src: Allow to list ruleset without stateful information

Currently only counter and quota have stateful information.

For named counters, packets and bytes are displayed as 0.

Standard list ruleset:

table ip filter {
	counter https {
		packets 161942 bytes 10253353
	}

	chain output {
		type filter hook output priority 0; policy accept;
		counter name tcp dport map { https : "https"}
		tcp dport https counter packets 171211 bytes 10869045
		tcp dport https quota 25 mbytes used 10 mbytes
	}
}

With stateless option, -s:

table ip filter {
	counter https {
		packets 0 bytes 0
	}

	chain output {
		type filter hook output priority 0; policy accept;
		counter name tcp dport map { https : "https"}
		tcp dport https counter
		tcp dport https quota 25 mbytes
	}
}

Signed-off-by: Elise Lennion <elise.lennion@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 5 insertions, 1 deletions

diff --git a/src/rule.c b/src/rule.c
index b6dc755e..f2ffd4b2 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1178,6 +1178,10 @@ static void obj_print_data(const struct obj *obj,
 	case NFT_OBJECT_COUNTER:
 		printf(" %s {%s%s%s", obj->handle.obj,
 				      opts->nl, opts->tab, opts->tab);
+		if (stateless_output) {
+			printf("packets 0 bytes 0");
+			break;
+		}
 		printf("packets %"PRIu64" bytes %"PRIu64"",
 		       obj->counter.packets, obj->counter.bytes);
 		break;
@@ -1191,7 +1195,7 @@ static void obj_print_data(const struct obj *obj,
 		printf("%s%"PRIu64" %s",
 		       obj->quota.flags & NFT_QUOTA_F_INV ? "over " : "",
 		       bytes, data_unit);
-		if (obj->quota.used) {
+		if (!stateless_output && obj->quota.used) {
 			data_unit = get_rate(obj->quota.used, &bytes);
 			printf(" used %"PRIu64" %s", bytes, data_unit);
 		}