netfilter: quota2: add support to log quota limit reached.

This uses the NETLINK NETLINK_NFLOG family to log a single message when the quota limit is reached. It uses the same packet type as ipt_ULOG, but - never copies skb data, - uses 112 as the event number (ULOG's +1) It doesn't log if the module param "event_num" is 0. Change-Id: I6f31736b568bb31a4ff0b9ac2ee58380e6b675ca Signed-off-by: JP Abgrall <jpa@google.com>
author: JP Abgrall <jpa@google.com> 2011-07-13 16:02:31 -0700
committer: Dan Willemsen <dwillemsen@nvidia.com> 2011-11-30 21:38:54 -0800
commit: 8a24076faab49f9093a2e1dff216a6be5a9ba620 (patch)
tree: 6daca8b1d5fad69d2d2dacb39d057e1f3a560504 /net/netfilter/Kconfig
parent: b05d94b13918c95f2038dcc61617b6d6aa03e29a (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index ddb7bb507bd5..5bd5c612a9bf 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -975,6 +975,18 @@ config NETFILTER_XT_MATCH_QUOTA2
 	  If you want to compile it as a module, say M here and read
 	  <file:Documentation/kbuild/modules.txt>.  If unsure, say `N'.
 
+config NETFILTER_XT_MATCH_QUOTA2_LOG
+	bool '"quota2" Netfilter LOG support'
+	depends on NETFILTER_XT_MATCH_QUOTA2
+	depends on IP_NF_TARGET_ULOG=n    # not yes, not module, just no
+	default n
+	help
+	  This option allows `quota2' to log ONCE when a quota limit
+	  is passed. It logs via NETLINK using the NETLINK_NFLOG family.
+	  It logs similarly to how ipt_ULOG would without data.
+
+	  If unsure, say `N'.
+
 config NETFILTER_XT_MATCH_RATEEST
 	tristate '"rateest" match support'
 	depends on NETFILTER_ADVANCED
author	JP Abgrall <jpa@google.com>	2011-07-13 16:02:31 -0700
committer	Dan Willemsen <dwillemsen@nvidia.com>	2011-11-30 21:38:54 -0800
commit	8a24076faab49f9093a2e1dff216a6be5a9ba620 (patch)
tree	6daca8b1d5fad69d2d2dacb39d057e1f3a560504 /net/netfilter/Kconfig
parent	b05d94b13918c95f2038dcc61617b6d6aa03e29a (diff)