fib: allow to check if route exists in maps

f686a17eafa0 ("fib: Support existence check") adds EXPR_F_BOOLEAN as a
workaround to infer from the rhs of the relational expression if the fib
lookup wants to check for a specific output interface or, instead,
simply check for existence. This, however, does not work with maps.

The NFT_FIB_F_PRESENT flag can be used both with NFT_FIB_RESULT_OIF and
NFT_FIB_RESULT_OFINAME, my understanding is that they serve the same
purpose which is to check if a route exists, so they are redundant.

Add a 'check' fib result to check for routes while still keeping the
inference workaround for backward compatibility, but prefer the new
syntax in the listing.

Update man nft(8) and tests/py.

Fixes: f686a17eafa0 ("fib: Support existence check")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 10 insertions, 2 deletions

diff --git a/src/parser_json.c b/src/parser_json.c
index 3195d529..ce944740 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -1157,6 +1157,7 @@ static struct expr *json_parse_fib_expr(struct json_ctx *ctx,
 		[NFT_FIB_RESULT_OIF] = "oif",
 		[NFT_FIB_RESULT_OIFNAME] = "oifname",
 		[NFT_FIB_RESULT_ADDRTYPE] = "type",
+		[__NFT_FIB_RESULT_MAX] = "check",	/* Actually, NFT_FIB_F_PRESENT. */
 	};
 	enum nft_fib_result resultval = NFT_FIB_RESULT_UNSPEC;
 	const char *result;
@@ -1172,12 +1173,19 @@ static struct expr *json_parse_fib_expr(struct json_ctx *ctx,
 			break;
 		}
 	}
-	if (resultval == NFT_FIB_RESULT_UNSPEC) {
+	switch (resultval) {
+	case NFT_FIB_RESULT_UNSPEC:
 		json_error(ctx, "Invalid fib result '%s'.", result);
 		return NULL;
+	case __NFT_FIB_RESULT_MAX:
+		resultval = NFT_FIB_RESULT_OIF;
+		flagval = NFTA_FIB_F_PRESENT;
+		break;
+	default:
+		break;
 	}
 
-	flagval = parse_flags_array(ctx, root, "flags", fib_flag_parse);
+	flagval |= parse_flags_array(ctx, root, "flags", fib_flag_parse);
 	if (flagval < 0)
 		return NULL;