From: Kevin P. Fleming Date: Wed, 6 Aug 2025 21:33:31 +0000 (-0400) Subject: logging: Improve logging messages related to NFTSet. X-Git-Tag: v258-rc3~69 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2fe2ee9adb18347efc0f6856830b63ba0aa874a2;p=thirdparty%2Fsystemd.git logging: Improve logging messages related to NFTSet. The 'NFTSet' directive in various units adds and removes entries in nftables sets, it does not add or remove entire sets. The logging messages should indicate that an entry was added or removed, not that a set was added or removed. --- diff --git a/src/core/cgroup.c b/src/core/cgroup.c index f823de50e4a..ce9c30fc6ed 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -1353,10 +1353,10 @@ void unit_modify_nft_set(Unit *u, bool add) { r = nft_set_element_modify_any(u->manager->fw_ctx, add, nft_set->nfproto, nft_set->table, nft_set->set, &element, sizeof(element)); if (r < 0) - log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, cgroup %" PRIu64 ", ignoring: %m", + log_warning_errno(r, "Failed to %s NFT set entry: family %s, table %s, set %s, cgroup %" PRIu64 ", ignoring: %m", add? "add" : "delete", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, crt->cgroup_id); else - log_debug("%s NFT set: family %s, table %s, set %s, cgroup %" PRIu64, + log_debug("%s NFT set entry: family %s, table %s, set %s, cgroup %" PRIu64, add? "Added" : "Deleted", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, crt->cgroup_id); } } diff --git a/src/core/unit.c b/src/core/unit.c index a25954571b3..a25f755c113 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -5291,10 +5291,10 @@ static void unit_modify_user_nft_set(Unit *u, bool add, NFTSetSource source, uin r = nft_set_element_modify_any(u->manager->fw_ctx, add, nft_set->nfproto, nft_set->table, nft_set->set, &element, sizeof(element)); if (r < 0) - log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, ID %u, ignoring: %m", + log_warning_errno(r, "Failed to %s NFT set entry: family %s, table %s, set %s, ID %u, ignoring: %m", add? "add" : "delete", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, element); else - log_debug("%s NFT set: family %s, table %s, set %s, ID %u", + log_debug("%s NFT set entry: family %s, table %s, set %s, ID %u", add? "Added" : "Deleted", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, element); } } diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c index 3cd8762054e..716bee731f0 100644 --- a/src/network/networkd-address.c +++ b/src/network/networkd-address.c @@ -734,12 +734,12 @@ static void address_modify_nft_set_context(Address *address, bool add, NFTSetCon } if (r < 0) - log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, IP address %s, ignoring: %m", + log_warning_errno(r, "Failed to %s NFT set entry: family %s, table %s, set %s, IP address %s, ignoring: %m", add ? "add" : "delete", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen)); else - log_debug("%s NFT set: family %s, table %s, set %s, IP address %s", + log_debug("%s NFT set entry: family %s, table %s, set %s, IP address %s", add ? "Added" : "Deleted", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));