Control: tag -1 + moreinfo
Hi Ben,
Ben Hutchings wrote:
> Source: iptables-netflow
> Tags: upstream
>
> The set_notifier_cb() and unset_notifier_cb() functions are using a
> notifier API that was intended only for internal use by the netfilter
> conntrack implementation.
This indeed sounds like something for upstream. Will forward it to
upstream once the remaining questions have been clarified.
> Please disable the natevents feature.
Then again, this sounds more like a request to the Debian package
maintainer (i.e. me) as this is a configure option.
What would be the impact if I don't disable this feature? Can you
please elaborate?
My general approach here is to enable all features compile upstream
the admin might need. But at least the NAT events are still disabled
by default at runtime, even if they're compiled in.
> These events are aleady logged through netlink and the conversion to
> NEL could be done in user-space.
I'm not sure if this really makes sense. ipt_NETFLOW so far does
nothing outside the kernel on purpose. Its fuctionality needs to be
highly performing, i.e. be able to handle many dozens if not hundreds
of Gbps of traffic. I'm not sure if putting any part of it outside the
kernel is really feasible.
But anyway, reimplementing that feature is clearly an upstream thing
again.
> Version: 2.3-5
[…]
> -- System Information:
> Debian Release: bookworm/sid
> APT prefers unstable-debug
> APT policy: (500, 'unstable-debug'), (500, 'oldstable-updates'), (500,
> 'unstable'), (500, 'oldstable'), (1, 'experimental')
Why do you seem to have the version of Oldstable installed despite you
seem to be running Unstable? Or was that reportbug which has chosen
the wrong version? Or just a copy & paste error? Please clarify which
version you were actually looking at.
Or in other words: please make sure that 2.6-2 in Unstable still has
this issue. Because upstream usually only accepts feature requests for
the most recent upstream version (or — even better — against upstream
git HEAD).
Regards, Axel
--
,''`. | Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
