On 25.11, Florian Westphal wrote: > > > > It would be nice to have the full verdict available, IOW also the jump target. > > > > > > > > You could simply pass struct nft_verdict to this function and adapt > > > > nft_verdict_dump() to take the attribute value as parameter. > > > > > > Will add NFTA_TRACE_JUMP/NFTA_TRACE_GOTO for that, ok? > > > > Any reason not to use the standard verdict encoding? We even have an almost > > ready to use function for that. > > Sorry, could you be more specific? > How would you tell userspace where the jump/goto is going to? We have nft_verdict_dump(), which encodes the verdict as nested attribute. I'd suggest to simply use that one since we also already have parsing functions for that in both nft and libnftnl and we can use the regular data structures. > What I am doing now in my local version: > > NFTA_TRACE_VERDICT is the verbatim result of the hook (i.e. might > contain errno or queue id). > > NFTA_TRACE_JUMP_TARGET is the name of the chain that we goto or jump to, > set when verdict == NFT_JUMP/_GOTO. > > Alternative suggestions welcome. > > This approach means that userspace must try a bit harder to decode > the verdict since we cannot use 'verdict & NF_VERDICT_MASK' if we're > looking at a NFT_* verdict when translating the integer to a string. With the approach I mentioned we can use the normal decoding functions which (at least in nft) handle this case fine. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
