diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-05-13 01:34:01 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-05-16 01:01:32 +0200 |
commit | c3d57114f119b89ec0caa0b4dfa8527826a38792 (patch) | |
tree | e05672750206c02c70d0927cbd4b8ca6aae4b31c /tests/py | |
parent | 3adb0316e2b5683acd0f93661a278f059a13cc5b (diff) |
parser_bison: add shortcut syntax for matching flags without binary operations
This patch adds the following shortcut syntax:
expression flags / flags
instead of:
expression and flags == flags
For example:
tcp flags syn,ack / syn,ack,fin,rst
^^^^^^^ ^^^^^^^^^^^^^^^
value mask
instead of:
tcp flags and (syn|ack|fin|rst) == syn|ack
The second list of comma-separated flags represents the mask which are
examined and the first list of comma-separated flags must be set.
You can also use the != operator with this syntax:
tcp flags != fin,rst / syn,ack,fin,rst
This shortcut is based on the prefix notation, but it is also similar to
the iptables tcp matching syntax.
This patch introduces the flagcmp expression to print the tcp flags in
this new notation. The delinearize path transforms the binary expression
to this new flagcmp expression whenever possible.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py')
-rw-r--r-- | tests/py/inet/tcp.t | 2 | ||||
-rw-r--r-- | tests/py/inet/tcp.t.payload | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/tests/py/inet/tcp.t b/tests/py/inet/tcp.t index 5f2caea9..a8d46831 100644 --- a/tests/py/inet/tcp.t +++ b/tests/py/inet/tcp.t @@ -77,7 +77,7 @@ tcp flags != { fin, urg, ecn, cwr} drop;ok tcp flags cwr;ok tcp flags != cwr;ok tcp flags == syn;ok -tcp flags & (syn|fin) == (syn|fin);ok;tcp flags & (fin | syn) == fin | syn +tcp flags fin,syn / fin,syn;ok tcp flags & (fin | syn | rst | psh | ack | urg | ecn | cwr) == fin | syn | rst | psh | ack | urg | ecn | cwr;ok;tcp flags == 0xff tcp flags { syn, syn | ack };ok tcp flags & (fin | syn | rst | psh | ack | urg) == { fin, ack, psh | ack, fin | psh | ack };ok diff --git a/tests/py/inet/tcp.t.payload b/tests/py/inet/tcp.t.payload index da932b6d..07ac151c 100644 --- a/tests/py/inet/tcp.t.payload +++ b/tests/py/inet/tcp.t.payload @@ -434,7 +434,7 @@ inet test-inet input [ payload load 1b @ transport header + 13 => reg 1 ] [ cmp eq reg 1 0x00000002 ] -# tcp flags & (syn|fin) == (syn|fin) +# tcp flags fin,syn / fin,syn inet test-inet input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] |