logging: Improve logging messages related to NFTSet.

The 'NFTSet' directive in various units adds and removes entries in nftables
sets, it does not add or remove entire sets. The logging messages should
indicate that an entry was added or removed, not that a set was added or
removed.

(cherry picked from commit 2fe2ee9adb18347efc0f6856830b63ba0aa874a2)

diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 303614012f7fb4e94551057b972961011b73713d..7b7cc5c14c798370ced3a0a972e6a9e9264b6d02 100644 (file)
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -1880,10 +1880,10 @@ void unit_modify_nft_set(Unit *u, bool add) {
 
                 r = nft_set_element_modify_any(u->manager->fw_ctx, add, nft_set->nfproto, nft_set->table, nft_set->set, &element, sizeof(element));
                 if (r < 0)
-                        log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, cgroup %" PRIu64 ", ignoring: %m",
+                        log_warning_errno(r, "Failed to %s NFT set entry: family %s, table %s, set %s, cgroup %" PRIu64 ", ignoring: %m",
                                           add? "add" : "delete", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, crt->cgroup_id);
                 else
-                        log_debug("%s NFT set: family %s, table %s, set %s, cgroup %" PRIu64,
+                        log_debug("%s NFT set entry: family %s, table %s, set %s, cgroup %" PRIu64,
                                   add? "Added" : "Deleted", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, crt->cgroup_id);
         }
 }

diff --git a/src/core/unit.c b/src/core/unit.c
index 9bd16baadc9d2363e09437ee4442e7a18e7a31ae..2e4373e60480a93bdb993179c036d9f7cba91697 100644 (file)
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -5191,10 +5191,10 @@ static void unit_modify_user_nft_set(Unit *u, bool add, NFTSetSource source, uin
 
                 r = nft_set_element_modify_any(u->manager->fw_ctx, add, nft_set->nfproto, nft_set->table, nft_set->set, &element, sizeof(element));
                 if (r < 0)
-                        log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, ID %u, ignoring: %m",
+                        log_warning_errno(r, "Failed to %s NFT set entry: family %s, table %s, set %s, ID %u, ignoring: %m",
                                           add? "add" : "delete", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, element);
                 else
-                        log_debug("%s NFT set: family %s, table %s, set %s, ID %u",
+                        log_debug("%s NFT set entry: family %s, table %s, set %s, ID %u",
                                   add? "Added" : "Deleted", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, element);
         }
 }

diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c
index a658bda4335429f3d948d587b88800a9a5c145d9..04bace9333d7482d9fc3bbe842687eaae470022c 100644 (file)
--- a/src/network/networkd-address.c
+++ b/src/network/networkd-address.c
@@ -726,12 +726,12 @@ static void address_modify_nft_set_context(Address *address, bool add, NFTSetCon
                 }
 
                 if (r < 0)
-                        log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, IP address %s, ignoring: %m",
+                        log_warning_errno(r, "Failed to %s NFT set entry: family %s, table %s, set %s, IP address %s, ignoring: %m",
                                           add ? "add" : "delete",
                                           nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set,
                                           IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));
                 else
-                        log_debug("%s NFT set: family %s, table %s, set %s, IP address %s",
+                        log_debug("%s NFT set entry: family %s, table %s, set %s, IP address %s",
                                   add ? "Added" : "Deleted",
                                   nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set,
                                   IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));