From mboxrd@z Thu Jan 1 00:00:00 1970 From: Florian Westphal Subject: Re: [PATCH V2] audit: normalize NETFILTER_PKT Date: Fri, 24 Feb 2017 02:50:02 +0100 Message-ID: <20170224015002.GB12342@breakpoint.cc> References: <9504740e9333a0b7074abe0dddfc487aeeae6cff.1487813996.git.rgb@redhat.com> <20170223052015.GE11144@breakpoint.cc> <20170223155156.GL18258@madcap2.tricolour.ca> <20170223170431.GM18258@madcap2.tricolour.ca> <20170223171324.GN18258@madcap2.tricolour.ca> <20170223173500.GQ18258@madcap2.tricolour.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Richard Guy Briggs , Florian Westphal , linux-audit@redhat.com, Netfilter Developer Mailing List , Thomas Graf To: Paul Moore Return-path: Received: from Chamillionaire.breakpoint.cc ([146.0.238.67]:45780 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751271AbdBXBvS (ORCPT ); Thu, 23 Feb 2017 20:51:18 -0500 Content-Disposition: inline In-Reply-To: Sender: netfilter-devel-owner@vger.kernel.org List-ID: Paul Moore wrote: > On Thu, Feb 23, 2017 at 12:35 PM, Richard Guy Briggs wrote: > > I had another idea on how to include the sport and dport and that was to > > use the same identifier for sport/icmptype and also for dport/icmpcode, > > but you've already said you are not interested. > > Not at this point in time since we don't have any good requirements at > the moment. I would like us to keep this small until we have a better > idea of how people want to use this, this way we don't end up stuck > maintaining something that is ill suited for what people actually > want/use. Right, I think people that want more info should just use NFLOG to dump the packet to userspace, extracting all the stuff in kernel is just a mess.