]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b487f4d)
rule: fix stateless output after listing sets containing counters
authorJeremy Sowden <jeremy@azazel.net>
Thu, 7 Oct 2021 20:12:21 +0000 (21:12 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 11 Oct 2021 23:06:51 +0000 (01:06 +0200)
Before outputting counters in set definitions the
`NFT_CTX_OUTPUT_STATELESS` flag was set to suppress output of the
counter state and unconditionally cleared afterwards, regardless of
whether it had been originally set.  Record the original set of flags
and restore it.

Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994273
Fixes: 6d80e0f15492 ("src: support for counter in set definition")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/rule.c patch | blob | blame | history

diff --git a/src/rule.c b/src/rule.c
index 50e16cf9e028599061515941d654c15b8b7ede70..b566adf07b1f293e4abd3835a8a9f74110802060 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -370,13 +370,15 @@ static void set_print_declaration(const struct set *set,
                nft_print(octx, "%s%s", opts->tab, opts->tab);
 
        if (!list_empty(&set->stmt_list)) {
+               unsigned int flags = octx->flags;
+
                octx->flags |= NFT_CTX_OUTPUT_STATELESS;
                list_for_each_entry(stmt, &set->stmt_list, list) {
                        stmt_print(stmt, octx);
                        if (!list_is_last(&stmt->list, &set->stmt_list))
                                nft_print(octx, " ");
                }
-               octx->flags &= ~NFT_CTX_OUTPUT_STATELESS;
+               octx->flags = flags;
        }
 
        if (!list_empty(&set->stmt_list))
Mirror of git://git.netfilter.org/nftables