On Tue, Nov 17, 2015 at 01:03:52AM +0100, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: [...] > > > > BTW, any reason to remove the existing infrastructure? It's been there > > since almost the beginning (this would break users that are expecting > > the existing behaviour). > > No specific reason, but I question the need to keep it around. > Once we have native tooling there should be no reason whatsover > to wade through dmesg output + manual matching of rules... It is not only dmesg. You can also configure this thing to send trace messages through nfnetlink_log through group 0. > its just a PITA and thats why I removed it -- 'nft monitor trace' > (or whatever, I've not decided on what nft side should look like) > would be much simpler/easier to use. It's always a PITA to keep extra code around to keep things compatible, but there is no other way to deprecate things. Don't forget this tracing infrastructure has been there for nearly two years. [...] > Wouldn't it make more sense to convince people to go with real nft > rather than the compat layer? I wish there could be a way to "convice" users to move in a quick way, but there is not. We can just provide something better and wait for quite some time to deprecate things. > If you don't mind, i would prefer to work on this patch + nft + > libnftables integration and then submit that formally. I would like to see a nice netlink-based tracing infrastructure like the one you're currently shaping, no question about that. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
