On 2021-08-03, at 13:36:04 -0500, Kyle Bowman wrote: > On Tue, Aug 03, 2021 at 10:06:41AM +0100, Jeremy Sowden wrote: > > > > Right, take three. Firstly, use udata as I previously suggested, and > > then use a new struct with a layout compatible with struct xt_nflog_info > > just for printing and saving iptables-nft targets. > > > > Seems to work. Doesn't break iptables-legacy. > > > > Patches attached. > > Thanks for writing in and helping with this, I appreciate it. I > actually was trying to make this work last night in a similar way to > how you've solved it but I gave up after a few hours. I'll go ahead > and organize this together and send the patches in a separate thread. One thing before you do. Some of iptables' unit-tests related to NFLOG are now failing. For example: $ sudo python3 ./iptables-test.py -n extensions/libxt_NFLOG.t Cannot run in own namespace, connectivity might break extensions/libxt_NFLOG.t: ERROR: line 2 (cannot find: iptables -I INPUT -j NFLOG --nflog-group 1) extensions/libxt_NFLOG.t: ERROR: line 3 (cannot find: iptables -I INPUT -j NFLOG --nflog-group 65535) extensions/libxt_NFLOG.t: ERROR: line 6 (cannot find: iptables -I INPUT -j NFLOG --nflog-range 1) extensions/libxt_NFLOG.t: ERROR: line 7 (cannot find: iptables -I INPUT -j NFLOG --nflog-range 4294967295) extensions/libxt_NFLOG.t: ERROR: line 10 (cannot find: iptables -I INPUT -j NFLOG --nflog-size 0) extensions/libxt_NFLOG.t: ERROR: line 11 (cannot find: iptables -I INPUT -j NFLOG --nflog-size 1) extensions/libxt_NFLOG.t: ERROR: line 12 (cannot find: iptables -I INPUT -j NFLOG --nflog-size 4294967295) extensions/libxt_NFLOG.t: ERROR: line 19 (cannot find: iptables -I INPUT -j NFLOG --nflog-threshold 1) extensions/libxt_NFLOG.t: ERROR: line 22 (cannot find: iptables -I INPUT -j NFLOG --nflog-threshold 65535) 1 test files, 17 unit tests, 8 passed I'm working my way through them. I've got fixes for most. I'll send patches when I've sorted out the remaining ones. J.
Attachment:
signature.asc
Description: PGP signature
