nft: trace: print packet unconditionally

The kernel includes the packet dump once for each base hook.
This means that in case a table contained no matching rule(s),
the packet dump will be included in the base policy dump.

Simply move the packet dump request out of the switch statement
so the debug output shows current packet even with no matched rule.

Signed-off-by: Florian Westphal <fw@strlen.de>

1 files changed, 4 insertions, 4 deletions

diff --git a/src/netlink.c b/src/netlink.c
index 2ea2d445..8098b974 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1880,12 +1880,12 @@ int netlink_events_trace_cb(const struct nlmsghdr *nlh, int type,
 	if (nftnl_trace_nlmsg_parse(nlh, nlt) < 0)
 		netlink_abi_error();
 
+	if (nftnl_trace_is_set(nlt, NFTNL_TRACE_LL_HEADER) ||
+	    nftnl_trace_is_set(nlt, NFTNL_TRACE_NETWORK_HEADER))
+		trace_print_packet(nlt, &monh->ctx->nft->output);
+
 	switch (nftnl_trace_get_u32(nlt, NFTNL_TRACE_TYPE)) {
 	case NFT_TRACETYPE_RULE:
-		if (nftnl_trace_is_set(nlt, NFTNL_TRACE_LL_HEADER) ||
-		    nftnl_trace_is_set(nlt, NFTNL_TRACE_NETWORK_HEADER))
-			trace_print_packet(nlt, &monh->ctx->nft->output);
-
 		if (nftnl_trace_is_set(nlt, NFTNL_TRACE_RULE_HANDLE))
 			trace_print_rule(nlt, &monh->ctx->nft->output,
 					 &monh->ctx->nft->cache);