rule: do not print elements in dynamically populated sets with `-s'

Ruleset listing with --stateless should not display the content of sets that are dynamically populated from the packet path. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2018-08-24 09:52:14 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-08-24 09:52:14 +0200
commit: 03302da063b032e531d8c748d698f03667658645 (patch)
tree: cce24a730ff25cc9361f682a1ffb9ba27911de6a /src
parent: 6a103a37167d26843575b6ef5cbb4425249de136 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/rule.c b/src/rule.c
index df35f3e1..aef43638 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -427,6 +427,11 @@ static void do_set_print(const struct set *set, struct print_fmt_options *opts,
 {
 	set_print_declaration(set, opts, octx);
 
+	if (set->flags & NFT_SET_EVAL && octx->stateless) {
+		nft_print(octx, "%s}%s", opts->tab, opts->nl);
+		return;
+	}
+
 	if (set->init != NULL && set->init->size > 0) {
 		nft_print(octx, "%s%selements = ", opts->tab, opts->tab);
 		expr_print(set->init, octx);
author	Pablo Neira Ayuso <pablo@netfilter.org>	2018-08-24 09:52:14 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-08-24 09:52:14 +0200
commit	03302da063b032e531d8c748d698f03667658645 (patch)
tree	cce24a730ff25cc9361f682a1ffb9ba27911de6a /src
parent	6a103a37167d26843575b6ef5cbb4425249de136 (diff)