On Mon, Nov 28, 2016 at 06:51:43PM +0100, Phil Sutter wrote:
> This is useful to allow a construct such as:
>
> | tcp flags & (syn|fin) == (syn|fin)
>
> Before, only the parentheses on the left side were allowed, but via a
> quite funny path through the parser:
>
> * expr might be a concat_expr
> * concat_expr might be a basic_expr
> * basic_expr is an inclusive_or_expr
> * inclusive_or_expr might be an exclusive_or_expr
> * exclusive_or_expr might be an and_expr
> * and_expr might be 'and_expr AMPERSAND shift_expr'
> -> here we eliminate 'flags &' in above statement
> * shift_expr might be a primary_expr
> * primary_expr might be '( basic_expr )'
>
> Commit a3e60492a684b ("parser: restrict relational rhs expression
> recursion") introduced rhs_expr to disallow recursion on RHS, so just
> reverting that change for relational_expr is a no go. Allowing rhs_expr
> to be '( rhs_expr )' though seems way too intrusive to me since it's
> being used in all kinds of places, so this patch is the safest way to
> allow the above I could come up with.
Applied, thanks Phil!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
