On Wednesday, January 31st, 2024 at 14:36, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> On Wed, Jan 31, 2024 at 08:23:54PM +0000, Slavko wrote:
>
> > Dňa 31. januára 2024 13:02:57 UTC používateľ Kerin Millar kfm@xxxxxxxxxxxxx napísal:
>
> [...]
>
> > I check manpage now, 1.0.6 (as is in debian bookworm) and from its
> > ADDRESS FAMILY section is nor clean (at least for me) the order of
> > inet and ip/ip6 tables processing. It is even not clearly stated here,
> > that packet will be processed in both, the inet and the ip/ip6.
>
>
> There is a command to display the datapath hook pipeline per device:
>
> # nft list hooks device eth0
> family ip {
> hook ingress {
> 0000000000 chain netdev x y [nf_tables]
> }
Pablo,
Is there a minimum kernel version required to get these to work? I've
tried it on 5.15 and 6.1, both of which just spin for a second and
produce nothing.
I also tried a bunch of other 'list' commands and got 'list ct expectation'
to seg fault on 5.15, but it's fine on 6.1. (And all of these other 'list
<state>' commands produce nothing on my machines.)
Eric
