Thanks for taking the time to review!
On 2025/5/28 19:05, Florian Westphal wrote:
Lance Yang <ioworker0@xxxxxxxxx> wrote:
From: Lance Yang <lance.yang@xxxxxxxxx>
When no logger is registered, nf_conntrack_log_invalid fails to log invalid
packets, leaving users unaware of actual invalid traffic. Improve this by
loading nf_log_syslog, similar to how 'iptables -I FORWARD 1 -m conntrack
--ctstate INVALID -j LOG' triggers it.
Acked-by: Florian Westphal <fw@xxxxxxxxx>
Hmm... should this patch be backported to stable kernels? Without it,
nf_conntrack_log_invalid won't log invalid packets when no logger is
registered, causing unnecessary debugging effort ;)
Back then, I actually thought my machine wasn't seeing any invalid
packets... turns out they just weren't logged in dmesg :(
Thanks,
Lance
