Re: [PATCH V2] audit: normalize NETFILTER_PKT
Paul Moore <paul(a)paul-moore.com> wrote:
On Thu, Feb 23, 2017 at 12:35 PM, Richard Guy Briggs
<rgb(a)redhat.com> wrote:
> I had another idea on how to include the sport and dport and that was to
> use the same identifier for sport/icmptype and also for dport/icmpcode,
> but you've already said you are not interested.
Not at this point in time since we don't have any good requirements at
the moment. I would like us to keep this small until we have a better
idea of how people want to use this, this way we don't end up stuck
maintaining something that is ill suited for what people actually
want/use.
Right, I think people that want more info should just use NFLOG to
dump the packet to userspace, extracting all the stuff in kernel is
just a mess.