From 03302da063b032e531d8c748d698f03667658645 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Fri, 24 Aug 2018 09:52:14 +0200 Subject: rule: do not print elements in dynamically populated sets with `-s' Ruleset listing with --stateless should not display the content of sets that are dynamically populated from the packet path. Signed-off-by: Pablo Neira Ayuso --- src/rule.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src') diff --git a/src/rule.c b/src/rule.c index df35f3e1..aef43638 100644 --- a/src/rule.c +++ b/src/rule.c @@ -427,6 +427,11 @@ static void do_set_print(const struct set *set, struct print_fmt_options *opts, { set_print_declaration(set, opts, octx); + if (set->flags & NFT_SET_EVAL && octx->stateless) { + nft_print(octx, "%s}%s", opts->tab, opts->nl); + return; + } + if (set->init != NULL && set->init->size > 0) { nft_print(octx, "%s%selements = ", opts->tab, opts->tab); expr_print(set->init, octx); -- cgit v1.2.3