lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 18 Mar 2009 09:13:55 +0100 (CET)
From:	Jan Engelhardt <jengelh@...ozas.de>
To:	Patrick McHardy <kaber@...sh.net>
cc:	Netfilter Development Mailinglist 
	<netfilter-devel@...r.kernel.org>,
	Linux Netdev List <netdev@...r.kernel.org>, tgraf@...g.ch
Subject: Re: [ANNOUNCE]: First release of nftables


On Wednesday 2009-03-18 05:29, Patrick McHardy wrote:
>
> - logging:  logging using the nf_log mechsism using the primary backend.
>
>  Usage: "log [ prefix "prefix" ] [ group NUM ] [ snaplen NUM ]
>              [ queue-threshold NUM ]

Hm, how does one do traditional logging to syslog? Some of us just do
logging for debugging purposes and would not otherwise need the full-blown
nf_log solution - let alone there be enough space on some constrained
hardware for a thorough logger (say, WRT54).

> - limit: might be broken currently
>
>  Usage: "limit rate RATE/time-unit"

Does it use the old limit code (which has numerous accuracy problems
it seems), or will it magically make use of the rate estimator?

> The source code is available in three git trees:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nft-2.6.git
> git://git.netfilter.org/libnl-nft.git

The libnl repositories (both original and yours) is missing tags.
(Cc'ing Thomas).
The unannotated tags can be got from git://dev.medozas.de/libnl .

This makes it easier to get version numbers instead of
"cannot describe $sha1".

> git://git.netfilter.org/nftables.git

Missing a tag too, I think you (Patrick) can add it still :)

> The kernel tree will eventually also move to netfilter.org, currently
> the git daemon is unable to handle it because of memory shortage.
>
> Ths source code is considered alpha quality and is not meant for users
> at this time, it will spew quite a lot of debugging messages and
> definitely has bugs. Nevertheless, all of the basic features and most
> of the rest should work fine, the last crash has been several months
> ago. The two most noticable things that currently don't work is
> numerical argument parsing for arguments that have more specific types
> (f.i. port numbers), as well as reconstruction of the internal
> representation of sets and dictionaries using ranges. Both will be
> fixed shortly.

How about storing the actual text the user inputed in something like
an -m comment, as an aid to the user for finding his rules again
after they have been optimized internally?

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ