Ruleset listing with --stateless should not display the content of
sets that are dynamically populated from the packet path.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/rule.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/rule.c b/src/rule.c
index d11b1d2907f2..fcfcf60cbc7c 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -426,6 +426,11 @@ static void do_set_print(const struct set *set, struct print_fmt_options *opts,
{
set_print_declaration(set, opts, octx);
+ if (set->flags & NFT_SET_EVAL && octx->stateless) {
+ nft_print(octx, "%s}%s", opts->tab, opts->nl);
+ return;
+ }
+
if (set->init != NULL && set->init->size > 0) {
nft_print(octx, "%s%selements = ", opts->tab, opts->tab);
expr_print(set->init, octx);
--
2.11.0
