* [PATCH nft,v2 1/3] tests: py: idempotent tcp flags & syn != 0 to tcp flag syn
@ 2021-07-27 22:39 Pablo Neira Ayuso
2021-07-27 22:39 ` [PATCH nft,v2 2/3] netlink_delinearize: skip flags / mask notation for singleton bitmask Pablo Neira Ayuso
2021-07-27 22:39 ` [PATCH nft,v2 3/3] tests: py: tcp flags & (fin | syn | rst | ack) == syn Pablo Neira Ayuso
0 siblings, 2 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2021-07-27 22:39 UTC (permalink / raw)
To: netfilter-devel; +Cc: tom.ty89
Add a test to cover this case.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
v2: no changes
tests/py/inet/tcp.t | 1 +
tests/py/inet/tcp.t.json | 16 ++++++++++++++++
tests/py/inet/tcp.t.payload | 8 ++++++++
3 files changed, 25 insertions(+)
diff --git a/tests/py/inet/tcp.t b/tests/py/inet/tcp.t
index 13b84215bd86..5e2830b679a8 100644
--- a/tests/py/inet/tcp.t
+++ b/tests/py/inet/tcp.t
@@ -69,6 +69,7 @@ tcp flags != cwr;ok
tcp flags == syn;ok
tcp flags fin,syn / fin,syn;ok
tcp flags != syn / fin,syn;ok
+tcp flags & syn != 0;ok;tcp flags syn
tcp flags & (fin | syn | rst | ack) syn;ok;tcp flags syn / fin,syn,rst,ack
tcp flags & (fin | syn | rst | ack) != syn;ok;tcp flags != syn / fin,syn,rst,ack
tcp flags & (fin | syn | rst | psh | ack | urg | ecn | cwr) == fin | syn | rst | psh | ack | urg | ecn | cwr;ok;tcp flags == 0xff
diff --git a/tests/py/inet/tcp.t.json b/tests/py/inet/tcp.t.json
index 033a4f22e0fd..6155c81f6150 100644
--- a/tests/py/inet/tcp.t.json
+++ b/tests/py/inet/tcp.t.json
@@ -1521,6 +1521,22 @@
}
]
+# tcp flags & syn != 0
+[
+ {
+ "match": {
+ "left": {
+ "payload": {
+ "field": "flags",
+ "protocol": "tcp"
+ }
+ },
+ "op": "in",
+ "right": "syn"
+ }
+ }
+]
+
# tcp flags & (fin | syn | rst | ack) syn
[
{
diff --git a/tests/py/inet/tcp.t.payload b/tests/py/inet/tcp.t.payload
index eaa7cd099bd6..6b8b4ecdb4ac 100644
--- a/tests/py/inet/tcp.t.payload
+++ b/tests/py/inet/tcp.t.payload
@@ -370,6 +370,14 @@ inet test-inet input
[ bitwise reg 1 = ( reg 1 & 0x00000003 ) ^ 0x00000000 ]
[ cmp neq reg 1 0x00000002 ]
+# tcp flags & syn != 0
+inet test-inet input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 1b @ transport header + 13 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00000002 ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00000000 ]
+
# tcp flags & (fin | syn | rst | ack) syn
inet test-inet input
[ meta load l4proto => reg 1 ]
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH nft,v2 2/3] netlink_delinearize: skip flags / mask notation for singleton bitmask
2021-07-27 22:39 [PATCH nft,v2 1/3] tests: py: idempotent tcp flags & syn != 0 to tcp flag syn Pablo Neira Ayuso
@ 2021-07-27 22:39 ` Pablo Neira Ayuso
2021-07-27 22:39 ` [PATCH nft,v2 3/3] tests: py: tcp flags & (fin | syn | rst | ack) == syn Pablo Neira Ayuso
1 sibling, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2021-07-27 22:39 UTC (permalink / raw)
To: netfilter-devel; +Cc: tom.ty89
Do not transform 'tcp flags & flag == flag' to 'flag / flag'.
The parser does not accept this notation yet.
Fixes: c3d57114f119 ("parser_bison: add shortcut syntax for matching flags without binary operations")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
v2: skip transformation to flag / flag from delinearize path.
src/netlink_delinearize.c | 8 ++++++++
tests/py/inet/tcp.t | 2 ++
tests/py/inet/tcp.t.json | 21 +++++++++++++++++++++
tests/py/inet/tcp.t.payload | 8 ++++++++
4 files changed, 39 insertions(+)
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index c7dae26684cd..49870eeadd57 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -2285,6 +2285,14 @@ static void relational_binop_postprocess(struct rule_pp_ctx *ctx,
BUG("unknown operation type %d\n", expr->op);
}
expr_free(binop);
+ } else if (binop->right->etype == EXPR_VALUE &&
+ value->etype == EXPR_VALUE &&
+ expr->op == OP_EQ &&
+ !mpz_cmp(value->value, binop->right->value)) {
+ /* Skip flag / flag representation for:
+ * data & flag == flag
+ */
+ ;
} else {
*exprp = flagcmp_expr_alloc(&expr->location, expr->op,
expr_get(binop->left),
diff --git a/tests/py/inet/tcp.t b/tests/py/inet/tcp.t
index 5e2830b679a8..17e0d9b6df9f 100644
--- a/tests/py/inet/tcp.t
+++ b/tests/py/inet/tcp.t
@@ -70,6 +70,8 @@ tcp flags == syn;ok
tcp flags fin,syn / fin,syn;ok
tcp flags != syn / fin,syn;ok
tcp flags & syn != 0;ok;tcp flags syn
+# it should be possible to transform this to: tcp flags syn
+tcp flags & syn == syn;ok
tcp flags & (fin | syn | rst | ack) syn;ok;tcp flags syn / fin,syn,rst,ack
tcp flags & (fin | syn | rst | ack) != syn;ok;tcp flags != syn / fin,syn,rst,ack
tcp flags & (fin | syn | rst | psh | ack | urg | ecn | cwr) == fin | syn | rst | psh | ack | urg | ecn | cwr;ok;tcp flags == 0xff
diff --git a/tests/py/inet/tcp.t.json b/tests/py/inet/tcp.t.json
index 6155c81f6150..c1e4fb35a87c 100644
--- a/tests/py/inet/tcp.t.json
+++ b/tests/py/inet/tcp.t.json
@@ -1537,6 +1537,27 @@
}
]
+# tcp flags & syn == syn
+[
+ {
+ "match": {
+ "left": {
+ "&": [
+ {
+ "payload": {
+ "field": "flags",
+ "protocol": "tcp"
+ }
+ },
+ "syn"
+ ]
+ },
+ "op": "==",
+ "right": "syn"
+ }
+ }
+]
+
# tcp flags & (fin | syn | rst | ack) syn
[
{
diff --git a/tests/py/inet/tcp.t.payload b/tests/py/inet/tcp.t.payload
index 6b8b4ecdb4ac..77b301883a15 100644
--- a/tests/py/inet/tcp.t.payload
+++ b/tests/py/inet/tcp.t.payload
@@ -378,6 +378,14 @@ inet test-inet input
[ bitwise reg 1 = ( reg 1 & 0x00000002 ) ^ 0x00000000 ]
[ cmp neq reg 1 0x00000000 ]
+# tcp flags & syn == syn
+inet test-inet input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 1b @ transport header + 13 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00000002 ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000002 ]
+
# tcp flags & (fin | syn | rst | ack) syn
inet test-inet input
[ meta load l4proto => reg 1 ]
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH nft,v2 3/3] tests: py: tcp flags & (fin | syn | rst | ack) == syn
2021-07-27 22:39 [PATCH nft,v2 1/3] tests: py: idempotent tcp flags & syn != 0 to tcp flag syn Pablo Neira Ayuso
2021-07-27 22:39 ` [PATCH nft,v2 2/3] netlink_delinearize: skip flags / mask notation for singleton bitmask Pablo Neira Ayuso
@ 2021-07-27 22:39 ` Pablo Neira Ayuso
1 sibling, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2021-07-27 22:39 UTC (permalink / raw)
To: netfilter-devel; +Cc: tom.ty89
Add a test case to cover translation to tcp flags syn / fin,syn,rst,ack.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
v2: new in this series.
tests/py/inet/tcp.t | 1 +
tests/py/inet/tcp.t.json | 27 +++++++++++++++++++++++++++
tests/py/inet/tcp.t.payload | 8 ++++++++
3 files changed, 36 insertions(+)
diff --git a/tests/py/inet/tcp.t b/tests/py/inet/tcp.t
index 17e0d9b6df9f..dece9eaa89f8 100644
--- a/tests/py/inet/tcp.t
+++ b/tests/py/inet/tcp.t
@@ -73,6 +73,7 @@ tcp flags & syn != 0;ok;tcp flags syn
# it should be possible to transform this to: tcp flags syn
tcp flags & syn == syn;ok
tcp flags & (fin | syn | rst | ack) syn;ok;tcp flags syn / fin,syn,rst,ack
+tcp flags & (fin | syn | rst | ack) == syn;ok;tcp flags syn / fin,syn,rst,ack
tcp flags & (fin | syn | rst | ack) != syn;ok;tcp flags != syn / fin,syn,rst,ack
tcp flags & (fin | syn | rst | psh | ack | urg | ecn | cwr) == fin | syn | rst | psh | ack | urg | ecn | cwr;ok;tcp flags == 0xff
tcp flags { syn, syn | ack };ok
diff --git a/tests/py/inet/tcp.t.json b/tests/py/inet/tcp.t.json
index c1e4fb35a87c..23244eaa2339 100644
--- a/tests/py/inet/tcp.t.json
+++ b/tests/py/inet/tcp.t.json
@@ -1584,6 +1584,33 @@
}
]
+# tcp flags & (fin | syn | rst | ack) == syn
+[
+ {
+ "match": {
+ "left": {
+ "&": [
+ {
+ "payload": {
+ "field": "flags",
+ "protocol": "tcp"
+ }
+ },
+ [
+ "fin",
+ "syn",
+ "rst",
+ "ack"
+ ]
+ ]
+ },
+ "op": "==",
+ "right": "syn"
+ }
+ }
+]
+
+
# tcp flags & (fin | syn | rst | ack) != syn
[
{
diff --git a/tests/py/inet/tcp.t.payload b/tests/py/inet/tcp.t.payload
index 77b301883a15..4e795aa931ac 100644
--- a/tests/py/inet/tcp.t.payload
+++ b/tests/py/inet/tcp.t.payload
@@ -394,6 +394,14 @@ inet test-inet input
[ bitwise reg 1 = ( reg 1 & 0x00000017 ) ^ 0x00000000 ]
[ cmp eq reg 1 0x00000002 ]
+# tcp flags & (fin | syn | rst | ack) == syn
+inet test-inet input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 1b @ transport header + 13 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00000017 ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000002 ]
+
# tcp flags & (fin | syn | rst | ack) != syn
inet test-inet input
[ meta load l4proto => reg 1 ]
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-07-27 22:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-27 22:39 [PATCH nft,v2 1/3] tests: py: idempotent tcp flags & syn != 0 to tcp flag syn Pablo Neira Ayuso
2021-07-27 22:39 ` [PATCH nft,v2 2/3] netlink_delinearize: skip flags / mask notation for singleton bitmask Pablo Neira Ayuso
2021-07-27 22:39 ` [PATCH nft,v2 3/3] tests: py: tcp flags & (fin | syn | rst | ack) == syn Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.