diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-07 17:45:15 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-07 17:52:48 +0200 |
commit | ec916a449903f30e00bf5d392ce84b0bb248363a (patch) | |
tree | 03d38fcc10a04c4a3716893a6856199ccaf52965 | |
parent | 2a704dff296de5b3bbe9973d253f98a5556a2e87 (diff) |
parser_bison: allow to use new osf expression from assignment statement
So the following rule to set the conntrack mark based on the OS passive
recognition works:
# nft add rule x y ct mark set osf name map { "Windows" : 1, "MacOs" : 2 }
Fixes: 9f28b685b473 ("src: introduce passive OS fingerprint matching")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/parser_bison.y | 1 | ||||
-rw-r--r-- | tests/py/inet/osf.t | 1 | ||||
-rw-r--r-- | tests/py/inet/osf.t.payload | 9 |
3 files changed, 11 insertions, 0 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index 9a75120a..f3c88299 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -2537,6 +2537,7 @@ primary_stmt_expr : symbol_expr { $$ = $1; } | payload_expr { $$ = $1; } | keyword_expr { $$ = $1; } | socket_expr { $$ = $1; } + | osf_expr { $$ = $1; } ; shift_stmt_expr : primary_stmt_expr diff --git a/tests/py/inet/osf.t b/tests/py/inet/osf.t index 6533b84e..7cf90931 100644 --- a/tests/py/inet/osf.t +++ b/tests/py/inet/osf.t @@ -7,3 +7,4 @@ osf name "Linux";ok osf name "morethansixteenbytes";fail osf name ;fail +ct mark set osf name map { "Windows" : 0x00000001, "MacOs" : 0x00000002 };ok diff --git a/tests/py/inet/osf.t.payload b/tests/py/inet/osf.t.payload index f94c17ec..0381378f 100644 --- a/tests/py/inet/osf.t.payload +++ b/tests/py/inet/osf.t.payload @@ -12,3 +12,12 @@ ip6 osfip6 osfchain inet osfinet osfchain [ osf dreg 1 ] [ cmp eq reg 1 0x756e694c 0x00000078 0x00000000 0x00000000 ] + +# ct mark set osf name map { "Windows" : 0x00000001, "MacOs" : 0x00000002 } +__map%d osfip b size 2 +__map%d osfip 0 + element 646e6957 0073776f 00000000 00000000 : 00000001 0 [end] element 4f63614d 00000073 00000000 00000000 : 00000002 0 [end] +ip osfip osfchain + [ osf dreg 1 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ ct set mark with reg 1 ] |