Always use flagcmp for RHS bitmask expressions, independant of whether only one or an entire list of bitmask expression is specified. This makes sure that f.i. "tcp flags ack" will match any combinations of ACK instead of ACK and only ACK. Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx> --- src/evaluate.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/evaluate.c b/src/evaluate.c index 8e51a63..f10d0d9 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -885,7 +885,11 @@ static int expr_evaluate_relational(struct eval_ctx *ctx, struct expr **expr) rel->op = OP_FLAGCMP; break; default: - rel->op = OP_EQ; + if (right->dtype->basetype != NULL && + right->dtype->basetype->type == TYPE_BITMASK) + rel->op = OP_FLAGCMP; + else + rel->op = OP_EQ; break; } } -- 1.8.5.3 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
