From 1aefddd07ca8e51f0528366835cf466d57bd459f Mon Sep 17 00:00:00 2001
From: Giuseppe Longo <giuseppelng@gmail.com>
Date: Wed, 11 Jun 2014 10:53:12 +0200
Subject: nft: save: fix the printing of the counters

This patch prints the counters of a rule before the details,
like iptables-save syntax.

Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'iptables/nft.c')

diff --git a/iptables/nft.c b/iptables/nft.c
index 2a5f0b99..e3b07e03 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -972,8 +972,8 @@ int add_counters(struct nft_rule *r, uint64_t packets, uint64_t bytes)
 	if (expr == NULL)
 		return -ENOMEM;
 
-	nft_rule_expr_set_u64(expr, NFT_EXPR_CTR_BYTES, packets);
-	nft_rule_expr_set_u64(expr, NFT_EXPR_CTR_PACKETS, bytes);
+	nft_rule_expr_set_u64(expr, NFT_EXPR_CTR_PACKETS, packets);
+	nft_rule_expr_set_u64(expr, NFT_EXPR_CTR_BYTES, bytes);
 
 	nft_rule_add_expr(r, expr);
 
@@ -1048,6 +1048,11 @@ nft_rule_print_save(const void *data,
 	int family = nft_rule_attr_get_u32(r, NFT_RULE_ATTR_FAMILY);
 	struct nft_family_ops *ops;
 
+	ops = nft_family_ops_lookup(family);
+
+	if (!(format & FMT_NOCOUNTS) && ops->save_counters)
+		ops->save_counters(data);
+
 	/* print chain name */
 	switch(type) {
 	case NFT_RULE_APPEND:
@@ -1058,8 +1063,6 @@ nft_rule_print_save(const void *data,
 		break;
 	}
 
-	ops = nft_family_ops_lookup(family);
-
 	if (ops->save_firewall)
 		ops->save_firewall(data, format);
 
-- 
cgit v1.2.3