libnftnl detects when the kernel includes extra attributes that are not
recognized. Expose this to the user.
This could happen when using an older release of libnftl/nftables
with a more recent kernel, where a raw user of the netlink interface
uses an extended/more recent feature set.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
include/rule.h | 2 ++
src/netlink.c | 3 +++
src/rule.c | 5 +++++
3 files changed, 10 insertions(+)
diff --git a/include/rule.h b/include/rule.h
index 5b3e12b5d7dc..7cbd26897321 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -332,6 +332,7 @@ void rule_stmt_insert_at(struct rule *rule, struct stmt *nstmt,
* @automerge: merge adjacents and overlapping elements, if possible
* @comment: comment
* @errors: expr evaluation errors seen
+ * @incomplete: kernel set additional attributes unknown to this nft version
* @desc.size: count of set elements
* @desc.field_len: length of single concatenated fields, bytes
* @desc.field_count: count of concatenated fields
@@ -357,6 +358,7 @@ struct set {
bool automerge;
bool key_typeof_valid;
bool errors;
+ bool incomplete;
const char *comment;
struct {
uint32_t size;
diff --git a/src/netlink.c b/src/netlink.c
index 25ee3419772b..c057e1d04c28 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1032,6 +1032,9 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx,
if (comment)
set->comment = xstrdup(comment);
+ if (!nftnl_set_complete(nls))
+ set->incomplete = true;
+
init_list_head(&set_parse_ctx.stmt_list);
if (nftnl_set_is_set(nls, NFTNL_SET_EXPR)) {
diff --git a/src/rule.c b/src/rule.c
index 9bc160ec0d88..e4fce143d8be 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -405,6 +405,11 @@ static void set_print_declaration(const struct set *set,
set->comment,
opts->stmt_separator);
}
+
+ if (set->incomplete)
+ nft_print(octx, "%s%s# Unknown features used (old nft version?)%s",
+ opts->tab, opts->tab,
+ opts->stmt_separator);
}
static void do_set_print(const struct set *set, struct print_fmt_options *opts,
--
2.45.2
