From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH nft 1/8] tcpopt: remove KIND keyword
Date: Fri, 19 Nov 2021 16:28:40 +0100 [thread overview]
Message-ID: <20211119152847.18118-2-fw@strlen.de> (raw)
In-Reply-To: <20211119152847.18118-1-fw@strlen.de>
tcp option <foo> kind ... never makes any sense, as "tcp option <foo>"
already tells the kernel to look for the foo <kind>.
"tcp option sack kind 5" matches if the sack option is present; its a
more complicated form of the simpler "tcp option sack exists".
"tcp option sack kind 1" (or any other value than 5) will never match.
So remove this.
Test cases are converted to "exists".
Signed-off-by: Florian Westphal <fw@strlen.de>
---
doc/payload-expression.txt | 29 +++++++++-------
src/parser_bison.y | 4 +--
src/scanner.l | 1 -
tests/py/any/tcpopt.t | 13 ++++----
tests/py/any/tcpopt.t.json | 63 +++++++++++------------------------
tests/py/any/tcpopt.t.payload | 29 +++++++---------
6 files changed, 56 insertions(+), 83 deletions(-)
diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt
index 930a18074a6c..106ff74ce57e 100644
--- a/doc/payload-expression.txt
+++ b/doc/payload-expression.txt
@@ -614,37 +614,37 @@ Segment Routing Header
|Keyword| Description | TCP option fields
|eol|
End if option list|
-kind
+-
|nop|
1 Byte TCP Nop padding option |
-kind
+-
|maxseg|
TCP Maximum Segment Size|
-kind, length, size
+length, size
|window|
TCP Window Scaling |
-kind, length, count
+length, count
|sack-perm |
TCP SACK permitted |
-kind, length
+length
|sack|
TCP Selective Acknowledgement (alias of block 0) |
-kind, length, left, right
+length, left, right
|sack0|
TCP Selective Acknowledgement (block 0) |
-kind, length, left, right
+length, left, right
|sack1|
TCP Selective Acknowledgement (block 1) |
-kind, length, left, right
+length, left, right
|sack2|
TCP Selective Acknowledgement (block 2) |
-kind, length, left, right
+length, left, right
|sack3|
TCP Selective Acknowledgement (block 3) |
-kind, length, left, right
+length, left, right
|timestamp|
TCP Timestamps |
-kind, length, tsval, tsecr
+length, tsval, tsecr
|============================
TCP option matching also supports raw expression syntax to access arbitrary options:
@@ -673,7 +673,12 @@ type, length, ptr, addr
.finding TCP options
--------------------
-filter input tcp option sack-perm kind 1 counter
+filter input tcp option sack-perm exists counter
+--------------------
+
+.matching TCP options
+--------------------
+filter input tcp option maxseg size lt 536
--------------------
.matching IPv6 exthdr
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 81d75ecb2fe8..bc5ec2e667b8 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -412,7 +412,6 @@ int nft_lex(void *, void *, void *);
%token SACK3 "sack3"
%token SACK_PERM "sack-permitted"
%token TIMESTAMP "timestamp"
-%token KIND "kind"
%token COUNT "count"
%token LEFT "left"
%token RIGHT "right"
@@ -5526,8 +5525,7 @@ tcp_hdr_option_type : EOL { $$ = TCPOPT_KIND_EOL; }
}
;
-tcp_hdr_option_field : KIND { $$ = TCPOPT_COMMON_KIND; }
- | LENGTH { $$ = TCPOPT_COMMON_LENGTH; }
+tcp_hdr_option_field : LENGTH { $$ = TCPOPT_COMMON_LENGTH; }
| SIZE { $$ = TCPOPT_MAXSEG_SIZE; }
| COUNT { $$ = TCPOPT_WINDOW_COUNT; }
| LEFT { $$ = TCPOPT_SACK_LEFT; }
diff --git a/src/scanner.l b/src/scanner.l
index 6cc7778dd85e..455ef99fea8f 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -481,7 +481,6 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"timestamp" { return TIMESTAMP; }
"time" { return TIME; }
-"kind" { return KIND; }
"count" { return COUNT; }
"left" { return LEFT; }
"right" { return RIGHT; }
diff --git a/tests/py/any/tcpopt.t b/tests/py/any/tcpopt.t
index bcc64eac2e21..d3586eae8399 100644
--- a/tests/py/any/tcpopt.t
+++ b/tests/py/any/tcpopt.t
@@ -4,17 +4,16 @@
*ip6;test-ip6;input
*inet;test-inet;input
-tcp option eol kind 1;ok
-tcp option nop kind 1;ok
-tcp option maxseg kind 1;ok
+tcp option eol exists;ok
+tcp option nop exists;ok
+tcp option maxseg exists;ok
tcp option maxseg length 1;ok
tcp option maxseg size 1;ok
-tcp option window kind 1;ok
tcp option window length 1;ok
tcp option window count 1;ok
-tcp option sack-perm kind 1;ok
+tcp option sack-perm exists;ok
tcp option sack-perm length 1;ok
-tcp option sack kind 1;ok
+tcp option sack exists;ok
tcp option sack length 1;ok
tcp option sack left 1;ok
tcp option sack0 left 1;ok;tcp option sack left 1
@@ -26,7 +25,7 @@ tcp option sack0 right 1;ok;tcp option sack right 1
tcp option sack1 right 1;ok
tcp option sack2 right 1;ok
tcp option sack3 right 1;ok
-tcp option timestamp kind 1;ok
+tcp option timestamp exists;ok
tcp option timestamp length 1;ok
tcp option timestamp tsval 1;ok
tcp option timestamp tsecr 1;ok
diff --git a/tests/py/any/tcpopt.t.json b/tests/py/any/tcpopt.t.json
index a45b4c8b5c58..5468accb16b4 100644
--- a/tests/py/any/tcpopt.t.json
+++ b/tests/py/any/tcpopt.t.json
@@ -1,47 +1,44 @@
-# tcp option eol kind 1
+# tcp option eol exists
[
{
"match": {
"left": {
"tcp option": {
- "field": "kind",
"name": "eol"
}
},
"op": "==",
- "right": 1
+ "right": true
}
}
]
-# tcp option nop kind 1
+# tcp option nop exists
[
{
"match": {
"left": {
"tcp option": {
- "field": "kind",
"name": "nop"
}
},
"op": "==",
- "right": 1
+ "right": true
}
}
]
-# tcp option maxseg kind 1
+# tcp option maxseg exists
[
{
"match": {
"left": {
"tcp option": {
- "field": "kind",
"name": "maxseg"
}
},
"op": "==",
- "right": 1
+ "right": true
}
}
]
@@ -78,22 +75,6 @@
}
]
-# tcp option window kind 1
-[
- {
- "match": {
- "left": {
- "tcp option": {
- "field": "kind",
- "name": "window"
- }
- },
- "op": "==",
- "right": 1
- }
- }
-]
-
# tcp option window length 1
[
{
@@ -126,18 +107,17 @@
}
]
-# tcp option sack-perm kind 1
+# tcp option sack-perm exists
[
{
"match": {
"left": {
"tcp option": {
- "field": "kind",
"name": "sack-perm"
}
},
"op": "==",
- "right": 1
+ "right": true
}
}
]
@@ -158,18 +138,17 @@
}
]
-# tcp option sack kind 1
+# tcp option sack exists
[
{
"match": {
"left": {
"tcp option": {
- "field": "kind",
"name": "sack"
}
},
"op": "==",
- "right": 1
+ "right": true
}
}
]
@@ -213,7 +192,7 @@
"left": {
"tcp option": {
"field": "left",
- "name": "sack0"
+ "name": "sack"
}
},
"op": "==",
@@ -293,7 +272,7 @@
"left": {
"tcp option": {
"field": "right",
- "name": "sack0"
+ "name": "sack"
}
},
"op": "==",
@@ -350,18 +329,17 @@
}
]
-# tcp option timestamp kind 1
+# tcp option timestamp exists
[
{
"match": {
"left": {
"tcp option": {
- "field": "kind",
"name": "timestamp"
}
},
"op": "==",
- "right": 1
+ "right": true
}
}
]
@@ -414,36 +392,36 @@
}
]
-# tcp option 6 exists
+# tcp option 255 missing
[
{
"match": {
"left": {
"tcp option": {
- "base": 6,
+ "base": 255,
"len": 8,
"offset": 0
}
},
"op": "==",
- "right": true
+ "right": false
}
}
]
-# tcp option 255 missing
+# tcp option 6 exists
[
{
"match": {
"left": {
"tcp option": {
- "base": 255,
+ "base": 6,
"len": 8,
"offset": 0
}
},
"op": "==",
- "right": false
+ "right": true
}
}
]
@@ -509,4 +487,3 @@
}
}
]
-
diff --git a/tests/py/any/tcpopt.t.payload b/tests/py/any/tcpopt.t.payload
index 51f3a7527668..d88bcd433a10 100644
--- a/tests/py/any/tcpopt.t.payload
+++ b/tests/py/any/tcpopt.t.payload
@@ -1,16 +1,16 @@
-# tcp option eol kind 1
+# tcp option eol exists
inet
- [ exthdr load tcpopt 1b @ 0 + 0 => reg 1 ]
+ [ exthdr load tcpopt 1b @ 0 + 0 present => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
-# tcp option nop kind 1
+# tcp option nop exists
inet
- [ exthdr load tcpopt 1b @ 1 + 0 => reg 1 ]
+ [ exthdr load tcpopt 1b @ 1 + 0 present => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
-# tcp option maxseg kind 1
+# tcp option maxseg exists
inet
- [ exthdr load tcpopt 1b @ 2 + 0 => reg 1 ]
+ [ exthdr load tcpopt 1b @ 2 + 0 present => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option maxseg length 1
@@ -23,11 +23,6 @@ inet
[ exthdr load tcpopt 2b @ 2 + 2 => reg 1 ]
[ cmp eq reg 1 0x00000100 ]
-# tcp option window kind 1
-inet
- [ exthdr load tcpopt 1b @ 3 + 0 => reg 1 ]
- [ cmp eq reg 1 0x00000001 ]
-
# tcp option window length 1
inet
[ exthdr load tcpopt 1b @ 3 + 1 => reg 1 ]
@@ -38,9 +33,9 @@ inet
[ exthdr load tcpopt 1b @ 3 + 2 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
-# tcp option sack-perm kind 1
+# tcp option sack-perm exists
inet
- [ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ]
+ [ exthdr load tcpopt 1b @ 4 + 0 present => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option sack-perm length 1
@@ -48,9 +43,9 @@ inet
[ exthdr load tcpopt 1b @ 4 + 1 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
-# tcp option sack kind 1
+# tcp option sack exists
inet
- [ exthdr load tcpopt 1b @ 5 + 0 => reg 1 ]
+ [ exthdr load tcpopt 1b @ 5 + 0 present => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option sack length 1
@@ -108,9 +103,9 @@ inet
[ exthdr load tcpopt 4b @ 5 + 30 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
-# tcp option timestamp kind 1
+# tcp option timestamp exists
inet
- [ exthdr load tcpopt 1b @ 8 + 0 => reg 1 ]
+ [ exthdr load tcpopt 1b @ 8 + 0 present => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option timestamp length 1
--
2.32.0
next prev parent reply other threads:[~2021-11-19 15:29 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-19 15:28 [PATCH nft 0/8] mptcp subtype option match support Florian Westphal
2021-11-19 15:28 ` Florian Westphal [this message]
2021-11-19 15:28 ` [PATCH nft 2/8] scanner: add tcp flex scope Florian Westphal
2021-11-19 15:28 ` [PATCH nft 3/8] parser: split tcp option rules Florian Westphal
2021-11-19 15:28 ` [PATCH nft 4/8] tcpopt: add md5sig, fastopen and mptcp options Florian Westphal
2021-11-19 15:28 ` [PATCH nft 5/8] tests: py: add test cases for md5sig, fastopen and mptcp mnemonics Florian Westphal
2021-11-19 15:28 ` [PATCH nft 6/8] mptcp: add subtype matching Florian Westphal
2021-11-19 15:28 ` [PATCH nft 7/8] exthdr: fix tcpopt_find_template to use length after mask adjustment Florian Westphal
2021-11-19 15:28 ` [PATCH nft 8/8] tests: py: add tcp subtype match test cases Florian Westphal
2021-11-23 13:16 ` [PATCH nft 0/8] mptcp subtype option match support Pablo Neira Ayuso
2021-11-23 13:37 ` Florian Westphal
2021-11-30 21:45 ` Pablo Neira Ayuso
2021-12-01 11:30 ` Florian Westphal
2021-12-02 21:42 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211119152847.18118-2-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.