Quentin Deslandes
Quentin Deslandes
Implement mechanism to filter logs ingested by journald using regexes (#6432). Implement for two new keywords in unit files (in `Service` section): - `LogIncludeRegex=` - `LogExcludeRegex=` When journald will process...
Implement support for generated file ownership management: - Add a new `--map-permissions` option to request `mkosi` to change ownership of generated files and directories to either `SUDO_UID` or `PKEXEC_UIC` (depending...
Add integration test to testsuite-13.sh to ensure rootidmap option map user IDs as expected.
Since `bpfilter` was introduced in the Linux kernel, it used the `GPL-2.0` SPDX identifier. However, this identifier is ambiguous and `GPL-2.0-only` should be used instead. This change update the SPDX...
Use CMake's `ExternalProject_Add()` command to clone, patch, build, and install (within the build directory) `nftables` and `iptables` with `bpfilter` support. Update the documentation to explain how to use these targets.
`bpfilter` is configurable through `nftables` and `iptables`. However, both command line tools only support a limited subset of feature of `bpfilter`. For example, it's not possible to choose the exact...
An IPv6 packet's `nextheader` field can contain one of the following information: - Layer 4 protocol identifier - [IPv6 extension header identifier](https://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xhtml) An IPv6 extension header will be located after...
Generated BPF programs call `kfunc`s and BPF helpers for various purposes, and those call might fail. In this situation, the program will return with a default verdict. There is currently...
With the existing verdicts, it's not possible to forward a packet to the next rule: it is either accepted or dropped. In both cases, the chain won't process the remaining...
[`nftables`](https://wiki.nftables.org/wiki-nftables/index.php/Logging_traffic) allows for packets to be logged: if a packet matches the rule's criteria (some of) its content is logged. The exact implementation is not defined yet, as there are...