Control: found -1 2.6-2 On Sun, 2022-02-13 at 07:17 +0100, Axel Beckert wrote: > Control: tag -1 + moreinfo > > Hi Ben, > > Ben Hutchings wrote: > > Source: iptables-netflow > > Tags: upstream > > > > The set_notifier_cb() and unset_notifier_cb() functions are using a > > notifier API that was intended only for internal use by the netfilter > > conntrack implementation. > > This indeed sounds like something for upstream. Will forward it to > upstream once the remaining questions have been clarified. > > > Please disable the natevents feature. > > Then again, this sounds more like a request to the Debian package > maintainer (i.e. me) as this is a configure option. > > What would be the impact if I don't disable this feature? Can you > please elaborate?
Then the module will not report all the events that might be expected. > My general approach here is to enable all features compile upstream > the admin might need. But at least the NAT events are still disabled > by default at runtime, even if they're compiled in. > > > These events are aleady logged through netlink and the conversion to > > NEL could be done in user-space. > > I'm not sure if this really makes sense. ipt_NETFLOW so far does > nothing outside the kernel on purpose. Its fuctionality needs to be > highly performing, i.e. be able to handle many dozens if not hundreds > of Gbps of traffic. I'm not sure if putting any part of it outside the > kernel is really feasible. There is nothing inherently faster about doing things inside the kernel, and in case the events are always being copied out to user- space. But I don't know how the performance of the upstream netlink facility compares with ipt_NETFLOW. > But anyway, reimplementing that feature is clearly an upstream thing > again. Indeed. > > > Version: 2.3-5 > […] > > -- System Information: > > Debian Release: bookworm/sid > > APT prefers unstable-debug > > APT policy: (500, 'unstable-debug'), (500, 'oldstable-updates'), (500, > > 'unstable'), (500, 'oldstable'), (1, 'experimental') > > Why do you seem to have the version of Oldstable installed despite you > seem to be running Unstable? Or was that reportbug which has chosen > the wrong version? Or just a copy & paste error? Please clarify which > version you were actually looking at. [...] I don't have it installed, and reportbug has picked the wrong version. I actually looked at 2.6-2 (in a VM). Ben. -- Ben Hutchings It's easier to fight for one's principles than to live up to them.
signature.asc
Description: This is a digitally signed message part
