Commit 6979625686ec ("relational: Eliminate meta OPs") introduced some
bugs when printing bitmask types.
First, during the post-processing phase of delinearization, the
expression for "tcp flags syn" (PAYLOAD & flag != 0) gets converted to
PAYLOAD == flag, which is not equivalent. This should be
PAYLOAD (IMPL) flag.
Then, during output, the "==" sign from "tcp flags == syn" is dropped,
because the bitmask condition in must_print_eq_op() was removed. Let's
restore it, so that "tcp flags == syn" doesn't get printed as
"tcp flags syn". An extra check for value types is added, so that we
don't start printing "==" for sets such as "tcp flags {syn,ack}"
Finally, add a regression test for this particular case.
Fixes: 6979625686ec ("relational: Eliminate meta OPs")
Signed-off-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
---
src/expression.c | 5 +++++
src/netlink_delinearize.c | 2 +-
tests/py/inet/tcp.t | 1 +
tests/py/inet/tcp.t.payload | 7 +++++++
4 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/expression.c b/src/expression.c
index 53fb1811f28c..bea0f4c8d9bc 100644
--- a/src/expression.c
+++ b/src/expression.c
@@ -565,6 +565,11 @@ static void binop_arg_print(const struct expr *op, const struct expr *arg,
bool must_print_eq_op(const struct expr *expr)
{
+ if (expr->right->dtype->basetype != NULL &&
+ expr->right->dtype->basetype->type == TYPE_BITMASK &&
+ expr->right->ops->type == EXPR_VALUE)
+ return true;
+
return expr->left->ops->type == EXPR_BINOP;
}
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 8f4035a291f4..7d882ebac555 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1733,7 +1733,7 @@ static void relational_binop_postprocess(struct rule_pp_ctx *ctx, struct expr *e
expr->left = expr_get(binop->left);
expr->right = binop_tree_to_list(NULL, binop->right);
- expr->op = OP_EQ;
+ expr->op = OP_IMPLICIT;
expr_free(binop);
} else if (binop->left->dtype->flags & DTYPE_F_PREFIX &&
diff --git a/tests/py/inet/tcp.t b/tests/py/inet/tcp.t
index 5276516625cc..d66ba8438a32 100644
--- a/tests/py/inet/tcp.t
+++ b/tests/py/inet/tcp.t
@@ -76,6 +76,7 @@ tcp flags { fin, syn, rst, psh, ack, urg, ecn, cwr} drop;ok
tcp flags != { fin, urg, ecn, cwr} drop;ok
tcp flags cwr;ok
tcp flags != cwr;ok
+tcp flags == syn;ok
tcp flags & (syn|fin) == (syn|fin);ok;tcp flags & (fin | syn) == fin | syn
tcp window 22222;ok
diff --git a/tests/py/inet/tcp.t.payload b/tests/py/inet/tcp.t.payload
index 512b42e9df08..09538aed746c 100644
--- a/tests/py/inet/tcp.t.payload
+++ b/tests/py/inet/tcp.t.payload
@@ -421,6 +421,13 @@ inet test-inet input
[ payload load 1b @ transport header + 13 => reg 1 ]
[ cmp neq reg 1 0x00000080 ]
+# tcp flags == syn
+inet test-inet input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 1b @ transport header + 13 => reg 1 ]
+ [ cmp eq reg 1 0x00000002 ]
+
# tcp flags & (syn|fin) == (syn|fin)
inet test-inet input
[ meta load l4proto => reg 1 ]
--
2.17.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
