netfilter: nf_conntrack: log packets dropped by helpers

[pandora-kernel.git] / net / ipv6 / netfilter / nf_conntrack_l3proto_ipv6.c

diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index a7f4cd6..5f2ec20 100644 (file)
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -27,6 +27,7 @@
 #include <net/netfilter/nf_conntrack_l3proto.h>
 #include <net/netfilter/nf_conntrack_core.h>
 #include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
+#include <net/netfilter/nf_log.h>
 
 static bool ipv6_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff,
                              struct nf_conntrack_tuple *tuple)
@@ -176,8 +177,11 @@ static unsigned int ipv6_confirm(unsigned int hooknum,
        }
 
        ret = helper->help(skb, protoff, ct, ctinfo);
-       if (ret != NF_ACCEPT)
+       if (ret != NF_ACCEPT) {
+               nf_log_packet(NFPROTO_IPV6, hooknum, skb, in, out, NULL,
+                             "nf_ct_%s: dropping packet", helper->name);
                return ret;
+       }
 out:
        /* We've seen it coming out the other side: confirm it */
        return nf_conntrack_confirm(skb);