summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeremy Sowden <jeremy@azazel.net>2021-10-07 21:12:21 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2021-10-12 01:06:51 +0200
commitf1d26b51fde8f4ff12f5c98ef8b65229a17276e3 (patch)
tree8dfa3f42d64f993b5ed74bb57ed35e95dc2851e7
parentb487f4d0e436522acbef938ff4751626406b24c8 (diff)
rule: fix stateless output after listing sets containing counters
Before outputting counters in set definitions the `NFT_CTX_OUTPUT_STATELESS` flag was set to suppress output of the counter state and unconditionally cleared afterwards, regardless of whether it had been originally set. Record the original set of flags and restore it. Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994273 Fixes: 6d80e0f15492 ("src: support for counter in set definition") Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/rule.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/rule.c b/src/rule.c
index 50e16cf9..b566adf0 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -370,13 +370,15 @@ static void set_print_declaration(const struct set *set,
nft_print(octx, "%s%s", opts->tab, opts->tab);
if (!list_empty(&set->stmt_list)) {
+ unsigned int flags = octx->flags;
+
octx->flags |= NFT_CTX_OUTPUT_STATELESS;
list_for_each_entry(stmt, &set->stmt_list, list) {
stmt_print(stmt, octx);
if (!list_is_last(&stmt->list, &set->stmt_list))
nft_print(octx, " ");
}
- octx->flags &= ~NFT_CTX_OUTPUT_STATELESS;
+ octx->flags = flags;
}
if (!list_empty(&set->stmt_list))