From a2532c966659f386781a5757e0a1f42cb1d81573 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Sat, 15 Jul 2023 14:13:28 +0200 Subject: nft: Include sets in debug output Rules referencing them are incomplete without, so add debug output on the same level as for rules. Signed-off-by: Phil Sutter --- iptables/nft-cache.c | 10 +++++++++- iptables/nft.c | 6 ++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c index 76e99adc..fabb5779 100644 --- a/iptables/nft-cache.c +++ b/iptables/nft-cache.c @@ -417,6 +417,7 @@ static int set_fetch_elem_cb(struct nftnl_set *s, void *data) char buf[MNL_SOCKET_BUFFER_SIZE]; struct nft_handle *h = data; struct nlmsghdr *nlh; + int ret; if (set_has_elements(s)) return 0; @@ -425,7 +426,14 @@ static int set_fetch_elem_cb(struct nftnl_set *s, void *data) NLM_F_DUMP, h->seq); nftnl_set_elems_nlmsg_build_payload(nlh, s); - return mnl_talk(h, nlh, set_elem_cb, s); + ret = mnl_talk(h, nlh, set_elem_cb, s); + + if (!ret && h->verbose > 1) { + fprintf(stdout, "set "); + nftnl_set_fprintf(stdout, s, 0, 0); + fprintf(stdout, "\n"); + } + return ret; } static int fetch_set_cache(struct nft_handle *h, diff --git a/iptables/nft.c b/iptables/nft.c index f453f07a..b702c65a 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2975,6 +2975,12 @@ static void nft_compat_setelem_batch_add(struct nft_handle *h, uint16_t type, break; } nftnl_set_elems_iter_destroy(iter); + + if (h->verbose > 1) { + fprintf(stdout, "set "); + nftnl_set_fprintf(stdout, set, 0, 0); + fprintf(stdout, "\n"); + } } static void nft_compat_chain_batch_add(struct nft_handle *h, uint16_t type, -- cgit v1.2.3