extensions: libxt_NFLOG: translate to nft log snaplen if nflog-size is specified

The nflog-size was introduced by commit 7070b1f3c88a ("extensions:
libxt_NFLOG: nflog-range does not truncate packets"). Then make
the nflog-range become deprecated, because it has no effect from
the beginning.

So when we do translation, nft log snaplen is translated only if the
nflog-size is specified.

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
index a747951a57a4473938bf885925b428187cb5506d..dad83f6e8e74e4b3c61463815fc668b2979e510e 100644 (file)
--- a/extensions/libxt_NFLOG.c
+++ b/extensions/libxt_NFLOG.c
@@ -112,7 +112,7 @@ static void nflog_print_xlate(const struct xt_nflog_info *info,
        xt_xlate_add(xl, "log ");
        if (info->prefix[0] != '\0')
                xt_xlate_add(xl, "prefix \\\"%s\\\" ", info->prefix);
-       if (info->len)
+       if (info->flags & XT_NFLOG_F_COPY_LEN)
                xt_xlate_add(xl, "snaplen %u ", info->len);
        if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD)
                xt_xlate_add(xl, "queue-threshold %u ", info->threshold);