| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1c21a452-e1f4-42e0-93c0-0c49e4612dcd@linux.dev>
Date: Thu, 22 May 2025 10:05:54 +0800
From: Lance Yang <lance.yang@...ux.dev>
To: Florian Westphal <fw@...len.de>
Cc: Pablo Neira Ayuso <pablo@...filter.org>, Lance Yang
<ioworker0@...il.com>, kadlec@...filter.org, davem@...emloft.net,
edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, horms@...nel.org,
coreteam@...filter.org, linux-kernel@...r.kernel.org,
netfilter-devel@...r.kernel.org, Zi Li <zi.li@...ux.dev>
Subject: Re: [RESEND PATCH 1/1] netfilter: load nf_log_syslog on enabling
nf_conntrack_log_invalid
On 2025/5/22 02:23, Florian Westphal wrote:
> Lance Yang <lance.yang@...ux.dev> wrote:
>>> There is no need for 'syslog' to be active for 'log_invalid' to be
>>> useful as long as the system in question has e.g. ulogd running
>>> and listening to nflog messages.
>>>
>>> If anything, the modprobe should be done only when no logger
>>> is registered.
>>
>> Yes, could we load the module only when no logger exists? Something
>> like:
>>
>> + if (nf_logger_find_get(NFPROTO_IPV4, NF_LOG_TYPE_LOG) != 0)
>> + request_module("%s", "nf_log_syslog");
>
> This function bumps the module refcount, so if the logger exists you
> would need to call nf_logger_put() too.
Ah, understood ;)
>
> I'd add a new, simpler helper, that only returns if any logger
> is active.
>
> bool nf_log_is_registered(int pf);
>
> or something like that.
Nice, thanks for jumping in! I'll hold until the helper lands, then
rebase and send the v2.
Thanks,
Lance
Powered by blists - more mailing lists