tcp dport 22 is treated as if user had given 'tcp dport == 22'.
When printing, the implicit == is omitted.
In some other cases we use OP_AND instead, e.g.
tcp flags ack means 'tcp flags & ack != 0'.
In all of these cases, we print the rule in the short form,
without showing this implicit operator.
Future patches will add other cases where an operator
other than AND or EQ can be suppressed, so add an explicit
helper that can suppress the operator symbol.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/expression.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/src/expression.c b/src/expression.c
index ab195e5..c96bce4 100644
--- a/src/expression.c
+++ b/src/expression.c
@@ -514,21 +514,27 @@ static void binop_arg_print(const struct expr *op, const struct expr *arg)
printf(")");
}
-static bool must_print_eq_op(const struct expr *expr)
+static bool must_print_op(const struct expr *binop)
{
- if (expr->right->dtype->basetype != NULL &&
- expr->right->dtype->basetype->type == TYPE_BITMASK)
- return true;
+ switch (binop->op) {
+ case OP_EQ:
+ if (binop->right->dtype->basetype != NULL &&
+ binop->right->dtype->basetype->type == TYPE_BITMASK)
+ return true;
- return expr->left->ops->type == EXPR_BINOP;
+ return binop->left->ops->type == EXPR_BINOP;
+ default:
+ break;
+ }
+
+ return true;
}
static void binop_expr_print(const struct expr *expr)
{
binop_arg_print(expr, expr->left);
- if (expr_op_symbols[expr->op] &&
- (expr->op != OP_EQ || must_print_eq_op(expr)))
+ if (expr_op_symbols[expr->op] && must_print_op(expr))
printf(" %s ", expr_op_symbols[expr->op]);
else
printf(" ");
--
2.4.10
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
