Re: [nf-next RFC] netfilter: nf_tables: Feature ifname-based hook registration

[Pablo Neira Ayuso <pablo@netfilter.org>]

On Fri, Jul 11, 2025 at 06:39:50PM +0200, Phil Sutter wrote:
> On Fri, Jul 11, 2025 at 04:52:55PM +0200, Pablo Neira Ayuso wrote:
> > On Fri, Jul 11, 2025 at 02:19:04PM +0200, Phil Sutter wrote:
> > > Pablo,
> > > 
> > > On Thu, Jul 10, 2025 at 12:43:03AM +0200, Pablo Neira Ayuso wrote:
> > > [...]
> > > > If you accept this suggestion, it is a matter of:
> > > > 
> > > > #1 revert the patch in nf.git for the incomplete event notification
> > > >    (you have three more patches pending for nf-next to complete this
> > > >     for control plane notifications).
> > > > #2 add event notifications to net/netfilter/core.c and nfnetlink_hook.
> > > 
> > > Since Florian wondered whether I am wasting my time with a quick attempt
> > > at #2, could you please confirm/deny whether this is a requirement for
> > > the default to name-based interface hooks or does the 'list hooks'
> > > extension satisfy the need for user space traceability?
> > 
> > For me, listing is just fine for debugging.
> > 
> > If there is a need to track hook updates via events, then
> > nfnetlink_hook can be extended later.
> 
> OK, cool!
> 
> > So I am not asking for this, I thought you needed both listing and
> > events, that is why I suggest to add events to nfnetlink_hook.
> 
> Just to be sure I wrote shell test case asserting correct device
> reg/dereg using 'nft list hooks' tool, works just fine. So let's skip
> notifications for now.

OK.

Would you rebase userspace on top of git HEAD so next kernel release
comes with userspace code to start testing this new feature?

Your test will need to wait for next kernel to include your
nfnetlink_hook extension, you can post it and keep it around if you
like.

Thanks.