nft: Include sets in debug output

Rules referencing them are incomplete without, so add debug output on
the same level as for rules.

Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
index 76e99adcb8566f8948a6fea52256260214147668..fabb577903f282082612ab729e1efa1a24bdb711 100644 (file)
--- a/iptables/nft-cache.c
+++ b/iptables/nft-cache.c
@@ -417,6 +417,7 @@ static int set_fetch_elem_cb(struct nftnl_set *s, void *data)
        char buf[MNL_SOCKET_BUFFER_SIZE];
        struct nft_handle *h = data;
        struct nlmsghdr *nlh;
+       int ret;
 
        if (set_has_elements(s))
                return 0;
@@ -425,7 +426,14 @@ static int set_fetch_elem_cb(struct nftnl_set *s, void *data)
                                    NLM_F_DUMP, h->seq);
        nftnl_set_elems_nlmsg_build_payload(nlh, s);
 
-       return mnl_talk(h, nlh, set_elem_cb, s);
+       ret = mnl_talk(h, nlh, set_elem_cb, s);
+
+       if (!ret && h->verbose > 1) {
+               fprintf(stdout, "set ");
+               nftnl_set_fprintf(stdout, s, 0, 0);
+               fprintf(stdout, "\n");
+       }
+       return ret;
 }
 
 static int fetch_set_cache(struct nft_handle *h,

diff --git a/iptables/nft.c b/iptables/nft.c
index f453f07acb7e94d7cd3c3164d763706c951670c0..b702c65ae49aaef2eaef5fe6b68293e5721da02c 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2975,6 +2975,12 @@ static void nft_compat_setelem_batch_add(struct nft_handle *h, uint16_t type,
                        break;
        }
        nftnl_set_elems_iter_destroy(iter);
+
+       if (h->verbose > 1) {
+               fprintf(stdout, "set ");
+               nftnl_set_fprintf(stdout, set, 0, 0);
+               fprintf(stdout, "\n");
+       }
 }
 
 static void nft_compat_chain_batch_add(struct nft_handle *h, uint16_t type,