From: Roberto Nibali <ratz@tac.ch>
To: Netfilter Developers <netfilter-devel@lists.netfilter.org>
Subject: possible issues with blowing up struct ipt_log_info
Date: Wed, 29 Jun 2005 17:37:55 +0200 [thread overview]
Message-ID: <42C2C053.3040707@tac.ch> (raw)
Hello,
For our central logging infrastructure we prefix a LOG rule with quite some
information which is not directly available in the ipt_LOG.c module. Plus this
allows our maintenance team to improve reaction time. For that I blew up the
ipt_log_info struct as follows:
-- linux-2.4.31-orig/include/linux/netfilter_ipv4/ipt_LOG.h 2000-03-17 19:56
:20 +0100
+++ linux-2.4.31-pab2/include/linux/netfilter_ipv4/ipt_LOG.h 2005-06-29 14:52
:03 +0200
@@ -9,7 +9,7 @@
struct ipt_log_info {
unsigned char level;
unsigned char logflags;
- char prefix[30];
+ char prefix[126];
};
#endif /*_IPT_LOG_H*/
My question is, if anyone sees any problems with this, regarding performance
degradation on 32bit boxes or with caching problems? Does anyone know? A typical
prefix entry for example looks as follows (just in case you'd ask yourself why
we need such a big entry):
`tfx3: fw-tcp [1004] a:ACCEPT s:NEW f:PREROUTING F=NOTRACK '
Where ...
tfx3 : is the internal firewall version (changes depending on the
kernel booted, support from 2.0.x to 2.6.x),
[1004] : is the rule number of the meta rule
a:<aaa> : is the action taken
s:<sss> : is the state
<f,m,n>:<fmn> : is the table and the chain
F=<FFF> : are reserved for the flags passed by the meta fw
Best regards,
Roberto Nibali, ratz
--
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau tel://++41 62 823 9355
http://www.terreactive.com fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG Wir sichern Ihren Erfolg
-------------------------------------------------------------
next reply other threads:[~2005-06-29 15:37 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-29 15:37 Roberto Nibali [this message]
2005-06-29 15:40 ` possible issues with blowing up struct ipt_log_info Patrick Schaaf
2005-06-29 16:08 ` Roberto Nibali
2005-06-29 16:09 ` Herve Eychenne
2005-07-01 7:08 ` Roberto Nibali
2005-07-03 12:36 ` Harald Welte
2005-07-03 22:05 ` Herve Eychenne
2005-07-04 5:55 ` Patrick Schaaf
2005-07-04 8:20 ` Roberto Nibali
2005-07-04 8:59 ` Harald Welte
2005-07-04 9:26 ` Roberto Nibali
2005-07-04 9:53 ` Harald Welte
2005-07-04 10:13 ` Roberto Nibali
2005-07-04 10:08 ` Herve Eychenne
2005-07-04 10:48 ` Roberto Nibali
2005-07-04 11:21 ` Herve Eychenne
2005-07-04 9:23 ` Herve Eychenne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42C2C053.3040707@tac.ch \
--to=ratz@tac.ch \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.