diff options
author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2013-02-08 07:00:33 +0000 |
---|---|---|
committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2013-02-08 07:00:33 +0000 |
commit | 8a4a82b055a101ae79cedbdd426d704f81654ab7 (patch) | |
tree | 01eacb410a40fba9d54b15a36d3b6315f04da1ed | |
parent | b9ebf814656849f6d8b0ba96a0d24dc09597d4aa (diff) | |
download | awall-8a4a82b055a101ae79cedbdd426d704f81654ab7.tar.bz2 awall-8a4a82b055a101ae79cedbdd426d704f81654ab7.tar.xz |
packet logging without filtering
-rw-r--r-- | awall/modules/filter.lua | 64 | ||||
-rw-r--r-- | awall/modules/log.lua | 97 |
2 files changed, 100 insertions, 61 deletions
diff --git a/awall/modules/filter.lua b/awall/modules/filter.lua index e49ea06..fdf851d 100644 --- a/awall/modules/filter.lua +++ b/awall/modules/filter.lua @@ -17,57 +17,6 @@ local extend = util.extend local RECENT_MAX_COUNT = 20 -local Log = model.class(model.ConfigObject) - -function Log:optfrag() - local optmap = { - log={level='level', prefix='prefix'}, - nflog={ - group='group', - prefix='prefix', - range='range', - threshold='threshold' - }, - ulog={ - group='nlgroup', - prefix='prefix', - range='cprange', - threshold='qthreshold' - } - } - - local mode = self.mode or 'log' - if not optmap[mode] then self:error('Invalid logging mode: '..mode) end - - local selector, opts - for i, sel in ipairs{'every', 'limit', 'probability'} do - local value = self[sel] - if value then - if selector then - self:error('Cannot combine '..sel..' with '..selector) - end - selector = sel - - if sel == 'every' then - opts = '-m statistic --mode nth --every '..value..' --packet 0' - elseif sel == 'limit' then - opts = '-m limit --limit '..value..'/second' - elseif sel == 'probability' then - opts = '-m statistic --mode random --probability '..value - else assert(false) end - end - end - - local target = string.upper(mode) - - for s, t in pairs(optmap[mode]) do - if self[s] then target = target..' --'..mode..'-'..t..' '..self[s] end - end - - return {opts=opts, target=target} -end - - local Filter = model.class(model.Rule) function Filter:init(...) @@ -79,21 +28,15 @@ function Filter:init(...) self.action = string.sub(self.action, 4, -1) end - local function log(spec, default) - if spec == nil then spec = default end - if spec == false then return end - if spec == true then spec = '_default' end - return self.root.log[spec] or self:error('Invalid log: '..spec) - end - - self.log = log(self.log, self.action ~= 'accept') + local log = require('awall').loadclass('log').get + self.log = log(self, self.log, self.action ~= 'accept') local limit = self:limit() if limit then if type(self[limit]) ~= 'table' then self[limit] = {count=self[limit]} end - self[limit].log = log(self[limit].log, true) + self[limit].log = log(self, self[limit].log, true) end end @@ -301,7 +244,6 @@ icmprules(icmp6, 'icmpv6-type', {1, 2, 3, 4}) export = { filter={class=Filter, before={'dnat', 'no-track'}}, - log={class=Log}, policy={class=Policy, after='%filter-after'}, ['%filter-before']={rules=dar, before='filter'}, ['%filter-after']={rules=ir, after='filter'} diff --git a/awall/modules/log.lua b/awall/modules/log.lua new file mode 100644 index 0000000..a183b04 --- /dev/null +++ b/awall/modules/log.lua @@ -0,0 +1,97 @@ +--[[ +Packet logging module for Alpine Wall +Copyright (C) 2012-2013 Kaarle Ritvanen +See LICENSE file for license details +]]-- + + +module(..., package.seeall) + +local model = require('awall.model') +local Rule = model.Rule + +local combinations = require('awall.optfrag').combinations + + +local Log = model.class(model.ConfigObject) + +function Log:matchopts() + local selector, opts + + for i, sel in ipairs{'every', 'limit', 'probability'} do + local value = self[sel] + if value then + if selector then + self:error('Cannot combine '..sel..' with '..selector) + end + selector = sel + + if sel == 'every' then + opts = '-m statistic --mode nth --every '..value..' --packet 0' + elseif sel == 'limit' then + opts = '-m limit --limit '..value..'/second' + elseif sel == 'probability' then + opts = '-m statistic --mode random --probability '..value + else assert(false) end + end + end + + return opts +end + +function Log:target() + local optmap = { + log={level='level', prefix='prefix'}, + nflog={ + group='group', + prefix='prefix', + range='range', + threshold='threshold' + }, + ulog={ + group='nlgroup', + prefix='prefix', + range='cprange', + threshold='qthreshold' + } + } + + local mode = self.mode or 'log' + if not optmap[mode] then self:error('Invalid logging mode: '..mode) end + + local res = string.upper(mode) + for s, t in pairs(optmap[mode]) do + if self[s] then res = res..' --'..mode..'-'..t..' '..self[s] end + end + return res +end + +function Log:optfrag() return {opts=self:matchopts(), target=self:target()} end + +function Log.get(rule, spec, default) + if spec == nil then spec = default end + if spec == false then return end + if spec == true then spec = '_default' end + return rule.root.log[spec] or rule:error('Invalid log: '..spec) +end + + +local LogRule = model.class(Rule) + +function LogRule:init(...) + Rule.init(self, unpack(arg)) + self.log = Log.get(self, self.log, true) +end + +function LogRule:position() return 'prepend' end + +function LogRule:servoptfrags() + return combinations(Rule.servoptfrags(self), {{opts=self.log:matchopts()}}) +end + +function LogRule:target() return self.log:target() end + +export = { + log={class=Log}, + ['packet-log']={class=LogRule, after='%filter-after'} +} |