netlink_delinearize: restore binop syntax when listing ruleset for flags

c3d57114f119 ("parser_bison: add shortcut syntax for matching flags without binary operations") provides a similar syntax to iptables using a prefix representation for flag matching. Restore original representation using binop when listing the ruleset. The parser still accepts the prefix notation for backward compatibility. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2024-03-18 13:10:55 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2024-03-20 18:50:03 +0100
commit: b11b6c68e61ea294eb4c313705ccfe3e7b0eda87 (patch)
tree: d84b4a22c6648a2bf7d2774801db85bd56c3b345 /tests/shell/testcases/packetpath
parent: ea011231c06cbe828cf6056bc9c3d116e1f528d5 (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/tests/shell/testcases/packetpath/tcp_options b/tests/shell/testcases/packetpath/tcp_options
index 1c9ee532..88552226 100755
--- a/tests/shell/testcases/packetpath/tcp_options
+++ b/tests/shell/testcases/packetpath/tcp_options
@@ -15,14 +15,14 @@ table inet t {
 	chain c {
 		type filter hook output priority 0;
 		tcp dport != 22345 accept
-		tcp flags syn / fin,syn,rst,ack tcp option 254  length ge 4 counter name nomatchc drop
-		tcp flags syn / fin,syn,rst,ack tcp option fastopen length ge 2 reset tcp option fastopen counter name nomatchc
-		tcp flags syn / fin,syn,rst,ack tcp option sack-perm missing counter name nomatchc
-		tcp flags syn / fin,syn,rst,ack tcp option sack-perm exists counter name sackpermc
-		tcp flags syn / fin,syn,rst,ack tcp option maxseg size gt 1400 counter name maxsegc
-		tcp flags syn / fin,syn,rst,ack tcp option nop missing counter name nomatchc
-		tcp flags syn / fin,syn,rst,ack tcp option nop exists counter name nopc
-		tcp flags syn / fin,syn,rst,ack drop
+		tcp flags & (fin | syn | rst | ack ) == syn tcp option 254  length ge 4 counter name nomatchc drop
+		tcp flags & (fin | syn | rst | ack ) == syn tcp option fastopen length ge 2 reset tcp option fastopen counter name nomatchc
+		tcp flags & (fin | syn | rst | ack ) == syn tcp option sack-perm missing counter name nomatchc
+		tcp flags & (fin | syn | rst | ack) == syn tcp option sack-perm exists counter name sackpermc
+		tcp flags & (fin | syn | rst | ack) == syn tcp option maxseg size gt 1400 counter name maxsegc
+		tcp flags & (fin | syn | rst | ack) == syn tcp option nop missing counter name nomatchc
+		tcp flags & (fin | syn | rst | ack) == syn tcp option nop exists counter name nopc
+		tcp flags & (fin | syn | rst | ack) == syn drop
 	}
 }
 EOF
author	Pablo Neira Ayuso <pablo@netfilter.org>	2024-03-18 13:10:55 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2024-03-20 18:50:03 +0100
commit	b11b6c68e61ea294eb4c313705ccfe3e7b0eda87 (patch)
tree	d84b4a22c6648a2bf7d2774801db85bd56c3b345 /tests/shell/testcases/packetpath
parent	ea011231c06cbe828cf6056bc9c3d116e1f528d5 (diff)