[PATCH V2] audit: normalize NETFILTER_PKT
Florian Westphal
fw at strlen.de
Fri Feb 24 01:50:02 UTC 2017
Paul Moore <paul at paul-moore.com> wrote:
> On Thu, Feb 23, 2017 at 12:35 PM, Richard Guy Briggs <rgb at redhat.com> wrote:
> > I had another idea on how to include the sport and dport and that was to
> > use the same identifier for sport/icmptype and also for dport/icmpcode,
> > but you've already said you are not interested.
>
> Not at this point in time since we don't have any good requirements at
> the moment. I would like us to keep this small until we have a better
> idea of how people want to use this, this way we don't end up stuck
> maintaining something that is ill suited for what people actually
> want/use.
Right, I think people that want more info should just use NFLOG to
dump the packet to userspace, extracting all the stuff in kernel is
just a mess.
More information about the Linux-audit
mailing list