mnl: Support NFNL_HOOK_TYPE_NFT_FLOWTABLE

author Phil Sutter <phil@nwl.cc>

Tue, 8 Jul 2025 13:00:34 +0000 (15:00 +0200)

committer Phil Sutter <phil@nwl.cc>

Tue, 15 Jul 2025 15:07:45 +0000 (17:07 +0200)
author Phil Sutter <phil@nwl.cc>
Tue, 8 Jul 2025 13:00:34 +0000 (15:00 +0200)
committer Phil Sutter <phil@nwl.cc>
Tue, 15 Jul 2025 15:07:45 +0000 (17:07 +0200)
diff --git a/include/linux/netfilter/nfnetlink_hook.h b/include/linux/netfilter/nfnetlink_hook.h

index 84a561a74b9820edc5d037e986fb46ad948ef903..1a2c4d6424b5fbb9498b0d29dd18b31970d5bc13 100644 (file)
--- a/include/linux/netfilter/nfnetlink_hook.h
+++ b/include/linux/netfilter/nfnetlink_hook.h
@@ -61,10 +61,12 @@ enum nfnl_hook_chain_desc_attributes {
   *
   * @NFNL_HOOK_TYPE_NFTABLES: nf_tables base chain
   * @NFNL_HOOK_TYPE_BPF: bpf program
+ * @NFNL_HOOK_TYPE_NFT_FLOWTABLE: nf_tables flowtable
   */
  enum nfnl_hook_chaintype {
         NFNL_HOOK_TYPE_NFTABLES = 0x1,
         NFNL_HOOK_TYPE_BPF,
+       NFNL_HOOK_TYPE_NFT_FLOWTABLE,
  };
  
  /**
diff --git a/src/mnl.c b/src/mnl.c

index e6da401374add2f2734946ccb1c2f04ba5906ab4..89bc742af3c5b8fabebed8815a806dd1e2ec04b8 100644 (file)
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -48,6 +48,7 @@ struct basehook {
         const char *table;
         const char *chain;
         const char *devname;
+       const char *objtype;
         int family;
         int chain_family;
         uint32_t num;
@@ -2454,7 +2455,8 @@ static int dump_nf_hooks(const struct nlmsghdr *nlh, void *_data)
                 }
  
                 type = ntohl(mnl_attr_get_u32(nested[NFNLA_HOOK_INFO_TYPE]));
-               if (type == NFNL_HOOK_TYPE_NFTABLES) {
+               if (type == NFNL_HOOK_TYPE_NFTABLES ||
+                   type == NFNL_HOOK_TYPE_NFT_FLOWTABLE) {
                         struct nlattr *info[NFNLA_CHAIN_MAX + 1] = {};
                         const char *tablename, *chainname;
  
@@ -2472,6 +2474,10 @@ static int dump_nf_hooks(const struct nlmsghdr *nlh, void *_data)
                                 hook->chain = xstrdup(chainname);
                         }
                         hook->chain_family = mnl_attr_get_u8(info[NFNLA_CHAIN_FAMILY]);
+                       if (type == NFNL_HOOK_TYPE_NFT_FLOWTABLE)
+                               hook->objtype = "flowtable";
+                       else
+                               hook->objtype = "chain";
                 } else if (type == NFNL_HOOK_TYPE_BPF) {
                         struct nlattr *info[NFNLA_HOOK_BPF_MAX + 1] = {};
  
@@ -2595,7 +2601,9 @@ static void print_hooks(struct netlink_ctx *ctx, int family, struct list_head *h
                         fprintf(fp, "\t\t+%010u", prio);
  
                 if (hook->table && hook->chain)
-                       fprintf(fp, " chain %s %s %s", family2str(hook->chain_family), hook->table, hook->chain);
+                       fprintf(fp, " %s %s %s %s",
+                               hook->objtype, family2str(hook->chain_family),
+                               hook->table, hook->chain);
                 else if (hook->hookfn && hook->chain)
                         fprintf(fp, " %s %s", hook->hookfn, hook->chain);
                 else if (hook->hookfn) {
author	Phil Sutter <phil@nwl.cc>
	Tue, 8 Jul 2025 13:00:34 +0000 (15:00 +0200)
committer	Phil Sutter <phil@nwl.cc>
	Tue, 15 Jul 2025 15:07:45 +0000 (17:07 +0200)
include/linux/netfilter/nfnetlink_hook.h		patch \| blob \| blame \| history
src/mnl.c		patch \| blob \| blame \| history