From: Shivani Bhardwaj Date: Tue, 22 Dec 2015 20:02:46 +0000 (+0530) Subject: extensions: libxt_NFLOG: Add group_info and remove multiple keywords X-Git-Tag: v1.6.1~148 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d0125f890698dd84553db3d27eea7e36ebbdbf88;p=thirdparty%2Fiptables.git extensions: libxt_NFLOG: Add group_info and remove multiple keywords Add group_info with every rule as it is mandatory to consider logging to be same type as NFLOG. Remove multiple log keywords to avoid loading multiple log expressions at a time. Examples: $ sudo iptables-translate -I INPUT -j NFLOG --nflog-threshold 2 nft insert rule ip filter INPUT counter log queue-threshold 2 group 0 $ sudo iptables-translate -A FORWARD -j NFLOG --nflog-group 32 --nflog-prefix "Prefix 1.0" nft add rule ip filter FORWARD counter log prefix \"Prefix 1.0\" group 32 Reported-by: Arturo Borrero Signed-off-by: Shivani Bhardwaj Signed-off-by: Pablo Neira Ayuso --- diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c index 53976d2f..4f9024ab 100644 --- a/extensions/libxt_NFLOG.c +++ b/extensions/libxt_NFLOG.c @@ -89,14 +89,14 @@ static void NFLOG_save(const void *ip, const struct xt_entry_target *target) static void nflog_print_xlate(const struct xt_nflog_info *info, struct xt_buf *buf) { + xt_buf_add(buf, "log "); if (info->prefix[0] != '\0') - xt_buf_add(buf, "log prefix \\\"%s\\\" ", info->prefix); - if (info->group) - xt_buf_add(buf, "log group %u ", info->group); + xt_buf_add(buf, "prefix \\\"%s\\\" ", info->prefix); if (info->len) - xt_buf_add(buf, "log snaplen %u ", info->len); + xt_buf_add(buf, "snaplen %u ", info->len); if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD) - xt_buf_add(buf, "log queue-threshold %u ", info->threshold); + xt_buf_add(buf, "queue-threshold %u ", info->threshold); + xt_buf_add(buf, "group %u ", info->group); } static int NFLOG_xlate(const struct xt_entry_target *target,