monitor: Correctly print flowtable updates

An update deleting a hook from a flowtable was indistinguishable from a
flowtable deletion.

Fixes: 73a8adfc2432e ("monitor: Recognize flowtable add/del events")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/monitor.c b/src/monitor.c
index 4ceff948244322a6c87995de14080b433b6a56f5..e3e38c2a12b787d573885f9298dc19d04d77ae25 100644 (file)
--- a/src/monitor.c
+++ b/src/monitor.c
@@ -577,14 +577,18 @@ static int netlink_events_flowtable_cb(const struct nlmsghdr *nlh, int type,
                nft_mon_print(monh, "%s ", cmd);
 
                switch (type) {
+               case NFT_MSG_DELFLOWTABLE:
+                       if (!ft->dev_array_len) {
+                               nft_mon_print(monh, "flowtable %s %s %s",
+                                             family,
+                                             ft->handle.table.name,
+                                             ft->handle.flowtable.name);
+                               break;
+                       }
+                       /* fall through */
                case NFT_MSG_NEWFLOWTABLE:
                        flowtable_print_plain(ft, &monh->ctx->nft->output);
                        break;
-               case NFT_MSG_DELFLOWTABLE:
-                       nft_mon_print(monh, "flowtable %s %s %s", family,
-                                     ft->handle.table.name,
-                                     ft->handle.flowtable.name);
-                       break;
                }
                nft_mon_print(monh, "\n");
                break;