Quentin Deslandes
Quentin Deslandes
Implement mechanism to filter logs ingested by journald using regexes (#6432). Implement for two new keywords in unit files (in `Service` section): - `LogIncludeRegex=` - `LogExcludeRegex=` When journald will process...
Implement support for generated file ownership management: - Add a new `--map-permissions` option to request `mkosi` to change ownership of generated files and directories to either `SUDO_UID` or `PKEXEC_UIC` (depending...
Add integration test to testsuite-13.sh to ensure rootidmap option map user IDs as expected.
Since `bpfilter` was introduced in the Linux kernel, it used the `GPL-2.0` SPDX identifier. However, this identifier is ambiguous and `GPL-2.0-only` should be used instead. This change update the SPDX...
Use CMake's `ExternalProject_Add()` command to clone, patch, build, and install (within the build directory) `nftables` and `iptables` with `bpfilter` support. Update the documentation to explain how to use these targets.
`bpfilter` is configurable through `nftables` and `iptables`. However, both command line tools only support a limited subset of feature of `bpfilter`. For example, it's not possible to choose the exact...
An IPv6 "next header" field can contain one of the following information: - Transport layer protocol - [Extension header identifier](https://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xhtml) In the first case, the IPv6 header is followed by...
Generated BPF programs call `kfunc`s and BPF helpers for various purposes, and those call might fail. In this situation, the program will return with a default verdict. There is currently...
With the existing verdicts, it's not possible to forward a packet to the next rule: it is either accepted or dropped. In both cases, the chain won't process the remaining...
Allow users to log the packet matched by a rule. ## Overview A new keyword must be introduced to allow users to specify if a rule should log matched packets:...