On Thu, 30 Oct 2008 08:15:14 +0100 Patrick McHardy <kaber@xxxxxxxxx> wrote: > One thing you need is to specify the amount of bytes you want transfered > to userspace: > > iptables ... -j NFLOG --nflog-range 65535 Ok, I forgot to use --nflog-range, but I have an issue. I'm sending anyway... maybe there's some hint of what is happening: 1) for comparison, on old LOG target I get: Oct 30 20:55:16 tux vmunix: 6 P=7LN38 2) on NFLOG, using syslog emul, I get: Oct 30 20:55:16 tux DROP INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:21:00:31:6c:f0:08:00 SRC=192.168.1.100 DST=255.255.255.255 LEN=328 TOS=00 PREC=0x00 TTL=128 ID=21248 PROTO=UDP SPT=68 DPT=67 LEN=308 MARK=0 Oct 30 20:55:19 tux DROP INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:21:00:31:6c:f0:08:00 SRC=192.168.1.100 DST=255.255.255.255 LEN=328 TOS=00 PREC=0x00 TTL=128 ID=21250 PROTO=UDP SPT=68 DPT=67 LEN=308 MARK=0 You can compare both and see what's missing on the first one (LOG). And I attached the pcap log binary file (bzipped). If it's uselles, wait that I'll send a new one with -nflog-range 65535, which I forgot to use. Thank you very much! --
Attachment:
ulogd.pcap.bz2
Description: Binary data
