From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: karol@babioch.de
Subject: [PATCH nft] parser_bison: allow 'snat' and 'dnat' keywords from the right-hand side
Date: Wed, 9 Mar 2016 12:35:11 +0100 [thread overview]
Message-ID: <1457523311-19512-1-git-send-email-pablo@netfilter.org> (raw)
Parse 'snat' and 'dnat' reserved keywords from the right-hand side as
symbols. Thus, we can use them as values from ct status.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=950
Reported-by: Ana Rey <anarey@gmail.com>
Reported-by: Karol Babioch <karol@babioch.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/parser_bison.y | 12 ++++++++++++
tests/py/any/ct.t | 8 +++-----
tests/py/any/ct.t.payload | 19 +++++++++++++++++++
3 files changed, 34 insertions(+), 5 deletions(-)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 3f22639..90978ab 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2196,6 +2196,18 @@ primary_rhs_expr : symbol_expr { $$ = $1; }
BYTEORDER_HOST_ENDIAN,
sizeof(data) * BITS_PER_BYTE, &data);
}
+ | SNAT
+ {
+ $$ = symbol_expr_alloc(&@$, SYMBOL_VALUE,
+ current_scope(state),
+ "snat");
+ }
+ | DNAT
+ {
+ $$ = symbol_expr_alloc(&@$, SYMBOL_VALUE,
+ current_scope(state),
+ "dnat");
+ }
;
relational_op : EQ { $$ = OP_EQ; }
diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t
index 6896b1f..095e86c 100644
--- a/tests/py/any/ct.t
+++ b/tests/py/any/ct.t
@@ -26,13 +26,11 @@ ct status != expected;ok
ct status seen-reply;ok
ct status != seen-reply;ok
ct status {expected, seen-reply, assured, confirmed, dying};ok
+ct status expected,seen-reply,assured,confirmed,snat,dnat,dying;ok
+ct status snat;ok
+ct status dnat;ok
ct status xxx;fail
-# SYMBOL("snat", IPS_SRC_NAT)
-# SYMBOL("dnat", IPS_DST_NAT)
-- ct status snat;ok
-- ct status dnat;ok
-
ct mark 0;ok;ct mark 0x00000000
ct mark or 0x23 == 0x11;ok;ct mark | 0x00000023 == 0x00000011
ct mark or 0x3 != 0x1;ok;ct mark | 0x00000003 != 0x00000001
diff --git a/tests/py/any/ct.t.payload b/tests/py/any/ct.t.payload
index ac99429..62e9259 100644
--- a/tests/py/any/ct.t.payload
+++ b/tests/py/any/ct.t.payload
@@ -304,3 +304,22 @@ ip test-ip4 output
[ ct load bytes => reg 1 ]
[ byteorder reg 1 = hton(reg 1, 8, 8) ]
[ cmp gt reg 1 0x00000000 0xa0860100 ]
+
+# ct status expected,seen-reply,assured,confirmed,snat,dnat,dying
+ip test-ip4 output
+ [ ct load status => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0x0000023f ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00000000 ]
+
+# ct status snat
+ip test-ip4 output
+ [ ct load status => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00000000 ]
+
+# ct status dnat
+ip test-ip4 output
+ [ ct load status => reg 1 ]
+ [ bitwise reg 1 = (reg=1 & 0x00000020 ) ^ 0x00000000 ]
+ [ cmp neq reg 1 0x00000000 ]
+
--
2.1.4
reply other threads:[~2016-03-09 11:35 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1457523311-19512-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=karol@babioch.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).