bsdice
commented
3 years ago Compare https://github.com/WireGuard/wg-dynamic/blob/master/lease.c#L432 for an example of switching between IPv4 and IPv6. Bit of a task to get log_cb() to parse IPv6 correctly.
Update: Reason why NFLOG works and LOG doesn't, on my phone, appears to be a kernel configuration issue. On my Pixel 5 with stock LineageOS 18.1 kernel LOG does not work. Later today I flashed the "Proton Kernel" from https://github.com/kdrag0n/proton_kernel_redbull/releases and LOG suddenly sprung to life. Its curator @kdrag0n really really knows what he is doing: https://github.com/kdrag0n/proton_kernel_redbull/commit/4b577a681411c86baca441aaa94e9f790c0e7f42
So solution here seems to be to find a better kernel. MiPa kernel on Xiaomi Mi is good, and this one for Pixel series. Or file a bug report with LineageOS developers.
Maybe Afwall could dig into /proc or sysctl and determine if LOG is available, and if not, warn user. Also warn that NFLOG is not IPv6 capable and will produce erroneous log entries with things like "protocol 128".
pedro042
selurvedu
Describe the bug nflog binary (probably) doesn't support IPv6. See line 179 in external/nflog/nflog.c Hardcoded IPv4 format. IPv6 netlink messages are interpreted as IPv4 messages.
Firewall Logs See investigation https://forum.xda-developers.com/t/5-0-root-3-5-2-afwall-iptables-firewall-16-may-2021.1957231/page-314#post-85484565 and messages bellow
Smartphone (please complete the following information):
Additional context Consider update the nflog utility