On Fri, May 21, 2021 at 01:39:22PM +0200, Florian Westphal wrote:
> For ip(6)tables, the function names will show 'raw', 'mangle',
> and so on, but for nf_tables the interpreter name is identical for all
> base chains in the same family, so its not easy to line up the defined
> chains with the hook function name.
>
> To make it easier to see how the ruleset lines up with the defined
> hooks, extend the hook dump to include the chain+table name.
>
> Example list:
> family ip hook input {
> -0000000150 iptable_mangle_hook [iptable_mangle]
> +0000000000 nft_do_chain_inet [nf_tables] # nft table filter chain input
> [..] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> ---
> include/uapi/linux/netfilter/nf_tables.h | 2 ++
> net/netfilter/nf_tables_api.c | 42 ++++++++++++++++++++++++
> 2 files changed, 44 insertions(+)
>
> diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
> index ba6545a32e34..4822a837250d 100644
> --- a/include/uapi/linux/netfilter/nf_tables.h
> +++ b/include/uapi/linux/netfilter/nf_tables.h
> @@ -149,6 +149,7 @@ enum nft_list_attributes {
> * @NFTA_HOOK_DEVS: list of netdevices (NLA_NESTED)
> * @NFTA_HOOK_FUNCTION_NAME: hook function name (NLA_STRING)
> * @NFTA_HOOK_MODULE_NAME: kernel module that registered this hook (NLA_STRING)
> + * @NFTA_HOOK_NFT_CHAIN_INFO: nft chain and table name (NLA_NESTED)
Probably NFTA_HOOK_CHAIN_INFO ?
