From: Kevin P. Fleming Date: Wed, 6 Aug 2025 21:33:31 +0000 (-0400) Subject: logging: Improve logging messages related to NFTSet. X-Git-Tag: v257.9~58 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e971fb2bfbb4b6b7a569a93556a9b5ae9d2d1ed4;p=thirdparty%2Fsystemd.git logging: Improve logging messages related to NFTSet. The 'NFTSet' directive in various units adds and removes entries in nftables sets, it does not add or remove entire sets. The logging messages should indicate that an entry was added or removed, not that a set was added or removed. (cherry picked from commit 2fe2ee9adb18347efc0f6856830b63ba0aa874a2) --- diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 303614012f7..7b7cc5c14c7 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -1880,10 +1880,10 @@ void unit_modify_nft_set(Unit *u, bool add) { r = nft_set_element_modify_any(u->manager->fw_ctx, add, nft_set->nfproto, nft_set->table, nft_set->set, &element, sizeof(element)); if (r < 0) - log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, cgroup %" PRIu64 ", ignoring: %m", + log_warning_errno(r, "Failed to %s NFT set entry: family %s, table %s, set %s, cgroup %" PRIu64 ", ignoring: %m", add? "add" : "delete", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, crt->cgroup_id); else - log_debug("%s NFT set: family %s, table %s, set %s, cgroup %" PRIu64, + log_debug("%s NFT set entry: family %s, table %s, set %s, cgroup %" PRIu64, add? "Added" : "Deleted", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, crt->cgroup_id); } } diff --git a/src/core/unit.c b/src/core/unit.c index 9bd16baadc9..2e4373e6048 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -5191,10 +5191,10 @@ static void unit_modify_user_nft_set(Unit *u, bool add, NFTSetSource source, uin r = nft_set_element_modify_any(u->manager->fw_ctx, add, nft_set->nfproto, nft_set->table, nft_set->set, &element, sizeof(element)); if (r < 0) - log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, ID %u, ignoring: %m", + log_warning_errno(r, "Failed to %s NFT set entry: family %s, table %s, set %s, ID %u, ignoring: %m", add? "add" : "delete", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, element); else - log_debug("%s NFT set: family %s, table %s, set %s, ID %u", + log_debug("%s NFT set entry: family %s, table %s, set %s, ID %u", add? "Added" : "Deleted", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, element); } } diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c index a658bda4335..04bace9333d 100644 --- a/src/network/networkd-address.c +++ b/src/network/networkd-address.c @@ -726,12 +726,12 @@ static void address_modify_nft_set_context(Address *address, bool add, NFTSetCon } if (r < 0) - log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, IP address %s, ignoring: %m", + log_warning_errno(r, "Failed to %s NFT set entry: family %s, table %s, set %s, IP address %s, ignoring: %m", add ? "add" : "delete", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen)); else - log_debug("%s NFT set: family %s, table %s, set %s, IP address %s", + log_debug("%s NFT set entry: family %s, table %s, set %s, IP address %s", add ? "Added" : "Deleted", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));