From 81eb9cb3c913739ae584df231a2962be8c4623b2 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 16 Aug 2018 13:28:55 +0200 Subject: [PATCH] Fix ss filter expressions --- 0001-Add-cbq.8-as-an-alias-to-tc-cbq.8.patch | 4 +- 0002-ss-Review-ssfilter.patch | 130 +++++++++++++++++++ iproute.spec | 7 +- 3 files changed, 138 insertions(+), 3 deletions(-) create mode 100644 0002-ss-Review-ssfilter.patch diff --git a/0001-Add-cbq.8-as-an-alias-to-tc-cbq.8.patch b/0001-Add-cbq.8-as-an-alias-to-tc-cbq.8.patch index b3bea75..ac33332 100644 --- a/0001-Add-cbq.8-as-an-alias-to-tc-cbq.8.patch +++ b/0001-Add-cbq.8-as-an-alias-to-tc-cbq.8.patch @@ -1,4 +1,4 @@ -From d0a7e6eaa550dc7930ea53268637ff2186c7ddc6 Mon Sep 17 00:00:00 2001 +From 9c27b875aef25848adbebc8d13525bef3ec2ba45 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 17 Mar 2017 22:47:27 +0100 Subject: [PATCH] Add cbq.8 as an alias to tc-cbq.8 @@ -17,5 +17,5 @@ index 0000000000000..bef35201f4eab @@ -0,0 +1 @@ +.so man8/tc-cbq.8 -- -2.17.0 +2.18.0 diff --git a/0002-ss-Review-ssfilter.patch b/0002-ss-Review-ssfilter.patch new file mode 100644 index 0000000..eda0c52 --- /dev/null +++ b/0002-ss-Review-ssfilter.patch @@ -0,0 +1,130 @@ +From 45ef10dd7b9d4337bfef9573803c1c7cadc012e6 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 14 Aug 2018 14:18:06 +0200 +Subject: [PATCH] ss: Review ssfilter + +The original problem was ssfilter rejecting single expressions if +enclosed in braces, such as: + +| sport = 22 or ( dport = 22 ) + +This is fixed by allowing 'expr' to be an 'exprlist' enclosed in braces. +The no longer required recursion in 'exprlist' being an 'exprlist' +enclosed in braces is dropped. + +In addition to that, a few other things are changed: + +* Remove pointless 'null' prefix in 'appled' before 'exprlist'. +* For simple equals matches, '=' operator was required for ports but not + allowed for hosts. Make this consistent by making '=' operator + optional in both cases. + +Reported-by: Samuel Mannehed +Fixes: b2038cc0b2403 ("ssfilter: Eliminate shift/reduce conflicts") +Signed-off-by: Phil Sutter +Signed-off-by: Stephen Hemminger +(cherry picked from commit 38d209ecf2ae966b9b25de4acb60cdffb0e06ced) +Signed-off-by: Phil Sutter +--- + misc/ssfilter.y | 36 +++++++++++++++++++++--------------- + 1 file changed, 21 insertions(+), 15 deletions(-) + +diff --git a/misc/ssfilter.y b/misc/ssfilter.y +index 88d4229a9b241..0413dddaa7584 100644 +--- a/misc/ssfilter.y ++++ b/misc/ssfilter.y +@@ -42,24 +42,22 @@ static void yyerror(char *s) + %nonassoc '!' + + %% +-applet: null exprlist ++applet: exprlist + { +- *yy_ret = $2; +- $$ = $2; ++ *yy_ret = $1; ++ $$ = $1; + } + | null + ; ++ + null: /* NOTHING */ { $$ = NULL; } + ; ++ + exprlist: expr + | '!' expr + { + $$ = alloc_node(SSF_NOT, $2); + } +- | '(' exprlist ')' +- { +- $$ = $2; +- } + | exprlist '|' expr + { + $$ = alloc_node(SSF_OR, $1); +@@ -77,13 +75,21 @@ exprlist: expr + } + ; + +-expr: DCOND HOSTCOND ++eq: '=' ++ | /* nothing */ ++ ; ++ ++expr: '(' exprlist ')' ++ { ++ $$ = $2; ++ } ++ | DCOND eq HOSTCOND + { +- $$ = alloc_node(SSF_DCOND, $2); ++ $$ = alloc_node(SSF_DCOND, $3); + } +- | SCOND HOSTCOND ++ | SCOND eq HOSTCOND + { +- $$ = alloc_node(SSF_SCOND, $2); ++ $$ = alloc_node(SSF_SCOND, $3); + } + | DPORT GEQ HOSTCOND + { +@@ -101,7 +107,7 @@ expr: DCOND HOSTCOND + { + $$ = alloc_node(SSF_NOT, alloc_node(SSF_D_GE, $3)); + } +- | DPORT '=' HOSTCOND ++ | DPORT eq HOSTCOND + { + $$ = alloc_node(SSF_DCOND, $3); + } +@@ -126,7 +132,7 @@ expr: DCOND HOSTCOND + { + $$ = alloc_node(SSF_NOT, alloc_node(SSF_S_GE, $3)); + } +- | SPORT '=' HOSTCOND ++ | SPORT eq HOSTCOND + { + $$ = alloc_node(SSF_SCOND, $3); + } +@@ -134,7 +140,7 @@ expr: DCOND HOSTCOND + { + $$ = alloc_node(SSF_NOT, alloc_node(SSF_SCOND, $3)); + } +- | DEVNAME '=' DEVCOND ++ | DEVNAME eq DEVCOND + { + $$ = alloc_node(SSF_DEVCOND, $3); + } +@@ -142,7 +148,7 @@ expr: DCOND HOSTCOND + { + $$ = alloc_node(SSF_NOT, alloc_node(SSF_DEVCOND, $3)); + } +- | FWMARK '=' MARKMASK ++ | FWMARK eq MARKMASK + { + $$ = alloc_node(SSF_MARKMASK, $3); + } +-- +2.18.0 + diff --git a/iproute.spec b/iproute.spec index 979bd41..9e79d59 100644 --- a/iproute.spec +++ b/iproute.spec @@ -2,7 +2,7 @@ Summary: Advanced IP routing and network device configuration tools Name: iproute Version: 4.18.0 -Release: 1%{?dist} +Release: 2%{?dist} Group: Applications/System URL: http://kernel.org/pub/linux/utils/net/%{name}2/ Source0: http://kernel.org/pub/linux/utils/net/%{name}2/%{name}2-%{version}.tar.xz @@ -13,6 +13,8 @@ Source2: avpkt # - We ship cbq.init-v0.7.3 as cbq binary, so have a cbq.8 man page which links # to tc-cbq.8. Patch1: 0001-Add-cbq.8-as-an-alias-to-tc-cbq.8.patch +# Fix for bz#1615373 +Patch2: 0002-ss-Review-ssfilter.patch License: GPLv2+ and Public Domain BuildRequires: gcc @@ -159,6 +161,9 @@ rm -rf '%{buildroot}%{_docdir}' %{_includedir}/iproute2/bpf_elf.h %changelog +* Thu Aug 16 2018 Phil Sutter - 4.18.0-2 +- Fix ss filter expressions + * Tue Aug 14 2018 Phil Sutter - 4.18.0-1 - New version 4.18.0