* [iproute PATCH 0/3] Fix and test ssfilter
@ 2018-08-14 12:18 Phil Sutter
2018-08-14 12:18 ` [iproute PATCH 1/3] ss: Review ssfilter Phil Sutter
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Phil Sutter @ 2018-08-14 12:18 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: netdev, Samuel Mannehed
This series contains a fix for ssfilter and introduces a testscript to
verify correct functionality.
Phil Sutter (3):
ss: Review ssfilter
testsuite: Prepare for ss tests
testsuite: Add a first ss test validating ssfilter
misc/ssfilter.y | 36 ++++++++++++++-----------
testsuite/Makefile | 2 +-
testsuite/lib/generic.sh | 37 ++++++++++----------------
testsuite/tests/ss/ss1.dump | Bin 0 -> 720 bytes
testsuite/tests/ss/ssfilter.t | 48 ++++++++++++++++++++++++++++++++++
5 files changed, 84 insertions(+), 39 deletions(-)
create mode 100644 testsuite/tests/ss/ss1.dump
create mode 100755 testsuite/tests/ss/ssfilter.t
--
2.18.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* [iproute PATCH 1/3] ss: Review ssfilter
2018-08-14 12:18 [iproute PATCH 0/3] Fix and test ssfilter Phil Sutter
@ 2018-08-14 12:18 ` Phil Sutter
2018-08-14 12:18 ` [iproute PATCH 2/3] testsuite: Prepare for ss tests Phil Sutter
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Phil Sutter @ 2018-08-14 12:18 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: netdev, Samuel Mannehed
The original problem was ssfilter rejecting single expressions if
enclosed in braces, such as:
| sport = 22 or ( dport = 22 )
This is fixed by allowing 'expr' to be an 'exprlist' enclosed in braces.
The no longer required recursion in 'exprlist' being an 'exprlist'
enclosed in braces is dropped.
In addition to that, a few other things are changed:
* Remove pointless 'null' prefix in 'appled' before 'exprlist'.
* For simple equals matches, '=' operator was required for ports but not
allowed for hosts. Make this consistent by making '=' operator
optional in both cases.
Reported-by: Samuel Mannehed <samuel@cendio.se>
Fixes: b2038cc0b2403 ("ssfilter: Eliminate shift/reduce conflicts")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
misc/ssfilter.y | 36 +++++++++++++++++++++---------------
1 file changed, 21 insertions(+), 15 deletions(-)
diff --git a/misc/ssfilter.y b/misc/ssfilter.y
index 88d4229a9b241..0413dddaa7584 100644
--- a/misc/ssfilter.y
+++ b/misc/ssfilter.y
@@ -42,24 +42,22 @@ static void yyerror(char *s)
%nonassoc '!'
%%
-applet: null exprlist
+applet: exprlist
{
- *yy_ret = $2;
- $$ = $2;
+ *yy_ret = $1;
+ $$ = $1;
}
| null
;
+
null: /* NOTHING */ { $$ = NULL; }
;
+
exprlist: expr
| '!' expr
{
$$ = alloc_node(SSF_NOT, $2);
}
- | '(' exprlist ')'
- {
- $$ = $2;
- }
| exprlist '|' expr
{
$$ = alloc_node(SSF_OR, $1);
@@ -77,13 +75,21 @@ exprlist: expr
}
;
-expr: DCOND HOSTCOND
+eq: '='
+ | /* nothing */
+ ;
+
+expr: '(' exprlist ')'
+ {
+ $$ = $2;
+ }
+ | DCOND eq HOSTCOND
{
- $$ = alloc_node(SSF_DCOND, $2);
+ $$ = alloc_node(SSF_DCOND, $3);
}
- | SCOND HOSTCOND
+ | SCOND eq HOSTCOND
{
- $$ = alloc_node(SSF_SCOND, $2);
+ $$ = alloc_node(SSF_SCOND, $3);
}
| DPORT GEQ HOSTCOND
{
@@ -101,7 +107,7 @@ expr: DCOND HOSTCOND
{
$$ = alloc_node(SSF_NOT, alloc_node(SSF_D_GE, $3));
}
- | DPORT '=' HOSTCOND
+ | DPORT eq HOSTCOND
{
$$ = alloc_node(SSF_DCOND, $3);
}
@@ -126,7 +132,7 @@ expr: DCOND HOSTCOND
{
$$ = alloc_node(SSF_NOT, alloc_node(SSF_S_GE, $3));
}
- | SPORT '=' HOSTCOND
+ | SPORT eq HOSTCOND
{
$$ = alloc_node(SSF_SCOND, $3);
}
@@ -134,7 +140,7 @@ expr: DCOND HOSTCOND
{
$$ = alloc_node(SSF_NOT, alloc_node(SSF_SCOND, $3));
}
- | DEVNAME '=' DEVCOND
+ | DEVNAME eq DEVCOND
{
$$ = alloc_node(SSF_DEVCOND, $3);
}
@@ -142,7 +148,7 @@ expr: DCOND HOSTCOND
{
$$ = alloc_node(SSF_NOT, alloc_node(SSF_DEVCOND, $3));
}
- | FWMARK '=' MARKMASK
+ | FWMARK eq MARKMASK
{
$$ = alloc_node(SSF_MARKMASK, $3);
}
--
2.18.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [iproute PATCH 2/3] testsuite: Prepare for ss tests
2018-08-14 12:18 [iproute PATCH 0/3] Fix and test ssfilter Phil Sutter
2018-08-14 12:18 ` [iproute PATCH 1/3] ss: Review ssfilter Phil Sutter
@ 2018-08-14 12:18 ` Phil Sutter
2018-08-14 12:18 ` [iproute PATCH 3/3] testsuite: Add a first ss test validating ssfilter Phil Sutter
2018-08-15 21:33 ` [iproute PATCH 0/3] Fix and test ssfilter Stephen Hemminger
3 siblings, 0 replies; 5+ messages in thread
From: Phil Sutter @ 2018-08-14 12:18 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: netdev, Samuel Mannehed
This merges the shared bits from ts_tc() and ts_ip() into a common
function for being wrapped by the first ones and adds a third ts_ss()
for testing ss commands.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
testsuite/Makefile | 2 +-
testsuite/lib/generic.sh | 37 ++++++++++++++-----------------------
2 files changed, 15 insertions(+), 24 deletions(-)
diff --git a/testsuite/Makefile b/testsuite/Makefile
index 2a54e5c845e65..8fcbc557ff9a7 100644
--- a/testsuite/Makefile
+++ b/testsuite/Makefile
@@ -65,7 +65,7 @@ endif
TMP_ERR=`mktemp /tmp/tc_testsuite.XXXXXX`; \
TMP_OUT=`mktemp /tmp/tc_testsuite.XXXXXX`; \
STD_ERR="$$TMP_ERR" STD_OUT="$$TMP_OUT" \
- TC="$$i/tc/tc" IP="$$i/ip/ip" DEV="$(DEV)" IPVER="$@" SNAME="$$i" \
+ TC="$$i/tc/tc" IP="$$i/ip/ip" SS=$$i/misc/ss DEV="$(DEV)" IPVER="$@" SNAME="$$i" \
ERRF="$(RESULTS_DIR)/$@.$$o.err" $(KENV) $(PREFIX) tests/$@ > $(RESULTS_DIR)/$@.$$o.out; \
if [ "$$?" = "127" ]; then \
echo "SKIPPED"; \
diff --git a/testsuite/lib/generic.sh b/testsuite/lib/generic.sh
index 8cef20fa1b280..f92260fc40cf3 100644
--- a/testsuite/lib/generic.sh
+++ b/testsuite/lib/generic.sh
@@ -26,16 +26,17 @@ ts_skip()
exit 127
}
-ts_tc()
+__ts_cmd()
{
+ CMD=$1; shift
SCRIPT=$1; shift
DESC=$1; shift
- $TC $@ 2> $STD_ERR > $STD_OUT
+ $CMD $@ 2> $STD_ERR > $STD_OUT
if [ -s $STD_ERR ]; then
ts_err "${SCRIPT}: ${DESC} failed:"
- ts_err "command: $TC $@"
+ ts_err "command: $CMD $@"
ts_err "stderr output:"
ts_err_cat $STD_ERR
if [ -s $STD_OUT ]; then
@@ -50,29 +51,19 @@ ts_tc()
fi
}
-ts_ip()
+ts_tc()
{
- SCRIPT=$1; shift
- DESC=$1; shift
+ __ts_cmd "$TC" "$@"
+}
- $IP $@ 2> $STD_ERR > $STD_OUT
- RET=$?
+ts_ip()
+{
+ __ts_cmd "$IP" "$@"
+}
- if [ -s $STD_ERR ] || [ "$RET" != "0" ]; then
- ts_err "${SCRIPT}: ${DESC} failed:"
- ts_err "command: $IP $@"
- ts_err "stderr output:"
- ts_err_cat $STD_ERR
- if [ -s $STD_OUT ]; then
- ts_err "stdout output:"
- ts_err_cat $STD_OUT
- fi
- elif [ -s $STD_OUT ]; then
- echo "${SCRIPT}: ${DESC} succeeded with output:"
- cat $STD_OUT
- else
- echo "${SCRIPT}: ${DESC} succeeded"
- fi
+ts_ss()
+{
+ __ts_cmd "$SS" "$@"
}
ts_qdisc_available()
--
2.18.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [iproute PATCH 3/3] testsuite: Add a first ss test validating ssfilter
2018-08-14 12:18 [iproute PATCH 0/3] Fix and test ssfilter Phil Sutter
2018-08-14 12:18 ` [iproute PATCH 1/3] ss: Review ssfilter Phil Sutter
2018-08-14 12:18 ` [iproute PATCH 2/3] testsuite: Prepare for ss tests Phil Sutter
@ 2018-08-14 12:18 ` Phil Sutter
2018-08-15 21:33 ` [iproute PATCH 0/3] Fix and test ssfilter Stephen Hemminger
3 siblings, 0 replies; 5+ messages in thread
From: Phil Sutter @ 2018-08-14 12:18 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: netdev, Samuel Mannehed
This tests a few ssfilter expressions by selecting sockets from a TCP
dump file. The dump was created using the following command:
| ss -ntaD testsuite/tests/ss/ss1.dump
It is fed into ss via TCPDIAG_FILE environment variable.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
testsuite/tests/ss/ss1.dump | Bin 0 -> 720 bytes
testsuite/tests/ss/ssfilter.t | 48 ++++++++++++++++++++++++++++++++++
2 files changed, 48 insertions(+)
create mode 100644 testsuite/tests/ss/ss1.dump
create mode 100755 testsuite/tests/ss/ssfilter.t
diff --git a/testsuite/tests/ss/ss1.dump b/testsuite/tests/ss/ss1.dump
new file mode 100644
index 0000000000000000000000000000000000000000..9c273231c78418593cabda324ca20d5a6d41e1aa
GIT binary patch
literal 720
zcmYdbU|<koU}A81#K^!c$-uzG1r!hiVj=)DnwkbEe>Nin11kdun3n(~QOsv#0-E2u
z3TO>b6#}61K{9Mm>1mU45ek8<2e$al?_I?phHf4@A7mgq)YMKS^Irfxb<qmH`3z!5
zI?&An@_`;h1*}l+IW<)G-$HV~2v7|(Quu?kWB@U8m~jCOCpJ!4Kn5Uz1}J+jQk<|d
zaDxLs0Vs!J4=`@#c`%6mJHX%s)dr$e(D>kZgGJtnxD>cjP}t=IBMn#FbAjW2%?&j3
Wu$m7G%#dh=`5=oj%@O8f3p)VpCN7Tv
literal 0
HcmV?d00001
diff --git a/testsuite/tests/ss/ssfilter.t b/testsuite/tests/ss/ssfilter.t
new file mode 100755
index 0000000000000..e74f1765cb723
--- /dev/null
+++ b/testsuite/tests/ss/ssfilter.t
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+. lib/generic.sh
+
+# % ./misc/ss -Htna
+# LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
+# ESTAB 0 0 10.0.0.1:22 10.0.0.1:36266
+# ESTAB 0 0 10.0.0.1:36266 10.0.0.1:22
+# ESTAB 0 0 10.0.0.1:22 10.0.0.2:50312
+export TCPDIAG_FILE="$(dirname $0)/ss1.dump"
+
+ts_log "[Testing ssfilter]"
+
+ts_ss "$0" "Match dport = 22" -Htna dport = 22
+test_on "ESTAB 0 0 10.0.0.1:36266 10.0.0.1:22"
+
+ts_ss "$0" "Match dport 22" -Htna dport 22
+test_on "ESTAB 0 0 10.0.0.1:36266 10.0.0.1:22"
+
+ts_ss "$0" "Match (dport)" -Htna '( dport = 22 )'
+test_on "ESTAB 0 0 10.0.0.1:36266 10.0.0.1:22"
+
+ts_ss "$0" "Match src = 0.0.0.0" -Htna src = 0.0.0.0
+test_on "LISTEN 0 128 0.0.0.0:22 0.0.0.0:*"
+
+ts_ss "$0" "Match src 0.0.0.0" -Htna src 0.0.0.0
+test_on "LISTEN 0 128 0.0.0.0:22 0.0.0.0:*"
+
+ts_ss "$0" "Match src sport" -Htna src 0.0.0.0 sport = 22
+test_on "LISTEN 0 128 0.0.0.0:22 0.0.0.0:*"
+
+ts_ss "$0" "Match src and sport" -Htna src 0.0.0.0 and sport = 22
+test_on "LISTEN 0 128 0.0.0.0:22 0.0.0.0:*"
+
+ts_ss "$0" "Match src and sport and dport" -Htna src 10.0.0.1 and sport = 22 and dport = 50312
+test_on "ESTAB 0 0 10.0.0.1:22 10.0.0.2:50312"
+
+ts_ss "$0" "Match src and sport and (dport)" -Htna 'src 10.0.0.1 and sport = 22 and ( dport = 50312 )'
+test_on "ESTAB 0 0 10.0.0.1:22 10.0.0.2:50312"
+
+ts_ss "$0" "Match src and (sport and dport)" -Htna 'src 10.0.0.1 and ( sport = 22 and dport = 50312 )'
+test_on "ESTAB 0 0 10.0.0.1:22 10.0.0.2:50312"
+
+ts_ss "$0" "Match (src and sport) and dport" -Htna '( src 10.0.0.1 and sport = 22 ) and dport = 50312'
+test_on "ESTAB 0 0 10.0.0.1:22 10.0.0.2:50312"
+
+ts_ss "$0" "Match (src or src) and dst" -Htna '( src 0.0.0.0 or src 10.0.0.1 ) and dst 10.0.0.2'
+test_on "ESTAB 0 0 10.0.0.1:22 10.0.0.2:50312"
--
2.18.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [iproute PATCH 0/3] Fix and test ssfilter
2018-08-14 12:18 [iproute PATCH 0/3] Fix and test ssfilter Phil Sutter
` (2 preceding siblings ...)
2018-08-14 12:18 ` [iproute PATCH 3/3] testsuite: Add a first ss test validating ssfilter Phil Sutter
@ 2018-08-15 21:33 ` Stephen Hemminger
3 siblings, 0 replies; 5+ messages in thread
From: Stephen Hemminger @ 2018-08-15 21:33 UTC (permalink / raw)
To: Phil Sutter; +Cc: netdev, Samuel Mannehed
On Tue, 14 Aug 2018 14:18:05 +0200
Phil Sutter <phil@nwl.cc> wrote:
> This series contains a fix for ssfilter and introduces a testscript to
> verify correct functionality.
>
> Phil Sutter (3):
> ss: Review ssfilter
> testsuite: Prepare for ss tests
> testsuite: Add a first ss test validating ssfilter
>
> misc/ssfilter.y | 36 ++++++++++++++-----------
> testsuite/Makefile | 2 +-
> testsuite/lib/generic.sh | 37 ++++++++++----------------
> testsuite/tests/ss/ss1.dump | Bin 0 -> 720 bytes
> testsuite/tests/ss/ssfilter.t | 48 ++++++++++++++++++++++++++++++++++
> 5 files changed, 84 insertions(+), 39 deletions(-)
> create mode 100644 testsuite/tests/ss/ss1.dump
> create mode 100755 testsuite/tests/ss/ssfilter.t
>
Applied
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-08-16 0:27 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-14 12:18 [iproute PATCH 0/3] Fix and test ssfilter Phil Sutter
2018-08-14 12:18 ` [iproute PATCH 1/3] ss: Review ssfilter Phil Sutter
2018-08-14 12:18 ` [iproute PATCH 2/3] testsuite: Prepare for ss tests Phil Sutter
2018-08-14 12:18 ` [iproute PATCH 3/3] testsuite: Add a first ss test validating ssfilter Phil Sutter
2018-08-15 21:33 ` [iproute PATCH 0/3] Fix and test ssfilter Stephen Hemminger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).