diff options
author | Phil Sutter <phil@nwl.cc> | 2017-03-10 18:13:51 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-03-10 19:01:21 +0100 |
commit | e02bd59c4009bedba89da88b199e715441975439 (patch) | |
tree | 89dd9f1959adf4065d23da80053e119fe1483500 /src/parser_bison.y | |
parent | 627be570eff8f05849614a257e6fa45c744f4dbd (diff) |
exthdr: Implement existence check
This allows to check for existence of an IPv6 extension or TCP
option header by using the following syntax:
| exthdr frag exists
| tcpopt window exists
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/parser_bison.y')
-rw-r--r-- | src/parser_bison.y | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index f2ae82f4..12a6e646 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -139,6 +139,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) const struct datatype *datatype; struct handle_spec handle_spec; struct position_spec position_spec; + const struct exthdr_desc *exthdr_desc; } %token TOKEN_EOF 0 "end of file" @@ -451,6 +452,8 @@ static void location_update(struct location *loc, struct location *rhs, int n) %token EXISTS "exists" %token MISSING "missing" +%token EXTHDR "exthdr" + %type <string> identifier type_identifier string comment_spec %destructor { xfree($$); } identifier type_identifier string comment_spec @@ -658,6 +661,10 @@ static void location_update(struct location *loc, struct location *rhs, int n) %destructor { expr_free($$); } boolean_expr %type <val> boolean_keys +%type <expr> exthdr_exists_expr +%destructor { expr_free($$); } exthdr_exists_expr +%type <val> exthdr_key + %% input : /* empty */ @@ -2291,6 +2298,7 @@ primary_expr : symbol_expr { $$ = $1; } | integer_expr { $$ = $1; } | payload_expr { $$ = $1; } | exthdr_expr { $$ = $1; } + | exthdr_exists_expr { $$ = $1; } | meta_expr { $$ = $1; } | rt_expr { $$ = $1; } | ct_expr { $$ = $1; } @@ -3254,6 +3262,11 @@ tcp_hdr_expr : TCP tcp_hdr_field { $$ = tcpopt_expr_alloc(&@$, $3, $4); } + | TCP OPTION tcp_hdr_option_type + { + $$ = tcpopt_expr_alloc(&@$, $3, TCPOPTHDR_FIELD_KIND); + $$->exthdr.flags = NFT_EXTHDR_F_PRESENT; + } ; tcp_hdr_field : SPORT { $$ = TCPHDR_SPORT; } @@ -3404,4 +3417,25 @@ mh_hdr_field : NEXTHDR { $$ = MHHDR_NEXTHDR; } | CHECKSUM { $$ = MHHDR_CHECKSUM; } ; +exthdr_exists_expr : EXTHDR exthdr_key + { + const struct exthdr_desc *desc; + + desc = exthdr_find_proto($2); + + /* Assume that NEXTHDR template is always + * the fist one in list of templates. + */ + $$ = exthdr_expr_alloc(&@$, desc, 1); + $$->exthdr.flags = NFT_EXTHDR_F_PRESENT; + } + ; + +exthdr_key : HBH { $$ = IPPROTO_HOPOPTS; } + | RT { $$ = IPPROTO_ROUTING; } + | FRAG { $$ = IPPROTO_FRAGMENT; } + | DST { $$ = IPPROTO_DSTOPTS; } + | MH { $$ = IPPROTO_MH; } + ; + %% |