optimize: do not print stateful information

Do not print stateful information such as counters which are likely set
to zero.

Before this patch:

  Merging:
  packets.conf:10:3-29:                 ip protocol  4 counter drop
  packets.conf:11:3-29:                 ip protocol 41 counter drop
  packets.conf:12:3-29:                 ip protocol 47 counter drop
  into:
          ip protocol { 4, 41, 47 } counter packets 0 bytes 0 drop
                                            ^^^^^^^^^^^^^^^^^
After:

  Merging:
  packets.conf:10:3-29:                 ip protocol  4 counter drop
  packets.conf:11:3-29:                 ip protocol 41 counter drop
  packets.conf:12:3-29:                 ip protocol 47 counter drop
  into:
          ip protocol { 4, 41, 47 } counter drop

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/optimize.c b/src/optimize.c
index 543d3ca5a9c7567241b6cc64a393054059fa8670..b19a8b553555900fdc9141054576df3adf7d2568 100644 (file)
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -873,6 +873,8 @@ static void merge_rules(const struct optimize_ctx *ctx,
                assert(0);
        }
 
+        octx->flags |= NFT_CTX_OUTPUT_STATELESS;
+
        fprintf(octx->error_fp, "Merging:\n");
        rule_optimize_print(octx, ctx->rule[from]);
 
@@ -885,6 +887,8 @@ static void merge_rules(const struct optimize_ctx *ctx,
        fprintf(octx->error_fp, "into:\n\t");
        rule_print(ctx->rule[from], octx);
        fprintf(octx->error_fp, "\n");
+
+        octx->flags &= ~NFT_CTX_OUTPUT_STATELESS;
 }
 
 static bool stmt_type_eq(const struct stmt *stmt_a, const struct stmt *stmt_b)