Hi, On 03/02/2015 01:20 AM, Pablo Neira Ayuso wrote:
I think it's reasonable to have some tracing command intergrated into nft, but we still have to discuss the text output layout.
The formatting of the "TRACE: " prefix as used by nftables does not provide the same amount of information as with iptables. In case of goto/jump/return, the rulenum provided by iptables allows accessing a rule which has the "target" set, so you can see where to you'll end up. In nftables, the rulenum provided in case of a return is worthless - there is no such rule, so you can't lookup the target. For goto/jump it may be possible to lookup the target in some cases, but at least not when using vmap.
So - if we'll discuss the text output layout anyway, let's consider the text input as well. Specifying the target explicitly in case of a jump/goto/return in the "TRACE: " prefix provides value.
MfG Markus Kötter -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
