On Fri, Jul 11, 2025 at 03:16:39PM +0200, Florian Westphal wrote: > Phil Sutter <phil@xxxxxx> wrote: > > On Thu, Jul 10, 2025 at 12:43:03AM +0200, Pablo Neira Ayuso wrote: > > [...] > > > If you accept this suggestion, it is a matter of: > > > > > > #1 revert the patch in nf.git for the incomplete event notification > > > (you have three more patches pending for nf-next to complete this > > > for control plane notifications). > > > #2 add event notifications to net/netfilter/core.c and nfnetlink_hook. > > > > Since Florian wondered whether I am wasting my time with a quick attempt > > at #2, could you please confirm/deny whether this is a requirement for > > the default to name-based interface hooks or does the 'list hooks' > > extension satisfy the need for user space traceability? > > My main point is that rtnetlink has a notifier for new/removed links, > see 'ip monitor.'. > > So even if we want a 'nft hooks monitor', I don't see why kernel changes > are needed for it: subscribe to rtnetlink, then for a new link dump > the interfaces hooks *should* work. Oh, I didn't get that. Does it work with removed interfaces? 'nft monitor' will notice, but fetching hooks for the removed interface won't return anything then, right? Cheers, Phil
