diff mbox series

[nft,v2,2/3] rule: fix stateless output after listing sets containing counters.

Message ID 20211007194902.2613579-3-jeremy@azazel.net
State Changes Requested
Delegated to: Pablo Neira
Headers show
Series Stateless output fixes | expand

Commit Message

Jeremy Sowden Oct. 7, 2021, 7:49 p.m. UTC 
Before outputting counters in set definitions the
`NFT_CTX_OUTPUT_STATELESS` flag was set to suppress output of the
counter state and unconditionally cleared afterwards, regardless of
whether it had been originally set.  Record the original set of flags
and restore it.

Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994273
Fixes: 6d80e0f15492 ("src: support for counter in set definition")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 src/rule.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/src/rule.c b/src/rule.c
index 50e16cf9e028..b566adf07b1f 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -370,13 +370,15 @@  static void set_print_declaration(const struct set *set,
 		nft_print(octx, "%s%s", opts->tab, opts->tab);
 
 	if (!list_empty(&set->stmt_list)) {
+		unsigned int flags = octx->flags;
+
 		octx->flags |= NFT_CTX_OUTPUT_STATELESS;
 		list_for_each_entry(stmt, &set->stmt_list, list) {
 			stmt_print(stmt, octx);
 			if (!list_is_last(&stmt->list, &set->stmt_list))
 				nft_print(octx, " ");
 		}
-		octx->flags &= ~NFT_CTX_OUTPUT_STATELESS;
+		octx->flags = flags;
 	}
 
 	if (!list_empty(&set->stmt_list))