Turns out that not only was 'nft list hooks' mostly undocumented, there was also confusion on what it should do. First, clean this code up and make it strictly a tool to dump the NFPROTO_X registered functions. Then, remove the 'hook' function argument, this was still passed from back in the day when one could ask to only dump e.g. ipv4 prerouting. This ability is of little value, so don't restore this but instead just remove the leftover code. Next, allow dumping of netdev:egress hooks. Lastly, document this in more detail and make it clear that this dumps the netfilter hooks registered for the protocol families, and nothing else. Once this gets applied I intend to make 'nft list hooks netdev' dump device hooks for all interfaces, if any, instead of a 'no device provided' warning. Florian Westphal (5): src: mnl: clean up hook listing code src: mnl: make family specification more strict when listing src: drop obsolete hook argument form hook dump functions src: add egress support for 'list hooks' doc: add documentation about list hooks feature Makefile.am | 1 + doc/additional-commands.txt | 116 ++++++++++++++++++++++++++++ doc/nft.txt | 63 +-------------- include/mnl.h | 2 +- src/mnl.c | 150 ++++++++++++++---------------------- src/rule.c | 6 +- 6 files changed, 179 insertions(+), 159 deletions(-) create mode 100644 doc/additional-commands.txt -- 2.44.2
