From 4694f7230195bfcff179ed418ddcdd5ff7d5a8e1 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Wed, 27 Jan 2021 14:29:50 +0100 Subject: src: add support for base hook dumping Example output: $ nft list hook ip input family ip hook input { +0000000000 nft_do_chain_inet [nf_tables] # nft table ip filter chain input +0000000010 nft_do_chain_inet [nf_tables] # nft table ip firewalld chain filter_INPUT +0000000100 nf_nat_ipv4_local_in [nf_nat] +2147483647 ipv4_confirm [nf_conntrack] } $ nft list hooks netdev type ingress device lo family netdev hook ingress device lo { +0000000000 nft_do_chain_netdev [nf_tables] } $ nft list hooks inet family ip hook prerouting { -0000000400 ipv4_conntrack_defrag [nf_defrag_ipv4] -0000000300 iptable_raw_hook [iptable_raw] -0000000290 nft_do_chain_inet [nf_tables] # nft table ip firewalld chain raw_PREROUTING -0000000200 ipv4_conntrack_in [nf_conntrack] -0000000140 nft_do_chain_inet [nf_tables] # nft table ip firewalld chain mangle_PREROUTING -0000000100 nf_nat_ipv4_pre_routing [nf_nat] } ... 'nft list hooks' will display everyting except the netdev family via successive dump request for all family:hook combinations. Signed-off-by: Florian Westphal --- src/scanner.l | 1 + 1 file changed, 1 insertion(+) (limited to 'src/scanner.l') diff --git a/src/scanner.l b/src/scanner.l index c1bc21aa..6dc1be89 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -354,6 +354,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "limits" { return LIMITS; } "secmarks" { return SECMARKS; } "synproxys" { return SYNPROXYS; } + "hooks" { return HOOKS; } } "counter" { scanner_push_start_cond(yyscanner, SCANSTATE_COUNTER); return COUNTER; } -- cgit v1.2.3