diff mbox series

nftables patch proposal: debug_mask propagate through cache_update() just as it is.

Message ID 1520991597.17526.14.camel@gmail.com
State RFC
Delegated to: Pablo Neira
Headers show
Series nftables patch proposal: debug_mask propagate through cache_update() just as it is. | expand

Commit Message

nozzy123nozzy@gmail.com March 14, 2018, 1:39 a.m. UTC 
Hi nft developers, 

 I would like to propose this patch to netfilter.

 This patch aims that all the "--debug" levels of nft are treated as it
is in cache_update(). 

 Currently, nft seems to omit any  debug level except for "netlink"
level through cache_update(). It is not convenient to check all packets
also generated by cache_update().

  Example: 
   "nft --debug mnl list ruleset" doesn't show any debug
information. With this patch, nft can show mnl debug information.It is 
convenient for debug. (at least convenient to me.)

 How about this patch? I'm glad if you accept this patch.

Thank you in advance,

Takahide Nojima.

 -----------------patch is here----------------------------
From fbdf4d73328580031e1e68b6a163f640330253b9 Mon Sep 17 00:00:00 2001
From: Takahide Nojima <nozzy123nozzy@gmail.com>
Date: Sat, 10 Mar 2018 15:36:30 +0900
Subject: debug_mask parameter pass through to cache_update()

Signed-off-by: Takahide Nojima <nozzy123nozzy@gmail.com>
---
 include/rule.h |  2 +-
 src/evaluate.c | 22 +++++++++++-----------
 src/netlink.c  |  2 +-
 src/rule.c     |  4 ++--
 4 files changed, 15 insertions(+), 15 deletions(-)

 {
 	uint16_t genid;
@@ -156,7 +156,7 @@ int cache_update(struct mnl_socket *nf_sock, struct
nft_cache *cache,
 		.nf_sock	= nf_sock,
 		.cache		= cache,
 		.msgs		= msgs,
-		.debug_mask	= debug ? NFT_DEBUG_NETLINK : 0,
+		.debug_mask	= debug_mask,
 		.octx		= octx,
 	};
diff mbox series

Patch

diff --git a/include/rule.h b/include/rule.h
index 86f7281..769c54c 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -552,7 +552,7 @@  struct netlink_ctx;
 extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd);
 
 extern int cache_update(struct mnl_socket *nf_sock, struct nft_cache
*cache,
-			enum cmd_ops cmd, struct list_head *msgs, bool
debug,
+			enum cmd_ops cmd, struct list_head *msgs,
unsigned int debug_mask,
 			struct output_ctx *octx);
 extern void cache_flush(struct list_head *table_list);
 extern void cache_release(struct nft_cache *cache);
diff --git a/src/evaluate.c b/src/evaluate.c
index a2c1c72..097d0a1 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -184,7 +184,7 @@  static int expr_evaluate_symbol(struct eval_ctx
*ctx, struct expr **expr)
 		break;
 	case SYMBOL_SET:
 		ret = cache_update(ctx->nf_sock, ctx->cache, ctx->cmd-
>op,
-				   ctx->msgs, ctx->debug_mask &
NFT_DEBUG_NETLINK, ctx->octx);
+				   ctx->msgs, ctx->debug_mask, ctx-
>octx);
 		if (ret < 0)
 			return ret;
 
@@ -3076,14 +3076,14 @@  static int cmd_evaluate_add(struct eval_ctx
*ctx, struct cmd *cmd)
 	switch (cmd->obj) {
 	case CMD_OBJ_SETELEM:
 		ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op,
-				   ctx->msgs, ctx->debug_mask &
NFT_DEBUG_NETLINK, ctx->octx);
+				   ctx->msgs, ctx->debug_mask, ctx-
>octx);
 		if (ret < 0)
 			return ret;
 
 		return setelem_evaluate(ctx, &cmd->expr);
 	case CMD_OBJ_SET:
 		ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op,
-				   ctx->msgs, ctx->debug_mask &
NFT_DEBUG_NETLINK, ctx->octx);
+				   ctx->msgs, ctx->debug_mask, ctx-
>octx);
 		if (ret < 0)
 			return ret;
 
@@ -3094,7 +3094,7 @@  static int cmd_evaluate_add(struct eval_ctx *ctx,
struct cmd *cmd)
 		return rule_evaluate(ctx, cmd->rule);
 	case CMD_OBJ_CHAIN:
 		ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op,
-				   ctx->msgs, ctx->debug_mask &
NFT_DEBUG_NETLINK, ctx->octx);
+				   ctx->msgs, ctx->debug_mask, ctx-
>octx);
 		if (ret < 0)
 			return ret;
 
@@ -3126,7 +3126,7 @@  static int cmd_evaluate_delete(struct eval_ctx
*ctx, struct cmd *cmd)
 	switch (cmd->obj) {
 	case CMD_OBJ_SETELEM:
 		ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op,
-				   ctx->msgs, ctx->debug_mask &
NFT_DEBUG_NETLINK, ctx->octx);
+				   ctx->msgs, ctx->debug_mask, ctx-
>octx);
 		if (ret < 0)
 			return ret;
 
@@ -3153,7 +3153,7 @@  static int cmd_evaluate_get(struct eval_ctx *ctx,
struct cmd *cmd)
 	int ret;
 
 	ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx-
>msgs,
-			   ctx->debug_mask & NFT_DEBUG_NETLINK, ctx-
>octx);
+			   ctx->debug_mask, ctx->octx);
 	if (ret < 0)
 		return ret;
 
@@ -3199,7 +3199,7 @@  static int cmd_evaluate_list(struct eval_ctx
*ctx, struct cmd *cmd)
 	int ret;
 
 	ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx-
>msgs,
-			   ctx->debug_mask & NFT_DEBUG_NETLINK, ctx-
>octx);
+			   ctx->debug_mask, ctx->octx);
 	if (ret < 0)
 		return ret;
 
@@ -3287,7 +3287,7 @@  static int cmd_evaluate_reset(struct eval_ctx
*ctx, struct cmd *cmd)
 	int ret;
 
 	ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx-
>msgs,
-			   ctx->debug_mask & NFT_DEBUG_NETLINK, ctx-
>octx);
+			   ctx->debug_mask, ctx->octx);
 	if (ret < 0)
 		return ret;
 
@@ -3373,7 +3373,7 @@  static int cmd_evaluate_rename(struct eval_ctx
*ctx, struct cmd *cmd)
 	switch (cmd->obj) {
 	case CMD_OBJ_CHAIN:
 		ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op,
-				   ctx->msgs, ctx->debug_mask &
NFT_DEBUG_NETLINK, ctx->octx);
+				   ctx->msgs, ctx->debug_mask, ctx-
>octx);
 		if (ret < 0)
 			return ret;
 
@@ -3471,7 +3471,7 @@  static int cmd_evaluate_monitor(struct eval_ctx
*ctx, struct cmd *cmd)
 	int ret;
 
 	ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx-
>msgs,
-			   ctx->debug_mask & NFT_DEBUG_NETLINK, ctx-
>octx);
+			   ctx->debug_mask, ctx->octx);
 	if (ret < 0)
 		return ret;
 
@@ -3496,7 +3496,7 @@  static int cmd_evaluate_export(struct eval_ctx
*ctx, struct cmd *cmd)
 		return cmd_error(ctx, "this output type is not
supported");
 
 	return cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx-
>msgs,
-			    ctx->debug_mask & NFT_DEBUG_NETLINK, ctx-
>octx);
+			    ctx->debug_mask, ctx->octx);
 }
 
 static int cmd_evaluate_import(struct eval_ctx *ctx, struct cmd *cmd)
diff --git a/src/netlink.c b/src/netlink.c
index bfa3050..b133bcc 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -482,7 +482,7 @@  int netlink_replace_rule_batch(struct netlink_ctx
*ctx, const struct handle *h,
 	if (ctx->octx->echo) {
 		err = cache_update(ctx->nf_sock, ctx->cache,
 				   CMD_INVALID, ctx->msgs,
-				   ctx->debug_mask &
NFT_DEBUG_NETLINK, ctx->octx);
+				   ctx->debug_mask, ctx->octx);
 		if (err < 0)
 			return err;
 
diff --git a/src/rule.c b/src/rule.c
index c5bf659..75e5041 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -146,7 +146,7 @@  static int cache_init(struct netlink_ctx *ctx, enum
cmd_ops cmd)
 }
 
 int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache,
-		 enum cmd_ops cmd, struct list_head *msgs, bool debug,
+		 enum cmd_ops cmd, struct list_head *msgs, unsigned
int debug_mask,
 		 struct output_ctx *octx)