFLOG --nflog-group 1 --nflog-size 128
+
+Packet-log 4          {"log":"ulog","out":"_fw"}
 (log)                 
  inet/filter/INPUT   -m limit --limit 12/minute -j ULOG

@@ -68693,6 +68701,7 @@ hash:net family inet
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
 -A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway 10.0.0.2
 -A INPUT -j TEE --gateway 10.0.0.1
 -A INPUT -m limit --limit 1/second -j LOG
@@ -100475,6 +100484,7 @@ COMMIT
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway fc00::2
 -A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set 
--- a/test/output/filter-limit/rules-save
+++ b/test/output/filter-limit/rules-save
@@ -8909,6 +8909,7 @@
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
 -A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway 10.0.0.2
 -A INPUT -j TEE --gateway 10.0.0.1
 -A INPUT -m limit --limit 1/second -j LOG
--- a/test/output/filter-limit/rules6-save
+++ b/test/output/filter-limit/rules6-save
@@ -8882,6 +8882,7 @@
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway fc00::2
 -A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set 
--- a/test/output/filter/dump
+++ b/test/output/filter/dump
@@ -433,6 +433,9 @@ Log dual      {"mirror":"fc00::1","mode":"log"}
 Log mirror    {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]}
 (log)         

+Log nflog     {"group":1,"mode":"nflog","range":128}
+(log)         
+
 Log none      {"mode":"none"}
 (log)         

@@ -489,7 +492,12 @@ Packet-log 2          {"log":"mirror","out":"_fw"}
  inet/filter/INPUT   -j TEE --gateway 10.0.0.2
  inet6/filter/INPUT  -j TEE --gateway fc00::2

-Packet-log 3          {"log":"ulog","out":"_fw"}
+Packet-log 3          {"log":"nflog","out":"_fw"}
+(log)                 
+  inet/filter/INPUT   -j NFLOG --nflog-group 1 --nflog-size 128
+  inet6/filter/INPUT  -j NFLOG --nflog-group 1 --nflog-size 128
+
+Packet-log 4          {"log":"ulog","out":"_fw"}
 (log)                 
  inet/filter/INPUT   -m limit --limit 12/minute -j ULOG

@@ -804,6 +812,7 @@ hash:net family inet
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
 -A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway 10.0.0.2
 -A INPUT -j TEE --gateway 10.0.0.1
 -A INPUT -m limit --limit 1/second -j LOG
@@ -1022,6 +1031,7 @@ COMMIT
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway fc00::2
 -A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT

--- a/test/output/filter/rules-save
+++ b/test/output/filter/rules-save
@@ -100,6 +100,7 @@
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
 -A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway 10.0.0.2
 -A INPUT -j TEE --gateway 10.0.0.1
 -A INPUT -m limit --limit 1/second -j LOG

--- a/test/output/filter/rules6-save
+++ b/test/output/filter/rules6-save
@@ -73,6 +73,7 @@
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway fc00::2
 -A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT

--- a/test/output/no-track/dump
+++ b/test/output/no-track/dump
@@ -429,6 +429,9 @@ Log dual      {"mirror":"fc00::1","mode":"log"}
 Log mirror    {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]}
 (log)         

+Log nflog     {"group":1,"mode":"nflog","range":128}
+(log)         
+
 Log none      {"mode":"none"}
 (log)         

@@ -485,7 +488,12 @@ Packet-log 2          {"log":"mirror","out":"_fw"}
  inet/filter/INPUT   -j TEE --gateway 10.0.0.2
  inet6/filter/INPUT  -j TEE --gateway fc00::2

-Packet-log 3          {"log":"ulog","out":"_fw"}
+Packet-log 3          {"log":"nflog","out":"_fw"}
+(log)                 
+  inet/filter/INPUT   -j NFLOG --nflog-group 1 --nflog-size 128
+  inet6/filter/INPUT  -j NFLOG --nflog-group 1 --nflog-size 128
+
+Packet-log 4          {"log":"ulog","out":"_fw"}
 (log)                 
  inet/filter/INPUT   -m limit --limit 12/minute -j ULOG

@@ -796,6 +804,7 @@ hash:net family inet
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
 -A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway 10.0.0.2
 -A INPUT -j TEE --gateway 10.0.0.1
 -A INPUT -m limit --limit 1/second -j LOG
@@ -1018,6 +1027,7 @@ COMMIT
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway fc00::2
 -A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT

--- a/test/output/no-track/rules-save
+++ b/test/output/no-track/rules-save
@@ -96,6 +96,7 @@
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
 -A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway 10.0.0.2
 -A INPUT -j TEE --gateway 10.0.0.1
 -A INPUT -m limit --limit 1/second -j LOG

--- a/test/output/no-track/rules6-save
+++ b/test/output/no-track/rules6-save
@@ -63,6 +63,7 @@
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway fc00::2
 -A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT

--- a/test/output/route-track/dump
+++ b/test/output/route-track/dump
@@ -363,6 +363,9 @@ Log dual      {"mirror":"fc00::1","mode":"log"}
 Log mirror    {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]}
 (log)         

+Log nflog     {"group":1,"mode":"nflog","range":128}
+(log)         
+
 Log none      {"mode":"none"}
 (log)         

@@ -419,7 +422,12 @@ Packet-log 2          {"log":"mirror","out":"_fw"}
  inet/filter/INPUT   -j TEE --gateway 10.0.0.2
  inet6/filter/INPUT  -j TEE --gateway fc00::2

-Packet-log 3          {"log":"ulog","out":"_fw"}
+Packet-log 3          {"log":"nflog","out":"_fw"}
+(log)                 
+  inet/filter/INPUT   -j NFLOG --nflog-group 1 --nflog-size 128
+  inet6/filter/INPUT  -j NFLOG --nflog-group 1 --nflog-size 128
+
+Packet-log 4          {"log":"ulog","out":"_fw"}
 (log)                 
  inet/filter/INPUT   -m limit --limit 12/minute -j ULOG

@@ -736,6 +744,7 @@ hash:net family inet
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
 -A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway 10.0.0.2
 -A INPUT -j TEE --gateway 10.0.0.1
 -A INPUT -m limit --limit 1/second -j LOG
@@ -928,6 +937,7 @@ COMMIT
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway fc00::2
 -A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT

--- a/test/output/route-track/rules-save
+++ b/test/output/route-track/rules-save
@@ -90,6 +90,7 @@
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
 -A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway 10.0.0.2
 -A INPUT -j TEE --gateway 10.0.0.1
 -A INPUT -m limit --limit 1/second -j LOG

--- a/test/output/route-track/rules6-save
+++ b/test/output/route-track/rules6-save
@@ -63,6 +63,7 @@
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway fc00::2
 -A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT

--- a/test/output/tproxy/dump
+++ b/test/output/tproxy/dump
@@ -363,6 +363,9 @@ Log dual      {"mirror":"fc00::1","mode":"log"}
 Log mirror    {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]}
 (log)         

+Log nflog     {"group":1,"mode":"nflog","range":128}
+(log)         
+
 Log none      {"mode":"none"}
 (log)         

@@ -419,7 +422,12 @@ Packet-log 2          {"log":"mirror","out":"_fw"}
  inet/filter/INPUT   -j TEE --gateway 10.0.0.2
  inet6/filter/INPUT  -j TEE --gateway fc00::2

-Packet-log 3          {"log":"ulog","out":"_fw"}
+Packet-log 3          {"log":"nflog","out":"_fw"}
+(log)                 
+  inet/filter/INPUT   -j NFLOG --nflog-group 1 --nflog-size 128
+  inet6/filter/INPUT  -j NFLOG --nflog-group 1 --nflog-size 128
+
+Packet-log 4          {"log":"ulog","out":"_fw"}
 (log)                 
  inet/filter/INPUT   -m limit --limit 12/minute -j ULOG

@@ -730,6 +738,7 @@ hash:net family inet
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
 -A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway 10.0.0.2
 -A INPUT -j TEE --gateway 10.0.0.1
 -A INPUT -m limit --limit 1/second -j LOG
@@ -921,6 +930,7 @@ COMMIT
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway fc00::2
 -A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT

--- a/test/output/tproxy/rules-save
+++ b/test/output/tproxy/rules-save
@@ -90,6 +90,7 @@
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmp -j icmp-routing
 -A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway 10.0.0.2
 -A INPUT -j TEE --gateway 10.0.0.1
 -A INPUT -m limit --limit 1/second -j LOG

--- a/test/output/tproxy/rules6-save
+++ b/test/output/tproxy/rules6-save
@@ -63,6 +63,7 @@
 -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
 -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
 -A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
 -A INPUT -j TEE --gateway fc00::2
 -A INPUT -m limit --limit 1/second -j LOG
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT