extensions: libxt_NFLOG: Add group_info and remove multiple keywords

Add group_info with every rule as it is mandatory to consider logging to
be same type as NFLOG.
Remove multiple log keywords to avoid loading multiple log expressions
at a time.

Examples:

$ sudo iptables-translate -I INPUT -j NFLOG --nflog-threshold 2
nft insert rule ip filter INPUT counter log queue-threshold 2 group 0

$ sudo iptables-translate -A FORWARD -j NFLOG --nflog-group 32 --nflog-prefix "Prefix 1.0"
nft add rule ip filter FORWARD counter log prefix \"Prefix 1.0\" group 32

Reported-by: Arturo Borrero <arturoborreroglez@gmail.com>
Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
index 53976d2f6833a00e6bec40224f45892c711942e4..4f9024abdd5f46ef6a197480d9cca9b1272e9e87 100644 (file)
--- a/extensions/libxt_NFLOG.c
+++ b/extensions/libxt_NFLOG.c
@@ -89,14 +89,14 @@ static void NFLOG_save(const void *ip, const struct xt_entry_target *target)
 static void nflog_print_xlate(const struct xt_nflog_info *info,
                              struct xt_buf *buf)
 {
+       xt_buf_add(buf, "log ");
        if (info->prefix[0] != '\0')
-               xt_buf_add(buf, "log prefix \\\"%s\\\" ", info->prefix);
-       if (info->group)
-               xt_buf_add(buf, "log group %u ", info->group);
+               xt_buf_add(buf, "prefix \\\"%s\\\" ", info->prefix);
        if (info->len)
-               xt_buf_add(buf, "log snaplen %u ", info->len);
+               xt_buf_add(buf, "snaplen %u ", info->len);
        if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD)
-               xt_buf_add(buf, "log queue-threshold %u ", info->threshold);
+               xt_buf_add(buf, "queue-threshold %u ", info->threshold);
+       xt_buf_add(buf, "group %u ", info->group);
 }
 
 static int NFLOG_xlate(const struct xt_entry_target *target,