Ruleset listing with --stateless should not display the content of sets that are dynamically populated from the packet path.
Signed-off-by: Pablo Neira Ayuso <[email protected]> --- src/rule.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/rule.c b/src/rule.c index d11b1d2907f2..fcfcf60cbc7c 100644 --- a/src/rule.c +++ b/src/rule.c @@ -426,6 +426,11 @@ static void do_set_print(const struct set *set, struct print_fmt_options *opts, { set_print_declaration(set, opts, octx); + if (set->flags & NFT_SET_EVAL && octx->stateless) { + nft_print(octx, "%s}%s", opts->tab, opts->nl); + return; + } + if (set->init != NULL && set->init->size > 0) { nft_print(octx, "%s%selements = ", opts->tab, opts->tab); expr_print(set->init, octx); -- 2.11.0
