Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp4719907pxv; Tue, 27 Jul 2021 14:46:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxGhNODcoDHCyw1Tf2vqyJGbc56peoIKdw8VzKlhz3vr9fsxHGS6qPPzilC5LyAj5ljmott X-Received: by 2002:a92:c048:: with SMTP id o8mr18346982ilf.8.1627422377688; Tue, 27 Jul 2021 14:46:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627422377; cv=none; d=google.com; s=arc-20160816; b=cNXWS31nRkM7w3vst5yvgMTVNnRaastwf1pZ7rlUC0409ttDFfb13/LnEbyluHOvye IttdEv4eCiRDku9vx1oRpehACmaOlwdViSlcV3g0jqVgtp2iHAu2/sUTfsAVdkjpDuhc 7Bm+TItRQH6gn8ZjwT8bQHn0Z2vKi0+jEyaWtg7V3gIH9lAZrAr+16gGikZ9azKmHG6v rBE6Ho4nbhU2ZDnPUqP7T+7gc4PXmlTl27UkGfZEacCExP2BrQX9XlFi7xGGbOh6uK9I uRP+e7qJGDcsOopINNErXy2TNmmLwd9z2ylDPumWBYQvee8+iIa18IoD7K7v1+dZwSEe ZVqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=RfgDHMUec9+wVkID26xSl8008ahCk/fggJ3JlLD9c5U=; b=zkYc+Agf0XlXYO3zISAoE96+bnZSJ7QODy6az+LzoFdw7oZb1agFYpDUewNIfm0YPI oSGHMNX1xGdhvwInlquy5janHeNerxWHfGVLtrtnmvX5KY1dR4Yeg0SxqfXFBQQhahdo 7xRvltUWK/PLuc0GovLavjM4kzDjOCfN7bg2MJ+/fa1kOUHB4ged8jzo5TbpV9D28qNF 1ylC8FwYWkbRRftrmZ4SYdbP3LiufkSZB4pcAwtMcosLu9QRfqySurKMZhSsGlA3n22B uUA8FCqZFfWw/s8t+EKeKte0IvZM0e5WDQVpcbOutPpMTzJvauTJcLe0LJS4Uy4LXAe+ 6Vag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=EnA4iiMt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t4si4426209iln.104.2021.07.27.14.46.06; Tue, 27 Jul 2021 14:46:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=EnA4iiMt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232105AbhG0VpA (ORCPT + 99 others); Tue, 27 Jul 2021 17:45:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36518 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231755AbhG0Vo7 (ORCPT ); Tue, 27 Jul 2021 17:44:59 -0400 Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 14D14C061764 for ; Tue, 27 Jul 2021 14:44:59 -0700 (PDT) Received: by mail-pj1-x1036.google.com with SMTP id l19so2071575pjz.0 for ; Tue, 27 Jul 2021 14:44:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RfgDHMUec9+wVkID26xSl8008ahCk/fggJ3JlLD9c5U=; b=EnA4iiMtW8N9C7txFmWDjJMK7zhwXlga6204mphuSmeaQuf9sQc3sxaZ7jvkLpvUYd 7h2oCYmyfhNezELTugPUd7onfdU3cG77IY/xEWGKhh+sho32dwz5ryrlPFujSLO9X0hI OK7UOMafl5moF+os7BvRtPk4OcPDx9Hu+Gr/k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RfgDHMUec9+wVkID26xSl8008ahCk/fggJ3JlLD9c5U=; b=BH+75R2nBLSMmjfnIDRH5UP3fdsknKnz7rb+sJTTI1BB1HjfzJt/Fn6Ie65VbPXS8M OaaOrNzjJ0A2p6WEaVJIi1Y6WBQaCT13LyBRP4cgbm6hBe9FSz5AL92tkz2MW3o+7qap i7JkUjGzDPIezIElem4FG6f/NkCvcp0TaSkLXEacpSnd84YKDJUxrT6+cUywCAHuolL1 79MJSx7XyASN/i2tVmgrhQohrjqxVd8ns06pxQ1yA8mhGQf6vWuhrvilkvb7AkM7lLiP CGReoQGJprDej74mws4cUwBNuNzYFNJj18j0RCuMMNTbX17bjB0FzJRHvKOLNSvtPut7 yUcw== X-Gm-Message-State: AOAM533ZM0AkNMjo5EjoedBrzPYbBVELfhorTnoEhwWstI+HigkTYPnK YRWZJT7HjhRLi4tRqB9rrLt9+30S+Ng8tAebmrnxByfTAKqWUJyf X-Received: by 2002:aa7:9dc8:0:b029:35f:7eca:72cf with SMTP id g8-20020aa79dc80000b029035f7eca72cfmr25066252pfq.77.1627422298562; Tue, 27 Jul 2021 14:44:58 -0700 (PDT) MIME-Version: 1.0 References: <20210727190001.914-1-kbowman@cloudflare.com> <20210727195459.GA15181@salvia> <20210727211029.GA17432@salvia> <20210727212730.GA20772@salvia> In-Reply-To: <20210727212730.GA20772@salvia> From: Alex Forster Date: Tue, 27 Jul 2021 16:44:42 -0500 Message-ID: Subject: Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes To: Pablo Neira Ayuso Cc: Kyle Bowman , kernel-team , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Jakub Kicinski , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, linux-kernel@vger.kernel.org, Network Development Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > I'm not refering to nftables, I'm refering to iptables-nft. Possibly I'm misunderstanding. Here's a realistic-ish example of a rule we might install: iptables -A INPUT -d 11.22.33.44/32 -m bpf --bytecode "43,0 0 0 0,48 0 0 0,...sic..." -m statistic --mode random --probability 0.0001 -j NFLOG --nflog-prefix "drop 10000 c37904a83b344404 e4ec6050966d4d2f9952745de09d1308" Is there a way to install such a rule with an nflog prefix that is >63 chars?