From: Herve Eychenne <rv@wallfire.org>
To: Roberto Nibali <ratz@tac.ch>
Cc: Harald Welte <laforge@netfilter.org>,
Netfilter Developers <netfilter-devel@lists.netfilter.org>,
Patrick Schaaf <bof@bof.de>
Subject: Re: possible issues with blowing up struct ipt_log_info
Date: Mon, 4 Jul 2005 13:21:05 +0200 [thread overview]
Message-ID: <20050704112105.GD3331@eychenne.org> (raw)
In-Reply-To: <42C91400.8000700@tac.ch>
On Mon, Jul 04, 2005 at 12:48:32PM +0200, Roberto Nibali wrote:
> Fiddle around with the preprocessor in ipt_LOG.c and have yourself the value
> printed out using a new MODULE_PARM_DESC entry :)
That was what we were talking about earlier in this thread. Ok, but this
would then require some support/knowledge from userspace. I proposed /proc,
but Harald didn't seem very prone to use it. My question about the
reasons why is still unanswered.
> > Can you figure out that 90% of
> > Linux users in the world are meant to set up a firewall without even
> > knowing what a kernel is? ;-)
> Where do you have these numbers from? But this is besides the point. If so,
> those users will certainly not use iptables by hand, but a preconfigued script
> or even one of the nice GUIs for setting up the rules. The backend can handle
> such failures easily, no need to know the size :). And how many of those 90% do
> not use standard Linux distributions? Because I bet you 10 bucks that none of
> the well-known Linux Distributions is changing the ipt_log_info struct compared
> to plain vanilla sources.
Sorry, I thought the sententious tune and the smiley would have made this
affirmation appear as an impish kind-of-joke, or anyway one who didn't deserve
any rationnal answer (with which I can only agree though).
> > More seriously, I am reguarly asked to install a netfilter-based firewall
> > on machines I didn't install myself.
> > And most people are not even
> > aware there's a limit for LOG prefix length until they discover
> > the "too long (must be under xx chars)" message, believe me.
And it's the case for almost every static size...
Herve
--
_
(°= Hervé Eychenne
//)
v_/_ WallFire project: http://www.wallfire.org/
next prev parent reply other threads:[~2005-07-04 11:21 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-29 15:37 possible issues with blowing up struct ipt_log_info Roberto Nibali
2005-06-29 15:40 ` Patrick Schaaf
2005-06-29 16:08 ` Roberto Nibali
2005-06-29 16:09 ` Herve Eychenne
2005-07-01 7:08 ` Roberto Nibali
2005-07-03 12:36 ` Harald Welte
2005-07-03 22:05 ` Herve Eychenne
2005-07-04 5:55 ` Patrick Schaaf
2005-07-04 8:20 ` Roberto Nibali
2005-07-04 8:59 ` Harald Welte
2005-07-04 9:26 ` Roberto Nibali
2005-07-04 9:53 ` Harald Welte
2005-07-04 10:13 ` Roberto Nibali
2005-07-04 10:08 ` Herve Eychenne
2005-07-04 10:48 ` Roberto Nibali
2005-07-04 11:21 ` Herve Eychenne [this message]
2005-07-04 9:23 ` Herve Eychenne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050704112105.GD3331@eychenne.org \
--to=rv@wallfire.org \
--cc=bof@bof.de \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=ratz@tac.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.