diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-10-07 10:04:06 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-10-07 10:34:15 +0200 |
commit | e69bf6691534b9afe50c87e5e99cf0fe05304b22 (patch) | |
tree | 898ae44a4508724d557acc9b1dde1c5e310b3047 /src/rule.c | |
parent | 4429334ea61864ea8d2636e2daadc1e05967552d (diff) |
rule: do not display handle for implicit chain
Implicit chains do not allow for incremental updates, do not display rule
handle since kernel refuses to update an implicit chain which is already
bound.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1615
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/rule.c')
-rw-r--r-- | src/rule.c | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -1058,13 +1058,19 @@ static void chain_print_declaration(const struct chain *chain, void chain_rules_print(const struct chain *chain, struct output_ctx *octx, const char *indent) { + unsigned int flags = octx->flags; struct rule *rule; + if (chain->flags & CHAIN_F_BINDING) + octx->flags &= ~NFT_CTX_OUTPUT_HANDLE; + list_for_each_entry(rule, &chain->rules, list) { nft_print(octx, "\t\t%s", indent ? : ""); rule_print(rule, octx); nft_print(octx, "\n"); } + + octx->flags = flags; } static void chain_print(const struct chain *chain, struct output_ctx *octx) |