From: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx>
The nflog-size was introduced by commit 7070b1f3c88a ("extensions:
libxt_NFLOG: nflog-range does not truncate packets"). Then make
the nflog-range become deprecated, because it has no effect from
the beginning.
So when we do translation, nft log snaplen is translated only if the
nflog-size is specified.
Signed-off-by: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx>
---
extensions/libxt_NFLOG.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
index a747951..dad83f6 100644
--- a/extensions/libxt_NFLOG.c
+++ b/extensions/libxt_NFLOG.c
@@ -112,7 +112,7 @@ static void nflog_print_xlate(const struct xt_nflog_info *info,
xt_xlate_add(xl, "log ");
if (info->prefix[0] != '\0')
xt_xlate_add(xl, "prefix \\\"%s\\\" ", info->prefix);
- if (info->len)
+ if (info->flags & XT_NFLOG_F_COPY_LEN)
xt_xlate_add(xl, "snaplen %u ", info->len);
if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD)
xt_xlate_add(xl, "queue-threshold %u ", info->threshold);
--
2.5.5
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
