From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH nft 2/6] nft: swap key and direction in ct_dir syntax
Date: Fri, 8 Jan 2016 10:42:47 +0100 [thread overview]
Message-ID: <1452246171-13943-3-git-send-email-fw@strlen.de> (raw)
In-Reply-To: <1452246171-13943-1-git-send-email-fw@strlen.de>
old: ct saddr original 1.2.3.4
new: ct original saddr 1.2.3.4
The advantage is that this allows to add ct keys where direction is optional
without creating ambiguities in the parser.
So we can have
ct packets gt 42
ct original packets gt 42
Signed-off-by: Florian Westphal <fw@strlen.de>
---
src/ct.c | 13 ++++++-------
src/parser_bison.y | 6 +++---
tests/py/any/ct.t | 8 ++++++++
tests/py/ip/ct.t | 26 +++++++++++++-------------
tests/py/ip/ct.t.payload | 22 +++++++++++-----------
5 files changed, 41 insertions(+), 34 deletions(-)
diff --git a/src/ct.c b/src/ct.c
index 515e3eb..ff6cd61 100644
--- a/src/ct.c
+++ b/src/ct.c
@@ -209,19 +209,18 @@ static void ct_expr_print(const struct expr *expr)
{
const struct symbolic_constant *s;
- printf("ct %s", ct_templates[expr->ct.key].token);
-
+ printf("ct ");
if (expr->ct.direction < 0)
- return;
+ goto done;
for (s = ct_dir_tbl.symbols; s->identifier != NULL; s++) {
if (expr->ct.direction == (int) s->value) {
- printf(" %s", s->identifier);
- return;
+ printf("%s ", s->identifier);
+ break;
}
}
-
- printf(" %d", expr->ct.direction);
+ done:
+ printf("%s", ct_templates[expr->ct.key].token);
}
static bool ct_expr_cmp(const struct expr *e1, const struct expr *e2)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index fcd4813..0ba6f7c 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2268,18 +2268,18 @@ ct_expr : CT ct_key
{
$$ = ct_expr_alloc(&@$, $2, -1);
}
- | CT ct_key_dir STRING
+ | CT STRING ct_key_dir
{
struct error_record *erec;
int8_t direction;
- erec = ct_dir_parse(&@$, $3, &direction);
+ erec = ct_dir_parse(&@$, $2, &direction);
if (erec != NULL) {
erec_queue(erec, state->msgs);
YYERROR;
}
- $$ = ct_expr_alloc(&@$, $2, direction);
+ $$ = ct_expr_alloc(&@$, $3, direction);
}
;
diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t
index d402252..a0a2590 100644
--- a/tests/py/any/ct.t
+++ b/tests/py/any/ct.t
@@ -109,3 +109,11 @@ ct state . ct mark { new . 0x12345678};ok
ct state . ct mark { new . 0x12345678, new . 0x34127856, established . 0x12785634};ok
ct direction . ct mark { original . 0x12345678};ok
ct state . ct mark vmap { new . 0x12345678 : drop};ok
+
+# missing direction
+ct saddr 1.2.3.4;fail
+
+# direction, but must be used without
+ct original mark 42;fail
+# swapped key and direction
+ct mark original;fail
diff --git a/tests/py/ip/ct.t b/tests/py/ip/ct.t
index 28ad766..042f94e 100644
--- a/tests/py/ip/ct.t
+++ b/tests/py/ip/ct.t
@@ -2,22 +2,22 @@
:output;type filter hook output priority 0
-ct saddr original 192.168.0.1;ok
-ct saddr reply 192.168.0.1;ok
-ct daddr original 192.168.0.1;ok
-ct daddr reply 192.168.0.1;ok
+ct original saddr 192.168.0.1;ok
+ct reply saddr 192.168.0.1;ok
+ct original daddr 192.168.0.1;ok
+ct reply daddr 192.168.0.1;ok
# same, but with a netmask
-ct saddr original 192.168.1.0/24;ok
-ct saddr reply 192.168.1.0/24;ok
-ct daddr original 192.168.1.0/24;ok
-ct daddr reply 192.168.1.0/24;ok
+ct original saddr 192.168.1.0/24;ok
+ct reply saddr 192.168.1.0/24;ok
+ct original daddr 192.168.1.0/24;ok
+ct reply daddr 192.168.1.0/24;ok
-ct l3proto original ipv4;ok
-ct l3proto reply foobar;fail
+ct original l3proto ipv4;ok
+ct reply l3proto foobar;fail
-ct protocol original 6 ct proto-dst original 22;ok
-ct protocol original 17 ct proto-src reply 53;ok
+ct original protocol 6 ct original proto-dst 22;ok
+ct original protocol 17 ct reply proto-src 53;ok
# wrong address family
-ct daddr reply dead::beef;fail
+ct reply daddr dead::beef;fail
diff --git a/tests/py/ip/ct.t.payload b/tests/py/ip/ct.t.payload
index e06d988..0449b07 100644
--- a/tests/py/ip/ct.t.payload
+++ b/tests/py/ip/ct.t.payload
@@ -1,60 +1,60 @@
-# ct saddr original 192.168.0.1
+# ct original saddr 192.168.0.1
ip test-ip4 output
[ ct load src => reg 1 , dir original ]
[ cmp eq reg 1 0x0100a8c0 ]
-# ct saddr reply 192.168.0.1
+# ct reply saddr 192.168.0.1
ip test-ip4 output
[ ct load src => reg 1 , dir reply ]
[ cmp eq reg 1 0x0100a8c0 ]
-# ct daddr original 192.168.0.1
+# ct original daddr 192.168.0.1
ip test-ip4 output
[ ct load dst => reg 1 , dir original ]
[ cmp eq reg 1 0x0100a8c0 ]
-# ct daddr reply 192.168.0.1
+# ct reply daddr 192.168.0.1
ip test-ip4 output
[ ct load dst => reg 1 , dir reply ]
[ cmp eq reg 1 0x0100a8c0 ]
-# ct saddr original 192.168.1.0/24
+# ct original saddr 192.168.1.0/24
ip test-ip4 output
[ ct load src => reg 1 , dir original ]
[ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ]
[ cmp eq reg 1 0x0001a8c0 ]
-# ct saddr reply 192.168.1.0/24
+# ct reply saddr 192.168.1.0/24
ip test-ip4 output
[ ct load src => reg 1 , dir reply ]
[ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ]
[ cmp eq reg 1 0x0001a8c0 ]
-# ct daddr original 192.168.1.0/24
+# ct original daddr 192.168.1.0/24
ip test-ip4 output
[ ct load dst => reg 1 , dir original ]
[ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ]
[ cmp eq reg 1 0x0001a8c0 ]
-# ct daddr reply 192.168.1.0/24
+# ct reply daddr 192.168.1.0/24
ip test-ip4 output
[ ct load dst => reg 1 , dir reply ]
[ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ]
[ cmp eq reg 1 0x0001a8c0 ]
-# ct l3proto original ipv4
+# ct original l3proto ipv4
ip test-ip4 output
[ ct load l3protocol => reg 1 , dir original ]
[ cmp eq reg 1 0x00000002 ]
-# ct protocol original 6 ct proto-dst original 22
+# ct original protocol 6 ct original proto-dst 22
ip test-ip4 output
[ ct load protocol => reg 1 , dir original ]
[ cmp eq reg 1 0x00000006 ]
[ ct load proto_dst => reg 1 , dir original ]
[ cmp eq reg 1 0x00001600 ]
-# ct protocol original 17 ct proto-src reply 53
+# ct original protocol 17 ct reply proto-src 53
ip test-ip4 output
[ ct load protocol => reg 1 , dir original ]
[ cmp eq reg 1 0x00000011 ]
--
2.4.10
next prev parent reply other threads:[~2016-01-08 9:50 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-08 9:42 [PATCH nft 0/6] add support for conntrack counters Florian Westphal
2016-01-08 9:42 ` [PATCH libnftnl 1/6] src: ct: add packet and byte counter support Florian Westphal
2016-01-08 9:42 ` Florian Westphal [this message]
2016-01-08 9:42 ` [PATCH nft 3/6] ct: add packet/byte " Florian Westphal
2016-01-08 9:42 ` [PATCH nft 4/6] netlink_linearize: use u64 conversion for 64bit quantities Florian Westphal
2016-01-08 9:42 ` [PATCH nft 5/6] ct regression tests for bytes, packets Florian Westphal
2016-01-08 9:42 ` [PATCH nft 6/6] tests: ct: remove BUG cases that work with current master Florian Westphal
2016-01-13 12:50 ` [PATCH nft 0/6] add support for conntrack counters Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1452246171-13943-3-git-send-email-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).