netfilter: load nf_log_syslog on enabling nf_conntrack_log_invalid

When no logger is registered, nf_conntrack_log_invalid fails to log invalid packets, leaving users unaware of actual invalid traffic. Improve this by loading nf_log_syslog, similar to how 'iptables -I FORWARD 1 -m conntrack --ctstate INVALID -j LOG' triggers it. Suggested-by: Florian Westphal <fw@strlen.de> Signed-off-by: Zi Li <zi.li@linux.dev> Signed-off-by: Lance Yang <lance.yang@linux.dev> Acked-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Lance Yang <lance.yang@linux.dev> 2025-05-26 16:59:02 +0800
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2025-07-25 18:35:41 +0200
commit: e89a68046687fe9913ce3bfad82f7ccbb65687e0 (patch)
tree: 523ba2a1ee568c6184aa737ed1158f4fbe1c0c23 /include/net/netfilter
parent: aa5840167780a315f8a050b77f41acb852465e2d (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_log.h b/include/net/netfilter/nf_log.h
index e55eedc84ed7..00506792a06d 100644
--- a/include/net/netfilter/nf_log.h
+++ b/include/net/netfilter/nf_log.h
@@ -59,6 +59,9 @@ extern int sysctl_nf_log_all_netns;
 int nf_log_register(u_int8_t pf, struct nf_logger *logger);
 void nf_log_unregister(struct nf_logger *logger);
 
+/* Check if any logger is registered for a given protocol family. */
+bool nf_log_is_registered(u_int8_t pf);
+
 int nf_log_set(struct net *net, u_int8_t pf, const struct nf_logger *logger);
 void nf_log_unset(struct net *net, const struct nf_logger *logger);
author	Lance Yang <lance.yang@linux.dev>	2025-05-26 16:59:02 +0800
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2025-07-25 18:35:41 +0200
commit	e89a68046687fe9913ce3bfad82f7ccbb65687e0 (patch)
tree	523ba2a1ee568c6184aa737ed1158f4fbe1c0c23 /include/net/netfilter
parent	aa5840167780a315f8a050b77f41acb852465e2d (diff)