Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes

From: Alex Forster
Date: Tue Jul 27 2021 - 17:23:16 EST

Next message: Guenter Roeck: "Re: [PATCH 09/14] peci: Add support for PECI device drivers"
Previous message: Andrii Nakryiko: "Re: [PATCH] libbpf: fix commnet typo"
In reply to: Pablo Neira Ayuso: "Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes"
Next in thread: Pablo Neira Ayuso: "Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> It should be possible to update iptables-nft to use nft_log from
> userspace (instead of xt_LOG) which removes this limitation, there is
> no need for a kernel upgrade.

We have been able to migrate some parts of this workload to the
nftables subsystem by treating network namespaces sort of like VRFs.
Unfortunately, we have not been able to use nftables to handle all
traffic, since it does not have an equivalent for xt_bpf.

Alex Forster

Next message: Guenter Roeck: "Re: [PATCH 09/14] peci: Add support for PECI device drivers"
Previous message: Andrii Nakryiko: "Re: [PATCH] libbpf: fix commnet typo"
In reply to: Pablo Neira Ayuso: "Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes"
Next in thread: Pablo Neira Ayuso: "Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]