diff options
| author | Shivani Bhardwaj <shivanib134@gmail.com> | 2015-12-21 23:05:59 +0530 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-02-16 19:30:22 +0100 |
| commit | 7a2de9b9141c96b3984f54fa1e48a0ed88c8b40c (patch) | |
| tree | d241cd49e6c15edaa611d576f1610848f518338a | |
| parent | 6cfa723a83d45fac52646413caba59e1233c6bae (diff) | |
extensions: libxt_NFLOG: Add translation to nft
Add translation for NF Logging to nftables.
Examples:
$ sudo iptables-translate -A OUTPUT -j NFLOG --nflog-group 30
nft add rule ip filter OUTPUT counter log group 30
$ sudo iptables-translate -A FORWARD -j NFLOG --nflog-group 32 --nflog-prefix "Prefix 1.0"
nft add rule ip filter FORWARD counter log prefix \"Prefix 1.0\" log group 32
$ sudo iptables-translate -I INPUT -j NFLOG --nflog-range 256
nft insert rule ip filter INPUT counter log snaplen 256
$ sudo iptables-translate -I INPUT -j NFLOG --nflog-threshold 25
nft insert rule ip filter INPUT counter log queue-threshold 25
Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | extensions/libxt_NFLOG.c | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c index 448576af..53976d2f 100644 --- a/extensions/libxt_NFLOG.c +++ b/extensions/libxt_NFLOG.c @@ -72,7 +72,7 @@ static void nflog_print(const struct xt_nflog_info *info, char *prefix) } static void NFLOG_print(const void *ip, const struct xt_entry_target *target, - int numeric) + int numeric) { const struct xt_nflog_info *info = (struct xt_nflog_info *)target->data; @@ -86,6 +86,29 @@ static void NFLOG_save(const void *ip, const struct xt_entry_target *target) nflog_print(info, "--"); } +static void nflog_print_xlate(const struct xt_nflog_info *info, + struct xt_buf *buf) +{ + if (info->prefix[0] != '\0') + xt_buf_add(buf, "log prefix \\\"%s\\\" ", info->prefix); + if (info->group) + xt_buf_add(buf, "log group %u ", info->group); + if (info->len) + xt_buf_add(buf, "log snaplen %u ", info->len); + if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD) + xt_buf_add(buf, "log queue-threshold %u ", info->threshold); +} + +static int NFLOG_xlate(const struct xt_entry_target *target, + struct xt_buf *buf, int numeric) +{ + const struct xt_nflog_info *info = (struct xt_nflog_info *)target->data; + + nflog_print_xlate(info, buf); + + return 1; +} + static struct xtables_target nflog_target = { .family = NFPROTO_UNSPEC, .name = "NFLOG", @@ -98,6 +121,7 @@ static struct xtables_target nflog_target = { .print = NFLOG_print, .save = NFLOG_save, .x6_options = NFLOG_opts, + .xlate = NFLOG_xlate, }; void _init(void) |