cache: Always set NFT_CACHE_TERSE for list cmd with --terse

commit cd4e947032a57a585b1a457ce03f546afc7ba033 upstream.

This fixes at least 'nft -t list table ...' and 'nft -t list set ...'.

Note how --terse handling for 'list sets/maps' remains in place since
setting NFT_CACHE_TERSE does not fully undo NFT_CACHE_SETELEM: setting
both enables fetching of anonymous sets which is pointless for that
command.

Reported-by: anton.khazan@gmail.com
Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1735
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/src/cache.c b/src/cache.c
index a2cad3bf8b59451567884a3205fb63b09159721f..7ff4b34dc198b51218a13e4457ada758ab89d9c3 100644 (file)
--- a/src/cache.c
+++ b/src/cache.c
@@ -228,8 +228,6 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd,
                }
                if (filter->list.table && filter->list.set)
                        flags |= NFT_CACHE_TABLE | NFT_CACHE_SET | NFT_CACHE_SETELEM;
-               else if (nft_output_terse(&nft->output))
-                       flags |= NFT_CACHE_FULL | NFT_CACHE_TERSE;
                else
                        flags |= NFT_CACHE_FULL;
                break;
@@ -255,17 +253,15 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd,
                flags |= NFT_CACHE_TABLE | NFT_CACHE_FLOWTABLE;
                break;
        case CMD_OBJ_RULESET:
-               if (nft_output_terse(&nft->output))
-                       flags |= NFT_CACHE_FULL | NFT_CACHE_TERSE;
-               else
-                       flags |= NFT_CACHE_FULL;
-               break;
        default:
                flags |= NFT_CACHE_FULL;
                break;
        }
        flags |= NFT_CACHE_REFRESH;
 
+       if (nft_output_terse(&nft->output))
+               flags |= NFT_CACHE_TERSE;
+
        return flags;
 }