netlink_delinearize: fix binary operation postprocessing with sets

If the right-hand side expression of the binary expression is a set,
then, skip the postprocessing step otherwise the tests/py report the
following warning:

 # ./nft-test.py inet/tcp.t
 inet/tcp.t: WARNING: line 80: 'add rule ip test-ip4 input tcp flags & (syn|fin) == (syn|fin)': 'tcp flags & (fin | syn) == fin | syn' mismatches 'tcp flags ! fin,syn'
 inet/tcp.t: WARNING: line 83: 'add rule ip test-ip4 input tcp flags & (fin | syn | rst | psh | ack | urg) == { fin, ack, psh | ack, fin | psh | ack }': 'tcp flags & (fin | syn | rst | psh | ack | urg) == { fin, ack, psh | ack, fin | psh | ack }' mismatches 'tcp flags ! fin,syn,rst,psh,ack,urg'

This listing is not correct.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 4dd5bdc0787fcd93329c86adbc9efc0de88780fc..81fe4c1664995779e666cdec1add9dee08e843c7 100644 (file)
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -2173,6 +2173,7 @@ static void relational_binop_postprocess(struct rule_pp_ctx *ctx, struct expr *e
        if (binop->op == OP_AND && (expr->op == OP_NEQ || expr->op == OP_EQ) &&
            value->dtype->basetype &&
            value->dtype->basetype->type == TYPE_BITMASK &&
+           value->etype == EXPR_VALUE &&
            !mpz_cmp_ui(value->value, 0)) {
                /* Flag comparison: data & flags != 0
                 *