diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-03-18 13:10:55 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-03-20 18:50:03 +0100 |
| commit | b11b6c68e61ea294eb4c313705ccfe3e7b0eda87 (patch) | |
| tree | d84b4a22c6648a2bf7d2774801db85bd56c3b345 /tests/py/inet/tcp.t.json.output | |
| parent | ea011231c06cbe828cf6056bc9c3d116e1f528d5 (diff) | |
netlink_delinearize: restore binop syntax when listing ruleset for flags
c3d57114f119 ("parser_bison: add shortcut syntax for matching flags
without binary operations") provides a similar syntax to iptables using
a prefix representation for flag matching.
Restore original representation using binop when listing the ruleset.
The parser still accepts the prefix notation for backward compatibility.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/inet/tcp.t.json.output')
| -rw-r--r-- | tests/py/inet/tcp.t.json.output | 279 |
1 files changed, 279 insertions, 0 deletions
diff --git a/tests/py/inet/tcp.t.json.output b/tests/py/inet/tcp.t.json.output index c471e8d8..e186e127 100644 --- a/tests/py/inet/tcp.t.json.output +++ b/tests/py/inet/tcp.t.json.output @@ -208,3 +208,282 @@ } } ] + +# tcp flags fin,syn / fin,syn +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + { + "|": [ + "fin", + "syn" + ] + } + ] + }, + "op": "==", + "right": { + "|": [ + "fin", + "syn" + ] + } + } + } +] + +# tcp flags != syn / fin,syn +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + { + "|": [ + "fin", + "syn" + ] + } + ] + }, + "op": "!=", + "right": "syn" + } + } +] + +# tcp flags & (fin | syn | rst | ack) syn +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + { + "|": [ + { + "|": [ + { + "|": [ + "fin", + "syn" + ] + }, + "rst" + ] + }, + "ack" + ] + } + ] + }, + "op": "==", + "right": "syn" + } + } +] + +# tcp flags & (fin | syn | rst | ack) == syn +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + { + "|": [ + { + "|": [ + { + "|": [ + "fin", + "syn" + ] + }, + "rst" + ] + }, + "ack" + ] + } + ] + }, + "op": "==", + "right": "syn" + } + } +] + +# tcp flags & (fin | syn | rst | ack) != syn +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + { + "|": [ + { + "|": [ + { + "|": [ + "fin", + "syn" + ] + }, + "rst" + ] + }, + "ack" + ] + } + ] + }, + "op": "!=", + "right": "syn" + } + } +] + +# tcp flags & (fin | syn | rst | ack) == syn | ack +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + { + "|": [ + { + "|": [ + { + "|": [ + "fin", + "syn" + ] + }, + "rst" + ] + }, + "ack" + ] + } + ] + }, + "op": "==", + "right": { + "|": [ + "syn", + "ack" + ] + } + } + } +] + +# tcp flags & (fin | syn | rst | ack) != syn | ack +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + { + "|": [ + { + "|": [ + { + "|": [ + "fin", + "syn" + ] + }, + "rst" + ] + }, + "ack" + ] + } + ] + }, + "op": "!=", + "right": { + "|": [ + "syn", + "ack" + ] + } + } + } +] + +# tcp flags & (syn | ack) == syn | ack +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + { + "|": [ + "syn", + "ack" + ] + } + ] + }, + "op": "==", + "right": { + "|": [ + "syn", + "ack" + ] + } + } + } +] + |