[PATCH nft] nftables: dump raw element info from libnftnl when netlink debugging is on

[PATCH nft] nftables: dump raw element info from libnftnl when netlink debugging is on

[Florian Westphal]

Example: nft --debug=netlink list ruleset
inet firewall @knock_candidates_ipv4
        element 0100007f 00007b00  : 0 [end]
        element 0200007f 0000f1ff  : 0 [end]
        element 0100007f 00007a00  : 0 [end]
inet firewall @__set0
        element 00000100  : 0 [end]
        element 00000200  : 0 [end]
inet firewall knock-input 3
  [ meta load l4proto => reg 1 ]
  ...

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 src/netlink.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/netlink.c b/src/netlink.c
index 20b3cdf5e469..d7fee0f5d5b5 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1086,6 +1086,17 @@ static void set_elem_parse_udata(struct nftnl_set_elem *nlse,
 			nftnl_udata_get_u32(ud[NFTNL_UDATA_SET_ELEM_FLAGS]);
 }
 
+static void netlink_dump_set_elem(struct nftnl_set_elem *nlse, struct netlink_ctx *ctx)
+{
+	FILE *fp = ctx->nft->output.output_fp;
+
+	if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp)
+		return;
+
+	nftnl_set_elem_fprintf(fp, nlse, 0, 0);
+	fprintf(fp, "\n");
+}
+
 int netlink_delinearize_setelem(struct nftnl_set_elem *nlse,
 				struct set *set, struct nft_cache *cache)
 {
@@ -1191,7 +1202,14 @@ out:
 static int list_setelem_cb(struct nftnl_set_elem *nlse, void *arg)
 {
 	struct netlink_ctx *ctx = arg;
-	return netlink_delinearize_setelem(nlse, ctx->set, &ctx->nft->cache);
+	int r;
+
+	r = netlink_delinearize_setelem(nlse, ctx->set, &ctx->nft->cache);
+
+	if (r == 0)
+		netlink_dump_set_elem(nlse, ctx);
+
+	return r;
 }
 
 int netlink_list_setelems(struct netlink_ctx *ctx, const struct handle *h,
-- 
2.26.2