We only prefer "list" representation in "ct event". For any other type of "ct"
use the "or" representation so nft prints "ct mark set ct mark | 0x00000001"
instead of "ct mark set ct mark,0x00000001".
Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1364
Fixes: cb8f81ac3079 ("netlink_delinearize: prefer ct event set foo,bar over 'set foo|bar'")
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (stmt->ct.expr != NULL) {
expr_postprocess(&rctx, &stmt->ct.expr);
- if (stmt->ct.expr->etype == EXPR_BINOP)
+ if (stmt->ct.expr->etype == EXPR_BINOP &&
+ stmt->ct.key == NFT_CT_EVENTMASK)
stmt->ct.expr = binop_tree_to_list(NULL,
stmt->ct.expr);
}
ct mark and 0x3 != 0x1;ok;ct mark & 0x00000003 != 0x00000001
ct mark xor 0x23 == 0x11;ok;ct mark 0x00000032
ct mark xor 0x3 != 0x1;ok;ct mark != 0x00000002
+ct mark set ct mark or 0x00000001;ok;ct mark set ct mark | 0x00000001
ct mark 0x00000032;ok
ct mark != 0x00000032;ok
[ ct load mark => reg 9 ]
[ lookup reg 1 set __map%d dreg 0 ]
+# ct mark set ct mark or 0x00000001
+ip test-ip4 output
+ [ ct load mark => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0xfffffffe ) ^ 0x00000001 ]
+ [ ct set mark with reg 1 ]
+
projects / thirdparty / nftables.git / commitdiff
