[nft PATCH 1/5] cache: Include chains, flowtables and objects in netlink debug output

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [nft PATCH 1/5] cache: Include chains, flowtables and objects in netlink debug output
Date: Wed, 11 Mar 2026 00:11:11 +0100	[thread overview]
Message-ID: <20260310231115.25638-2-phil@nwl.cc> (raw)
In-Reply-To: <20260310231115.25638-1-phil@nwl.cc>

In order to test cache filter effectiveness, netlink debug output is
useful as it shows what is actually received from the kernel and maybe
discarded immediately by user space. Therefore add dump calls for these
rule set elements as well.

While at it, move the netlink_dump_rule() call to an earlier spot,
namely into the nft_mnl_talk() callback to match other netlink dump
calls.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 src/cache.c |  1 -
 src/mnl.c   | 60 ++++++++++++++++++++++++++++++++++++++++++++++-------
 2 files changed, 52 insertions(+), 9 deletions(-)

diff --git a/src/cache.c b/src/cache.c
index bb005c10f9990..62eccef991933 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -698,7 +698,6 @@ static int list_rule_cb(struct nftnl_rule *nlr, void *data)
 	    (h->chain.name && strcmp(chain, h->chain.name) != 0))
 		return 0;
 
-	netlink_dump_rule(nlr, ctx);
 	rule = netlink_delinearize_rule(ctx, nlr);
 	assert(rule);
 	list_add_tail(&rule->list, &ctx->list);
diff --git a/src/mnl.c b/src/mnl.c
index eb6cb12c6ae21..4893af8322ae6 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -653,9 +653,15 @@ int mnl_nft_rule_del(struct netlink_ctx *ctx, struct cmd *cmd)
  * Rule
  */
 
+struct rule_cb_args {
+	struct netlink_ctx *ctx;
+	struct nftnl_rule_list *list;
+};
+
 static int rule_cb(const struct nlmsghdr *nlh, void *data)
 {
-	struct nftnl_rule_list *nlr_list = data;
+	struct rule_cb_args *args = data;
+	struct nftnl_rule_list *nlr_list = args->list;
 	struct nftnl_rule *r;
 
 	if (check_genid(nlh) < 0)
@@ -668,6 +674,8 @@ static int rule_cb(const struct nlmsghdr *nlh, void *data)
 	if (nftnl_rule_nlmsg_parse(nlh, r) < 0)
 		goto err_free;
 
+	netlink_dump_rule(r, args->ctx);
+
 	nftnl_rule_list_add_tail(r, nlr_list);
 	return MNL_CB_OK;
 
@@ -685,6 +693,7 @@ struct nftnl_rule_list *mnl_nft_rule_dump(struct netlink_ctx *ctx, int family,
 	char buf[MNL_SOCKET_BUFFER_SIZE];
 	struct nftnl_rule_list *nlr_list;
 	struct nftnl_rule *nlr = NULL;
+	struct rule_cb_args args;
 	struct nlmsghdr *nlh;
 	int msg_type, ret;
 
@@ -716,7 +725,9 @@ struct nftnl_rule_list *mnl_nft_rule_dump(struct netlink_ctx *ctx, int family,
 		nftnl_rule_free(nlr);
 	}
 
-	ret = nft_mnl_talk(ctx, nlh, nlh->nlmsg_len, rule_cb, nlr_list);
+	args.list = nlr_list;
+	args.ctx  = ctx;
+	ret = nft_mnl_talk(ctx, nlh, nlh->nlmsg_len, rule_cb, &args);
 	if (ret < 0)
 		goto err;
 
@@ -1036,9 +1047,15 @@ int mnl_nft_chain_del(struct netlink_ctx *ctx, struct cmd *cmd)
 	return 0;
 }
 
+struct chain_cb_args {
+	struct netlink_ctx *ctx;
+	struct nftnl_chain_list *list;
+};
+
 static int chain_cb(const struct nlmsghdr *nlh, void *data)
 {
-	struct nftnl_chain_list *nlc_list = data;
+	struct chain_cb_args *args = data;
+	struct nftnl_chain_list *nlc_list = args->list;
 	struct nftnl_chain *c;
 
 	if (check_genid(nlh) < 0)
@@ -1051,6 +1068,8 @@ static int chain_cb(const struct nlmsghdr *nlh, void *data)
 	if (nftnl_chain_nlmsg_parse(nlh, c) < 0)
 		goto err_free;
 
+	netlink_dump_chain(c, args->ctx);
+
 	nftnl_chain_list_add_tail(c, nlc_list);
 	return MNL_CB_OK;
 
@@ -1066,6 +1085,7 @@ struct nftnl_chain_list *mnl_nft_chain_dump(struct netlink_ctx *ctx,
 	char buf[MNL_SOCKET_BUFFER_SIZE];
 	struct nftnl_chain_list *nlc_list;
 	struct nftnl_chain *nlc = NULL;
+	struct chain_cb_args args;
 	struct nlmsghdr *nlh;
 	int ret;
 
@@ -1089,7 +1109,9 @@ struct nftnl_chain_list *mnl_nft_chain_dump(struct netlink_ctx *ctx,
 		nftnl_chain_free(nlc);
 	}
 
-	ret = nft_mnl_talk(ctx, nlh, nlh->nlmsg_len, chain_cb, nlc_list);
+	args.list = nlc_list;
+	args.ctx  = ctx;
+	ret = nft_mnl_talk(ctx, nlh, nlh->nlmsg_len, chain_cb, &args);
 	if (ret < 0 && errno != ENOENT)
 		goto err;
 
@@ -1797,9 +1819,15 @@ int mnl_nft_obj_del(struct netlink_ctx *ctx, struct cmd *cmd, int type)
 	return 0;
 }
 
+struct obj_cb_args {
+	struct netlink_ctx *ctx;
+	struct nftnl_obj_list *list;
+};
+
 static int obj_cb(const struct nlmsghdr *nlh, void *data)
 {
-	struct nftnl_obj_list *nln_list = data;
+	struct obj_cb_args *args = data;
+	struct nftnl_obj_list *nln_list = args->list;
 	struct nftnl_obj *n;
 
 	if (check_genid(nlh) < 0)
@@ -1812,6 +1840,8 @@ static int obj_cb(const struct nlmsghdr *nlh, void *data)
 	if (nftnl_obj_nlmsg_parse(nlh, n) < 0)
 		goto err_free;
 
+	netlink_dump_obj(n, args->ctx);
+
 	nftnl_obj_list_add_tail(n, nln_list);
 	return MNL_CB_OK;
 
@@ -1829,6 +1859,7 @@ mnl_nft_obj_dump(struct netlink_ctx *ctx, int family,
 	uint16_t nl_flags = dump ? NLM_F_DUMP : NLM_F_ACK;
 	struct nftnl_obj_list *nln_list;
 	char buf[MNL_SOCKET_BUFFER_SIZE];
+	struct obj_cb_args args;
 	struct nlmsghdr *nlh;
 	struct nftnl_obj *n;
 	int msg_type, ret;
@@ -1857,7 +1888,9 @@ mnl_nft_obj_dump(struct netlink_ctx *ctx, int family,
 	if (nln_list == NULL)
 		memory_allocation_error();
 
-	ret = nft_mnl_talk(ctx, nlh, nlh->nlmsg_len, obj_cb, nln_list);
+	args.list = nln_list;
+	args.ctx  = ctx;
+	ret = nft_mnl_talk(ctx, nlh, nlh->nlmsg_len, obj_cb, &args);
 	if (ret < 0)
 		goto err;
 
@@ -2192,9 +2225,15 @@ int mnl_nft_setelem_get(struct netlink_ctx *ctx, struct nftnl_set *nls,
 	return nft_mnl_talk(ctx, nlh, nlh->nlmsg_len, set_elem_cb, nls);
 }
 
+struct flowtable_cb_args {
+	struct netlink_ctx *ctx;
+	struct nftnl_flowtable_list *list;
+};
+
 static int flowtable_cb(const struct nlmsghdr *nlh, void *data)
 {
-	struct nftnl_flowtable_list *nln_list = data;
+	struct flowtable_cb_args *args = data;
+	struct nftnl_flowtable_list *nln_list = args->list;
 	struct nftnl_flowtable *n;
 
 	if (check_genid(nlh) < 0)
@@ -2207,6 +2246,8 @@ static int flowtable_cb(const struct nlmsghdr *nlh, void *data)
 	if (nftnl_flowtable_nlmsg_parse(nlh, n) < 0)
 		goto err_free;
 
+	netlink_dump_flowtable(n, args->ctx);
+
 	nftnl_flowtable_list_add_tail(n, nln_list);
 	return MNL_CB_OK;
 
@@ -2221,6 +2262,7 @@ mnl_nft_flowtable_dump(struct netlink_ctx *ctx, int family,
 {
 	struct nftnl_flowtable_list *nln_list;
 	char buf[MNL_SOCKET_BUFFER_SIZE];
+	struct flowtable_cb_args args;
 	struct nftnl_flowtable *n;
 	int flags = NLM_F_DUMP;
 	struct nlmsghdr *nlh;
@@ -2245,7 +2287,9 @@ mnl_nft_flowtable_dump(struct netlink_ctx *ctx, int family,
 	if (nln_list == NULL)
 		memory_allocation_error();
 
-	ret = nft_mnl_talk(ctx, nlh, nlh->nlmsg_len, flowtable_cb, nln_list);
+	args.list = nln_list;
+	args.ctx  = ctx;
+	ret = nft_mnl_talk(ctx, nlh, nlh->nlmsg_len, flowtable_cb, &args);
 	if (ret < 0 && errno != ENOENT)
 		goto err;
 
-- 
2.51.0

next prev parent reply	other threads:[~2026-03-10 23:11 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-10 23:11 [nft PATCH 0/5] Enhance cache filter for list commands Phil Sutter
2026-03-10 23:11 ` Phil Sutter [this message]
2026-03-10 23:11 ` [nft PATCH 2/5] cache: Respect family in all " Phil Sutter
2026-03-11  9:34   ` Pablo Neira Ayuso
2026-03-11 10:19     ` Phil Sutter
2026-03-11 12:11       ` Pablo Neira Ayuso
2026-03-11 14:01         ` Phil Sutter
2026-03-10 23:11 ` [nft PATCH 3/5] cache: Relax chain_cache_dump filter application Phil Sutter
2026-03-11  9:38   ` Pablo Neira Ayuso
2026-03-10 23:11 ` [nft PATCH 4/5] cache: Filter for table when listing sets or maps Phil Sutter
2026-03-11  9:39   ` Pablo Neira Ayuso
2026-03-10 23:11 ` [nft PATCH 5/5] cache: Filter for table when listing flowtables Phil Sutter
2026-03-11  9:40   ` Pablo Neira Ayuso
2026-03-11 15:06 ` [nft PATCH 0/5] Enhance cache filter for list commands Eric Garver
2026-03-11 19:15   ` Phil Sutter
2026-03-18 16:23 ` Phil Sutter
2026-03-18 16:58   ` Pablo Neira Ayuso
2026-03-18 16:59     ` Pablo Neira Ayuso
2026-03-18 18:49       ` Phil Sutter

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:bb005c10f999 dfblob:62eccef99193 dfblob:eb6cb12c6ae2
dfblob:4893af8322ae )
 OR (
bs:"[nft PATCH 1/5] cache: Include chains, flowtables and objects in netlink debug output" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260310231115.25638-2-phil@nwl.cc \
    --to=phil@nwl.cc \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.