On Fri, Sep 22, 2023 at 9:53 PM Phil Sutter <phil@xxxxxx> wrote: > > When resetting multiple objects at once (via dump request), emit a log > message per table (or filled skb) and resurrect the 'entries' parameter > to contain the number of objects being logged for. > > With the above in place, all audit logs for op=nft_register_obj have a > predictable value in 'entries', so drop the value zeroing for them in > audit_logread.c. > > To test the skb exhaustion path, perform some bulk counter and quota > adds in the kselftest. > > Signed-off-by: Phil Sutter <phil@xxxxxx> > --- > net/netfilter/nf_tables_api.c | 51 ++++++++++--------- > .../testing/selftests/netfilter/nft_audit.sh | 46 +++++++++++++++++ > 2 files changed, 74 insertions(+), 23 deletions(-) Thanks Phil. Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx> (Audit) -- paul-moore.com
