logging rule ID - Ken-ichirou MATSUZAWA

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
To: netfilter@vger.kernel.org
Subject: logging rule ID
Date: Tue, 25 Aug 2015 13:57:20 +0900	[thread overview]
Message-ID: <20150825045720.GA3073@gmail.com> (raw)

 Hi,

We manage firewall appliance products. A few of them can log not
only packet information but also log which rule number or rule ID
causes to log. I know nflog can do so by specifying log-prefix but
user must keep the uniqueness, it seems troublesome.

Based on it, how about passing systematic id to nflog? I think one
of a way is introducing holder struct like

    struct nft_rule_key {
         char *chain_name;
         u64  rule_handle;
    };

and add it to struct nft_pktinfo member. A Rule identifier --- chain
name and rule handle number --- can be passed to eval() callback by
setting those in nft_do_chain()::nf_tables_core.c before calling
eval() callback.

But I don't know whether this way adapts to the whole nft design or
not. And it seems that big change will be needed after passing
nft_rule_key to nft_log_eval().

Then, please let me ask three questions:

* Is there a way to identify the rule which rule outputs log without
  log-prefix?

* Is there a plan to identify the rule from log?

* How do I progress in nft_log_eval() if this method, passing rule
  identifier to nflog_log_eval(), can be acceptable?

Thanks,

                 reply	other threads:[~2015-08-25  4:57 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150825045720.GA3073@gmail.com \
    --to=chamaken@gmail.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.