]> git.ipfire.org Git - thirdparty/iptables.git/commitdiff
projects / thirdparty / iptables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2db1d5d)
extensions: libipt_LOG: Add translation to nft
authorShivani Bhardwaj <shivanib134@gmail.com>
Tue, 5 Jan 2016 18:02:29 +0000 (23:32 +0530)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 16 Feb 2016 18:30:24 +0000 (19:30 +0100)
Add translation for options log-level and log-prefix of LOG target
to nftables.
Full translation of this target awaits the support for the options
log-tcp-sequence, log-tcp-options, log-ip-options, log-uid and
log-macdecode in nftables.

Examples:

$ sudo iptables-translate -A FORWARD -p tcp -j LOG --log-level error
nft add rule ip filter FORWARD ip protocol tcp counter log level err

$ sudo iptables-translate -A FORWARD -p tcp -j LOG --log-prefix "Random prefix"
nft add rule ip filter FORWARD ip protocol tcp counter log prefix \"Random prefix\" level warn

Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
extensions/libipt_LOG.c patch | blob | blame | history

diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c
index 77f16d19e09aa1cbd494d3d6eede4cedcb5fb4c7..f2beee38a79d6a7a5a5228ed71255eea0393fb52 100644 (file)
--- a/extensions/libipt_LOG.c
+++ b/extensions/libipt_LOG.c
@@ -63,6 +63,11 @@ struct ipt_log_names {
        unsigned int level;
 };
 
+struct ipt_log_xlate {
+       const char *name;
+       unsigned int level;
+};
+
 static const struct ipt_log_names ipt_log_names[]
 = { { .name = "alert",   .level = LOG_ALERT },
     { .name = "crit",    .level = LOG_CRIT },
@@ -166,6 +171,37 @@ static void LOG_save(const void *ip, const struct xt_entry_target *target)
                printf(" --log-macdecode");
 }
 
+static const struct ipt_log_xlate ipt_log_xlate_names[] = {
+       {"alert",       LOG_ALERT },
+       {"crit",        LOG_CRIT },
+       {"debug",       LOG_DEBUG },
+       {"emerg",       LOG_EMERG },
+       {"err",         LOG_ERR },
+       {"info",        LOG_INFO },
+       {"notice",      LOG_NOTICE },
+       {"warn",        LOG_WARNING }
+};
+
+static int LOG_xlate(const struct xt_entry_target *target,
+                    struct xt_buf *buf, int numeric)
+{
+       unsigned int i = 0;
+       const struct ipt_log_info *loginfo =
+                       (const struct ipt_log_info *)target->data;
+
+       xt_buf_add(buf, "log ");
+       if (strcmp(loginfo->prefix, "") != 0)
+               xt_buf_add(buf, "prefix \\\"%s\\\" ", loginfo->prefix);
+
+       for (i = 0; i < ARRAY_SIZE(ipt_log_xlate_names); ++i)
+               if (loginfo->level == ipt_log_xlate_names[i].level) {
+                       xt_buf_add(buf, "level %s ",
+                                  ipt_log_xlate_names[i].name);
+                       break;
+               }
+
+       return 1;
+}
 static struct xtables_target log_tg_reg = {
        .name          = "LOG",
        .version       = XTABLES_VERSION,
@@ -178,6 +214,7 @@ static struct xtables_target log_tg_reg = {
        .save          = LOG_save,
        .x6_parse      = LOG_parse,
        .x6_options    = LOG_opts,
+       .xlate         = LOG_xlate,
 };
 
 void _init(void)
Mirror of git://git.netfilter.org/iptables