Add group_info with every rule as it is mandatory to consider logging to
be same type as NFLOG.
Remove multiple log keywords to avoid loading multiple log expressions
at a time.
Examples:
$ sudo iptables-translate -I INPUT -j NFLOG --nflog-threshold 2
nft insert rule ip filter INPUT counter log queue-threshold 2 group 0
$ sudo iptables-translate -A FORWARD -j NFLOG --nflog-group 32 --nflog-prefix "Prefix 1.0"
nft add rule ip filter FORWARD counter log prefix \"Prefix 1.0\" group 32
Signed-off-by: Shivani Bhardwaj <shivanib134@xxxxxxxxx>
---
extensions/libxt_NFLOG.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
index 53976d2..e1c9f65 100644
--- a/extensions/libxt_NFLOG.c
+++ b/extensions/libxt_NFLOG.c
@@ -8,6 +8,8 @@
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_NFLOG.h>
+#define DEFAULT_GROUP 0
+
enum {
O_GROUP = 0,
O_PREFIX,
@@ -89,14 +91,17 @@ static void NFLOG_save(const void *ip, const struct xt_entry_target *target)
static void nflog_print_xlate(const struct xt_nflog_info *info,
struct xt_buf *buf)
{
+ xt_buf_add(buf, "log ");
if (info->prefix[0] != '\0')
- xt_buf_add(buf, "log prefix \\\"%s\\\" ", info->prefix);
- if (info->group)
- xt_buf_add(buf, "log group %u ", info->group);
+ xt_buf_add(buf, "prefix \\\"%s\\\" ", info->prefix);
if (info->len)
- xt_buf_add(buf, "log snaplen %u ", info->len);
+ xt_buf_add(buf, "snaplen %u ", info->len);
if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD)
- xt_buf_add(buf, "log queue-threshold %u ", info->threshold);
+ xt_buf_add(buf, "queue-threshold %u ", info->threshold);
+ if (info->group)
+ xt_buf_add(buf, "group %u ", info->group);
+ else
+ xt_buf_add(buf, "group %u ", DEFAULT_GROUP);
}
static int NFLOG_xlate(const struct xt_entry_target *target,
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
