From d0125f890698dd84553db3d27eea7e36ebbdbf88 Mon Sep 17 00:00:00 2001 From: Shivani Bhardwaj Date: Wed, 23 Dec 2015 01:32:46 +0530 Subject: extensions: libxt_NFLOG: Add group_info and remove multiple keywords Add group_info with every rule as it is mandatory to consider logging to be same type as NFLOG. Remove multiple log keywords to avoid loading multiple log expressions at a time. Examples: $ sudo iptables-translate -I INPUT -j NFLOG --nflog-threshold 2 nft insert rule ip filter INPUT counter log queue-threshold 2 group 0 $ sudo iptables-translate -A FORWARD -j NFLOG --nflog-group 32 --nflog-prefix "Prefix 1.0" nft add rule ip filter FORWARD counter log prefix \"Prefix 1.0\" group 32 Reported-by: Arturo Borrero Signed-off-by: Shivani Bhardwaj Signed-off-by: Pablo Neira Ayuso --- extensions/libxt_NFLOG.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'extensions/libxt_NFLOG.c') diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c index 53976d2f..4f9024ab 100644 --- a/extensions/libxt_NFLOG.c +++ b/extensions/libxt_NFLOG.c @@ -89,14 +89,14 @@ static void NFLOG_save(const void *ip, const struct xt_entry_target *target) static void nflog_print_xlate(const struct xt_nflog_info *info, struct xt_buf *buf) { + xt_buf_add(buf, "log "); if (info->prefix[0] != '\0') - xt_buf_add(buf, "log prefix \\\"%s\\\" ", info->prefix); - if (info->group) - xt_buf_add(buf, "log group %u ", info->group); + xt_buf_add(buf, "prefix \\\"%s\\\" ", info->prefix); if (info->len) - xt_buf_add(buf, "log snaplen %u ", info->len); + xt_buf_add(buf, "snaplen %u ", info->len); if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD) - xt_buf_add(buf, "log queue-threshold %u ", info->threshold); + xt_buf_add(buf, "queue-threshold %u ", info->threshold); + xt_buf_add(buf, "group %u ", info->group); } static int NFLOG_xlate(const struct xt_entry_target *target, -- cgit v1.2.3