From 15c38317eff2bdef963cc3032512ce6cf191dadb Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jo@mein.io>
Date: Fri, 17 Jun 2022 14:42:03 +0200
Subject: [PATCH] fw4: add support for `option log` in rule and redirect
 sections

Sections of type `rule` and type `redirect` may now specify
`option log value` to enable logging matched traffic for the
corresponding rule/redirect.

The value may be either a string, in which case it is used as log prefix
verbatim or a boolean value (`1`, `on`, `true`, `yes`, `0`, `off`, `false`
or `no`).

In case a boolean false value is specified (the default), no logging is
performed. In case a true boolean value is specified, matched traffic is
logged and the rule's name (or uci section id i ncase the name is absent)
is used as log prefix.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
---
 .../usr/share/firewall4/templates/redirect.uc |  2 ++
 root/usr/share/ucode/fw4.uc                   | 21 ++++++++++++++++++-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/root/usr/share/firewall4/templates/redirect.uc b/root/usr/share/firewall4/templates/redirect.uc
index 5b81f64..933fbd7 100644
--- a/root/usr/share/firewall4/templates/redirect.uc
+++ b/root/usr/share/firewall4/templates/redirect.uc
@@ -63,6 +63,8 @@
 	}} @{{ redirect.ipset.name }} {%+ endif -%}
 {%+ if (redirect.counter): -%}
 	counter {%+ endif -%}
+{%+ if (redirect.log): -%}
+	log prefix {{ fw4.quote(redirect.log, true) }} {%+ endif -%}
 {% if (redirect.target == "redirect"): -%}
 	redirect{% if (redirect.rport): %} to {{ fw4.port(redirect.rport) }}{% endif %}
 {%- elif (redirect.target == "accept" || redirect.target == "masquerade"): -%}
diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index e6bd365..1b4764c 100644
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -2244,6 +2244,7 @@ return {
 			set_dscp: [ "dscp", null, NO_INVERT ],
 
 			counter: [ "bool", "1" ],
+			log: [ "string" ],
 
 			target: [ "target" ]
 		});
@@ -2278,6 +2279,15 @@ return {
 			return;
 		}
 
+		switch (this.parse_bool(rule.log)) {
+		case true:
+			rule.log = rule.name;
+			break;
+
+		case false:
+			delete rule.log;
+		}
+
 		let ipset;
 
 		if (rule.ipset) {
@@ -2550,6 +2560,7 @@ return {
 			reflection_zone: [ "zone_ref", null, PARSE_LIST ],
 
 			counter: [ "bool", "1" ],
+			log: [ "string" ],
 
 			target: [ "target", "dnat" ]
 		});
@@ -2568,6 +2579,15 @@ return {
 			redir.target = "dnat";
 		}
 
+		switch (this.parse_bool(redir.log)) {
+		case true:
+			redir.log = redir.name;
+			break;
+
+		case false:
+			delete redir.log;
+		}
+
 		let ipset;
 
 		if (redir.ipset) {
@@ -2656,7 +2676,6 @@ return {
 			redir.dest.zone.dflags[redir.target] = true;
 		}
 
-
 		let add_rule = (family, proto, saddrs, daddrs, raddrs, sport, dport, rport, ipset, redir) => {
 			let r = {
 				...redir,
-- 
2.30.2