diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-08-15 14:46:53 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-08-15 14:50:44 +0200 |
| commit | c1315129b6e5d4c5823627427c4a25a97880820b (patch) | |
| tree | fd1d22016e1f426ad1f4da54ede2228261d55b80 | |
| parent | bb6b4c4c794a9090547f562f2bba8cf5f0048127 (diff) | |
netlink_delinearize: skip flags / mask notation for singleton bitmask again
!= operation should also be covered too.
Fixes: 347a4aa16e64 ("netlink_delinearize: skip flags / mask notation for singleton bitmask")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/netlink_delinearize.c | 2 | ||||
| -rw-r--r-- | tests/py/inet/tcp.t | 1 | ||||
| -rw-r--r-- | tests/py/inet/tcp.t.json | 21 | ||||
| -rw-r--r-- | tests/py/inet/tcp.t.payload | 8 |
4 files changed, 31 insertions, 1 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 49870eea..5b545701 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -2287,10 +2287,10 @@ static void relational_binop_postprocess(struct rule_pp_ctx *ctx, expr_free(binop); } else if (binop->right->etype == EXPR_VALUE && value->etype == EXPR_VALUE && - expr->op == OP_EQ && !mpz_cmp(value->value, binop->right->value)) { /* Skip flag / flag representation for: * data & flag == flag + * data & flag != flag */ ; } else { diff --git a/tests/py/inet/tcp.t b/tests/py/inet/tcp.t index afa70d85..aa07c3ba 100644 --- a/tests/py/inet/tcp.t +++ b/tests/py/inet/tcp.t @@ -75,6 +75,7 @@ tcp flags & (syn | ack) != 0;ok;tcp flags syn,ack tcp flags & (syn | ack) == 0;ok;tcp flags ! syn,ack # it should be possible to transform this to: tcp flags syn tcp flags & syn == syn;ok +tcp flags & syn != syn;ok tcp flags & (fin | syn | rst | ack) syn;ok;tcp flags syn / fin,syn,rst,ack tcp flags & (fin | syn | rst | ack) == syn;ok;tcp flags syn / fin,syn,rst,ack tcp flags & (fin | syn | rst | ack) != syn;ok;tcp flags != syn / fin,syn,rst,ack diff --git a/tests/py/inet/tcp.t.json b/tests/py/inet/tcp.t.json index 615bc68f..8439c2b5 100644 --- a/tests/py/inet/tcp.t.json +++ b/tests/py/inet/tcp.t.json @@ -1612,6 +1612,27 @@ } ] +# tcp flags & syn != syn +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + "syn" + ] + }, + "op": "!=", + "right": "syn" + } + } +] + # tcp flags & (fin | syn | rst | ack) syn [ { diff --git a/tests/py/inet/tcp.t.payload b/tests/py/inet/tcp.t.payload index 8aeeaee3..1cfe500b 100644 --- a/tests/py/inet/tcp.t.payload +++ b/tests/py/inet/tcp.t.payload @@ -410,6 +410,14 @@ inet test-inet input [ bitwise reg 1 = ( reg 1 & 0x00000002 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000002 ] +# tcp flags & syn != syn +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000002 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000002 ] + # tcp flags & (fin | syn | rst | ack) syn inet test-inet input [ meta load l4proto => reg 1 ] |