src: add support for base hook dumping
Example output:
$ nft list hook ip input
family ip hook input {
+
0000000000 nft_do_chain_inet [nf_tables] # nft table ip filter chain input
+
0000000010 nft_do_chain_inet [nf_tables] # nft table ip firewalld chain filter_INPUT
+
0000000100 nf_nat_ipv4_local_in [nf_nat]
+
2147483647 ipv4_confirm [nf_conntrack]
}
$ nft list hooks netdev type ingress device lo
family netdev hook ingress device lo {
+
0000000000 nft_do_chain_netdev [nf_tables]
}
$ nft list hooks inet
family ip hook prerouting {
-
0000000400 ipv4_conntrack_defrag [nf_defrag_ipv4]
-
0000000300 iptable_raw_hook [iptable_raw]
-
0000000290 nft_do_chain_inet [nf_tables] # nft table ip firewalld chain raw_PREROUTING
-
0000000200 ipv4_conntrack_in [nf_conntrack]
-
0000000140 nft_do_chain_inet [nf_tables] # nft table ip firewalld chain mangle_PREROUTING
-
0000000100 nf_nat_ipv4_pre_routing [nf_nat]
}
...
'nft list hooks' will display everyting except the netdev family
via successive dump request for all family:hook combinations.
Signed-off-by: Florian Westphal <fw@strlen.de>
projects / thirdparty / nftables.git / commit
