diff options
author | Florian Westphal <fw@strlen.de> | 2022-08-01 13:03:18 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2022-08-05 01:46:39 +0200 |
commit | b1e3ed0335d13d206a2a2698a1ba189fa396dbf3 (patch) | |
tree | 51609a4e474e915ad6e851eab0fbca82d2b38c8c /src | |
parent | f680055cd4377f2f531f5f77b3aaa7550988665d (diff) |
netlink_delinearize: also postprocess OP_AND in set element context
Pablo reports:
add rule netdev nt y update @macset { vlan id timeout 5s }
listing still shows the raw expression:
update @macset { @ll,112,16 & 0xfff timeout 5s }
so also cover the 'set element' case.
Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src')
-rw-r--r-- | src/netlink_delinearize.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 8851043b..0da6cc78 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -2661,7 +2661,9 @@ static void expr_postprocess(struct rule_pp_ctx *ctx, struct expr **exprp) expr_postprocess(ctx, &expr->prefix); break; case EXPR_SET_ELEM: + ctx->flags |= RULE_PP_IN_SET_ELEM; expr_postprocess(ctx, &expr->key); + ctx->flags &= ~RULE_PP_IN_SET_ELEM; break; case EXPR_EXTHDR: exthdr_dependency_kill(&ctx->pdctx, expr, ctx->pctx.family); |