From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Liping Zhang <zlpnobody@163.com>
Cc: Florian Westphal <fw@strlen.de>,
netfilter-devel@vger.kernel.org,
Liping Zhang <liping.zhang@spreadtrum.com>
Subject: Re: [PATCH nf-next 4/4] netfilter: nft_meta: add explicitly nf_logger_find_get call
Date: Thu, 23 Jun 2016 19:33:02 +0200 [thread overview]
Message-ID: <20160623173302.GA2241@salvia> (raw)
In-Reply-To: <5734c851.1513c.1554ee8d637.Coremail.zlpnobody@163.com>
On Tue, Jun 14, 2016 at 08:35:29PM +0800, Liping Zhang wrote:
> Hi Florian,
>
> At 2016-06-08 20:59:32, "Florian Westphal" <fw@strlen.de> wrote:
> >
> >With nftables we have a new infrastructure in place that emits trace info via
> >nfnetlink.
> >
> >So loading nf_log_ipX isn't needed anymore in nft.
>
> Yes, in nftables, user can use "nft monitor" to get the trace info.
> But I think it is a little choas now, sometimes we can see trace info
> in kmsg(when nf_log_ipX is loaded), sometimes there's nothing in
> kmsg(when nf_log_ipX is not installed).
>
> This is confusing, especially for newbie.
Now that we got nft monitor, I think we need a way to deprecate the
old mode, I suggest a /proc interface (enabled by default) to disable
the ring buffer log mode. We can document this in the nftables HOWTO
on the wiki site.
I'm going to keep this back by now. We have the Netfilter Workshop
next week en Netherlands, I will be talking on the existing logging
infrastructure and this.
Will get back to you with feedback.
prev parent reply other threads:[~2016-06-23 17:33 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-08 12:43 [PATCH nf-next 0/4] netfilter: request related nf_log module when we add TRACE rule Liping Zhang
2016-06-08 12:43 ` [PATCH nf-next 1/4] netfilter: nf_log: handle NFPROTO_INET properly in nf_logger_[find_get|put] Liping Zhang
2016-06-23 11:22 ` Pablo Neira Ayuso
2016-06-23 11:23 ` Pablo Neira Ayuso
2016-06-08 12:43 ` [PATCH nf-next 2/4] netfilter: nft_log: no need to deal with NFPROTO_INET family Liping Zhang
2016-06-08 12:43 ` [PATCH nf-next 3/4] netfilter: xt_TRACE: add explicitly nf_logger_find_get call Liping Zhang
2016-06-08 13:00 ` Florian Westphal
2016-06-23 17:26 ` Pablo Neira Ayuso
2016-06-08 12:43 ` [PATCH nf-next 4/4] netfilter: nft_meta: " Liping Zhang
2016-06-08 12:59 ` Florian Westphal
2016-06-14 12:35 ` Liping Zhang
2016-06-23 17:33 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160623173302.GA2241@salvia \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=liping.zhang@spreadtrum.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=zlpnobody@163.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.