From: Gregor Maier <gregor@net.in.tum.de>
To: Patrick McHardy <kaber@trash.net>
Cc: netfilter-devel@lists.netfilter.org, davem@davemloft.net
Subject: Re: [NETFILTER 06/6]: Restore {ipt,ip6t,ebt}_LOG compatibility
Date: Sat, 25 Feb 2006 15:13:17 +0100 [thread overview]
Message-ID: <440065FD.5020206@net.in.tum.de> (raw)
In-Reply-To: <20060225131707.7400.26631.sendpatchset@localhost.localdomain>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Patrick McHardy wrote:
> [NETFILTER]: Restore {ipt,ip6t,ebt}_LOG compatibility
> Restore compatiblity by using the old log functions by default and only use
> the nf_log backend if the user explicitly said so.
>
ipt_LOG still registers itfself as nf_log logger in init(). Good, so
since conntrack can now log.
Problem: no anthoer loggers can register for PF_INET right away. They
must unregister the ipt_LOG logger first. Then they can register
themselves. I don't like the idea of modules and esp. userspace apps
unregistering handlers from other modules. First Come First Serve.
When ipt_LOG doesn't register a nf_log logger, then the problem would
not arise, although the conntrack code could not log anything until some
other logger has been registered (since conntrack uses nf_log_packet).
Maybe nf_log should have two handlers for each PF:
- - One handler for loginfo.type == NF_LOG_TYPE_LOG. Which can be provided
by ipt_LOG.
- - One handler for loginfo.type == NF_LOG_TYPE_ULOG, for which
nfnetlink_log strongly qualifies.
So, as long as ipt_LOG is loaded, conntrack et.al. can log to syslog as is.
If netlink_log is used additionally, (as handler for TYPE_ULOG),
conntrack et.al. won't notice it.
If _everything_ should be logged to userspace, then netlink_log could
also unregister the TYPE_LOG handler and register itself as handler for it.
cu
Gregor
PS: Hope you don't mind that I make so much noise here on the list.
- --
Gregor Maier Lehrstuhl Informatik 8
gregor@net.in.tum.de Tel: +49 89 289-18010
http://www.net.in.tum.de TU Muenchen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFEAGX9dGiwgbikMYMRAp7jAJ9ZZVVe2UWAybxqOA97GPHwy5/8TwCfR5nG
kUDhWbnPadrpi9x2nTyNo2M=
=LS7O
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2006-02-25 14:13 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-25 13:17 [00/06]: Netfilter fixes for 2.6.16 Patrick McHardy
2006-02-25 13:17 ` [NETFILTER 01/6]: nf_queue: don't copy registered rerouter data Patrick McHardy
2006-02-25 13:17 ` [NETFILTER 02/6]: nf_queue: check if rerouter is present before using it Patrick McHardy
2006-02-25 13:18 ` [NETFILTER 03/6]: nf_queue: fix rerouting after packet mangling Patrick McHardy
2006-02-25 13:18 ` [NETFILTER 04/6]: nf_queue: remove unnecessary check for outfn Patrick McHardy
2006-02-25 13:18 ` [NETFILTER 05/6]: nf_queue: fix end-of-list check Patrick McHardy
2006-02-25 13:18 ` [NETFILTER 06/6]: Restore {ipt,ip6t,ebt}_LOG compatibility Patrick McHardy
2006-02-25 14:13 ` Gregor Maier [this message]
2006-02-25 18:48 ` Patrick McHardy
2006-02-27 21:04 ` [00/06]: Netfilter fixes for 2.6.16 David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=440065FD.5020206@net.in.tum.de \
--to=gregor@net.in.tum.de \
--cc=davem@davemloft.net \
--cc=kaber@trash.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.