extensions: libxt_NFLOG: use nft built-in logging instead of xt_NFLOG

Replaces the use of xt_NFLOG with the nft built-in log statement. This additionally adds support for using longer log prefixes of 128 characters in size. Until now NFLOG has truncated the log-prefix to the 64-character limit supported by iptables-legacy. We now use the struct xtables_target's udata member to store the longer 128-character prefix supported by iptables-nft. Signed-off-by: Kyle Bowman <kbowman@cloudflare.com> Signed-off-by: Alex Forster <aforster@cloudflare.com> Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Florian Westphal <fw@strlen.de>
author: Kyle Bowman <kbowman@cloudflare.com> 2021-10-01 18:41:36 +0100
committer: Florian Westphal <fw@strlen.de> 2022-01-18 13:22:54 +0100
commit: db99f6019eab5f108fe1050349b3e793ea21353d (patch)
tree: 869eeac568efd27d8a8964ef93e4f648872f2166 /iptables/nft.h
parent: 30b178b9bf11e75cd5ff7310ce0f5d9c9ace3b7a (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/iptables/nft.h b/iptables/nft.h
index f189b03f..4c78f761 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -194,6 +194,7 @@ int add_match(struct nft_handle *h, struct nftnl_rule *r, struct xt_entry_match
 int add_target(struct nftnl_rule *r, struct xt_entry_target *t);
 int add_jumpto(struct nftnl_rule *r, const char *name, int verdict);
 int add_action(struct nftnl_rule *r, struct iptables_command_state *cs, bool goto_set);
+int add_log(struct nftnl_rule *r, struct iptables_command_state *cs);
 char *get_comment(const void *data, uint32_t data_len);
 
 enum nft_rule_print {
author	Kyle Bowman <kbowman@cloudflare.com>	2021-10-01 18:41:36 +0100
committer	Florian Westphal <fw@strlen.de>	2022-01-18 13:22:54 +0100
commit	db99f6019eab5f108fe1050349b3e793ea21353d (patch)
tree	869eeac568efd27d8a8964ef93e4f648872f2166 /iptables/nft.h
parent	30b178b9bf11e75cd5ff7310ce0f5d9c9ace3b7a (diff)