Before outputting counters in set definitions the `NFT_CTX_OUTPUT_STATELESS` flag was set to suppress output of the counter state and unconditionally cleared afterwards, regardless of whether it had been originally set. Record the original set of flags and restore it. Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994273 Fixes: 6d80e0f15492 ("src: support for counter in set definition") Signed-off-by: Jeremy Sowden <jeremy@xxxxxxxxxx> --- src/rule.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/rule.c b/src/rule.c index 50e16cf9e028..b566adf07b1f 100644 --- a/src/rule.c +++ b/src/rule.c @@ -370,13 +370,15 @@ static void set_print_declaration(const struct set *set, nft_print(octx, "%s%s", opts->tab, opts->tab); if (!list_empty(&set->stmt_list)) { + unsigned int flags = octx->flags; + octx->flags |= NFT_CTX_OUTPUT_STATELESS; list_for_each_entry(stmt, &set->stmt_list, list) { stmt_print(stmt, octx); if (!list_is_last(&stmt->list, &set->stmt_list)) nft_print(octx, " "); } - octx->flags &= ~NFT_CTX_OUTPUT_STATELESS; + octx->flags = flags; } if (!list_empty(&set->stmt_list)) -- 2.33.0
