Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jeremy Sowden <jeremy@azazel.net>
To: Kyle Bowman <kbowman@cloudflare.com>
Cc: Phil Sutter <phil@nwl.cc>, Alex Forster <aforster@cloudflare.com>,
	Pablo Neira Ayuso <pablo@netfilter.org>,
	kernel-team <kernel-team@cloudflare.com>,
	Jozsef Kadlecsik <kadlec@netfilter.org>,
	coreteam@netfilter.org, netfilter-devel@vger.kernel.org
Subject: Re: [netfilter-core] [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes
Date: Thu, 5 Aug 2021 11:42:58 +0100	[thread overview]
Message-ID: <YQvAsgl/ylNAZVVP@azazel.net> (raw)
In-Reply-To: <YQmMlAheX6Tmg2qJ@C02XR1NRJGH8>

[-- Attachment #1: Type: text/plain, Size: 2015 bytes --]

On 2021-08-03, at 13:36:04 -0500, Kyle Bowman wrote:
> On Tue, Aug 03, 2021 at 10:06:41AM +0100, Jeremy Sowden wrote:
> >
> > Right, take three.  Firstly, use udata as I previously suggested, and
> > then use a new struct with a layout compatible with struct xt_nflog_info
> > just for printing and saving iptables-nft targets.
> >
> > Seems to work.  Doesn't break iptables-legacy.
> >
> > Patches attached.
>
> Thanks for writing in and helping with this, I appreciate it. I
> actually was trying to make this work last night in a similar way to
> how you've solved it but I gave up after a few hours. I'll go ahead
> and organize this together and send the patches in a separate thread.

One thing before you do.  Some of iptables' unit-tests related to NFLOG
are now failing.  For example:

  $ sudo python3 ./iptables-test.py -n extensions/libxt_NFLOG.t
  Cannot run in own namespace, connectivity might break
  extensions/libxt_NFLOG.t: ERROR: line 2 (cannot find: iptables -I INPUT -j NFLOG --nflog-group 1)
  extensions/libxt_NFLOG.t: ERROR: line 3 (cannot find: iptables -I INPUT -j NFLOG --nflog-group 65535)
  extensions/libxt_NFLOG.t: ERROR: line 6 (cannot find: iptables -I INPUT -j NFLOG --nflog-range 1)
  extensions/libxt_NFLOG.t: ERROR: line 7 (cannot find: iptables -I INPUT -j NFLOG --nflog-range 4294967295)
  extensions/libxt_NFLOG.t: ERROR: line 10 (cannot find: iptables -I INPUT -j NFLOG --nflog-size 0)
  extensions/libxt_NFLOG.t: ERROR: line 11 (cannot find: iptables -I INPUT -j NFLOG --nflog-size 1)
  extensions/libxt_NFLOG.t: ERROR: line 12 (cannot find: iptables -I INPUT -j NFLOG --nflog-size 4294967295)
  extensions/libxt_NFLOG.t: ERROR: line 19 (cannot find: iptables -I INPUT -j NFLOG --nflog-threshold 1)
  extensions/libxt_NFLOG.t: ERROR: line 22 (cannot find: iptables -I INPUT -j NFLOG --nflog-threshold 65535)
  1 test files, 17 unit tests, 8 passed

I'm working my way through them.  I've got fixes for most.  I'll
send patches when I've sorted out the remaining ones.

J.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

next prev parent reply	other threads:[~2021-08-05 10:43 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-27 19:00 [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes Kyle Bowman
2021-07-27 19:54 ` Pablo Neira Ayuso
2021-07-27 20:06   ` Alex Forster
2021-07-27 21:10     ` Pablo Neira Ayuso
2021-07-27 21:22       ` Alex Forster
2021-07-27 21:27         ` Pablo Neira Ayuso
2021-07-27 21:44           ` Alex Forster
2021-07-27 21:52             ` Pablo Neira Ayuso
2021-07-27 22:45               ` Alex Forster
2021-07-27 23:02                 ` Pablo Neira Ayuso
2021-07-28  1:43                 ` [netfilter-core] " Phil Sutter
2021-07-30 18:27                   ` Kyle Bowman
2021-08-01 14:14                     ` Jeremy Sowden
2021-08-02 11:20                       ` Jeremy Sowden
2021-08-02 16:40                         ` Jeremy Sowden
2021-08-03  9:06                           ` Jeremy Sowden
2021-08-03 18:36                             ` Kyle Bowman
2021-08-05 10:42                               ` Jeremy Sowden [this message]
2021-08-05 21:07                                 ` Jeremy Sowden

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YQvAsgl/ylNAZVVP@azazel.net \
    --to=jeremy@azazel.net \
    --cc=aforster@cloudflare.com \
    --cc=coreteam@netfilter.org \
    --cc=kadlec@netfilter.org \
    --cc=kbowman@cloudflare.com \
    --cc=kernel-team@cloudflare.com \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=phil@nwl.cc \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.