expression: missing != in flagcmp expression print function

author Pablo Neira Ayuso <pablo@netfilter.org>

Tue, 27 Jul 2021 15:23:27 +0000 (17:23 +0200)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Tue, 27 Jul 2021 15:32:23 +0000 (17:32 +0200)
author Pablo Neira Ayuso <pablo@netfilter.org>
Tue, 27 Jul 2021 15:23:27 +0000 (17:23 +0200)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Tue, 27 Jul 2021 15:32:23 +0000 (17:32 +0200)
diff --git a/src/expression.c b/src/expression.c

index c6be000107f26da2431ede514eb71736929816d6..4c0874fe99500ff81ee2d2761127c574f3f4083c 100644 (file)
--- a/src/expression.c
+++ b/src/expression.c
@@ -1358,7 +1358,12 @@ struct expr *set_elem_catchall_expr_alloc(const struct location *loc)
  static void flagcmp_expr_print(const struct expr *expr, struct output_ctx *octx)
  {
         expr_print(expr->flagcmp.expr, octx);
-       nft_print(octx, " ");
+
+       if (expr->op == OP_NEQ)
+               nft_print(octx, " != ");
+       else
+               nft_print(octx, " ");
+
         expr_print(expr->flagcmp.value, octx);
         nft_print(octx, " / ");
         expr_print(expr->flagcmp.mask, octx);
diff --git a/tests/py/inet/tcp.t b/tests/py/inet/tcp.t

index 532da2776d24510f7505c29c52360edf938dd8c5..16e15b9f76c1425b9ee6e306c039490f7a0d862c 100644 (file)
--- a/tests/py/inet/tcp.t
+++ b/tests/py/inet/tcp.t
@@ -68,6 +68,7 @@ tcp flags cwr;ok
  tcp flags != cwr;ok
  tcp flags == syn;ok
  tcp flags fin,syn / fin,syn;ok
+tcp flags != syn / fin,syn;ok
  tcp flags & (fin | syn | rst | psh | ack | urg | ecn | cwr) == fin | syn | rst | psh | ack | urg | ecn | cwr;ok;tcp flags == 0xff
  tcp flags { syn, syn | ack };ok
  tcp flags & (fin | syn | rst | psh | ack | urg) == { fin, ack, psh | ack, fin | psh | ack };ok
diff --git a/tests/py/inet/tcp.t.json b/tests/py/inet/tcp.t.json

index 8c2a376b2e603fd65838fc703c397c767b92ec23..590a3dee5d3fa07610ab9444a46fe3c94b71348a 100644 (file)
--- a/tests/py/inet/tcp.t.json
+++ b/tests/py/inet/tcp.t.json
@@ -1496,3 +1496,28 @@
          }
      }
  ]
+
+# tcp flags != syn / fin,syn
+[
+    {
+        "match": {
+            "left": {
+                "&": [
+                    {
+                        "payload": {
+                            "field": "flags",
+                            "protocol": "tcp"
+                        }
+                    },
+                    [
+                        "fin",
+                        "syn"
+                    ]
+                ]
+            },
+            "op": "!=",
+            "right": "syn"
+        }
+    }
+]
+
diff --git a/tests/py/inet/tcp.t.payload b/tests/py/inet/tcp.t.payload

index ee61b1a722d5bb9bf4bc13e3db65e5d57217e2e4..7f302080f02a6886d3757ff7588ab89d78e6c6d2 100644 (file)
--- a/tests/py/inet/tcp.t.payload
+++ b/tests/py/inet/tcp.t.payload
@@ -362,6 +362,14 @@ inet test-inet input
    [ bitwise reg 1 = ( reg 1 & 0x00000003 ) ^ 0x00000000 ]
    [ cmp eq reg 1 0x00000003 ]
  
+# tcp flags != syn / fin,syn
+inet test-inet input
+  [ meta load l4proto => reg 1 ]
+  [ cmp eq reg 1 0x00000006 ]
+  [ payload load 1b @ transport header + 13 => reg 1 ]
+  [ bitwise reg 1 = ( reg 1 & 0x00000003 ) ^ 0x00000000 ]
+  [ cmp neq reg 1 0x00000002 ]
+
  # tcp flags & (fin | syn | rst | psh | ack | urg | ecn | cwr) == fin | syn | rst | psh | ack | urg | ecn | cwr
  inet test-inet input
    [ meta load l4proto => reg 1 ]
author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 27 Jul 2021 15:23:27 +0000 (17:23 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 27 Jul 2021 15:32:23 +0000 (17:32 +0200)
src/expression.c		patch \| blob \| blame \| history
tests/py/inet/tcp.t		patch \| blob \| blame \| history
tests/py/inet/tcp.t.json		patch \| blob \| blame \| history
tests/py/inet/tcp.t.payload		patch \| blob \| blame \| history