From 757b3ab08b8b22f230fb8e481bec78ecbfbb335a Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Thu, 7 Jan 2016 13:23:33 +0100
Subject: nft: swap key and direction in ct_dir syntax

old: ct saddr original 1.2.3.4
new: ct original saddr 1.2.3.4

The advantage is that this allows to add ct keys where direction is optional
without creating ambiguities in the parser.

So we can have
ct packets gt 42
ct original packets gt 42

Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/ct.c                 | 13 ++++++-------
 src/parser_bison.y       |  6 +++---
 tests/py/any/ct.t        |  8 ++++++++
 tests/py/ip/ct.t         | 26 +++++++++++++-------------
 tests/py/ip/ct.t.payload | 22 +++++++++++-----------
 5 files changed, 41 insertions(+), 34 deletions(-)

diff --git a/src/ct.c b/src/ct.c
index 515e3ebf..ff6cd61b 100644
--- a/src/ct.c
+++ b/src/ct.c
@@ -209,19 +209,18 @@ static void ct_expr_print(const struct expr *expr)
 {
 	const struct symbolic_constant *s;
 
-	printf("ct %s", ct_templates[expr->ct.key].token);
-
+	printf("ct ");
 	if (expr->ct.direction < 0)
-		return;
+		goto done;
 
 	for (s = ct_dir_tbl.symbols; s->identifier != NULL; s++) {
 		if (expr->ct.direction == (int) s->value) {
-			printf(" %s", s->identifier);
-			return;
+			printf("%s ", s->identifier);
+			break;
 		}
 	}
-
-	printf(" %d", expr->ct.direction);
+ done:
+	printf("%s", ct_templates[expr->ct.key].token);
 }
 
 static bool ct_expr_cmp(const struct expr *e1, const struct expr *e2)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index fcf84b9a..ca9b757a 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2252,18 +2252,18 @@ ct_expr			: 	CT	ct_key
 			{
 				$$ = ct_expr_alloc(&@$, $2, -1);
 			}
-			|	CT	ct_key_dir 	STRING
+			|	CT	STRING	ct_key_dir
 			{
 				struct error_record *erec;
 				int8_t direction;
 
-				erec = ct_dir_parse(&@$, $3, &direction);
+				erec = ct_dir_parse(&@$, $2, &direction);
 				if (erec != NULL) {
 					erec_queue(erec, state->msgs);
 					YYERROR;
 				}
 
-				$$ = ct_expr_alloc(&@$, $2, direction);
+				$$ = ct_expr_alloc(&@$, $3, direction);
 			}
 			;
 
diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t
index 9434dc63..fd27a1da 100644
--- a/tests/py/any/ct.t
+++ b/tests/py/any/ct.t
@@ -109,3 +109,11 @@ ct state . ct mark { new . 0x12345678};ok
 ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634};ok
 ct direction . ct mark { original . 0x12345678};ok
 ct state . ct mark vmap { new . 0x12345678 : drop};ok
+
+# missing direction
+ct saddr 1.2.3.4;fail
+
+# direction, but must be used without
+ct original mark 42;fail
+# swapped key and direction
+ct mark original;fail
diff --git a/tests/py/ip/ct.t b/tests/py/ip/ct.t
index 8ec340d3..65f5d921 100644
--- a/tests/py/ip/ct.t
+++ b/tests/py/ip/ct.t
@@ -2,22 +2,22 @@
 
 *ip;test-ip4;output
 
-ct saddr original 192.168.0.1;ok
-ct saddr reply 192.168.0.1;ok
-ct daddr original 192.168.0.1;ok
-ct daddr reply 192.168.0.1;ok
+ct original saddr 192.168.0.1;ok
+ct reply saddr 192.168.0.1;ok
+ct original daddr 192.168.0.1;ok
+ct reply daddr 192.168.0.1;ok
 
 # same, but with a netmask
-ct saddr original 192.168.1.0/24;ok
-ct saddr reply 192.168.1.0/24;ok
-ct daddr original 192.168.1.0/24;ok
-ct daddr reply 192.168.1.0/24;ok
+ct original saddr 192.168.1.0/24;ok
+ct reply saddr 192.168.1.0/24;ok
+ct original daddr 192.168.1.0/24;ok
+ct reply daddr 192.168.1.0/24;ok
 
-ct l3proto original ipv4;ok
-ct l3proto reply foobar;fail
+ct original l3proto ipv4;ok
+ct reply l3proto foobar;fail
 
-ct protocol original 6 ct proto-dst original 22;ok
-ct protocol original 17 ct proto-src reply 53;ok
+ct original protocol 6 ct original proto-dst 22;ok
+ct original protocol 17 ct reply proto-src 53;ok
 
 # wrong address family
-ct daddr reply dead::beef;fail
+ct reply daddr dead::beef;fail
diff --git a/tests/py/ip/ct.t.payload b/tests/py/ip/ct.t.payload
index e06d988c..0449b077 100644
--- a/tests/py/ip/ct.t.payload
+++ b/tests/py/ip/ct.t.payload
@@ -1,60 +1,60 @@
-# ct saddr original 192.168.0.1
+# ct original saddr 192.168.0.1
 ip test-ip4 output
   [ ct load src => reg 1 , dir original ]
   [ cmp eq reg 1 0x0100a8c0 ]
 
-# ct saddr reply 192.168.0.1
+# ct reply saddr 192.168.0.1
 ip test-ip4 output
   [ ct load src => reg 1 , dir reply ]
   [ cmp eq reg 1 0x0100a8c0 ]
 
-# ct daddr original 192.168.0.1
+# ct original daddr 192.168.0.1
 ip test-ip4 output
   [ ct load dst => reg 1 , dir original ]
   [ cmp eq reg 1 0x0100a8c0 ]
 
-# ct daddr reply 192.168.0.1
+# ct reply daddr 192.168.0.1
 ip test-ip4 output
   [ ct load dst => reg 1 , dir reply ]
   [ cmp eq reg 1 0x0100a8c0 ]
 
-# ct saddr original 192.168.1.0/24
+# ct original saddr 192.168.1.0/24
 ip test-ip4 output
   [ ct load src => reg 1 , dir original ]
   [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ]
   [ cmp eq reg 1 0x0001a8c0 ]
 
-# ct saddr reply 192.168.1.0/24
+# ct reply saddr 192.168.1.0/24
 ip test-ip4 output
   [ ct load src => reg 1 , dir reply ]
   [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ]
   [ cmp eq reg 1 0x0001a8c0 ]
 
-# ct daddr original 192.168.1.0/24
+# ct original daddr 192.168.1.0/24
 ip test-ip4 output
   [ ct load dst => reg 1 , dir original ]
   [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ]
   [ cmp eq reg 1 0x0001a8c0 ]
 
-# ct daddr reply 192.168.1.0/24
+# ct reply daddr 192.168.1.0/24
 ip test-ip4 output
   [ ct load dst => reg 1 , dir reply ]
   [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ]
   [ cmp eq reg 1 0x0001a8c0 ]
 
-# ct l3proto original ipv4
+# ct original l3proto ipv4
 ip test-ip4 output
   [ ct load l3protocol => reg 1 , dir original ]
   [ cmp eq reg 1 0x00000002 ]
 
-# ct protocol original 6 ct proto-dst original 22
+# ct original protocol 6 ct original proto-dst 22
 ip test-ip4 output
   [ ct load protocol => reg 1 , dir original ]
   [ cmp eq reg 1 0x00000006 ]
   [ ct load proto_dst => reg 1 , dir original ]
   [ cmp eq reg 1 0x00001600 ]
 
-# ct protocol original 17 ct proto-src reply 53
+# ct original protocol 17 ct reply proto-src 53
 ip test-ip4 output
   [ ct load protocol => reg 1 , dir original ]
   [ cmp eq reg 1 0x00000011 ]
-- 
cgit v1.2.3