On Fri, Sep 22, 2023 at 9:53 PM Phil Sutter <[email protected]> wrote: > > When working on locking for reset commands, some audit log calls had to > be adjusted as well. This series deals with the "fallout" from adding > tests for the changed log calls, dealing with the uncovered issues and > adding more tests. > > Patch 1 adds more testing to nft_audit.sh for commands which are > unproblematic. > > Patch 2 deals with (likely) leftovers from audit log flood prevention in > commit c520292f29b80 ("audit: log nftables configuration change events > once per table"). > > Patch 3 changes logging for object reset requests to happen once per > table (if skb size is sufficient) and thereby aligns output with object > add requests. As a side-effect, logging is fixed to happen after the > actual reset has succeeded, not before. > > NOTE: This whole series probably depends on the reset locking series[1] > submitted earlier, but there's no functional connection and reviews > should happen independently. > > [1] > https://lore.kernel.org/netfilter-devel/[email protected]/ > > Phil Sutter (3): > selftests: netfilter: Extend nft_audit.sh > netfilter: nf_tables: Deduplicate nft_register_obj audit logs > netfilter: nf_tables: Audit log object reset once per table > > net/netfilter/nf_tables_api.c | 95 +++++----- > .../testing/selftests/netfilter/nft_audit.sh | 163 ++++++++++++++++-- > 2 files changed, 203 insertions(+), 55 deletions(-)
Hi Phil, Thanks for continuing to work on this, my network access is limited at the moment but I hope to be able to review this next week. -- paul-moore.com
