From: Patrick McHardy <kaber@trash.net>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: Netfilter Development Mailinglist
<netfilter-devel@vger.kernel.org>,
Linux Netdev List <netdev@vger.kernel.org>,
tgraf@suug.ch
Subject: Re: [ANNOUNCE]: First release of nftables
Date: Wed, 18 Mar 2009 09:21:26 +0100 [thread overview]
Message-ID: <49C0AF06.2000803@trash.net> (raw)
In-Reply-To: <alpine.LSU.2.00.0903180847180.8376@fbirervta.pbzchgretzou.qr>
Jan Engelhardt wrote:
> On Wednesday 2009-03-18 05:29, Patrick McHardy wrote:
>
>> - logging: logging using the nf_log mechsism using the primary backend.
>>
>> Usage: "log [ prefix "prefix" ] [ group NUM ] [ snaplen NUM ]
>> [ queue-threshold NUM ]
>>
>
> Hm, how does one do traditional logging to syslog? Some of us just do
> logging for debugging purposes and would not otherwise need the full-blown
> nf_log solution - let alone there be enough space on some constrained
> hardware for a thorough logger (say, WRT54).
>
Its using the primary backend. You can load "ipt_LOG".
>> - limit: might be broken currently
>>
>> Usage: "limit rate RATE/time-unit"
>>
>
> Does it use the old limit code (which has numerous accuracy problems
> it seems), or will it magically make use of the rate estimator?
>
It doesn't use either, but it won't have the old accuracy problems
either once
its fixed.
>> git://git.netfilter.org/nftables.git
>>
>
> Missing a tag too, I think you (Patrick) can add it still :)
>
I'll tag it at the first version bump.
>> The kernel tree will eventually also move to netfilter.org, currently
>> the git daemon is unable to handle it because of memory shortage.
>>
>> Ths source code is considered alpha quality and is not meant for users
>> at this time, it will spew quite a lot of debugging messages and
>> definitely has bugs. Nevertheless, all of the basic features and most
>> of the rest should work fine, the last crash has been several months
>> ago. The two most noticable things that currently don't work is
>> numerical argument parsing for arguments that have more specific types
>> (f.i. port numbers), as well as reconstruction of the internal
>> representation of sets and dictionaries using ranges. Both will be
>> fixed shortly.
>>
>
> How about storing the actual text the user inputed in something like
> an -m comment, as an aid to the user for finding his rules again
> after they have been optimized internally?
Thats not really necessary so far, and I don't want to in any case. If
someone
really wants this (and I very much question the need), it can be done in
userspace.
next prev parent reply other threads:[~2009-03-18 8:21 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-18 4:29 [ANNOUNCE]: First release of nftables Patrick McHardy
2009-03-18 8:13 ` Jan Engelhardt
2009-03-18 8:21 ` Patrick McHardy [this message]
2009-03-18 8:28 ` Patrick McHardy
[not found] ` <20090318092039.GA2511@squirrel.roonstrasse.net>
2009-03-18 9:52 ` Patrick McHardy
2009-03-18 9:58 ` Andi Kleen
2009-03-18 10:04 ` Patrick McHardy
2009-03-18 10:13 ` Varun Chandramohan
2009-03-18 10:17 ` Patrick McHardy
[not found] <20090318112937.675BF13A4B0@koiott.tartu-labor>
2009-03-18 12:00 ` Meelis Roos
2009-03-18 14:39 ` Patrick McHardy
2009-03-18 14:52 ` Denys Fedoryschenko
2009-03-18 14:58 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49C0AF06.2000803@trash.net \
--to=kaber@trash.net \
--cc=jengelh@medozas.de \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).