From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 24 Aug 2018 07:52:14 +0000 (+0200)
Subject: rule: do not print elements in dynamically populated sets with `-s'
X-Git-Tag: v0.9.1~309
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=03302da063b032e531d8c748d698f03667658645;p=thirdparty%2Fnftables.git

rule: do not print elements in dynamically populated sets with `-s'

Ruleset listing with --stateless should not display the content of
sets that are dynamically populated from the packet path.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/rule.c b/src/rule.c
index df35f3e1..aef43638 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -427,6 +427,11 @@ static void do_set_print(const struct set *set, struct print_fmt_options *opts,
 {
 	set_print_declaration(set, opts, octx);
 
+	if (set->flags & NFT_SET_EVAL && octx->stateless) {
+		nft_print(octx, "%s}%s", opts->tab, opts->nl);
+		return;
+	}
+
 	if (set->init != NULL && set->init->size > 0) {
 		nft_print(octx, "%s%selements = ", opts->tab, opts->tab);
 		expr_print(set->init, octx);