diff mbox series

[nft,v3,2/3] rule: fix stateless output after listing sets containing counters

Message ID 20211007201222.2613750-3-jeremy@azazel.net
State Accepted
Delegated to: Pablo Neira
Headers show
Series Stateless output fixes | expand

Commit Message

Jeremy Sowden Oct. 7, 2021, 8:12 p.m. UTC 
Before outputting counters in set definitions the
`NFT_CTX_OUTPUT_STATELESS` flag was set to suppress output of the
counter state and unconditionally cleared afterwards, regardless of
whether it had been originally set.  Record the original set of flags
and restore it.

Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994273
Fixes: 6d80e0f15492 ("src: support for counter in set definition")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 src/rule.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/src/rule.c b/src/rule.c
index 50e16cf9e028..b566adf07b1f 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -370,13 +370,15 @@  static void set_print_declaration(const struct set *set,
 		nft_print(octx, "%s%s", opts->tab, opts->tab);
 
 	if (!list_empty(&set->stmt_list)) {
+		unsigned int flags = octx->flags;
+
 		octx->flags |= NFT_CTX_OUTPUT_STATELESS;
 		list_for_each_entry(stmt, &set->stmt_list, list) {
 			stmt_print(stmt, octx);
 			if (!list_is_last(&stmt->list, &set->stmt_list))
 				nft_print(octx, " ");
 		}
-		octx->flags &= ~NFT_CTX_OUTPUT_STATELESS;
+		octx->flags = flags;
 	}
 
 	if (!list_empty(&set->stmt_list))