* Re: [PATCH v2 1/1] netfilter: load nf_log_syslog on enabling nf_conntrack_log_invalid
[not found] ` <a2f5fb23-e57a-4a83-bb95-b5756df0e2d7@linux.dev>
@ 2025-05-30 3:10 ` Lance Yang
0 siblings, 0 replies; only message in thread
From: Lance Yang @ 2025-05-30 3:10 UTC (permalink / raw)
To: Florian Westphal
Cc: pablo, coreteam, davem, Lance Yang, edumazet, horms, kadlec, kuba,
linux-kernel, netfilter-devel, pabeni, zi.li, stable
Cc: stable
On 2025/5/28 19:42, Lance Yang wrote:
>
> Thanks for taking the time to review!
>
> On 2025/5/28 19:05, Florian Westphal wrote:
>> Lance Yang <ioworker0@gmail.com> wrote:
>>> From: Lance Yang <lance.yang@linux.dev>
>>>
>>> When no logger is registered, nf_conntrack_log_invalid fails to log
>>> invalid
>>> packets, leaving users unaware of actual invalid traffic. Improve
>>> this by
>>> loading nf_log_syslog, similar to how 'iptables -I FORWARD 1 -m
>>> conntrack
>>> --ctstate INVALID -j LOG' triggers it.
>>
>> Acked-by: Florian Westphal <fw@strlen.de>
>
> Hmm... should this patch be backported to stable kernels? Without it,
> nf_conntrack_log_invalid won't log invalid packets when no logger is
> registered, causing unnecessary debugging effort ;)
>
> Back then, I actually thought my machine wasn't seeing any invalid
> packets... turns out they just weren't logged in dmesg :(
>
> Thanks,
> Lance
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-05-30 3:10 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20250526085902.36467-1-lance.yang@linux.dev>
[not found] ` <aDbt9Iw8G6A-tV9R@strlen.de>
[not found] ` <a2f5fb23-e57a-4a83-bb95-b5756df0e2d7@linux.dev>
2025-05-30 3:10 ` [PATCH v2 1/1] netfilter: load nf_log_syslog on enabling nf_conntrack_log_invalid Lance Yang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox