On 24.11, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > BTW, do we really want to use the default NFNLGRP_NFTABLES group? > > > > multicast group provide a simple way for filtering out what you don't > > need from kernelspace. And you can still subscribe both groups > > NFNLGRP_NFTABLES and NFNLGRP_NFTABLES_TRACE. > > > > I'm telling this when thinking of nft-sync. Why should it be receiving > > this spamming tracing events when it only cares about ruleset updates? > > I can add a new group but nftables will need to subscribe to both > in trace mode since we need to see new rules... I agree with Pablo. Under high load this has the potential to decrease reliability of rule notifications a lot for any interested listener. Since tracing is a debugging tool I don't think we should do that. BTW and completely unrelated to the netlink group: I think it would be nicer to have a "trace" keyword instead of "nftrace set 1" in the nft frontend. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
