Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp4724962pxv; Tue, 27 Jul 2021 14:57:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJymZYAu/5kPB17vm9jKKShad+IEke8xvAJaNYOEjj1TCiy+tu2x+0/Ru7VqExAici1v4EBn X-Received: by 2002:a17:906:5d05:: with SMTP id g5mr14594857ejt.277.1627423026493; Tue, 27 Jul 2021 14:57:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627423026; cv=none; d=google.com; s=arc-20160816; b=ky/lxjlFZap7quOBLc3XtmNbRKBPZiy/F/XDnXMxi1Ox2S213B694AEGWBj5RhtFcv 6v/Ca7JWmZpqlcnAmR+vamkQTnlL0iwwv78+tO34eNWZm2nTEKdlE/3c+rdVNlCLehFN pMy45Cf61Z2hKoJ4Pj6pilOK9Vnsv74brVKlVrWGiH0uItdw1DzvO8OfHX2KTawaEtZq hGhihkDPEyVP470xo+qV+OkWN3Zo7q9Q2RM+zn8BI/kWQEaOFcdaQ2m7vPU3Lhsydmtr Xk8jT6lUAjFi/pCLY1F52uFaBbENABIrlP2HujVdCB+DsaHNyKMU5R5j91JHs8aL2IH/ OZ1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=X+/3XJTpoJ9GW1FA8yGegIhmHV1SAGFZ+VhfvCxke5c=; b=KAvm/chw+PWXO0/pQTrAa1z7nTEH3UKFstS5I+NfaI298wada6r2HMmdtPy9v0uNv8 0nYwxICU4lww4oZbb3dZN9e7EhkxGKLhNGm7hgWf3WneQ182loukG9xJaG21a7gxmHka BwS0s/1UuAH9UK8Sr7gH5YjAplw2WkoMwIQtpA/tzXniwV9igQLqLYPovcCXSmIWu658 LkqQiCrdhvw1LXs6W6ukhAVun1BXgGfWNTOGcOuNNjn2KE/eFRw+GOnplZKy6orkyhMy nmcqQrEkUVz0sTwQUp+inv67cRMSf4clp/Gbe3jLW5e84uY+zbnbGEytjGikt/gDrl/i 7RWg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d20si3940157ede.435.2021.07.27.14.56.43; Tue, 27 Jul 2021 14:57:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232642AbhG0Vws (ORCPT + 99 others); Tue, 27 Jul 2021 17:52:48 -0400 Received: from mail.netfilter.org ([217.70.188.207]:36800 "EHLO mail.netfilter.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232460AbhG0Vws (ORCPT ); Tue, 27 Jul 2021 17:52:48 -0400 Received: from netfilter.org (bl11-146-165.dsl.telepac.pt [85.244.146.165]) by mail.netfilter.org (Postfix) with ESMTPSA id 213D4642B2; Tue, 27 Jul 2021 23:52:16 +0200 (CEST) Date: Tue, 27 Jul 2021 23:52:40 +0200 From: Pablo Neira Ayuso To: Alex Forster Cc: Kyle Bowman , kernel-team , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Jakub Kicinski , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, linux-kernel@vger.kernel.org, Network Development Subject: Re: [PATCH] netfilter: xt_NFLOG: allow 128 character log prefixes Message-ID: <20210727215240.GA25043@salvia> References: <20210727190001.914-1-kbowman@cloudflare.com> <20210727195459.GA15181@salvia> <20210727211029.GA17432@salvia> <20210727212730.GA20772@salvia> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 27, 2021 at 04:44:42PM -0500, Alex Forster wrote: > > I'm not refering to nftables, I'm refering to iptables-nft. > > Possibly I'm misunderstanding. Here's a realistic-ish example of a > rule we might install: > > iptables -A INPUT -d 11.22.33.44/32 -m bpf --bytecode "43,0 0 0 > 0,48 0 0 0,...sic..." -m statistic --mode random --probability 0.0001 > -j NFLOG --nflog-prefix "drop 10000 c37904a83b344404 > e4ec6050966d4d2f9952745de09d1308" > > Is there a way to install such a rule with an nflog prefix that is >63 chars? Yes, you can update iptables-nft to use nft_log instead of xt_LOG, that requires no kernel upgrades and it will work with older kernels.