From 88993e0ce90f05a1b6e1b09a8dbbf41d6d4551b7 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 19 Apr 2021 11:56:15 +0200
Subject: parser_bison: missing relational operation on flag list

Complete e6c32b2fa0b8 ("src: add negation match on singleton bitmask
value") which was missing comma-separated list of flags.

This patch provides a shortcut for:

    tcp flags and fin,rst == 0

which allows to check for the packet whose fin and rst bits are unset:

    # nft add rule x y tcp flags not fin,rst counter

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/parser_bison.y | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/parser_bison.y')

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 0a3adbe8..ce4857b2 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -4472,6 +4472,10 @@ relational_expr		:	expr	/* implicit */	rhs_expr
 			{
 				$$ = relational_expr_alloc(&@2, $2, $1, $3);
 			}
+			|	expr	relational_op	list_rhs_expr
+			{
+				$$ = relational_expr_alloc(&@2, $2, $1, $3);
+			}
 			;
 
 list_rhs_expr		:	basic_rhs_expr		COMMA		basic_rhs_expr
-- 
cgit v1.2.3