* [PATCH 1/2 nft] parser: remove 'reset' as reserve keyword
@ 2016-03-07 12:37 Pablo Neira Ayuso
2016-03-07 12:37 ` [PATCH 2/2 nft] tests/py: enable tests for dccp types Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Pablo Neira Ayuso @ 2016-03-07 12:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: shivanib134
The 'reset' keyword can be used as dccp type, so don't qualify it as
reserve keyword to avoid a conflict with this.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1055
Reported-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/parser_bison.y | 11 ++++++++---
src/scanner.l | 1 -
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index d41fc0a..3f22639 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -380,7 +380,6 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%token WEEK "week"
%token _REJECT "reject"
-%token RESET "reset"
%token WITH "with"
%token ICMPX "icmpx"
@@ -1573,9 +1572,15 @@ reject_opts : /* empty */
$4);
$<stmt>0->reject.expr->dtype = &icmpx_code_type;
}
- | WITH TCP RESET
+ | WITH TCP STRING
{
- $<stmt>0->reject.type = NFT_REJECT_TCP_RST;
+ if (strcmp($3, "reset") == 0) {
+ $<stmt>0->reject.type = NFT_REJECT_TCP_RST;
+ } else {
+ erec_queue(error(&@2, "unsupported reject type", $3),
+ state->msgs);
+ YYERROR;
+ }
}
;
diff --git a/src/scanner.l b/src/scanner.l
index a0dee47..60b61a5 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -326,7 +326,6 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"reject" { return _REJECT; }
"with" { return WITH; }
-"reset" { return RESET; }
"icmpx" { return ICMPX; }
"snat" { return SNAT; }
--
2.1.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH 2/2 nft] tests/py: enable tests for dccp types
2016-03-07 12:37 [PATCH 1/2 nft] parser: remove 'reset' as reserve keyword Pablo Neira Ayuso
@ 2016-03-07 12:37 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2016-03-07 12:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: shivanib134
This patch make sure we test dccp type.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
tests/py/inet/dccp.t | 7 +++----
tests/py/inet/dccp.t.payload.inet | 27 +++++++++++++++++++++++++++
tests/py/inet/dccp.t.payload.ip | 27 +++++++++++++++++++++++++++
tests/py/inet/dccp.t.payload.ip6 | 27 +++++++++++++++++++++++++++
tests/py/inet/dccp.t.payload.netdev | 27 +++++++++++++++++++++++++++
5 files changed, 111 insertions(+), 4 deletions(-)
diff --git a/tests/py/inet/dccp.t b/tests/py/inet/dccp.t
index 4eef58f..f5f8b67 100644
--- a/tests/py/inet/dccp.t
+++ b/tests/py/inet/dccp.t
@@ -29,8 +29,7 @@ dccp dport {23, 24, 25};ok
dccp dport { 20-50};ok
# dccp dport != {27-34};ok
-# BUG dccp type
-# dccp type {request, response, data, ack, dataack, closereq, close, reset, sync, syncack};ok
+dccp type {request, response, data, ack, dataack, closereq, close, reset, sync, syncack};ok
# dccp type != {request, response, data, ack, dataack, closereq, close, reset, sync, syncack};ok
-# dccp type request;ok
-# dccp type != request;ok
+dccp type request;ok
+dccp type != request;ok
diff --git a/tests/py/inet/dccp.t.payload.inet b/tests/py/inet/dccp.t.payload.inet
index ecd8863..11f5aaf 100644
--- a/tests/py/inet/dccp.t.payload.inet
+++ b/tests/py/inet/dccp.t.payload.inet
@@ -80,3 +80,30 @@ inet test-inet input
[ payload load 2b @ transport header + 2 => reg 1 ]
[ lookup reg 1 set set%d ]
+# dccp type {request, response, data, ack, dataack, closereq, close, reset, sync, syncack}
+set%d test-inet 3
+set%d test-inet 0
+ element 00000000 : 0 [end] element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] element 00000008 : 0 [end] element 00000009 : 0 [end]
+inet test-inet input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000021 ]
+ [ payload load 1b @ transport header + 8 => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0x0000001e ) ^ 0x00000000 ]
+ [ lookup reg 1 set set%d ]
+
+# dccp type request
+inet test-inet input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000021 ]
+ [ payload load 1b @ transport header + 8 => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0x0000001e ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000000 ]
+
+# dccp type != request
+inet test-inet input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000021 ]
+ [ payload load 1b @ transport header + 8 => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0x0000001e ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00000000 ]
+
diff --git a/tests/py/inet/dccp.t.payload.ip b/tests/py/inet/dccp.t.payload.ip
index 9e1cc2e..fbf441a 100644
--- a/tests/py/inet/dccp.t.payload.ip
+++ b/tests/py/inet/dccp.t.payload.ip
@@ -80,3 +80,30 @@ ip test-ip4 input
[ payload load 2b @ transport header + 2 => reg 1 ]
[ lookup reg 1 set set%d ]
+# dccp type {request, response, data, ack, dataack, closereq, close, reset, sync, syncack}
+set%d test-ip4 3
+set%d test-ip4 0
+ element 00000000 : 0 [end] element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] element 00000008 : 0 [end] element 00000009 : 0 [end]
+ip test-ip4 input
+ [ payload load 1b @ network header + 9 => reg 1 ]
+ [ cmp eq reg 1 0x00000021 ]
+ [ payload load 1b @ transport header + 8 => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0x0000001e ) ^ 0x00000000 ]
+ [ lookup reg 1 set set%d ]
+
+# dccp type request
+ip test-ip4 input
+ [ payload load 1b @ network header + 9 => reg 1 ]
+ [ cmp eq reg 1 0x00000021 ]
+ [ payload load 1b @ transport header + 8 => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0x0000001e ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000000 ]
+
+# dccp type != request
+ip test-ip4 input
+ [ payload load 1b @ network header + 9 => reg 1 ]
+ [ cmp eq reg 1 0x00000021 ]
+ [ payload load 1b @ transport header + 8 => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0x0000001e ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00000000 ]
+
diff --git a/tests/py/inet/dccp.t.payload.ip6 b/tests/py/inet/dccp.t.payload.ip6
index c0e1d70..b323c06 100644
--- a/tests/py/inet/dccp.t.payload.ip6
+++ b/tests/py/inet/dccp.t.payload.ip6
@@ -80,3 +80,30 @@ ip6 test-ip6 input
[ payload load 2b @ transport header + 2 => reg 1 ]
[ lookup reg 1 set set%d ]
+# dccp type {request, response, data, ack, dataack, closereq, close, reset, sync, syncack}
+set%d test-ip6 3
+set%d test-ip6 0
+ element 00000000 : 0 [end] element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] element 00000008 : 0 [end] element 00000009 : 0 [end]
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000021 ]
+ [ payload load 1b @ transport header + 8 => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0x0000001e ) ^ 0x00000000 ]
+ [ lookup reg 1 set set%d ]
+
+# dccp type request
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000021 ]
+ [ payload load 1b @ transport header + 8 => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0x0000001e ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000000 ]
+
+# dccp type != request
+ip6 test-ip6 input
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000021 ]
+ [ payload load 1b @ transport header + 8 => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0x0000001e ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00000000 ]
+
diff --git a/tests/py/inet/dccp.t.payload.netdev b/tests/py/inet/dccp.t.payload.netdev
index ecd8863..5a8c873 100644
--- a/tests/py/inet/dccp.t.payload.netdev
+++ b/tests/py/inet/dccp.t.payload.netdev
@@ -80,3 +80,30 @@ inet test-inet input
[ payload load 2b @ transport header + 2 => reg 1 ]
[ lookup reg 1 set set%d ]
+# dccp type {request, response, data, ack, dataack, closereq, close, reset, sync, syncack}
+set%d test-netdev 3
+set%d test-netdev 0
+ element 00000000 : 0 [end] element 00000001 : 0 [end] element 00000002 : 0 [end] element 00000003 : 0 [end] element 00000004 : 0 [end] element 00000005 : 0 [end] element 00000006 : 0 [end] element 00000007 : 0 [end] element 00000008 : 0 [end] element 00000009 : 0 [end]
+netdev test-netdev ingress
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000021 ]
+ [ payload load 1b @ transport header + 8 => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0x0000001e ) ^ 0x00000000 ]
+ [ lookup reg 1 set set%d ]
+
+# dccp type request
+netdev test-netdev ingress
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000021 ]
+ [ payload load 1b @ transport header + 8 => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0x0000001e ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000000 ]
+
+# dccp type != request
+netdev test-netdev ingress
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000021 ]
+ [ payload load 1b @ transport header + 8 => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0x0000001e ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00000000 ]
+
--
2.1.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-03-07 12:38 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-03-07 12:37 [PATCH 1/2 nft] parser: remove 'reset' as reserve keyword Pablo Neira Ayuso
2016-03-07 12:37 ` [PATCH 2/2 nft] tests/py: enable tests for dccp types Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).