From: Phil Sutter <phil@nwl.cc>
Date: Tue, 8 Jul 2025 13:00:34 +0000 (+0200)
Subject: mnl: Support NFNL_HOOK_TYPE_NFT_FLOWTABLE
X-Git-Tag: v1.1.4~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=364f9c5565c6398955931424237adf8e3de78a85;p=thirdparty%2Fnftables.git

mnl: Support NFNL_HOOK_TYPE_NFT_FLOWTABLE

New kernels dump info for flowtable hooks the same way as for base
chains.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Reviewed-by: Florian Westphal <fw@strlen.de>
---

diff --git a/include/linux/netfilter/nfnetlink_hook.h b/include/linux/netfilter/nfnetlink_hook.h
index 84a561a7..1a2c4d64 100644
--- a/include/linux/netfilter/nfnetlink_hook.h
+++ b/include/linux/netfilter/nfnetlink_hook.h
@@ -61,10 +61,12 @@ enum nfnl_hook_chain_desc_attributes {
  *
  * @NFNL_HOOK_TYPE_NFTABLES: nf_tables base chain
  * @NFNL_HOOK_TYPE_BPF: bpf program
+ * @NFNL_HOOK_TYPE_NFT_FLOWTABLE: nf_tables flowtable
  */
 enum nfnl_hook_chaintype {
 	NFNL_HOOK_TYPE_NFTABLES = 0x1,
 	NFNL_HOOK_TYPE_BPF,
+	NFNL_HOOK_TYPE_NFT_FLOWTABLE,
 };
 
 /**
diff --git a/src/mnl.c b/src/mnl.c
index e6da4013..89bc742a 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -48,6 +48,7 @@ struct basehook {
 	const char *table;
 	const char *chain;
 	const char *devname;
+	const char *objtype;
 	int family;
 	int chain_family;
 	uint32_t num;
@@ -2454,7 +2455,8 @@ static int dump_nf_hooks(const struct nlmsghdr *nlh, void *_data)
 		}
 
 		type = ntohl(mnl_attr_get_u32(nested[NFNLA_HOOK_INFO_TYPE]));
-		if (type == NFNL_HOOK_TYPE_NFTABLES) {
+		if (type == NFNL_HOOK_TYPE_NFTABLES ||
+		    type == NFNL_HOOK_TYPE_NFT_FLOWTABLE) {
 			struct nlattr *info[NFNLA_CHAIN_MAX + 1] = {};
 			const char *tablename, *chainname;
 
@@ -2472,6 +2474,10 @@ static int dump_nf_hooks(const struct nlmsghdr *nlh, void *_data)
 				hook->chain = xstrdup(chainname);
 			}
 			hook->chain_family = mnl_attr_get_u8(info[NFNLA_CHAIN_FAMILY]);
+			if (type == NFNL_HOOK_TYPE_NFT_FLOWTABLE)
+				hook->objtype = "flowtable";
+			else
+				hook->objtype = "chain";
 		} else if (type == NFNL_HOOK_TYPE_BPF) {
 			struct nlattr *info[NFNLA_HOOK_BPF_MAX + 1] = {};
 
@@ -2595,7 +2601,9 @@ static void print_hooks(struct netlink_ctx *ctx, int family, struct list_head *h
 			fprintf(fp, "\t\t+%010u", prio);
 
 		if (hook->table && hook->chain)
-			fprintf(fp, " chain %s %s %s", family2str(hook->chain_family), hook->table, hook->chain);
+			fprintf(fp, " %s %s %s %s",
+				hook->objtype, family2str(hook->chain_family),
+				hook->table, hook->chain);
 		else if (hook->hookfn && hook->chain)
 			fprintf(fp, " %s %s", hook->hookfn, hook->chain);
 		else if (hook->hookfn) {