From 8aa05f01eafc12eabb4320ff429afc09efc806a4 Mon Sep 17 00:00:00 2001
From: turekt <32360115+turekt@users.noreply.github.com>
Date: Sat, 19 Feb 2022 19:57:22 +0000
Subject: [PATCH] Log prefix expression support (#146)

Fixes https://github.com/google/nftables/issues/115
Added expr.Log to EXPR_DATA switch
Added test for expr.Log parsing
---
 nftables_test.go | 67 ++++++++++++++++++++++++++++++++++++++++++++++++
 rule.go          |  2 ++
 2 files changed, 69 insertions(+)

diff --git a/nftables_test.go b/nftables_test.go
index 51450f5..cd166ce 100644
--- a/nftables_test.go
+++ b/nftables_test.go
@@ -569,6 +569,73 @@ func TestConfigureNATSourceAddress(t *testing.T) {
 	}
 }
 
+func TestExprLogPrefix(t *testing.T) {
+	c, newNS := openSystemNFTConn(t)
+	defer cleanupSystemNFTConn(t, newNS)
+
+	c.FlushRuleset()
+	defer c.FlushRuleset()
+
+	filter := c.AddTable(&nftables.Table{
+		Family: nftables.TableFamilyIPv4,
+		Name:   "filter",
+	})
+	input := c.AddChain(&nftables.Chain{
+		Name:     "input",
+		Table:    filter,
+		Type:     nftables.ChainTypeFilter,
+		Hooknum:  nftables.ChainHookInput,
+		Priority: nftables.ChainPriorityFilter,
+	})
+
+	c.AddRule(&nftables.Rule{
+		Table: filter,
+		Chain: input,
+		Exprs: []expr.Any{
+			&expr.Log{
+				Key:  unix.NFTA_LOG_PREFIX,
+				Data: []byte("LOG INPUT"),
+			},
+		},
+	})
+
+	if err := c.Flush(); err != nil {
+		t.Errorf("c.Flush() failed: %v", err)
+	}
+
+	rules, err := c.GetRule(
+		&nftables.Table{
+			Family: nftables.TableFamilyIPv4,
+			Name:   "filter",
+		},
+		&nftables.Chain{
+			Name: "input",
+		},
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if got, want := len(rules), 1; got != want {
+		t.Fatalf("unexpected number of rules: got %d, want %d", got, want)
+	}
+	if got, want := len(rules[0].Exprs), 1; got != want {
+		t.Fatalf("unexpected number of exprs: got %d, want %d", got, want)
+	}
+
+	logExpr, ok := rules[0].Exprs[0].(*expr.Log)
+	if !ok {
+		t.Fatalf("Exprs[0] is type %T, want *expr.Log", rules[0].Exprs[0])
+	}
+
+	if got, want := logExpr.Key, uint32(unix.NFTA_LOG_PREFIX); got != want {
+		t.Fatalf("unexpected *expr.Log key: got %d, want %d", got, want)
+	}
+	if got, want := string(logExpr.Data), "LOG INPUT"; got != want {
+		t.Fatalf("unexpected *expr.Log data: got %s, want %s", got, want)
+	}
+}
+
 func TestGetRule(t *testing.T) {
 	// The want byte sequences come from stracing nft(8), e.g.:
 	// strace -f -v -x -s 2048 -eraw=sendto nft list chain ip filter forward
diff --git a/rule.go b/rule.go
index 64f3115..cf7e422 100644
--- a/rule.go
+++ b/rule.go
@@ -253,6 +253,8 @@ func exprsFromMsg(b []byte) ([]expr.Any, error) {
 						e = &expr.Limit{}
 					case "dynset":
 						e = &expr.Dynset{}
+					case "log":
+						e = &expr.Log{}
 					}
 					if e == nil {
 						// TODO: introduce an opaque expression type so that users know