diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-05-13 01:42:13 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-05-13 13:46:40 +0200 |
commit | 95d7ace99240a6d28730741acaed999cb25f61a0 (patch) | |
tree | 7bc90bca14ee33e5ce4158b75c9b8d51b96d761a | |
parent | 78f57fda439d942a02b658539fbdd9e119c1187b (diff) |
netlink_delinearize: fix binary operation postprocessing with sets
If the right-hand side expression of the binary expression is a set,
then, skip the postprocessing step otherwise the tests/py report the
following warning:
# ./nft-test.py inet/tcp.t
inet/tcp.t: WARNING: line 80: 'add rule ip test-ip4 input tcp flags & (syn|fin) == (syn|fin)': 'tcp flags & (fin | syn) == fin | syn' mismatches 'tcp flags ! fin,syn'
inet/tcp.t: WARNING: line 83: 'add rule ip test-ip4 input tcp flags & (fin | syn | rst | psh | ack | urg) == { fin, ack, psh | ack, fin | psh | ack }': 'tcp flags & (fin | syn | rst | psh | ack | urg) == { fin, ack, psh | ack, fin | psh | ack }' mismatches 'tcp flags ! fin,syn,rst,psh,ack,urg'
This listing is not correct.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/netlink_delinearize.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 4dd5bdc0..81fe4c16 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -2173,6 +2173,7 @@ static void relational_binop_postprocess(struct rule_pp_ctx *ctx, struct expr *e if (binop->op == OP_AND && (expr->op == OP_NEQ || expr->op == OP_EQ) && value->dtype->basetype && value->dtype->basetype->type == TYPE_BITMASK && + value->etype == EXPR_VALUE && !mpz_cmp_ui(value->value, 0)) { /* Flag comparison: data & flags != 0 * |