netfilter buglog - Sep 2016 - [Bug 1086] New: Nftables matching packet header fields and unexpected '(': wrong wiki info or bug?

https://bugzilla.netfilter.org/show_bug.cgi?id=1086

            Bug ID: 1086
           Summary: Nftables matching packet header fields and unexpected
                    '(': wrong wiki info or bug?
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: Debian GNU/Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: 1000.ontheroad at gmail.com

Official nftables "wiki", on the Matching-packet-header-fields section
(https://wiki.nftables.org/wiki-nftables/index.php/Matching_packet_header_fields),
suggests the following example to match packets with flags SYN and ACK set:

% nft -i
nft> add rule filter output tcp flags & (syn | ack) == (syn | ack)
counter log

When putting it into practice, it fails:

<cli>:1:51-51: Error: syntax error, unexpected '('
add rule filter output tcp flags & (syn | ack) == (syn | ack) counter log
                                                  ^

I've discovered a workaround, removing the second brackets:
nft> add rule filter output tcp flags & (syn | ack) == syn | ack counter
log

NFT CLI seems to accept it. I did not check if it works, but I've set a
similar
rule to block "Xmas scans" and, checked against a Hping3 scan (-UPF
option), it
seems to work fine:
nft> add rule filter input tcp flags & (fin | syn | rst | psh | ack |
urg) =fin | psh | urg log drop

Since I've watched that erroneus syntax on other Nftables tutorials around
the
net, I guess it *did* work sometime in the past, but now it's broken.

Debian Testing/Strech
kernel 4.6.0-1-amd64
nftables 0.6-2

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160911/0032cd79/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1086

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
commit 7222680eb328b5cebcea78b1dc6ccfacadeaa172
Author: Phil Sutter <phil at nwl.cc>
Date:   Mon Nov 28 18:51:43 2016 +0100

    parser_bison: Allow parens on RHS of relational_expr

Fixed upstream. Closing.

Thanks for reporting.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170127/1ef612c3/attachment.html>