On Tue, Jan 24, 2017 at 08:26:29PM +0100, Pablo Neira Ayuso wrote:
> On Sun, Jan 22, 2017 at 10:10:32PM +0800, Liping Zhang wrote:
> > From: Liping Zhang
> >
> > First, log prefix will be truncated to NF_LOG_PREFIXLEN-1, i.e. 127,
> > at nf_log_packet(), so the extra part is useless.
> >
> > Sec
On Sun, Jan 22, 2017 at 10:10:32PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> First, log prefix will be truncated to NF_LOG_PREFIXLEN-1, i.e. 127,
> at nf_log_packet(), so the extra part is useless.
>
> Second, after adding a log rule with a very very long prefix, we will
> fail to dump
From: Liping Zhang
First, log prefix will be truncated to NF_LOG_PREFIXLEN-1, i.e. 127,
at nf_log_packet(), so the extra part is useless.
Second, after adding a log rule with a very very long prefix, we will
fail to dump the nft rules after this _special_ one, but acctually,
they do exist. For e
