diff options
author | Eric Garver <e@erig.me> | 2018-08-01 15:36:26 -0400 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-08-01 22:06:50 +0200 |
commit | ed30b9311d2bf3758463a353bf8a9dbb42a4e1cb (patch) | |
tree | a9c4f8ae31ea010c1731b9ed0da840a75d9f4398 | |
parent | 31e4b5906ff676a3c13060d6f456d72b7f6c90c2 (diff) |
nft: don't print rule counters unless verbose
Currently rule counters are always printed, but that's not the desired
behavior. We should only print them with the verbose flag. This broke
when the arguments of nft_rule_print_save() were changed to accept the
format instead of a counters flag.
Fixes: cdc78b1d6bd7 ("nft: convert rule into a command state structure")
Signed-off-by: Eric Garver <e@erig.me>
Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r-- | iptables/nft.c | 2 | ||||
-rwxr-xr-x | iptables/tests/shell/testcases/ipt-save/0005iptables_0 | 30 |
2 files changed, 31 insertions, 1 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 347a4438..a9cb92ed 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2270,7 +2270,7 @@ err: static void list_save(struct nftnl_rule *r, unsigned int num, unsigned int format) { - nft_rule_print_save(r, NFT_RULE_APPEND, !(format & FMT_NOCOUNTS)); + nft_rule_print_save(r, NFT_RULE_APPEND, format); } static int diff --git a/iptables/tests/shell/testcases/ipt-save/0005iptables_0 b/iptables/tests/shell/testcases/ipt-save/0005iptables_0 new file mode 100755 index 00000000..d5eb76a7 --- /dev/null +++ b/iptables/tests/shell/testcases/ipt-save/0005iptables_0 @@ -0,0 +1,30 @@ +#!/bin/bash + +set -e + +tmpfile1=$(mktemp) +tmpfile2=$(mktemp) + +clean_tmpfile() +{ + rm -f "$tmpfile1" "$tmpfile2" +} + +trap clean_tmpfile EXIT + + +cat > $tmpfile1<<EOF +-P INPUT ACCEPT +-P FORWARD ACCEPT +-P OUTPUT ACCEPT +-N FOO +-A FOO -j DROP +EOF + +$XT_MULTI iptables -N FOO +$XT_MULTI iptables -A FOO -j DROP +$XT_MULTI iptables -S > $tmpfile2 + +diff -u $tmpfile1 $tmpfile2 + +rm -f $tmpfile1 $tmpfile2 |