git.ipfire.org Git - thirdparty/linux.git/commit

author	Phil Sutter <phil@nwl.cc>
	Tue, 8 Jul 2025 13:04:02 +0000 (15:04 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 25 Jul 2025 16:40:01 +0000 (18:40 +0200)
commit	bc8c43adfdc57c8253884fc1853cb6679cd5953d
tree	7d49b063b0aeb708b3e3a57200a95fa4c45fee8f	tree
parent	b65504e7cf0a99eb75bbed0d1ef22950c080d84a	commit \| diff

netfilter: nfnetlink_hook: Dump flowtable info

Introduce NFNL_HOOK_TYPE_NFT_FLOWTABLE to distinguish flowtable hooks
from base chain ones. Nested attributes are shared with the old NFTABLES
hook info type since they fit apart from their misleading name.

Old nftables in user space will ignore this new hook type and thus
continue to print flowtable hooks just like before, e.g.:

| family netdev {
| hook ingress device test0 {
| 0000000000 nf_flow_offload_ip_hook [nf_flow_table]
| }
| }

With this patch in place and support for the new hook info type, output
becomes more useful:

| family netdev {
| hook ingress device test0 {
| 0000000000 flowtable ip mytable myft [nf_flow_table]
| }
| }

Suggested-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/linux/netfilter.h		diff \| blob \| blame \| history
include/uapi/linux/netfilter/nfnetlink_hook.h		diff \| blob \| blame \| history
net/netfilter/nf_tables_api.c		diff \| blob \| blame \| history
net/netfilter/nfnetlink_hook.c		diff \| blob \| blame \| history