At 2016-07-20 02:16:00, "Pablo Neira Ayuso" <pablo@xxxxxxxxxxxxx> wrote:
>On Mon, Jul 18, 2016 at 08:44:17PM +0800, Liping Zhang wrote:
>> From: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx>
>>
>> There's a similar problem in xt_NFLOG, and was fixed by commit 7643507fe8b5
>> ("netfilter: xt_NFLOG: nflog-range does not truncate packets"). Only set
>> copy_len here does not work, so we should enable NF_LOG_F_COPY_LEN also.
>
>Applied, thanks.
>
>Will you send me a patch for nftables userspace to enable this flag?
>
>It would be good to update the translation to make sure --nflog-size
>map to snaplen and ignore --nflog-range.
I find that nftables already support this feature, the following command mean to truncate packets
to 100 bytes before logging to the userspace:
#nft add rule filter input log group 0 snaplen 100
Before my patch, it does not work.
And after apply my patch, it works as expected.
?韬{.n?壏煯壄?%娝?檩?w?{.n?壏租栕庄z_鉃豝n噐■?侂h櫒璀?{鄗夸z罐楘+€?zf"穐殘啳嗃i?飦?戧鐉_璁�鎗:+v墾?撸鴐
