diff options
author | Kyle Bowman <kbowman@cloudflare.com> | 2021-10-01 18:41:36 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2022-01-18 13:22:54 +0100 |
commit | db99f6019eab5f108fe1050349b3e793ea21353d (patch) | |
tree | 869eeac568efd27d8a8964ef93e4f648872f2166 /extensions | |
parent | 30b178b9bf11e75cd5ff7310ce0f5d9c9ace3b7a (diff) |
extensions: libxt_NFLOG: use nft built-in logging instead of xt_NFLOG
Replaces the use of xt_NFLOG with the nft built-in log statement.
This additionally adds support for using longer log prefixes of 128
characters in size. Until now NFLOG has truncated the log-prefix to the
64-character limit supported by iptables-legacy. We now use the struct
xtables_target's udata member to store the longer 128-character prefix
supported by iptables-nft.
Signed-off-by: Kyle Bowman <kbowman@cloudflare.com>
Signed-off-by: Alex Forster <aforster@cloudflare.com>
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/libxt_NFLOG.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c index 02a1b4aa..2b78e278 100644 --- a/extensions/libxt_NFLOG.c +++ b/extensions/libxt_NFLOG.c @@ -5,6 +5,7 @@ #include <getopt.h> #include <xtables.h> +#include <linux/netfilter/nf_log.h> #include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_NFLOG.h> @@ -53,12 +54,16 @@ static void NFLOG_init(struct xt_entry_target *t) static void NFLOG_parse(struct xt_option_call *cb) { + char *nf_log_prefix = cb->udata; + xtables_option_parse(cb); switch (cb->entry->id) { case O_PREFIX: if (strchr(cb->arg, '\n') != NULL) xtables_error(PARAMETER_PROBLEM, "Newlines not allowed in --log-prefix"); + + snprintf(nf_log_prefix, NF_LOG_PREFIXLEN, "%s", cb->arg); break; } } @@ -149,6 +154,7 @@ static struct xtables_target nflog_target = { .save = NFLOG_save, .x6_options = NFLOG_opts, .xlate = NFLOG_xlate, + .udata_size = NF_LOG_PREFIXLEN }; void _init(void) |