From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel@vger.kernel.org, Phil Sutter <phil@nwl.cc>
Subject: Re: [PATCH nft 1/4] doc: add documentation about list hooks feature
Date: Fri, 26 Jul 2024 11:00:46 +0200 [thread overview]
Message-ID: <ZqNlvkJ2YSc-KIKb@calendula> (raw)
In-Reply-To: <20240726015837.14572-2-fw@strlen.de>
On Fri, Jul 26, 2024 at 03:58:28AM +0200, Florian Westphal wrote:
> Add a brief segment about 'nft list hooks' and a summary
> of the output format.
>
> As nft.txt is quite large, split the additonal commands
> into their own file.
>
> The existing listing section is removed; list subcommand is
> already mentioned in the relevant statement sections.
>
> Reported-by: Phil Sutter <phil@nwl.cc>
> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
> Makefile.am | 1 +
> doc/additional-commands.txt | 115 ++++++++++++++++++++++++++++++++++++
> doc/nft.txt | 63 +-------------------
> 3 files changed, 117 insertions(+), 62 deletions(-)
> create mode 100644 doc/additional-commands.txt
>
> diff --git a/Makefile.am b/Makefile.am
> index 9088170bfc68..ef198dafcbc8 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -322,6 +322,7 @@ A2X_OPTS_MANPAGE = \
> ASCIIDOC_MAIN = doc/nft.txt
>
> ASCIIDOC_INCLUDES = \
> + doc/additional-commands.txt \
> doc/data-types.txt \
> doc/payload-expression.txt \
> doc/primary-expression.txt \
> diff --git a/doc/additional-commands.txt b/doc/additional-commands.txt
> new file mode 100644
> index 000000000000..dd1b3d2d87d4
> --- /dev/null
> +++ b/doc/additional-commands.txt
> @@ -0,0 +1,115 @@
> +LIST HOOKS
> +~~~~~~~~~~
> +
> +This shows the low-level netfilter processing pipeline, including
> +functions registered by kernel modules such as nf_conntrack. +
> +
> +[verse]
> +____
> +*list hooks* ['family']
> +*list hooks netdev device* 'DEVICE_NAME'
> +____
> +
> +*list hooks* is enough to display everything that is active
> +on the system, however, it does currently omit hooks that are
> +tied to a specific network device (netdev family). To obtain
> +those, the network device needs to be queried by name.
IIRC, the idea is to display the ingress path pipeline according to
the device (if specified)
list hooks netdev eth0
as for egress, as it is not possible to know where the packet is
going, it is probably good to allow the user to specify the output
device, so it gets the entire pipeline for ingress and egress
paths, ie.
list hooks netdev eth0 eth1
Note that this is not implemented. This has limitations, discovering
eth{0,1} belongs to bridge device would need more work (not asking to
do this now, but it could be a nice usability feature to discover the
pipeline?).
next prev parent reply other threads:[~2024-07-26 9:01 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-26 1:58 [PATCH nft 0/4] list hooks refactoring Florian Westphal
2024-07-26 1:58 ` [PATCH nft 1/4] doc: add documentation about list hooks feature Florian Westphal
2024-07-26 9:00 ` Pablo Neira Ayuso [this message]
2024-07-26 12:31 ` Florian Westphal
2024-07-28 23:19 ` Pablo Neira Ayuso
2024-07-28 23:37 ` Florian Westphal
2024-07-29 0:21 ` Pablo Neira Ayuso
2024-07-29 15:32 ` Florian Westphal
2024-07-30 23:34 ` Pablo Neira Ayuso
2024-08-13 11:06 ` Phil Sutter
2024-08-19 10:56 ` Pablo Neira Ayuso
2024-08-19 12:10 ` Florian Westphal
2024-07-26 1:58 ` [PATCH nft 2/4] src: remove decnet support Florian Westphal
2024-07-29 23:23 ` Florian Westphal
2024-07-26 1:58 ` [PATCH nft 3/4] src: mnl: clean up hook listing code Florian Westphal
2024-07-26 1:58 ` [PATCH nft 4/4] src: add egress support for 'list hooks' Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZqNlvkJ2YSc-KIKb@calendula \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=phil@nwl.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.