From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 7 Oct 2022 08:04:06 +0000 (+0200)
Subject: rule: do not display handle for implicit chain
X-Git-Tag: v1.0.6~33
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e69bf6691534b9afe50c87e5e99cf0fe05304b22;p=thirdparty%2Fnftables.git

rule: do not display handle for implicit chain

Implicit chains do not allow for incremental updates, do not display rule
handle since kernel refuses to update an implicit chain which is already
bound.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1615
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/rule.c b/src/rule.c
index 1caee58f..d1ee6c2e 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1058,13 +1058,19 @@ static void chain_print_declaration(const struct chain *chain,
 void chain_rules_print(const struct chain *chain, struct output_ctx *octx,
 		       const char *indent)
 {
+	unsigned int flags = octx->flags;
 	struct rule *rule;
 
+	if (chain->flags & CHAIN_F_BINDING)
+		octx->flags &= ~NFT_CTX_OUTPUT_HANDLE;
+
 	list_for_each_entry(rule, &chain->rules, list) {
 		nft_print(octx, "\t\t%s", indent ? : "");
 		rule_print(rule, octx);
 		nft_print(octx, "\n");
 	}
+
+	octx->flags = flags;
 }
 
 static void chain_print(const struct chain *chain, struct output_ctx *octx)