diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-05-13 01:34:01 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-05-16 01:01:32 +0200 |
commit | c3d57114f119b89ec0caa0b4dfa8527826a38792 (patch) | |
tree | e05672750206c02c70d0927cbd4b8ca6aae4b31c /include | |
parent | 3adb0316e2b5683acd0f93661a278f059a13cc5b (diff) |
parser_bison: add shortcut syntax for matching flags without binary operations
This patch adds the following shortcut syntax:
expression flags / flags
instead of:
expression and flags == flags
For example:
tcp flags syn,ack / syn,ack,fin,rst
^^^^^^^ ^^^^^^^^^^^^^^^
value mask
instead of:
tcp flags and (syn|ack|fin|rst) == syn|ack
The second list of comma-separated flags represents the mask which are
examined and the first list of comma-separated flags must be set.
You can also use the != operator with this syntax:
tcp flags != fin,rst / syn,ack,fin,rst
This shortcut is based on the prefix notation, but it is also similar to
the iptables tcp matching syntax.
This patch introduces the flagcmp expression to print the tcp flags in
this new notation. The delinearize path transforms the binary expression
to this new flagcmp expression whenever possible.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/expression.h | 11 | ||||
-rw-r--r-- | include/json.h | 2 |
2 files changed, 13 insertions, 0 deletions
diff --git a/include/expression.h b/include/expression.h index be703d75..742fcdd7 100644 --- a/include/expression.h +++ b/include/expression.h @@ -72,6 +72,7 @@ enum expr_types { EXPR_FIB, EXPR_XFRM, EXPR_SET_ELEM_CATCHALL, + EXPR_FLAGCMP, }; #define EXPR_MAX EXPR_XFRM @@ -370,6 +371,12 @@ struct expr { uint8_t ttl; uint32_t flags; } osf; + struct { + /* EXPR_FLAGCMP */ + struct expr *expr; + struct expr *mask; + struct expr *value; + } flagcmp; }; }; @@ -500,6 +507,10 @@ extern struct expr *set_elem_expr_alloc(const struct location *loc, struct expr *set_elem_catchall_expr_alloc(const struct location *loc); +struct expr *flagcmp_expr_alloc(const struct location *loc, enum ops op, + struct expr *expr, struct expr *mask, + struct expr *value); + extern void range_expr_value_low(mpz_t rop, const struct expr *expr); extern void range_expr_value_high(mpz_t rop, const struct expr *expr); diff --git a/include/json.h b/include/json.h index 41142208..dd594bd0 100644 --- a/include/json.h +++ b/include/json.h @@ -28,6 +28,7 @@ struct list_head; json_t *binop_expr_json(const struct expr *expr, struct output_ctx *octx); json_t *relational_expr_json(const struct expr *expr, struct output_ctx *octx); +json_t *flagcmp_expr_json(const struct expr *expr, struct output_ctx *octx); json_t *range_expr_json(const struct expr *expr, struct output_ctx *octx); json_t *meta_expr_json(const struct expr *expr, struct output_ctx *octx); json_t *payload_expr_json(const struct expr *expr, struct output_ctx *octx); @@ -127,6 +128,7 @@ static inline json_t *name##_json(arg1_t arg1, arg2_t arg2) { return NULL; } JSON_PRINT_STUB(name##_stmt, const struct stmt *, struct output_ctx *) EXPR_PRINT_STUB(binop_expr) +EXPR_PRINT_STUB(flagcmp_expr) EXPR_PRINT_STUB(relational_expr) EXPR_PRINT_STUB(range_expr) EXPR_PRINT_STUB(meta_expr) |