If the right-hand side expression of the binary expression is a set,
then, skip the postprocessing step otherwise the tests/py report the
following warning:
# ./nft-test.py inet/tcp.t
inet/tcp.t: WARNING: line 80: 'add rule ip test-ip4 input tcp flags & (syn|fin) == (syn|fin)': 'tcp flags & (fin | syn) == fin | syn' mismatches 'tcp flags ! fin,syn'
inet/tcp.t: WARNING: line 83: 'add rule ip test-ip4 input tcp flags & (fin | syn | rst | psh | ack | urg) == { fin, ack, psh | ack, fin | psh | ack }': 'tcp flags & (fin | syn | rst | psh | ack | urg) == { fin, ack, psh | ack, fin | psh | ack }' mismatches 'tcp flags ! fin,syn,rst,psh,ack,urg'
This listing is not correct.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/netlink_delinearize.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 4dd5bdc0787f..81fe4c166499 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -2173,6 +2173,7 @@ static void relational_binop_postprocess(struct rule_pp_ctx *ctx, struct expr *e
if (binop->op == OP_AND && (expr->op == OP_NEQ || expr->op == OP_EQ) &&
value->dtype->basetype &&
value->dtype->basetype->type == TYPE_BITMASK &&
+ value->etype == EXPR_VALUE &&
!mpz_cmp_ui(value->value, 0)) {
/* Flag comparison: data & flags != 0
*
--
2.20.1
