[PATCH] nft: Add support for inverted bitwise value list

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Laura Garcia Liebana <nevola@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH] nft: Add support for inverted bitwise value list
Date: Wed, 22 Jun 2016 17:49:48 +0200	[thread overview]
Message-ID: <20160622154945.GA12610@sonyv> (raw)

Add support for inverted state and status bitwise value list required in the
ct match.

Before this patch, nft didn't support the rule:

$ nft add rule ip filter INPUT ct state != new,related counter accept
<cmdline>:1:41-41: Error: syntax error, unexpected comma, expecting end of file or newline or semicolon
add rule ip filter INPUT ct state != new,related counter accept
                                        ^

This patch includes in the parser the ability to understand a list of
bitwise values.

nft --debug=netlink add rule ip filter INPUT ct state != new,related,established,untracked counter accept
ip filter INPUT
  [ ct load state => reg 1 ]
  [ cmp neq reg 1 0x0000004e ]
  [ counter pkts 0 bytes 0 ]
  [ immediate reg 0 accept ]

In addition, this patch prints the correct rule syntax.

table ip filter {
	chain INPUT {
		ct state != established,related,new,untracked counter packets 0 bytes 0 accept
	}
}

And some tests included:

ct state != new,related;ok
ct status != expected,seen-reply;ok

Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
---
 src/expression.c   | 12 +++++++++++-
 src/parser_bison.y |  1 +
 tests/py/any/ct.t  |  2 ++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/expression.c b/src/expression.c
index a10af5d..2ba4d83 100644
--- a/src/expression.c
+++ b/src/expression.c
@@ -524,13 +524,23 @@ static bool must_print_eq_op(const struct expr *expr)
 	return expr->left->ops->type == EXPR_BINOP;
 }
 
+static void binop_expr_print_symbol(const struct expr *expr)
+{
+	if (expr->op == OP_OR &&
+	    (expr->right->dtype->type == TYPE_CT_STATE ||
+	    expr->right->dtype->type == TYPE_CT_STATUS))
+		printf(",");
+	else
+		printf(" %s ", expr_op_symbols[expr->op]);
+}
+
 static void binop_expr_print(const struct expr *expr)
 {
 	binop_arg_print(expr, expr->left);
 
 	if (expr_op_symbols[expr->op] &&
 	    (expr->op != OP_EQ || must_print_eq_op(expr)))
-		printf(" %s ", expr_op_symbols[expr->op]);
+		binop_expr_print_symbol(expr);
 	else
 		printf(" ");
 
diff --git a/src/parser_bison.y b/src/parser_bison.y
index d7cba23..02d23b9 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2097,6 +2097,7 @@ list_rhs_expr		:	basic_rhs_expr		COMMA		basic_rhs_expr
 rhs_expr		:	concat_rhs_expr		{ $$ = $1; }
 			|	multiton_rhs_expr	{ $$ = $1; }
 			|	set_expr		{ $$ = $1; }
+			|       list_rhs_expr           { $$ = $1; }
 			;
 
 shift_rhs_expr		:	primary_rhs_expr
diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t
index 4d13213..4d0273f 100644
--- a/tests/py/any/ct.t
+++ b/tests/py/any/ct.t
@@ -6,6 +6,7 @@
 
 ct state new,established, related, untracked;ok;ct state established,related,new,untracked
 ct state != related;ok
+ct state != new,related;ok
 ct state {new,established, related, untracked};ok
 - ct state != {new,established, related, untracked};ok
 ct state invalid drop;ok
@@ -25,6 +26,7 @@ ct status expected;ok
 ct status != expected;ok
 ct status seen-reply;ok
 ct status != seen-reply;ok
+ct status != expected,seen-reply;ok
 ct status {expected, seen-reply, assured, confirmed, dying};ok
 ct status expected,seen-reply,assured,confirmed,snat,dnat,dying;ok
 ct status snat;ok
-- 
2.7.0

next             reply	other threads:[~2016-06-22 15:51 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-22 15:49 Laura Garcia Liebana [this message]
2016-06-22 16:14 ` [PATCH] nft: Add support for inverted bitwise value list Florian Westphal
2016-06-22 16:56   ` Jan Engelhardt
2016-06-22 17:13     ` Florian Westphal
2016-06-22 18:20 ` Pablo Neira Ayuso

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a10af5d dfblob:2ba4d83 dfblob:d7cba23 dfblob:02d23b9
dfblob:4d13213 dfblob:4d0273f )
 OR (
bs:"[PATCH] nft: Add support for inverted bitwise value list" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160622154945.GA12610@sonyv \
    --to=nevola@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.