extensions: libxt_NFLOG: Add translation to nft

Add translation for NF Logging to nftables.

Examples:

$ sudo iptables-translate -A OUTPUT -j NFLOG --nflog-group 30
nft add rule ip filter OUTPUT counter log group 30

$ sudo iptables-translate -A FORWARD -j NFLOG --nflog-group 32 --nflog-prefix "Prefix 1.0"
nft add rule ip filter FORWARD counter log prefix \"Prefix 1.0\" log group 32

$ sudo iptables-translate -I INPUT -j NFLOG --nflog-range 256
nft insert rule ip filter INPUT counter log snaplen 256

$ sudo iptables-translate -I INPUT -j NFLOG --nflog-threshold 25
nft insert rule ip filter INPUT counter log queue-threshold 25

Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
index 448576afaabe3bb7e39254acede9530d7ad70ad1..53976d2f6833a00e6bec40224f45892c711942e4 100644 (file)
--- a/extensions/libxt_NFLOG.c
+++ b/extensions/libxt_NFLOG.c
@@ -72,7 +72,7 @@ static void nflog_print(const struct xt_nflog_info *info, char *prefix)
 }
 
 static void NFLOG_print(const void *ip, const struct xt_entry_target *target,
-                        int numeric)
+                       int numeric)
 {
        const struct xt_nflog_info *info = (struct xt_nflog_info *)target->data;
 
@@ -86,6 +86,29 @@ static void NFLOG_save(const void *ip, const struct xt_entry_target *target)
        nflog_print(info, "--");
 }
 
+static void nflog_print_xlate(const struct xt_nflog_info *info,
+                             struct xt_buf *buf)
+{
+       if (info->prefix[0] != '\0')
+               xt_buf_add(buf, "log prefix \\\"%s\\\" ", info->prefix);
+       if (info->group)
+               xt_buf_add(buf, "log group %u ", info->group);
+       if (info->len)
+               xt_buf_add(buf, "log snaplen %u ", info->len);
+       if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD)
+               xt_buf_add(buf, "log queue-threshold %u ", info->threshold);
+}
+
+static int NFLOG_xlate(const struct xt_entry_target *target,
+                      struct xt_buf *buf, int numeric)
+{
+       const struct xt_nflog_info *info = (struct xt_nflog_info *)target->data;
+
+       nflog_print_xlate(info, buf);
+
+       return 1;
+}
+
 static struct xtables_target nflog_target = {
        .family         = NFPROTO_UNSPEC,
        .name           = "NFLOG",
@@ -98,6 +121,7 @@ static struct xtables_target nflog_target = {
        .print          = NFLOG_print,
        .save           = NFLOG_save,
        .x6_options     = NFLOG_opts,
+       .xlate          = NFLOG_xlate,
 };
 
 void _init(void)