From 2fe2ee9adb18347efc0f6856830b63ba0aa874a2 Mon Sep 17 00:00:00 2001 From: "Kevin P. Fleming" Date: Wed, 6 Aug 2025 17:33:31 -0400 Subject: [PATCH] logging: Improve logging messages related to NFTSet. The 'NFTSet' directive in various units adds and removes entries in nftables sets, it does not add or remove entire sets. The logging messages should indicate that an entry was added or removed, not that a set was added or removed. --- src/core/cgroup.c | 4 ++-- src/core/unit.c | 4 ++-- src/network/networkd-address.c | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/core/cgroup.c b/src/core/cgroup.c index f823de50e4..ce9c30fc6e 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -1353,10 +1353,10 @@ void unit_modify_nft_set(Unit *u, bool add) { r = nft_set_element_modify_any(u->manager->fw_ctx, add, nft_set->nfproto, nft_set->table, nft_set->set, &element, sizeof(element)); if (r < 0) - log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, cgroup %" PRIu64 ", ignoring: %m", + log_warning_errno(r, "Failed to %s NFT set entry: family %s, table %s, set %s, cgroup %" PRIu64 ", ignoring: %m", add? "add" : "delete", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, crt->cgroup_id); else - log_debug("%s NFT set: family %s, table %s, set %s, cgroup %" PRIu64, + log_debug("%s NFT set entry: family %s, table %s, set %s, cgroup %" PRIu64, add? "Added" : "Deleted", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, crt->cgroup_id); } } diff --git a/src/core/unit.c b/src/core/unit.c index a25954571b..a25f755c11 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -5291,10 +5291,10 @@ static void unit_modify_user_nft_set(Unit *u, bool add, NFTSetSource source, uin r = nft_set_element_modify_any(u->manager->fw_ctx, add, nft_set->nfproto, nft_set->table, nft_set->set, &element, sizeof(element)); if (r < 0) - log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, ID %u, ignoring: %m", + log_warning_errno(r, "Failed to %s NFT set entry: family %s, table %s, set %s, ID %u, ignoring: %m", add? "add" : "delete", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, element); else - log_debug("%s NFT set: family %s, table %s, set %s, ID %u", + log_debug("%s NFT set entry: family %s, table %s, set %s, ID %u", add? "Added" : "Deleted", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, element); } } diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c index 3cd8762054..716bee731f 100644 --- a/src/network/networkd-address.c +++ b/src/network/networkd-address.c @@ -734,12 +734,12 @@ static void address_modify_nft_set_context(Address *address, bool add, NFTSetCon } if (r < 0) - log_warning_errno(r, "Failed to %s NFT set: family %s, table %s, set %s, IP address %s, ignoring: %m", + log_warning_errno(r, "Failed to %s NFT set entry: family %s, table %s, set %s, IP address %s, ignoring: %m", add ? "add" : "delete", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen)); else - log_debug("%s NFT set: family %s, table %s, set %s, IP address %s", + log_debug("%s NFT set entry: family %s, table %s, set %s, IP address %s", add ? "Added" : "Deleted", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, IN_ADDR_PREFIX_TO_STRING(address->family, &address->in_addr, address->prefixlen));