]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 93c8241) | patch
evaluate: disallow negation with binary operation
authorPablo Neira Ayuso <pablo@netfilter.org>
Tue, 27 Jul 2021 15:23:34 +0000 (17:23 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 27 Jul 2021 15:35:09 +0000 (17:35 +0200)
commit08c596ce6f4f912e823d65edca761c27df7cb511
tree5bc00f6650f2644f66740c823bf5c7f4567547e7tree | snapshot
parent93c824172a975ed03c66649c3513f446a9ff07b2commit | diff
evaluate: disallow negation with binary operation

The negation was introduced to provide a simple shortcut. Extend
e6c32b2fa0b8 ("src: add negation match on singleton bitmask value") to
disallow negation with binary operations too.

 # nft add rule meh tcp_flags 'tcp flags & (fin | syn | rst | ack) ! syn'
 Error: cannot combine negation with binary expression
 add rule meh tcp_flags tcp flags & (fin | syn | rst | ack) ! syn
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^   ~~~

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/evaluate.c diff | blob | blame | history
tests/py/inet/tcp.t diff | blob | blame | history
Mirror of git://git.netfilter.org/nftables