Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > Hi Phil, Florian, > > @Florian, could you push out what you have to flush your queue in this front? OK, I pushed the patches to nftables.git. > > > 1. nft list hooks > > > dump everything EXCEPT netdev families/devices > > > > Include netdev here, make it really list *all* hooks. Iterating over > > the list of currently existing NICs in this netns is no big deal, is > > it? > > I like this suggestion. Fail enough, I will send a patch for this later this week. > > > 2. nft list hooks netdev device foo > > > dump ingress/egress netdev hooks, > > > INCLUDING inet ingress (its scoped to the device). > > > > Drop 'netdev' from the syntax here. The output really is "all hooks > > specific to that NIC", not necessarily only netdev ones. (And "device" > > is a distinct identifier for network interfaces in nftables syntax.) > > I think allowing 'device foo' without family would be good. OK, I'm still unclear however because internally only netdev families exist at the device level, so I'm not sure how to represent this. But dumping the existing network devices and querying them all is not and issue so I will make a patch for this.
