diff options
author | Phil Sutter <phil@nwl.cc> | 2023-07-15 14:13:28 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2023-07-28 11:35:17 +0200 |
commit | a2532c966659f386781a5757e0a1f42cb1d81573 (patch) | |
tree | ede221eb507cdbebb923e583825b3d0809afef5b /iptables | |
parent | bd71c11a95ab2b44794843fd8a3698039a7db211 (diff) |
nft: Include sets in debug output
Rules referencing them are incomplete without, so add debug output on
the same level as for rules.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/nft-cache.c | 10 | ||||
-rw-r--r-- | iptables/nft.c | 6 |
2 files changed, 15 insertions, 1 deletions
diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c index 76e99adc..fabb5779 100644 --- a/iptables/nft-cache.c +++ b/iptables/nft-cache.c @@ -417,6 +417,7 @@ static int set_fetch_elem_cb(struct nftnl_set *s, void *data) char buf[MNL_SOCKET_BUFFER_SIZE]; struct nft_handle *h = data; struct nlmsghdr *nlh; + int ret; if (set_has_elements(s)) return 0; @@ -425,7 +426,14 @@ static int set_fetch_elem_cb(struct nftnl_set *s, void *data) NLM_F_DUMP, h->seq); nftnl_set_elems_nlmsg_build_payload(nlh, s); - return mnl_talk(h, nlh, set_elem_cb, s); + ret = mnl_talk(h, nlh, set_elem_cb, s); + + if (!ret && h->verbose > 1) { + fprintf(stdout, "set "); + nftnl_set_fprintf(stdout, s, 0, 0); + fprintf(stdout, "\n"); + } + return ret; } static int fetch_set_cache(struct nft_handle *h, diff --git a/iptables/nft.c b/iptables/nft.c index f453f07a..b702c65a 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2975,6 +2975,12 @@ static void nft_compat_setelem_batch_add(struct nft_handle *h, uint16_t type, break; } nftnl_set_elems_iter_destroy(iter); + + if (h->verbose > 1) { + fprintf(stdout, "set "); + nftnl_set_fprintf(stdout, set, 0, 0); + fprintf(stdout, "\n"); + } } static void nft_compat_chain_batch_add(struct nft_handle *h, uint16_t type, |