From 405ee2c3fea3ebdb8ac2af183db903c81e78f528 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Fri, 21 Jul 2023 11:15:15 +0200
Subject: nft: More verbose extension comparison debugging

Dump extension data if it differs.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft-shared.c | 2 ++
 iptables/xshared.h    | 7 +++++++
 2 files changed, 9 insertions(+)

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 0cd082b5..34ca9d16 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -398,6 +398,8 @@ bool compare_matches(struct xtables_rule_match *mt1,
 
 		if (memcmp(m1->data, m2->data, cmplen) != 0) {
 			DEBUGP("mismatch match data\n");
+			DEBUG_HEXDUMP("m1->data", m1->data, cmplen);
+			DEBUG_HEXDUMP("m2->data", m2->data, cmplen);
 			return false;
 		}
 	}
diff --git a/iptables/xshared.h b/iptables/xshared.h
index 0ed9f3c2..a200e0d6 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -12,8 +12,15 @@
 
 #ifdef DEBUG
 #define DEBUGP(x, args...) fprintf(stderr, x, ## args)
+#define DEBUG_HEXDUMP(pfx, data, len)					\
+	for (int __i = 0; __i < (len); __i++) {				\
+		if (__i % 16 == 0)					\
+			printf("%s%s: ", __i ? "\n" : "", (pfx));	\
+		printf("%02x ", ((const unsigned char *)data)[__i]);	\
+	} printf("\n")
 #else
 #define DEBUGP(x, args...)
+#define DEBUG_HEXDUMP(pfx, data, len)
 #endif
 
 enum {
-- 
cgit v1.2.3