1 files changed, 21 insertions, 5 deletions

diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
index 76e99adc..91d29670 100644
--- a/iptables/nft-cache.c
+++ b/iptables/nft-cache.c
@@ -26,6 +26,14 @@
 #include "nft-cache.h"
 #include "nft-chain.h"
 
+/* users may define NDEBUG */
+static void assert_nft_restart(struct nft_handle *h)
+{
+	int rc = nft_restart(h);
+
+	assert(rc >= 0);
+}
+
 static void cache_chain_list_insert(struct list_head *list, const char *name)
 {
 	struct cache_chain *pos = NULL, *new;
@@ -147,7 +155,7 @@ static int fetch_table_cache(struct nft_handle *h)
 
 	ret = mnl_talk(h, nlh, nftnl_table_list_cb, h);
 	if (ret < 0 && errno == EINTR)
-		assert(nft_restart(h) >= 0);
+		assert_nft_restart(h);
 
 	for (i = 0; i < NFT_TABLE_MAX; i++) {
 		enum nft_table_type type = h->tables[i].type;
@@ -417,6 +425,7 @@ static int set_fetch_elem_cb(struct nftnl_set *s, void *data)
 	char buf[MNL_SOCKET_BUFFER_SIZE];
 	struct nft_handle *h = data;
 	struct nlmsghdr *nlh;
+	int ret;
 
 	if (set_has_elements(s))
 		return 0;
@@ -425,7 +434,14 @@ static int set_fetch_elem_cb(struct nftnl_set *s, void *data)
 				    NLM_F_DUMP, h->seq);
 	nftnl_set_elems_nlmsg_build_payload(nlh, s);
 
-	return mnl_talk(h, nlh, set_elem_cb, s);
+	ret = mnl_talk(h, nlh, set_elem_cb, s);
+
+	if (!ret && h->verbose > 1) {
+		fprintf(stdout, "set ");
+		nftnl_set_fprintf(stdout, s, 0, 0);
+		fprintf(stdout, "\n");
+	}
+	return ret;
 }
 
 static int fetch_set_cache(struct nft_handle *h,
@@ -464,7 +480,7 @@ static int fetch_set_cache(struct nft_handle *h,
 
 	ret = mnl_talk(h, nlh, nftnl_set_list_cb, &d);
 	if (ret < 0 && errno == EINTR) {
-		assert(nft_restart(h) >= 0);
+		assert_nft_restart(h);
 		return ret;
 	}
 
@@ -504,7 +520,7 @@ static int __fetch_chain_cache(struct nft_handle *h,
 
 	ret = mnl_talk(h, nlh, nftnl_chain_list_cb, &d);
 	if (ret < 0 && errno == EINTR)
-		assert(nft_restart(h) >= 0);
+		assert_nft_restart(h);
 
 	return ret;
 }
@@ -598,7 +614,7 @@ static int nft_rule_list_update(struct nft_chain *nc, void *data)
 
 	ret = mnl_talk(h, nlh, nftnl_rule_list_cb, &rld);
 	if (ret < 0 && errno == EINTR)
-		assert(nft_restart(h) >= 0);
+		assert_nft_restart(h);
 
 	nftnl_rule_free(rule);