On Mon, Feb 07, 2022 at 07:02:37PM +0100, Pablo Neira Ayuso wrote:
> On Fri, Jan 28, 2022 at 09:36:59PM +0100, Phil Sutter wrote:
[...]
> > -static void nft_chain_print_debug(struct nftnl_chain *c, struct nlmsghdr *nlh)
> > +static void nft_chain_print_debug(struct nft_handle *h,
> > + struct nftnl_chain *c, struct nlmsghdr *nlh)
> > {
> > -#ifdef NLDEBUG
> > - char tmp[1024];
> > -
> > - nftnl_chain_snprintf(tmp, sizeof(tmp), c, 0, 0);
> > - printf("DEBUG: chain: %s\n", tmp);
> > - mnl_nlmsg_fprintf(stdout, nlh, nlh->nlmsg_len, sizeof(struct nfgenmsg));
> > -#endif
> > + if (h->verbose > 1) {
> > + nftnl_chain_fprintf(stdout, c, 0, 0);
> > + fprintf(stdout, "\n");
> > + }
> > + if (h->verbose > 2)
> > + mnl_nlmsg_fprintf(stdout, nlh, nlh->nlmsg_len,
> > + sizeof(struct nfgenmsg));
>
> OK, so -v is netlink byte printing and -vv means print netlink message
> too. LGTM.
-v is "normal verbose output", -vv is also nftnl debug and -vvv is also
netlink message dump.
> I'd mention this in the commit description before applying.
Your comment is proof this needs better documentation! :D
Guess I'll describe the behaviour in iptables man page as well.
Thanks, Phil
