On Mon, May 17, 2021 at 08:27:10PM -0400, Matt Corallo wrote:
On 5/17/21 19:44, Ondrej Zajicek wrote:
On Mon, May 17, 2021 at 01:48:19PM -0400, Matt Corallo wrote: You are right. My comment above is true for numeric ops, but for bitmask ops the ',' is the same as '&&', i am not really sure why. This seems confusing and it is undocumented.
Ha! right, yea, some documentation would be helpful. Just to double-check, fragmentation-type uses "," as ||, correct?
No, fragmentation-type is just a variant of bitmask. I think that a way out of this confusion is to deprecate ',' from bitmask (and fragmentation) and always show && or || (but keep ',' in parser for compatibility reasons). And leave ',' only for list of numerical values where the meaning is clear. I think that if i knew nothing about BIRD flowspec syntax, then expression "port 10,20,30..40" is clear to me, but "tcp flags 0x2/0x3,0x0/0x10" definitely is not (while "tcp flags 0x2/0x3 && 0x0/0x10" is a bit more comprehensible).
Parser receives 0x02/0x17, decomposes it to 0x2/0x2 && 0x0/0x15 (as flowspec allows just all-zero and all-one masks) and that is displayed (just with ','). We should be probably smarter and compose it back to 0x02/0x17 during display.
Eh, don't care too much about recomposition, its kinda nice to see what was received on the wire.
-- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."