Re: Log statement seems to be not working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

nft 0.8.2 logging worked for me for the couple of weeks I used it. 4.4.120 is
recent (-rw-r--r-- 1 ... Mar  5 00:58 ChangeLog-4.4.120).

4.4 is a long term support (LTS) kernel originally released in January 2016. At
that time, nftables 0.5 was current.

Because you have the same behaviour with such different nftables releases, it
really does look like the problem lies elsewhere.

I would try a few logger commands to make sure logging works on that box at all.

On Wed, Mar 21, 2018 at 08:21:13AM +0100, Darius wrote:
> This was my concern also. I'm running nft on router firmware called LEDE, it
> currently runs kernel 4.4.120 and originally included version of nft in the
> image was 0.4. I took nft source from latest unstable version of LEDE and I
> got 0.8.2. Then I thought ok, it might be something wrong with the versions
> and I just recompiled image with stock stable sources just for a test. Funny
> enough, I got same error message running nftables 0.4 on kernel 4.4.120.
> Now the question is if it is LEDE configuration problem or it is something
> wrong with nftables.
>
> > On March 20, 2018 at 11:52 PM Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx> wrote:
> >
> >
> > On Tue, Mar 20, 2018 at 07:45:23PM +0100, darius wrote:
> > > Ok, output of command is pasted below (sorry, but it is really log):
> > >
> > > root@LEDE:~# nft --debug all add rule ip ipv4_filter incoming tcp dport
> > > {ssh} log accept
> > > Entering state 0
> > > Reducing stack by rule 1 (line 725):
> > [...]
> >
> > It seems you may be running an unfortunate choice of nft version.
> >
> > The line and rule numbers in your dump are higher than for release 0.8.3:
> >
> > > Entering state 0
> > > Reducing stack by rule 1 (line 721):
> >
> > But they are lower than the latest git snapshot I have built (up to 20180317):
> >
> > > Entering state 0
> > > Reducing stack by rule 1 (line 737):
> >
> > Other than that, there are no substantial differences between any of the logs
> > except you get an error message and I don't.
> >
> > Alternatively, it could be your kernel version. I am running 4.15.10, the newest
> > revision to have any netfilter patches.
> >
> > Cheers ... Duncan.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux