On Wed, May 10, 2017 at 02:52:49PM +0200, Arturo Borrero Gonzalez wrote: > On 10 May 2017 at 12:55, Phil Sutter <phil@xxxxxx> wrote: > > This adds support for printing the process ID and name for changes which > > 'nft monitor' reports: > > > > | nft -a -p monitor > > | add chain ip t2 bla3 # pid 11616 (nft) > > > > If '-n' was given in addition to '-p', parsing the process name from > > /proc/<pid>/cmdline is suppressed. > > > > Signed-off-by: Phil Sutter <phil@xxxxxx> > > Cc: Florian Westphal <fw@xxxxxxxxx> > > --- > > include/nftables.h | 1 + > > src/main.c | 12 ++++++++++- > > src/netlink.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++++----- > > src/rule.c | 2 -- > > 4 files changed, 67 insertions(+), 8 deletions(-) > > > > If you are about to parse the textual nft output anyway, (which > doesn't seems like a good idea BTW), > why you don't simply add a rule comment?: > > % nft add rule inet filter input counter comment "added by my app" Sometimes you don't control the instance adding the rule, then this is not an option. Cheers, Phil -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
