From cd4e947032a57a585b1a457ce03f546afc7ba033 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 8 Feb 2024 02:10:48 +0100
Subject: cache: Always set NFT_CACHE_TERSE for list cmd with --terse

This fixes at least 'nft -t list table ...' and 'nft -t list set ...'.

Note how --terse handling for 'list sets/maps' remains in place since
setting NFT_CACHE_TERSE does not fully undo NFT_CACHE_SETELEM: setting
both enables fetching of anonymous sets which is pointless for that
command.

Reported-by: anton.khazan@gmail.com
Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1735
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 src/cache.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

(limited to 'src/cache.c')

diff --git a/src/cache.c b/src/cache.c
index 97f50cca..c000e32c 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -234,8 +234,6 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd,
 		}
 		if (filter->list.table && filter->list.set)
 			flags |= NFT_CACHE_TABLE | NFT_CACHE_SET | NFT_CACHE_SETELEM;
-		else if (nft_output_terse(&nft->output))
-			flags |= NFT_CACHE_FULL | NFT_CACHE_TERSE;
 		else
 			flags |= NFT_CACHE_FULL;
 		break;
@@ -261,17 +259,15 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd,
 		flags |= NFT_CACHE_TABLE | NFT_CACHE_FLOWTABLE;
 		break;
 	case CMD_OBJ_RULESET:
-		if (nft_output_terse(&nft->output))
-			flags |= NFT_CACHE_FULL | NFT_CACHE_TERSE;
-		else
-			flags |= NFT_CACHE_FULL;
-		break;
 	default:
 		flags |= NFT_CACHE_FULL;
 		break;
 	}
 	flags |= NFT_CACHE_REFRESH;
 
+	if (nft_output_terse(&nft->output))
+		flags |= NFT_CACHE_TERSE;
+
 	return flags;
 }
 
-- 
cgit v1.2.3