@@ -332,6 +332,7 @@ void rule_stmt_insert_at(struct rule *rule, struct stmt *nstmt,
* @automerge: merge adjacents and overlapping elements, if possible
* @comment: comment
* @errors: expr evaluation errors seen
+ * @incomplete: kernel set additional attributes unknown to this nft version
* @desc.size: count of set elements
* @desc.field_len: length of single concatenated fields, bytes
* @desc.field_count: count of concatenated fields
@@ -357,6 +358,7 @@ struct set {
bool automerge;
bool key_typeof_valid;
bool errors;
+ bool incomplete;
const char *comment;
struct {
uint32_t size;
@@ -1032,6 +1032,9 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx,
if (comment)
set->comment = xstrdup(comment);
+ if (!nftnl_set_complete(nls))
+ set->incomplete = true;
+
init_list_head(&set_parse_ctx.stmt_list);
if (nftnl_set_is_set(nls, NFTNL_SET_EXPR)) {
@@ -405,6 +405,11 @@ static void set_print_declaration(const struct set *set,
set->comment,
opts->stmt_separator);
}
+
+ if (set->incomplete)
+ nft_print(octx, "%s%s# Unknown features used (old nft version?)%s",
+ opts->tab, opts->tab,
+ opts->stmt_separator);
}
static void do_set_print(const struct set *set, struct print_fmt_options *opts,
libnftnl detects when the kernel includes extra attributes that are not recognized. Expose this to the user. This could happen when using an older release of libnftl/nftables with a more recent kernel, where a raw user of the netlink interface uses an extended/more recent feature set. Signed-off-by: Florian Westphal <fw@strlen.de> --- include/rule.h | 2 ++ src/netlink.c | 3 +++ src/rule.c | 5 +++++ 3 files changed, 10 insertions(+)