Phil Sutter <phil@xxxxxx> wrote: > > Do we need new query types for this? > > nftables could just query via rtnetlink if the device exists or not > > and then print a hint if its absent. > > Hey, that's a hack! :P > Under normal circumstances, this should indeed suffice. The ruleset is > per-netns, so the kernel's view matches nft's. The only downside I see > is that we would not detect kernel bugs this way, e.g. if a new device > slipped through and was not bound. Debatable if the GETDEV extra effort > is justified for this "should not happen" situation, though. Could the info be included in the dump? For this we'd only need a 'is_empty()' result. For things like eth*, nft list hooks might be good enough to spot bugs (e.g., you have 'eth*' subscription, but eth0 is registed but eth1 isn't but it should be. In any case I think that can be added later.
