From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Jeremy Sowden <jeremy@azazel.net>
Cc: Phil Sutter <phil@nwl.cc>, Florian Westphal <fw@strlen.de>,
Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH iptables v2 0/8] extensions: libxt_NFLOG: use nft back-end for iptables-nft
Date: Tue, 18 Jan 2022 02:23:46 +0100 [thread overview]
Message-ID: <YeYWorAwXOzoKVgn@salvia> (raw)
In-Reply-To: <YeXlrL3v0CQJbxwD@azazel.net>
On Mon, Jan 17, 2022 at 09:54:52PM +0000, Jeremy Sowden wrote:
> On 2022-01-17, at 11:40:51 +0100, Phil Sutter wrote:
> > On Sun, Jan 16, 2022 at 08:08:15PM +0100, Florian Westphal wrote:
[...]
> > > Pablo, Phil, others -- what is your take?
> >
> > I think the change is OK if existing rulesets will continue to work
> > just as before and remain compatible with legacy. IMHO, new rulesets
> > created using iptables-nft may become incompatible if users explicitly
> > ask for it (e.g. by specifying an exceedingly long log prefix.
> >
> > What about --nflog-range? This series seems to drop support for it, at
> > least in the sense that ruleset dumps won't contain the option. In
> > theory, users could depend on identifying a specific rule via nflog
> > range value.
>
> Fair enough. I'll add a check so that nft is not used for targets that
> specify `--nflog-range`.
--nflog-range does work?
--nflog-size is used and can be mapped to 'snaplen' in nft_log.
Manpage also discourages the usage of --nflog-range for long time.
Not sure it is worth to add a different path for this case.
next prev parent reply other threads:[~2022-01-18 1:23 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-01 17:41 [PATCH iptables v2 0/8] extensions: libxt_NFLOG: use nft back-end for iptables-nft Jeremy Sowden
2021-10-01 17:41 ` [PATCH iptables v2 1/8] nft: fix indentation error Jeremy Sowden
2021-10-01 17:41 ` [PATCH iptables v2 2/8] extensions: libxt_NFLOG: use nft built-in logging instead of xt_NFLOG Jeremy Sowden
2022-01-18 12:35 ` Florian Westphal
2021-10-01 17:41 ` [PATCH iptables v2 3/8] extensions: libxt_NFLOG: don't truncate log prefix on print/save Jeremy Sowden
2021-10-01 17:41 ` [PATCH iptables v2 4/8] extensions: libxt_NFLOG: disable `--nflog-range` Python test-cases Jeremy Sowden
2021-10-01 17:41 ` [PATCH iptables v2 5/8] extensions: libxt_NFLOG: fix `--nflog-prefix` " Jeremy Sowden
2021-10-01 17:41 ` [PATCH iptables v2 6/8] extensions: libxt_NFLOG: remove extra space when saving targets with prefixes Jeremy Sowden
2021-10-01 17:41 ` [PATCH iptables v2 7/8] build: replace `AM_PROG_LIBTOOL` and `AC_DISABLE_STATIC` with `LT_INIT` Jeremy Sowden
2021-10-01 17:41 ` [PATCH iptables v2 8/8] tests: iptables-test: correct misspelt variable Jeremy Sowden
2022-01-16 15:05 ` [PATCH iptables v2 0/8] extensions: libxt_NFLOG: use nft back-end for iptables-nft Jeremy Sowden
2022-01-16 19:08 ` Florian Westphal
2022-01-17 10:40 ` Phil Sutter
2022-01-17 21:54 ` Jeremy Sowden
2022-01-18 1:23 ` Pablo Neira Ayuso [this message]
2022-01-18 9:33 ` Jeremy Sowden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YeYWorAwXOzoKVgn@salvia \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=jeremy@azazel.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=phil@nwl.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.