Hi,
I would like to propose this patch to netfilter.
This patch aims that all the "--debug" levels of nft are treated as it
is, even in cache_update().
Currently, nft seems not to pass any other debug level than netlink
through cache_update(). It is not convenient to check all packets even
if they are generated by cache_update().
ex. "nft --debug mnl list ruleset" doesn't show any debug
information. With this patch, nft can show mnl debug information,it is
convenient for debug.
How about this patch? If it is OK, I'm glad to accept this patch.
Thank you in advance,
Takahide Nojima.
diff --git a/include/rule.h b/include/rule.h
index 86f7281..769c54c 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -552,7 +552,7 @@ struct netlink_ctx;
extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd);
extern int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache,
- enum cmd_ops cmd, struct list_head *msgs, bool debug,
+ enum cmd_ops cmd, struct list_head *msgs, unsigned int debug_mask,
struct output_ctx *octx);
extern void cache_flush(struct list_head *table_list);
extern void cache_release(struct nft_cache *cache);
diff --git a/src/evaluate.c b/src/evaluate.c
index a2c1c72..8d30794 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -184,7 +184,7 @@ static int expr_evaluate_symbol(struct eval_ctx *ctx, struct expr **expr)
break;
case SYMBOL_SET:
ret = cache_update(ctx->nf_sock, ctx->cache, ctx->cmd->op,
- ctx->msgs, ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
+ ctx->msgs, ctx->debug_mask, ctx->octx);
if (ret < 0)
return ret;
@@ -3076,14 +3076,14 @@ static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd)
switch (cmd->obj) {
case CMD_OBJ_SETELEM:
ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op,
- ctx->msgs, ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
+ ctx->msgs, ctx->debug_mask, ctx->octx);
if (ret < 0)
return ret;
return setelem_evaluate(ctx, &cmd->expr);
case CMD_OBJ_SET:
ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op,
- ctx->msgs, ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
+ ctx->msgs, ctx->debug_mask, ctx->octx);
if (ret < 0)
return ret;
@@ -3094,7 +3094,7 @@ static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd)
return rule_evaluate(ctx, cmd->rule);
case CMD_OBJ_CHAIN:
ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op,
- ctx->msgs, ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
+ ctx->msgs, ctx->debug_mask, ctx->octx);
if (ret < 0)
return ret;
@@ -3126,7 +3126,7 @@ static int cmd_evaluate_delete(struct eval_ctx *ctx, struct cmd *cmd)
switch (cmd->obj) {
case CMD_OBJ_SETELEM:
ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op,
- ctx->msgs, ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
+ ctx->msgs, ctx->debug_mask, ctx->octx);
if (ret < 0)
return ret;
@@ -3199,7 +3199,7 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
int ret;
ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs,
- ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
+ ctx->debug_mask, ctx->octx);
if (ret < 0)
return ret;
@@ -3287,7 +3287,7 @@ static int cmd_evaluate_reset(struct eval_ctx *ctx, struct cmd *cmd)
int ret;
ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs,
- ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
+ ctx->debug_mask, ctx->octx);
if (ret < 0)
return ret;
@@ -3314,7 +3314,7 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
int ret;
ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs,
- ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
+ ctx->debug_mask, ctx->octx);
if (ret < 0)
return ret;
@@ -3373,7 +3373,7 @@ static int cmd_evaluate_rename(struct eval_ctx *ctx, struct cmd *cmd)
switch (cmd->obj) {
case CMD_OBJ_CHAIN:
ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op,
- ctx->msgs, ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
+ ctx->msgs, ctx->debug_mask, ctx->octx);
if (ret < 0)
return ret;
@@ -3471,7 +3471,7 @@ static int cmd_evaluate_monitor(struct eval_ctx *ctx, struct cmd *cmd)
int ret;
ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs,
- ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
+ ctx->debug_mask, ctx->octx);
if (ret < 0)
return ret;
@@ -3496,7 +3496,7 @@ static int cmd_evaluate_export(struct eval_ctx *ctx, struct cmd *cmd)
return cmd_error(ctx, "this output type is not supported");
return cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs,
- ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
+ ctx->debug_mask, ctx->octx);
}
static int cmd_evaluate_import(struct eval_ctx *ctx, struct cmd *cmd)
diff --git a/src/netlink.c b/src/netlink.c
index a74dc25..10e676c 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -482,7 +482,7 @@ int netlink_replace_rule_batch(struct netlink_ctx *ctx, const struct handle *h,
if (ctx->octx->echo) {
err = cache_update(ctx->nf_sock, ctx->cache,
CMD_INVALID, ctx->msgs,
- ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
+ ctx->debug_mask, ctx->octx);
if (err < 0)
return err;
diff --git a/src/rule.c b/src/rule.c
index c5bf659..75e5041 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -146,7 +146,7 @@ static int cache_init(struct netlink_ctx *ctx, enum cmd_ops cmd)
}
int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache,
- enum cmd_ops cmd, struct list_head *msgs, bool debug,
+ enum cmd_ops cmd, struct list_head *msgs, unsigned int debug_mask,
struct output_ctx *octx)
{
uint16_t genid;
@@ -156,7 +156,7 @@ int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache,
.nf_sock = nf_sock,
.cache = cache,
.msgs = msgs,
- .debug_mask = debug ? NFT_DEBUG_NETLINK : 0,
+ .debug_mask = debug_mask,
.octx = octx,
};
