From b1e3ed0335d13d206a2a2698a1ba189fa396dbf3 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Mon, 1 Aug 2022 13:03:18 +0200
Subject: netlink_delinearize: also postprocess OP_AND in set element context

Pablo reports:
add rule netdev nt y update @macset { vlan id timeout 5s }

listing still shows the raw expression:
 update @macset { @ll,112,16 & 0xfff timeout 5s }

so also cover the 'set element' case.

Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 src/netlink_delinearize.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src')

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 8851043b..0da6cc78 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -2661,7 +2661,9 @@ static void expr_postprocess(struct rule_pp_ctx *ctx, struct expr **exprp)
 		expr_postprocess(ctx, &expr->prefix);
 		break;
 	case EXPR_SET_ELEM:
+		ctx->flags |= RULE_PP_IN_SET_ELEM;
 		expr_postprocess(ctx, &expr->key);
+		ctx->flags &= ~RULE_PP_IN_SET_ELEM;
 		break;
 	case EXPR_EXTHDR:
 		exthdr_dependency_kill(&ctx->pdctx, expr, ctx->pctx.family);
-- 
cgit v1.2.3