From: Fernando Fernandez Mancera <ffmancera@riseup.net>
Date: Mon, 9 Sep 2019 19:52:47 +0000 (+0200)
Subject: netlink_delinearize: fix wrong conversion to "list" in ct mark
X-Git-Tag: v0.9.3~71
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=805969ec63f22303d89a25dd8aa23d54dc65bf73;p=thirdparty%2Fnftables.git

netlink_delinearize: fix wrong conversion to "list" in ct mark

We only prefer "list" representation in "ct event". For any other type of "ct"
use the "or" representation so nft prints "ct mark set ct mark | 0x00000001"
instead of "ct mark set ct mark,0x00000001".

Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1364
Fixes: cb8f81ac3079 ("netlink_delinearize: prefer ct event set foo,bar over 'set foo|bar'")
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index fc2574b1d..f7d328a83 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -2550,7 +2550,8 @@ static void rule_parse_postprocess(struct netlink_parse_ctx *ctx, struct rule *r
 			if (stmt->ct.expr != NULL) {
 				expr_postprocess(&rctx, &stmt->ct.expr);
 
-				if (stmt->ct.expr->etype == EXPR_BINOP)
+				if (stmt->ct.expr->etype == EXPR_BINOP &&
+				    stmt->ct.key == NFT_CT_EVENTMASK)
 					stmt->ct.expr = binop_tree_to_list(NULL,
 									   stmt->ct.expr);
 			}
diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t
index 267eca1a6..ebc086445 100644
--- a/tests/py/any/ct.t
+++ b/tests/py/any/ct.t
@@ -38,6 +38,7 @@ ct mark and 0x23 == 0x11;ok;ct mark & 0x00000023 == 0x00000011
 ct mark and 0x3 != 0x1;ok;ct mark & 0x00000003 != 0x00000001
 ct mark xor 0x23 == 0x11;ok;ct mark 0x00000032
 ct mark xor 0x3 != 0x1;ok;ct mark != 0x00000002
+ct mark set ct mark or 0x00000001;ok;ct mark set ct mark | 0x00000001
 
 ct mark 0x00000032;ok
 ct mark != 0x00000032;ok
diff --git a/tests/py/any/ct.t.payload b/tests/py/any/ct.t.payload
index 86ac81cd7..bdc6a70e3 100644
--- a/tests/py/any/ct.t.payload
+++ b/tests/py/any/ct.t.payload
@@ -493,3 +493,9 @@ ip test-ip4 output
   [ ct load mark => reg 9 ]
   [ lookup reg 1 set __map%d dreg 0 ]
 
+# ct mark set ct mark or 0x00000001
+ip test-ip4 output
+  [ ct load mark => reg 1 ]
+  [ bitwise reg 1 = (reg=1 & 0xfffffffe ) ^ 0x00000001 ]
+  [ ct set mark with reg 1 ]
+