This fixes at least 'nft -t list table ...' and 'nft -t list set ...'. Note how --terse handling for 'list sets/maps' remains in place since setting NFT_CACHE_TERSE does not fully undo NFT_CACHE_SETELEM: setting both enables fetching of anonymous sets which is pointless for that command. Reported-by: anton.khazan@xxxxxxxxx Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1735 Suggested-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Signed-off-by: Phil Sutter <phil@xxxxxx> --- src/cache.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/src/cache.c b/src/cache.c index 97f50ccaf6ba1..c000e32c497fb 100644 --- a/src/cache.c +++ b/src/cache.c @@ -234,8 +234,6 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd, } if (filter->list.table && filter->list.set) flags |= NFT_CACHE_TABLE | NFT_CACHE_SET | NFT_CACHE_SETELEM; - else if (nft_output_terse(&nft->output)) - flags |= NFT_CACHE_FULL | NFT_CACHE_TERSE; else flags |= NFT_CACHE_FULL; break; @@ -261,17 +259,15 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd, flags |= NFT_CACHE_TABLE | NFT_CACHE_FLOWTABLE; break; case CMD_OBJ_RULESET: - if (nft_output_terse(&nft->output)) - flags |= NFT_CACHE_FULL | NFT_CACHE_TERSE; - else - flags |= NFT_CACHE_FULL; - break; default: flags |= NFT_CACHE_FULL; break; } flags |= NFT_CACHE_REFRESH; + if (nft_output_terse(&nft->output)) + flags |= NFT_CACHE_TERSE; + return flags; } -- 2.43.0
