nft: Add useful debug output when a builtin table is created

This is useful to know if a builtin table is requested to be created.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft.c b/iptables/nft.c
index a45d599bc4a620f171b568ff8882d81a692d7c1a..36ac69cc9893a941dff8b34593237e6aa429c401 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -451,6 +451,14 @@ nft_table_builtin_add(struct nft_handle *h, struct builtin_table *_t,
        nft_table_nlmsg_build_payload(nlh, t);
        nft_table_free(t);
 
+#ifdef NLDEBUG
+       char tmp[1024];
+
+       nft_table_snprintf(tmp, sizeof(tmp), t, 0, 0);
+       printf("DEBUG: table: %s", tmp);
+       mnl_nlmsg_fprintf(stdout, nlh, nlh->nlmsg_len, sizeof(struct nfgenmsg));
+#endif
+
        ret = mnl_talk(h, nlh, NULL, NULL);
        if (ret < 0) {
                if (errno != EEXIST)