cache: Always set NFT_CACHE_TERSE for list cmd with --terse

This fixes at least 'nft -t list table ...' and 'nft -t list set ...'.

Note how --terse handling for 'list sets/maps' remains in place since
setting NFT_CACHE_TERSE does not fully undo NFT_CACHE_SETELEM: setting
both enables fetching of anonymous sets which is pointless for that
command.

Reported-by: anton.khazan@gmail.com
Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1735
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/src/cache.c b/src/cache.c
index 97f50ccaf6ba161f79afcd2e8b60da68374ff356..c000e32c497fbe26175246a1e8d5e3016257b326 100644 (file)
--- a/src/cache.c
+++ b/src/cache.c
@@ -234,8 +234,6 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd,
                }
                if (filter->list.table && filter->list.set)
                        flags |= NFT_CACHE_TABLE | NFT_CACHE_SET | NFT_CACHE_SETELEM;
-               else if (nft_output_terse(&nft->output))
-                       flags |= NFT_CACHE_FULL | NFT_CACHE_TERSE;
                else
                        flags |= NFT_CACHE_FULL;
                break;
@@ -261,17 +259,15 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd,
                flags |= NFT_CACHE_TABLE | NFT_CACHE_FLOWTABLE;
                break;
        case CMD_OBJ_RULESET:
-               if (nft_output_terse(&nft->output))
-                       flags |= NFT_CACHE_FULL | NFT_CACHE_TERSE;
-               else
-                       flags |= NFT_CACHE_FULL;
-               break;
        default:
                flags |= NFT_CACHE_FULL;
                break;
        }
        flags |= NFT_CACHE_REFRESH;
 
+       if (nft_output_terse(&nft->output))
+               flags |= NFT_CACHE_TERSE;
+
        return flags;
 }