Example: nft --debug=netlink list ruleset
inet firewall @knock_candidates_ipv4
element 0100007f 00007b00 : 0 [end]
element 0200007f 0000f1ff : 0 [end]
element 0100007f 00007a00 : 0 [end]
inet firewall @__set0
element 00000100 : 0 [end]
element 00000200 : 0 [end]
inet firewall knock-input 3
[ meta load l4proto => reg 1 ]
...
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/netlink.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/netlink.c b/src/netlink.c
index 20b3cdf5e469..d7fee0f5d5b5 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1086,6 +1086,17 @@ static void set_elem_parse_udata(struct nftnl_set_elem *nlse,
nftnl_udata_get_u32(ud[NFTNL_UDATA_SET_ELEM_FLAGS]);
}
+static void netlink_dump_set_elem(struct nftnl_set_elem *nlse, struct netlink_ctx *ctx)
+{
+ FILE *fp = ctx->nft->output.output_fp;
+
+ if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp)
+ return;
+
+ nftnl_set_elem_fprintf(fp, nlse, 0, 0);
+ fprintf(fp, "\n");
+}
+
int netlink_delinearize_setelem(struct nftnl_set_elem *nlse,
struct set *set, struct nft_cache *cache)
{
@@ -1191,7 +1202,14 @@ out:
static int list_setelem_cb(struct nftnl_set_elem *nlse, void *arg)
{
struct netlink_ctx *ctx = arg;
- return netlink_delinearize_setelem(nlse, ctx->set, &ctx->nft->cache);
+ int r;
+
+ r = netlink_delinearize_setelem(nlse, ctx->set, &ctx->nft->cache);
+
+ if (r == 0)
+ netlink_dump_set_elem(nlse, ctx);
+
+ return r;
}
int netlink_list_setelems(struct netlink_ctx *ctx, const struct handle *h,
--
2.26.2
