diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-24 09:52:14 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-24 09:52:14 +0200 |
commit | 03302da063b032e531d8c748d698f03667658645 (patch) | |
tree | cce24a730ff25cc9361f682a1ffb9ba27911de6a /src | |
parent | 6a103a37167d26843575b6ef5cbb4425249de136 (diff) |
rule: do not print elements in dynamically populated sets with `-s'
Ruleset listing with --stateless should not display the content of
sets that are dynamically populated from the packet path.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/rule.c | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -427,6 +427,11 @@ static void do_set_print(const struct set *set, struct print_fmt_options *opts, { set_print_declaration(set, opts, octx); + if (set->flags & NFT_SET_EVAL && octx->stateless) { + nft_print(octx, "%s}%s", opts->tab, opts->nl); + return; + } + if (set->init != NULL && set->init->size > 0) { nft_print(octx, "%s%selements = ", opts->tab, opts->tab); expr_print(set->init, octx); |