Firewall - Add options for logging packets
Closed, ResolvedPublicFEATURE REQUEST
Actions

Assigned To

Authored By

	n.fort
	Mar 3 2023, 12:04 PM

Description

Add options provided by log statements, that let packets be delivered to user-space:

https://manpages.debian.org/buster/nftables/nft.8.en.html#LOG_STATEMENT

If the group number is specified, the Linux kernel will pass the packet to nfnetlink_log which will multicast the packet through a netlink socket to the specified multicast group. One or more userspace processes may subscribe to the group to receive the packets, see libnetfilter_queue documentation for details. This is a non-terminating statement, so the rule evaluation continues after the packet is logged.

Details

Difficulty level: Unknown (require assessment)
Version: vyos-1.4-rolling-202303030317
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Feature (new functionality)

Event Timeline

n.fort changed the task status from Open to Confirmed.Mar 3 2023, 12:04 PM

n.fort claimed this task.

n.fort created this task.

n.fort changed Version from - to vyos-1.4-rolling-202303030317.

pasik added a subscriber: pasik.Mar 3 2023, 1:23 PM

n.fort changed the task status from Confirmed to In progress.Mar 13 2023, 5:51 PM

PR: https://github.com/vyos/vyos-1x/pull/1889

Viacheslav changed the task status from In progress to Needs testing.Mar 21 2023, 12:13 PM

n.fort closed this task as Resolved.Apr 27 2023, 11:21 AM

Firewall - Add options for logging packetsClosed, ResolvedPublicFEATURE REQUESTActions

Description

Details

Event Timeline

Firewall - Add options for logging packets
Closed, ResolvedPublicFEATURE REQUEST
Actions