summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2021-05-13 01:42:13 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2021-05-13 13:46:40 +0200
commit95d7ace99240a6d28730741acaed999cb25f61a0 (patch)
tree7bc90bca14ee33e5ce4158b75c9b8d51b96d761a
parent78f57fda439d942a02b658539fbdd9e119c1187b (diff)
netlink_delinearize: fix binary operation postprocessing with sets
If the right-hand side expression of the binary expression is a set, then, skip the postprocessing step otherwise the tests/py report the following warning: # ./nft-test.py inet/tcp.t inet/tcp.t: WARNING: line 80: 'add rule ip test-ip4 input tcp flags & (syn|fin) == (syn|fin)': 'tcp flags & (fin | syn) == fin | syn' mismatches 'tcp flags ! fin,syn' inet/tcp.t: WARNING: line 83: 'add rule ip test-ip4 input tcp flags & (fin | syn | rst | psh | ack | urg) == { fin, ack, psh | ack, fin | psh | ack }': 'tcp flags & (fin | syn | rst | psh | ack | urg) == { fin, ack, psh | ack, fin | psh | ack }' mismatches 'tcp flags ! fin,syn,rst,psh,ack,urg' This listing is not correct. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/netlink_delinearize.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 4dd5bdc0..81fe4c16 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -2173,6 +2173,7 @@ static void relational_binop_postprocess(struct rule_pp_ctx *ctx, struct expr *e
if (binop->op == OP_AND && (expr->op == OP_NEQ || expr->op == OP_EQ) &&
value->dtype->basetype &&
value->dtype->basetype->type == TYPE_BITMASK &&
+ value->etype == EXPR_VALUE &&
!mpz_cmp_ui(value->value, 0)) {
/* Flag comparison: data & flags != 0
*