netfilter: nf_tables: Audit log setelem reset

Since set element reset is not integrated into nf_tables' transaction logic, an explicit log call is needed, similar to NFT_MSG_GETOBJ_RESET handling. For the sake of simplicity, catchall element reset will always generate a dedicated log entry. This relieves nf_tables_dump_set() from having to adjust the logged element count depending on whether a catchall element was found or not. Fixes: 079cd633219d7 ("netfilter: nf_tables: Introduce NFT_MSG_GETSETELEM_RESET") Signed-off-by: Phil Sutter <[email protected]> Reviewed-by: Richard Guy Briggs <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
author: Phil Sutter <[email protected]> 2023-08-29 19:51:57 +0200
committer: Pablo Neira Ayuso <[email protected]> 2023-08-31 01:29:27 +0200
commit: 7e9be1124dbe7888907e82cab20164578e3f9ab7 (patch)
tree: 09fbb6809610a2bde1d514ac57a31b041ece18fb /include/linux
parent: 69c5d284f67089b4750d28ff6ac6f52ec224b330 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 6a3a9e122bb5..192bf03aacc5 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -117,6 +117,7 @@ enum audit_nfcfgop {
 	AUDIT_NFT_OP_OBJ_RESET,
 	AUDIT_NFT_OP_FLOWTABLE_REGISTER,
 	AUDIT_NFT_OP_FLOWTABLE_UNREGISTER,
+	AUDIT_NFT_OP_SETELEM_RESET,
 	AUDIT_NFT_OP_INVALID,
 };
author	Phil Sutter <[email protected]>	2023-08-29 19:51:57 +0200
committer	Pablo Neira Ayuso <[email protected]>	2023-08-31 01:29:27 +0200
commit	7e9be1124dbe7888907e82cab20164578e3f9ab7 (patch)
tree	09fbb6809610a2bde1d514ac57a31b041ece18fb /include/linux
parent	69c5d284f67089b4750d28ff6ac6f52ec224b330 (diff)