[PATCH v1 0/6] netlink netfilter decoder
Mathis Marion
mathis.marion at silabs.com
Thu Jun 19 14:12:40 UTC 2025
On 19/06/2025 15:09, Dmitry V. Levin wrote:
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
>
> Hi,
Hello Dmitry,
>
> On Thu, Jun 12, 2025 at 11:56:00AM +0200, Mathis Marion wrote:
>> From: Mathis Marion <mathis.marion at silabs.com>
>>
>> Hello,
>>
>> I have been using strace to analyze the nftables kernel API, and ended
>> up implementing some decoders. This is by no means complete, but I
>> included already quite a lot of attributes. I hope that the community
>> will find this valuable.
>
> Thank you for contributing these decoders. I assume you've been using
> some tools to generate so many decoding tables, could you share them
> as well?
>
I must admit that this has been manual work. nf_tables.h[1] is quite
well documented so I suppose it could be passed through some scripts
to extract data. At least the xlat tables could be generated using a
script. I see that there are already some scripts to generate some
tables, but I did not spend the time to understand them. I can look
into providing some automation for future xlat updates and missing
attributes. Do you suggest a starting point based on the existing
scripts?
[1]: https://elixir.bootlin.com/linux/v6.15.2/source/include/uapi/linux/netfilter/nf_tables.h
>> I manually tested this series using 'strace nft', but I am opened to
>> spend a bit of time on writing unit tests if necessary. Testing all
>> attributes seems unreasonable though so I am interested to know more
>> about the project's expectations.
>
> We usually strive to have test coverage for every new function being
> added. When a new table is added, there is no need to test every constant
> in that table (although in some decoders we test every constant), but at
> least one constant from the table should be tested to test the use of the
> table.
>
Good to know. Dumping nftables (ie. strace nft list ruleset) already covers
quite a lot of attributes, so I will start from there.
>
> --
> ldv
More information about the Strace-devel
mailing list