nft: trace: print packet unconditionally

The kernel includes the packet dump once for each base hook.
This means that in case a table contained no matching rule(s),
the packet dump will be included in the base policy dump.

Simply move the packet dump request out of the switch statement
so the debug output shows current packet even with no matched rule.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/netlink.c b/src/netlink.c
index 2ea2d4457664a337d7b3273ac9c749cbc6f472c2..8098b9746c95309fc981993c87d101e99aee72c3 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1880,12 +1880,12 @@ int netlink_events_trace_cb(const struct nlmsghdr *nlh, int type,
        if (nftnl_trace_nlmsg_parse(nlh, nlt) < 0)
                netlink_abi_error();
 
+       if (nftnl_trace_is_set(nlt, NFTNL_TRACE_LL_HEADER) ||
+           nftnl_trace_is_set(nlt, NFTNL_TRACE_NETWORK_HEADER))
+               trace_print_packet(nlt, &monh->ctx->nft->output);
+
        switch (nftnl_trace_get_u32(nlt, NFTNL_TRACE_TYPE)) {
        case NFT_TRACETYPE_RULE:
-               if (nftnl_trace_is_set(nlt, NFTNL_TRACE_LL_HEADER) ||
-                   nftnl_trace_is_set(nlt, NFTNL_TRACE_NETWORK_HEADER))
-                       trace_print_packet(nlt, &monh->ctx->nft->output);
-
                if (nftnl_trace_is_set(nlt, NFTNL_TRACE_RULE_HANDLE))
                        trace_print_rule(nlt, &monh->ctx->nft->output,
                                         &monh->ctx->nft->cache);