xtables: nft: display rule by number via -L

This patch fixes the display of rule by number.

[ Mangled this patch not to display the header, to mimic iptables
  --pablo ]

Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft.c b/iptables/nft.c
index e660878ce60e64f52e5f8da1f97f8e6ed67397c0..a9a391df53f3d9485c2b6c3e1ccb6d82452c1d8b 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2394,19 +2394,21 @@ __nft_rule_list(struct nft_handle *h, struct nft_chain *c, const char *table,
                    strcmp(chain, rule_chain) != 0)
                        goto next;
 
-               if (rulenum > 0) {
+               if (rulenum > 0 && rule_ctr != rulenum) {
                        /* List by rule number case */
-                       if (rule_ctr != rulenum) {
-                               rule_ctr++;
-                               goto next;
-                       }
-               } else {
-                       struct iptables_command_state cs = {};
-                       /* Show all rules case */
-                       nft_rule_to_iptables_command_state(r, &cs);
+                       goto next;
+               }
 
-                       cb(&cs, r, rule_ctr, format);
+               struct iptables_command_state cs = {};
+               /* Show all rules case */
+               nft_rule_to_iptables_command_state(r, &cs);
+
+               cb(&cs, r, rule_ctr, format);
+               if (rulenum > 0 && rule_ctr == rulenum) {
+                       ret = 1;
+                       break;
                }
+
 next:
                r = nft_rule_list_iter_next(iter);
        }
@@ -2466,9 +2468,10 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
                if (found)
                        printf("\n");
 
-               print_header(format, chain_name, policy_name[policy], &ctrs,
-                            basechain, refs);
-
+               if (!rulenum) {
+                       print_header(format, chain_name, policy_name[policy],
+                                    &ctrs, basechain, refs);
+               }
                __nft_rule_list(h, c, table, rulenum, format, print_firewall);
 
                found = true;

diff --git a/iptables/xtables.c b/iptables/xtables.c
index 4e8d36217768b67e6d45f243f2ddad332194bd70..c712aaf4e69469eb2261233433e0b57414243ecb 100644 (file)
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -570,7 +570,6 @@ list_entries(struct nft_handle *h, const char *chain, const char *table,
        if (linenumbers)
                format |= FMT_LINENUMBERS;
 
-       /* FIXME should return found or not, and errno = ENOENT in such case */
        return nft_rule_list(h, chain, table, rulenum, format);
 }