Hi Pablo and Florian,
Thanks for taking the time to review!
On 2025/5/21 19:21, Florian Westphal wrote:
Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
I have been beaten by this usability issue in the past, it happens
since conntrack is loaded on demand.
Maybe add an inconditionally soft dependency? This is a oneliner patch.
MODULE_SOFTDEP("pre: nf_log_syslog");
Florian, do you prefer this patch (on-demand) or a oneliner to load
this module when conntrack gets loaded too?
It is a bit more memory to make it inconditional, but better to expose
to users this soft dependency via lsmod.
Thanks.
I don't like this patch or the above because we do have two log
backends, syslog + nflog.
Ah, good to know! I wasn't aware of that :(
There is no need for 'syslog' to be active for 'log_invalid' to be
useful as long as the system in question has e.g. ulogd running
and listening to nflog messages.
If anything, the modprobe should be done only when no logger
is registered.
Yes, could we load the module only when no logger exists? Something
like:
+ if (nf_logger_find_get(NFPROTO_IPV4, NF_LOG_TYPE_LOG) != 0)
+ request_module("%s", "nf_log_syslog");
Hmm... is nf_logger_find_get() the correct way to check if no
logger is registered, or are there preferred alternatives?
Thanks,
Lance
