logging: Improve logging messages related to NFTSet.

The 'NFTSet' directive in various units adds and removes entries in nftables
sets, it does not add or remove entire sets. The logging messages should
indicate that an entry was added or removed, not that a set was added or
removed.

diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index f823de50e4ab0900491bfdc01a924088a96d3cdc..ce9c30fc6edffb2ea5fe9ae508b79b99cdc52fc3 100644 (file)
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -1353,10 +1353,10 @@ void unit_modify_nft_set(Unit *u, bool add) {
 
                 r = nft_set_element_modify_any(u->manager->fw_ctx, add, nft_set->nfproto, nft_set->table, nft_set->set, &element, sizeof(element));
                 if (r < 0)
-                        log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, cgroup %" PRIu64 ", ignoring: %m",
+                        log_warning_errno(r, "Failed to %s NFT set entry: family %s, table %s, set %s, cgroup %" PRIu64 ", ignoring: %m",
                                           add? "add" : "delete", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, crt->cgroup_id);
                 else
-                        log_debug("%s NFT set: family %s, table %s, set %s, cgroup %" PRIu64,
+                        log_debug("%s NFT set entry: family %s, table %s, set %s, cgroup %" PRIu64,
                                   add? "Added" : "Deleted", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, crt->cgroup_id);
         }
 }

diff --git a/src/core/unit.c b/src/core/unit.c
index a25954571b3e529493e1118e45758d4e2ea906d1..a25f755c113519320e4575f597c4903c9eb926fe 100644 (file)
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -5291,10 +5291,10 @@ static void unit_modify_user_nft_set(Unit *u, bool add, NFTSetSource source, uin
 
                 r = nft_set_element_modify_any(u->manager->fw_ctx, add, nft_set->nfproto, nft_set->table, nft_set->set, &element, sizeof(element));
                 if (r < 0)
-                        log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, ID %u, ignoring: %m",
+                        log_warning_errno(r, "Failed to %s NFT set entry: family %s, table %s, set %s, ID %u, ignoring: %m",
                                           add? "add" : "delete", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, element);
                 else
-                        log_debug("%s NFT set: family %s, table %s, set %s, ID %u",
+                        log_debug("%s NFT set entry: family %s, table %s, set %s, ID %u",
                                   add? "Added" : "Deleted", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, element);
         }
 }

diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c
index 3cd8762054ead99e0195d65ff6a4e3d9803d7962..716bee731f0d41115e48fde813fb9747b2ed0ff4 100644 (file)
--- a/src/network/networkd-address.c
+++ b/src/network/networkd-address.c
@@ -734,12 +734,12 @@ static void address_modify_nft_set_context(Address *address, bool add, NFTSetCon
                 }
 
                 if (r < 0)
-                        log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, IP address %s, ignoring: %m",
+                        log_warning_errno(r, "Failed to %s NFT set entry: family %s, table %s, set %s, IP address %s, ignoring: %m",
                                           add ? "add" : "delete",
                                           nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set,
                                           IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
                 else
-                        log_debug("%s NFT set: family %s, table %s, set %s, IP address %s",
+                        log_debug("%s NFT set entry: family %s, table %s, set %s, IP address %s",
                                   add ? "Added" : "Deleted",
                                   nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set,
                                   IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));