Phil Sutter <phil@xxxxxx> wrote: > On Thu, Jul 10, 2025 at 12:43:03AM +0200, Pablo Neira Ayuso wrote: > [...] > > If you accept this suggestion, it is a matter of: > > > > #1 revert the patch in nf.git for the incomplete event notification > > (you have three more patches pending for nf-next to complete this > > for control plane notifications). > > #2 add event notifications to net/netfilter/core.c and nfnetlink_hook. > > Since Florian wondered whether I am wasting my time with a quick attempt > at #2, could you please confirm/deny whether this is a requirement for > the default to name-based interface hooks or does the 'list hooks' > extension satisfy the need for user space traceability? My main point is that rtnetlink has a notifier for new/removed links, see 'ip monitor.'. So even if we want a 'nft hooks monitor', I don't see why kernel changes are needed for it: subscribe to rtnetlink, then for a new link dump the interfaces hooks *should* work.
