diff options
| author | Fernando Fernandez Mancera <ffmancera@riseup.net> | 2019-09-09 21:52:47 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-09-10 21:59:23 +0200 |
| commit | 805969ec63f22303d89a25dd8aa23d54dc65bf73 (patch) | |
| tree | d82724a4d7097da391e8c1a165dca2c0a49cee06 | |
| parent | 860671662d3f7aeec156932aff648e04f0e2ec92 (diff) | |
netlink_delinearize: fix wrong conversion to "list" in ct mark
We only prefer "list" representation in "ct event". For any other type of "ct"
use the "or" representation so nft prints "ct mark set ct mark | 0x00000001"
instead of "ct mark set ct mark,0x00000001".
Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1364
Fixes: cb8f81ac3079 ("netlink_delinearize: prefer ct event set foo,bar over 'set foo|bar'")
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/netlink_delinearize.c | 3 | ||||
| -rw-r--r-- | tests/py/any/ct.t | 1 | ||||
| -rw-r--r-- | tests/py/any/ct.t.payload | 6 |
3 files changed, 9 insertions, 1 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index fc2574b1..f7d328a8 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -2550,7 +2550,8 @@ static void rule_parse_postprocess(struct netlink_parse_ctx *ctx, struct rule *r if (stmt->ct.expr != NULL) { expr_postprocess(&rctx, &stmt->ct.expr); - if (stmt->ct.expr->etype == EXPR_BINOP) + if (stmt->ct.expr->etype == EXPR_BINOP && + stmt->ct.key == NFT_CT_EVENTMASK) stmt->ct.expr = binop_tree_to_list(NULL, stmt->ct.expr); } diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t index 267eca1a..ebc08644 100644 --- a/tests/py/any/ct.t +++ b/tests/py/any/ct.t @@ -38,6 +38,7 @@ ct mark and 0x23 == 0x11;ok;ct mark & 0x00000023 == 0x00000011 ct mark and 0x3 != 0x1;ok;ct mark & 0x00000003 != 0x00000001 ct mark xor 0x23 == 0x11;ok;ct mark 0x00000032 ct mark xor 0x3 != 0x1;ok;ct mark != 0x00000002 +ct mark set ct mark or 0x00000001;ok;ct mark set ct mark | 0x00000001 ct mark 0x00000032;ok ct mark != 0x00000032;ok diff --git a/tests/py/any/ct.t.payload b/tests/py/any/ct.t.payload index 86ac81cd..bdc6a70e 100644 --- a/tests/py/any/ct.t.payload +++ b/tests/py/any/ct.t.payload @@ -493,3 +493,9 @@ ip test-ip4 output [ ct load mark => reg 9 ] [ lookup reg 1 set __map%d dreg 0 ] +# ct mark set ct mark or 0x00000001 +ip test-ip4 output + [ ct load mark => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0xfffffffe ) ^ 0x00000001 ] + [ ct set mark with reg 1 ] + |