Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp4709296pxv; Tue, 27 Jul 2021 14:24:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxQmNC+z/d4w0E8U6P5Sb1Djbp3nfA6D8uJblLClb9rzNFmi1ea8K5Qg9o6Qu+U4UqR7SRH X-Received: by 2002:a17:906:384c:: with SMTP id w12mr23547499ejc.445.1627421096086; Tue, 27 Jul 2021 14:24:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627421096; cv=none; d=google.com; s=arc-20160816; b=Vv4WHnsI77ZrEB3W9ArBFcZ5LfTVK9fbjIRirgwfB74E2KqWuBnEuQpCh64517pTtN HXJb+qFcZOy9/HWFcZGxOw9UghOfP1hHfTQSN6bj7HcwQctxtVD56aqvH3fkUU5Xwr7Y eqwc/uwTjS9z9TU51N+uwekElUMuoVtZr7Ru3iR0JB74VL5uLcB/UJ/bCtFFEIkbp184 ivWu1iU5NqRFBOguc4BPi9b03+5dZA/wjgEpSE4tQUJGJFtczJYnTxZsvhi//iWAxpVH mgUTk4ByAMLzZV5cU0V942SEobuoi/H+6e7QM9BE9ubVODSVpNownMJKPbQBfq3O32X3 P3bw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=MAf7u4TJvs5Sv03AGISvam/0mpJzusFYzH1iCFFxX7w=; b=bNCHhs4ZYehrX1Kgke++NxsC10Np2o43PJ30uLArP/uYpjFS5+J4JjCrlFRKQD0aZO F1oNlBdCYC0AC/IjKEA3KNF3qijNqwKxVNLoi4M8s587/E9jEIGJ4UvpQrRVTEQGkqRs 16oSyRErimb93erze024LYmjtD5DzlzqEUzMms7+FM5BIv5wtkwz1y0vqCxcHGxpq25d gCeJgKtLP1RYBvx1/jCaN6TZlqTAJjHk4g4TGSMVNUI6d0jvAzjI9FzrH4gi67pjxYYh 3cRaNUGEKJT9ktf2LrQaksQy8fshtNVHyFk6y9u/r5pwaoVExTdzJryOqgRDcxiYk0z7 f70w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=RWnugz+5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w11si4729651ejc.453.2021.07.27.14.24.33; Tue, 27 Jul 2021 14:24:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=RWnugz+5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234729AbhG0VXN (ORCPT + 99 others); Tue, 27 Jul 2021 17:23:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59514 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234536AbhG0VXL (ORCPT ); Tue, 27 Jul 2021 17:23:11 -0400 Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C377C05177E for ; Tue, 27 Jul 2021 14:22:27 -0700 (PDT) Received: by mail-pl1-x629.google.com with SMTP id d17so41776plh.10 for ; Tue, 27 Jul 2021 14:22:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MAf7u4TJvs5Sv03AGISvam/0mpJzusFYzH1iCFFxX7w=; b=RWnugz+5AV737Gf+cyi+F/L4qo6NnU2NBvtxokZOKlsDxwPxaSYUu2sab01LSQlkRj o09/ztAXNOM8eZFwswoUPLdBEhl+jR6bKniGOK/0nglciRzG82oGYrkwt9GcOB1LGpyX 3EdZCWfOTTO0OIVdVGuGOZLa0VxcbYI9UHsPg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MAf7u4TJvs5Sv03AGISvam/0mpJzusFYzH1iCFFxX7w=; b=OjWp9/NQ0CSufR3QOC/Q38r+eDyWDb/wevFfUAbfsZKwbVDCYWOP1ZwJ0zSlXirq9k ZeQIMjyPzgVuimO7plAPDaHTqv+ICmDykToBGLfUPxJz5u2Iq68CXDxUUPGU3YK2zVCL 9PoaedDOTbOBdqv0BtcIo2Mfp982PRaGgUyOBULptyYJxos54E5fbrO/Q7jw15+TO0wo 29AZ9gimQaMyJrknkCg93pTkvfJDZn8thADYA8Skp945aMTekS7dbd2N6KOr9EzYIWiT mjEjaniw9IMO4uQgHOLg4aBjxOyoegHuUFGNeJk08ge67PS7F23rCuSuDF+QA4yEDiCb JEJA== X-Gm-Message-State: AOAM530So9FFX/dyzrX0ZcmxyP36w76dLULxveZ5hq4YRAcCsoxC/Nsj Kq8zyT1ynKM/HD3/hIMd6jXWV8vLNTGNQgpTgGPgqQ== X-Received: by 2002:a17:90b:1612:: with SMTP id la18mr15746789pjb.95.1627420946711; Tue, 27 Jul 2021 14:22:26 -0700 (PDT) MIME-Version: 1.0 References: <20210727190001.914-1-kbowman@cloudflare.com> <20210727195459.GA15181@salvia> <20210727211029.GA17432@salvia> In-Reply-To: <20210727211029.GA17432@salvia> From: Alex Forster Date: Tue, 27 Jul 2021 16:22:10 -0500 Message-ID: Subject: Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes To: Pablo Neira Ayuso Cc: Kyle Bowman , kernel-team , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Jakub Kicinski , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, linux-kernel@vger.kernel.org, Network Development Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > It should be possible to update iptables-nft to use nft_log from > userspace (instead of xt_LOG) which removes this limitation, there is > no need for a kernel upgrade. We have been able to migrate some parts of this workload to the nftables subsystem by treating network namespaces sort of like VRFs. Unfortunately, we have not been able to use nftables to handle all traffic, since it does not have an equivalent for xt_bpf. Alex Forster