Currently:

  nft -c reset rules ip x

ignores -c/--check.

The reset and list commands use the netlink GET/DUMP nfnetlink API which
provides no check semantics, compared to the NEW/DELETE nfnetlink batch
API which indeed does.

Emulate -c/--check for the reset command by handling this as a list
command, so the state of the objects is just listed, not reset. This
allows to check for presence and dump the content of the objects.

Fixes: dbff26bfba83 ("cache: consolidate reset command")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/cache.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/cache.c b/src/cache.c
index bad8275326c7..75b4877d83cb 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -516,7 +516,10 @@ int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds,
 			flags = evaluate_cache_get(cmd, flags);
 			break;
 		case CMD_RESET:
-			flags = evaluate_cache_reset(cmd, flags, filter);
+			if (nft->check)
+				flags = evaluate_cache_list(nft, cmd, flags, filter);
+			else
+				flags = evaluate_cache_reset(cmd, flags, filter);
 			break;
 		case CMD_LIST:
 			flags = evaluate_cache_list(nft, cmd, flags, filter);
-- 
2.47.3