[PATCH 2.4.x][RFC] enlarge struct ipt_log

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH 2.4.x][RFC] enlarge struct ipt_log_info prefix to 62 bytes
@ 2004-12-20 11:55 Roberto Nibali
  2004-12-22 11:47 ` Patrick McHardy
  0 siblings, 1 reply; 3+ messages in thread
From: Roberto Nibali @ 2004-12-20 11:55 UTC (permalink / raw)
  To: netfilter-devel

Hello,

I'm in progress of my annual christmas code cleaning round and during this time 
I always send back all the patches that could be useful to others or might be 
included without major impact to the respective OSS projects and maintainers.

Concerning netfilter there is one I think others might "benefit" from as well. 
Here's the patch we're using to enlarge the prefix member of the struct 
ipt_log_info structure in ipt_LOG.h:

  struct ipt_log_info {
         unsigned char level;
         unsigned char logflags;
-       char prefix[30];
+       char prefix[62];
  };

We need those additional 32 bytes to represent the prepended text of our meta 
firewall rule composition engine. As an more or less illustrative example, we 
use something as follows:

META_LOG_MSG="foobar: ${META_NAME} [${META_RULE_NUMBER}] a:${ACTION} \
          s:${STATE} f:${META_ICHAIN} "

${IPTABLES} -t filter -A ${META_ICHAIN} -j ${IPT_LOG} \
             [...] \
             ${IPT_LOG_LEVEL} ${IPT_LOG_PREFIX} "${META_LOG_MSG}" \
             [...]

This is in order to do proper and fast log correlation and apply general data 
mining algorithms for classification. Anyway, more information is available on 
request.

I simply wanted to ask if this patch is acceptable both for 2.4.x and 2.6.x 
mainline inclusion or if I'm really off limits. At least it's cache line aligned 
:). We maintain a couple of other ipt_LOG.c patches which help log correlation, 
which however are rather not suitable for submission.

Getting as many patches as possible back to the community reduces my patch 
maintainance and forward patching time.

Best regards,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau  tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH 2.4.x][RFC] enlarge struct ipt_log_info prefix to 62 bytes
  2004-12-20 11:55 [PATCH 2.4.x][RFC] enlarge struct ipt_log_info prefix to 62 bytes Roberto Nibali
@ 2004-12-22 11:47 ` Patrick McHardy
  2004-12-23  1:09   ` Herve Eychenne
  0 siblings, 1 reply; 3+ messages in thread
From: Patrick McHardy @ 2004-12-22 11:47 UTC (permalink / raw)
  To: Roberto Nibali; +Cc: netfilter-devel

Roberto Nibali wrote:

> Concerning netfilter there is one I think others might "benefit" from as 
> well. Here's the patch we're using to enlarge the prefix member of the 
> struct ipt_log_info structure in ipt_LOG.h:
> 
>  struct ipt_log_info {
>         unsigned char level;
>         unsigned char logflags;
> -       char prefix[30];
> +       char prefix[62];
>  };

This breaks binary compatibility, so we can't put it in.
Otherwise I'd agree, 30 byte is kind of small. Maybe it
will be possible with Rusty's and Pablo's work to extend
structures without breaking compatibility.

Regards
Patrick

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH 2.4.x][RFC] enlarge struct ipt_log_info prefix to 62 bytes
  2004-12-22 11:47 ` Patrick McHardy
@ 2004-12-23  1:09   ` Herve Eychenne
  0 siblings, 0 replies; 3+ messages in thread
From: Herve Eychenne @ 2004-12-23  1:09 UTC (permalink / raw)
  To: Patrick McHardy; +Cc: netfilter-devel, Roberto Nibali

On Wed, Dec 22, 2004 at 12:47:17PM +0100, Patrick McHardy wrote:

> Roberto Nibali wrote:

> >Concerning netfilter there is one I think others might "benefit" from as 
> >well. Here's the patch we're using to enlarge the prefix member of the 
> >struct ipt_log_info structure in ipt_LOG.h:
> >
> > struct ipt_log_info {
> >        unsigned char level;
> >        unsigned char logflags;
> >-       char prefix[30];
> >+       char prefix[62];
> > };

> This breaks binary compatibility, so we can't put it in.
> Otherwise I'd agree, 30 byte is kind of small. Maybe it
> will be possible with Rusty's and Pablo's work to extend
> structures without breaking compatibility.

BTW, we really should provide a /proc entry which would give the maximum
length of this LOG prefix.  And while we are at it, another one for
chainname length.  Can somebody think of another useful value which
would be worth publishing?
That will help third party applications a lot, so they can be aware
of how many chars they can use (these values can be changed
at compile time anyhow) and take advantage of it.

 Herve

-- 
 _
(°=  Hervé Eychenne
//)
v_/_ WallFire project:  http://www.wallfire.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2004-12-23  1:09 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-12-20 11:55 [PATCH 2.4.x][RFC] enlarge struct ipt_log_info prefix to 62 bytes Roberto Nibali
2004-12-22 11:47 ` Patrick McHardy
2004-12-23  1:09   ` Herve Eychenne

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.