On 27.11, Florian Westphal wrote: > nft monitor mode can then decode and display this trace data. > > Parts of LL/Network/Transport headers are provided as separate > attributes. > > Otherwise, printing IP address data becomes virtually impossible > for userspace since in the case of the netdev family we really don't > want userspace to have to know all the possible link layer types > and/or sizes just to display/print an ip address. > > We also don't want userspace to have to follow ipv6 header chains > to get the s/dport info, the kernel already did this work for us. > > To avoid bloating nft_do_chain all data required for tracing is > encapsulated in nft_traceinfo. > > The structure is initialized unconditionally(!) for each nft_do_chain > invocation. > > This unconditionall call will be moved under a static key in a > followup patch. > > With lots of help from Patrick McHardy and Pablo Neira. > > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> Looks very good to me, nice work! Acked-by: Patrick McHardy <kaber@xxxxxxxxx> for both kernel patches. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
