--- ebtables2.orig/extensions/ebt_AUDIT.c	1970-01-01 01:00:00.000000000 +0100

+++ ebtables2.orig/extensions/ebt_AUDIT.c	2011-01-07 10:53:46.680329228 +0100

@@ -0,0 +1,110 @@ 

+

+#include <stdio.h>

+#include <stdlib.h>

+#include <string.h>

+#include <getopt.h>

+#include "../include/ebtables_u.h"

+#include <linux/netfilter/xt_AUDIT.h>

+

+#define AUDIT_TYPE  '1'

+static struct option opts[] =

+{

+	{ "audit-type" , required_argument, 0, AUDIT_TYPE },

+	{ 0 }

+};

+

+static void print_help()

+{

+	printf(

+	"AUDIT target options:\n"

+	" --audit-type TYPE          : Set action type to record.\n");

+}

+

+static void init(struct ebt_entry_target *target)

+{

+	struct xt_AUDIT_info *info = (struct xt_AUDIT_info *) target->data;

+

+	info->type = 0;

+}

+

+static int parse(int c, char **argv, int argc,

+   const struct ebt_u_entry *entry, unsigned int *flags,

+   struct ebt_entry_target **target)

+{

+	struct xt_AUDIT_info *info = (struct xt_AUDIT_info *) (*target)->data;

+

+	switch (c) {

+	case AUDIT_TYPE:

+		ebt_check_option2(flags, AUDIT_TYPE);

+

+		if (!strcasecmp(optarg, "accept"))

+			info->type = XT_AUDIT_TYPE_ACCEPT;

+		else if (!strcasecmp(optarg, "drop"))

+			info->type = XT_AUDIT_TYPE_DROP;

+		else if (!strcasecmp(optarg, "reject"))

+			info->type = XT_AUDIT_TYPE_REJECT;

+		else

+			ebt_print_error2("Bad action type value `%s'", optarg);

+

+		break;

+	 default:

+		return 0;

+	}

+	return 1;

+}

+

+static void final_check(const struct ebt_u_entry *entry,

+   const struct ebt_entry_match *match, const char *name,

+   unsigned int hookmask, unsigned int time)

+{

+}

+

+static void print(const struct ebt_u_entry *entry,

+   const struct ebt_entry_target *target)

+{

+	const struct xt_AUDIT_info *info =

+		(const struct xt_AUDIT_info *) target->data;

+

+	printf("--audit-type ");

+

+	switch(info->type) {

+	case XT_AUDIT_TYPE_ACCEPT:

+		printf("accept");

+		break;

+	case XT_AUDIT_TYPE_DROP:

+		printf("drop");

+		break;

+	case XT_AUDIT_TYPE_REJECT:

+		printf("reject");

+		break;

+	}

+}

+

+static int compare(const struct ebt_entry_target *t1,

+   const struct ebt_entry_target *t2)

+{

+	const struct xt_AUDIT_info *info1 =

+		(const struct xt_AUDIT_info *) t1->data;

+	const struct xt_AUDIT_info *info2 =

+		(const struct xt_AUDIT_info *) t2->data;

+

+	return info1->type == info2->type;

+}

+

+static struct ebt_u_target AUDIT_target =

+{

+	.name		= "AUDIT",

+	.size		= sizeof(struct xt_AUDIT_info),

+	.help		= print_help,

+	.init		= init,

+	.parse		= parse,

+	.final_check	= final_check,

+	.print		= print,

+	.compare	= compare,

+	.extra_ops	= opts,

+};

+

+void _init(void)

+{

+	ebt_register_target(&AUDIT_target);

+}

--- ebtables2.orig/extensions/Makefile	2011-01-07 10:55:28.077246240 +0100

+++ ebtables2.orig/extensions/Makefile	2011-01-07 10:53:46.686329230 +0100

@@ -1,7 +1,7 @@ 

 #! /usr/bin/make

 EXT_FUNC+=802_3 nat arp arpreply ip ip6 standard log redirect vlan mark_m mark \

-          pkttype stp among limit ulog nflog

+          pkttype stp among limit ulog nflog AUDIT

 EXT_TABLES+=filter nat broute

 EXT_OBJS+=$(foreach T,$(EXT_FUNC), extensions/ebt_$(T).o)

 EXT_OBJS+=$(foreach T,$(EXT_TABLES), extensions/ebtable_$(T).o)

--- a/include/linux/netfilter/xt_AUDIT.h	

+++ a/include/linux/netfilter/xt_AUDIT.h	

@@ -0,0 +1,30 @@ 

+/*

+ * Header file for iptables xt_AUDIT target

+ *

+ * (C) 2010-2011 Thomas Graf <tgraf@redhat.com>

+ * (C) 2010-2011 Red Hat, Inc.

+ *

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License version 2 as

+ * published by the Free Software Foundation.

+ */

+

+#ifndef _XT_AUDIT_TARGET_H

+#define _XT_AUDIT_TARGET_H

+

+#include <linux/types.h>

+

+enum {

+	XT_AUDIT_TYPE_ACCEPT = 0,

+	XT_AUDIT_TYPE_DROP,

+	XT_AUDIT_TYPE_REJECT,

+	__XT_AUDIT_TYPE_MAX,

+};

+

+#define XT_AUDIT_TYPE_MAX (__XT_AUDIT_TYPE_MAX - 1)

+

+struct xt_AUDIT_info {

+	__u8 type; /* XT_AUDIT_TYPE_* */

+};

+

+#endif /* _XT_AUDIT_TARGET_H */