On 21 December 2015 at 18:35, Shivani Bhardwaj <shivanib134@xxxxxxxxx> wrote:
> Add translation for NF Logging to nftables.
>
> Examples:
>
> $ sudo iptables-translate -A OUTPUT -j NFLOG --nflog-group 30
> nft add rule ip filter OUTPUT counter log group 30
>
> $ sudo iptables-translate -A FORWARD -j NFLOG --nflog-group 32 --nflog-prefix "Prefix 1.0"
> nft add rule ip filter FORWARD counter log prefix \"Prefix 1.0\" log group 32
>
Hi Shivani,
I think that rule should translate to:
nft add rule ip filter FORWARD counter log prefix \"Prefix 1.0\" group 32
so, avoid using multiple 'log' keywords, which will load several
nftables log expressions.
>
> +static void nflog_print_xlate(const struct xt_nflog_info *info,
> + char *prefix, struct xt_buf *buf)
> +{
> + if (info->prefix[0] != '\0')
> + xt_buf_add(buf, "%slog prefix \\\"%s\\\" ",
> + prefix, info->prefix);
> + if (info->group)
> + xt_buf_add(buf, "%slog group %u ", prefix, info->group);
> + if (info->len)
> + xt_buf_add(buf, "%slog snaplen %u ", prefix, info->len);
> + if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD)
> + xt_buf_add(buf, "%slog queue-threshold %u ",
> + prefix, info->threshold);
> +}
> +
You may revisit this function.
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
