From c3d57114f119b89ec0caa0b4dfa8527826a38792 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Thu, 13 May 2021 01:34:01 +0200 Subject: parser_bison: add shortcut syntax for matching flags without binary operations This patch adds the following shortcut syntax: expression flags / flags instead of: expression and flags == flags For example: tcp flags syn,ack / syn,ack,fin,rst ^^^^^^^ ^^^^^^^^^^^^^^^ value mask instead of: tcp flags and (syn|ack|fin|rst) == syn|ack The second list of comma-separated flags represents the mask which are examined and the first list of comma-separated flags must be set. You can also use the != operator with this syntax: tcp flags != fin,rst / syn,ack,fin,rst This shortcut is based on the prefix notation, but it is also similar to the iptables tcp matching syntax. This patch introduces the flagcmp expression to print the tcp flags in this new notation. The delinearize path transforms the binary expression to this new flagcmp expression whenever possible. Signed-off-by: Pablo Neira Ayuso --- include/json.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include/json.h') diff --git a/include/json.h b/include/json.h index 41142208..dd594bd0 100644 --- a/include/json.h +++ b/include/json.h @@ -28,6 +28,7 @@ struct list_head; json_t *binop_expr_json(const struct expr *expr, struct output_ctx *octx); json_t *relational_expr_json(const struct expr *expr, struct output_ctx *octx); +json_t *flagcmp_expr_json(const struct expr *expr, struct output_ctx *octx); json_t *range_expr_json(const struct expr *expr, struct output_ctx *octx); json_t *meta_expr_json(const struct expr *expr, struct output_ctx *octx); json_t *payload_expr_json(const struct expr *expr, struct output_ctx *octx); @@ -127,6 +128,7 @@ static inline json_t *name##_json(arg1_t arg1, arg2_t arg2) { return NULL; } JSON_PRINT_STUB(name##_stmt, const struct stmt *, struct output_ctx *) EXPR_PRINT_STUB(binop_expr) +EXPR_PRINT_STUB(flagcmp_expr) EXPR_PRINT_STUB(relational_expr) EXPR_PRINT_STUB(range_expr) EXPR_PRINT_STUB(meta_expr) -- cgit v1.2.3