From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Alex Forster <aforster@cloudflare.com>
Cc: Kyle Bowman <kbowman@cloudflare.com>,
kernel-team <kernel-team@cloudflare.com>,
Jozsef Kadlecsik <kadlec@netfilter.org>,
Florian Westphal <fw@strlen.de>,
"David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
linux-kernel@vger.kernel.org,
Network Development <netdev@vger.kernel.org>
Subject: Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
Date: Tue, 27 Jul 2021 23:10:29 +0200 [thread overview]
Message-ID: <20210727211029.GA17432@salvia> (raw)
In-Reply-To: <CAKxSbF0tjY7EV=OOyfND8CxSmusfghvURQYnBxMz=DoNtGrfSg@mail.gmail.com>
On Tue, Jul 27, 2021 at 03:06:05PM -0500, Alex Forster wrote:
> (And again, this time as plain-text...)
>
> > Why do you need to make the two consistent? iptables NFLOG prefix
> > length is a subset of nftables log action, this is sufficient for the
> > iptables-nft layer. I might be missing the use-case on your side,
> > could you please elaborate?
>
> We use the nflog prefix space to attach various bits of metadata to
> iptables and nftables rules that are dynamically generated and
> installed on our edge. 63 printable chars is a bit too tight to fit
> everything that we need, so we're running this patch internally and
> are looking to upstream it.
It should be possible to update iptables-nft to use nft_log from
userspace (instead of xt_LOG) which removes this limitation, there is
no need for a kernel upgrade.
next prev parent reply other threads:[~2021-07-27 21:10 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-27 19:00 [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes Kyle Bowman
2021-07-27 19:54 ` Pablo Neira Ayuso
2021-07-27 20:06 ` Alex Forster
2021-07-27 21:10 ` Pablo Neira Ayuso [this message]
2021-07-27 21:22 ` Alex Forster
2021-07-27 21:27 ` Pablo Neira Ayuso
2021-07-27 21:44 ` Alex Forster
2021-07-27 21:52 ` Pablo Neira Ayuso
2021-07-27 22:45 ` Alex Forster
2021-07-27 23:02 ` Pablo Neira Ayuso
2021-07-28 1:43 ` [netfilter-core] " Phil Sutter
2021-07-30 18:27 ` Kyle Bowman
2021-08-01 14:14 ` Jeremy Sowden
2021-08-02 11:20 ` Jeremy Sowden
2021-08-02 16:40 ` Jeremy Sowden
2021-08-03 9:06 ` Jeremy Sowden
2021-08-03 18:36 ` Kyle Bowman
2021-08-05 10:42 ` Jeremy Sowden
2021-08-05 21:07 ` Jeremy Sowden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210727211029.GA17432@salvia \
--to=pablo@netfilter.org \
--cc=aforster@cloudflare.com \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=fw@strlen.de \
--cc=kadlec@netfilter.org \
--cc=kbowman@cloudflare.com \
--cc=kernel-team@cloudflare.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.