On Tue, Jun 14, 2016 at 08:35:29PM +0800, Liping Zhang wrote: > Hi Florian, > > At 2016-06-08 20:59:32, "Florian Westphal" <fw@xxxxxxxxx> wrote: > > > >With nftables we have a new infrastructure in place that emits trace info via > >nfnetlink. > > > >So loading nf_log_ipX isn't needed anymore in nft. > > Yes, in nftables, user can use "nft monitor" to get the trace info. > But I think it is a little choas now, sometimes we can see trace info > in kmsg(when nf_log_ipX is loaded), sometimes there's nothing in > kmsg(when nf_log_ipX is not installed). > > This is confusing, especially for newbie. Now that we got nft monitor, I think we need a way to deprecate the old mode, I suggest a /proc interface (enabled by default) to disable the ring buffer log mode. We can document this in the nftables HOWTO on the wiki site. I'm going to keep this back by now. We have the Netfilter Workshop next week en Netherlands, I will be talking on the existing logging infrastructure and this. Will get back to you with feedback. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
