On Fri, Jul 04, 2025 at 10:00:41AM +0200, Pablo Neira Ayuso wrote: > On Thu, Jun 12, 2025 at 03:34:13PM +0200, Phil Sutter wrote: > > Previously, NEWDEV/DELDEV notifications were emitted for new/renamed > > devices added to a chain or flowtable only. For user space to fully > > comprehend which interfaces a hook binds to, these notifications have to > > be sent for matching devices at hook creation time, too. > > > > This series extends the notify list to support messages for varying > > groups so it may be reused by the NFNLGRP_NFT_DEV messages (patch 1), > > adjusts the device_notify routines to support enqueueing the message > > instead of sending it right away (patch 2) and finally adds extra notify > > calls to nf_tables_commit() (patch 3). > > Fine with these series, I am preparing a nf-next pull request, I plan > to include them. > > As this goes ahead in providing NEWDEV/DELDEV events for ruleset > updates, I think GETDEV is needed to complete things. > > Regarding userspace, I think there only one item remaining to be > discussed, which is how to expose device notifications. > > I would suggest to add a separated: > > monitor devices My local tree has "monitor hooks", but it's a trivial change and "devices" is probably a more intuitive name for something that enables NEWDEV/DELDEV messages. :) Thanks, Phil
