When working on locking for reset commands, some audit log calls had to
be adjusted as well. This series deals with the "fallout" from adding
tests for the changed log calls, dealing with the uncovered issues and
adding more tests.
Patch 1 adds more testing to nft_audit.sh for commands which are
unproblematic.
Patch 2 deals with (likely) leftovers from audit log flood prevention in
commit c520292f29b80 ("audit: log nftables configuration change events
once per table").
Patch 3 changes logging for object reset requests to happen once per
table (if skb size is sufficient) and thereby aligns output with object
add requests. As a side-effect, logging is fixed to happen after the
actual reset has succeeded, not before.
NOTE: This whole series probably depends on the reset locking series[1]
submitted earlier, but there's no functional connection and reviews
should happen independently.
[1] https://lore.kernel.org/netfilter-devel/20230923013807.11398-1-phil@xxxxxx/
Phil Sutter (3):
selftests: netfilter: Extend nft_audit.sh
netfilter: nf_tables: Deduplicate nft_register_obj audit logs
netfilter: nf_tables: Audit log object reset once per table
net/netfilter/nf_tables_api.c | 95 +++++-----
.../testing/selftests/netfilter/nft_audit.sh | 163 ++++++++++++++++--
2 files changed, 203 insertions(+), 55 deletions(-)
--
2.41.0
