From: Patrick McHardy <kaber@trash.net>
To: Harald Welte <laforge@netfilter.org>
Cc: Linux Netdev List <netdev@vger.kernel.org>,
Netfilter Development Mailinglist
<netfilter-devel@lists.netfilter.org>,
David Miller <davem@davemloft.net>
Subject: Re: [PATCH] [NETFILTER] nfnetlink_log: add sequence numbers for log events
Date: Tue, 31 Jan 2006 00:32:21 +0100 [thread overview]
Message-ID: <43DEA205.7020704@trash.net> (raw)
In-Reply-To: <20060130232348.GH4603@sunbeam.de.gnumonks.org>
Harald Welte wrote:
> Hi Dave,
>
> please apply, thanks!
>
> [NETFILTER] nfnetlink_log: add sequence numbers for log events
>
> By using a sequence number for every logged netfilter event, we can
> determine from userspace whether logging information was lots somewhere
> downstream.
BTW, I have a patch I wanted to submit on top of this, which changes the
*LOG targets to do "reliable" logging, which means if we encounter any
errors during logging (for example from netlink), the packet will be
dropped. This makes as sure as possible that no connections will be
silently accepted. Its a slight change of user-visible behaviour, but
since it only affects corner-cases I think it should be OK. I could add
some flags to retain the current behaviour, but I think its not worth
it. For ULOG its only possible to do this without queueing, so if
qthreshold > 1 we will keep the old behaviour, LOG can't fail anyway.
Any objections?
next prev parent reply other threads:[~2006-01-30 23:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-30 23:23 [PATCH] [NETFILTER] nfnetlink_log: add sequence numbers for log events Harald Welte
2006-01-30 23:32 ` Patrick McHardy [this message]
2006-01-31 8:54 ` Harald Welte
2006-01-30 23:50 ` David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43DEA205.7020704@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=laforge@netfilter.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).