[nft,2/2] rule: do not display handle for implicit chain

Message ID	20221007082430.333046-2-pablo@netfilter.org
State	Accepted
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: Pablo Neira Ayuso <pablo@netfilter.org> To: netfilter-devel@vger.kernel.org Subject: [PATCH nft 2/2] rule: do not display handle for implicit chain Date: Fri, 7 Oct 2022 10:24:30 +0200 Message-Id: <20221007082430.333046-2-pablo@netfilter.org> In-Reply-To: <20221007082430.333046-1-pablo@netfilter.org> References: <20221007082430.333046-1-pablo@netfilter.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[nft,1/2] parser_bison: display too many levels of nesting error \| expand [nft,1/2] parser_bison: display too many levels of nesting error [nft,2/2] rule: do not display handle for implicit chain

Message ID

20221007082430.333046-2-pablo@netfilter.org

State

Accepted

Delegated to:

Pablo Neira

Headers

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nft 2/2] rule: do not display handle for implicit chain
Date: Fri,  7 Oct 2022 10:24:30 +0200
Message-Id: <20221007082430.333046-2-pablo@netfilter.org>
In-Reply-To: <20221007082430.333046-1-pablo@netfilter.org>
References: <20221007082430.333046-1-pablo@netfilter.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[nft,1/2] parser_bison: display too many levels of nesting error | expand

Commit Message

Pablo Neira Ayuso Oct. 7, 2022, 8:24 a.m. UTC

Implicit chain do not allow for incremental updates, do not display rule
handle since kernel refuses to update an implicit chain which is already
bound.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1615
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/rule.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/rule.c b/src/rule.c
index 1caee58fb762..d1ee6c2ee067 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1058,13 +1058,19 @@  static void chain_print_declaration(const struct chain *chain,
 void chain_rules_print(const struct chain *chain, struct output_ctx *octx,
 		       const char *indent)
 {
+	unsigned int flags = octx->flags;
 	struct rule *rule;
 
+	if (chain->flags & CHAIN_F_BINDING)
+		octx->flags &= ~NFT_CTX_OUTPUT_HANDLE;
+
 	list_for_each_entry(rule, &chain->rules, list) {
 		nft_print(octx, "\t\t%s", indent ? : "");
 		rule_print(rule, octx);
 		nft_print(octx, "\n");
 	}
+
+	octx->flags = flags;
 }
 
 static void chain_print(const struct chain *chain, struct output_ctx *octx)

[nft,2/2] rule: do not display handle for implicit chain

Commit Message

Patch