From f87960ecc2ed04c803b27bb6a9c42ecd0ba0bc96 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Mon, 12 Jul 2021 17:44:08 +0200 Subject: [PATCH] parser: merge sack-perm/sack-permitted and maxseg/mss Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1979334 Upstream Status: nftables commit 2a9aea6f2dfb6 commit 2a9aea6f2dfb6ee61528809af98860e06b38762b Author: Florian Westphal Date: Mon Nov 2 00:27:04 2020 +0100 parser: merge sack-perm/sack-permitted and maxseg/mss One was added by the tcp option parsing ocde, the other by synproxy. So we have: synproxy ... sack-perm synproxy ... mss and tcp option maxseg tcp option sack-permitted This kills the extra tokens on the scanner/parser side, so sack-perm and sack-permitted can both be used. Likewise, 'synproxy maxseg' and 'tcp option mss size 42' will work too. On the output side, the shorter form is now preferred, i.e. sack-perm and mss. Signed-off-by: Florian Westphal --- doc/payload-expression.txt | 8 ++++---- src/parser_bison.y | 12 +++++------- src/scanner.l | 8 ++++---- src/tcpopt.c | 2 +- tests/py/any/tcpopt.t | 4 ++-- tests/py/any/tcpopt.t.json | 8 ++++---- tests/py/any/tcpopt.t.payload | 12 ++++++------ 7 files changed, 26 insertions(+), 28 deletions(-) diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt index dba42fd..3d7057c 100644 --- a/doc/payload-expression.txt +++ b/doc/payload-expression.txt @@ -525,13 +525,13 @@ nftables currently supports matching (finding) a given ipv6 extension header, TC *dst* {*nexthdr* | *hdrlength*} *mh* {*nexthdr* | *hdrlength* | *checksum* | *type*} *srh* {*flags* | *tag* | *sid* | *seg-left*} -*tcp option* {*eol* | *noop* | *maxseg* | *window* | *sack-permitted* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp*} 'tcp_option_field' +*tcp option* {*eol* | *noop* | *maxseg* | *window* | *sack-perm* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp*} 'tcp_option_field' *ip option* { lsrr | ra | rr | ssrr } 'ip_option_field' The following syntaxes are valid only in a relational expression with boolean type on right-hand side for checking header existence only: [verse] *exthdr* {*hbh* | *frag* | *rt* | *dst* | *mh*} -*tcp option* {*eol* | *noop* | *maxseg* | *window* | *sack-permitted* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp*} +*tcp option* {*eol* | *noop* | *maxseg* | *window* | *sack-perm* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp*} *ip option* { lsrr | ra | rr | ssrr } .IPv6 extension headers @@ -568,7 +568,7 @@ kind, length, size |window| TCP Window Scaling | kind, length, count -|sack-permitted| +|sack-perm | TCP SACK permitted | kind, length |sack| @@ -611,7 +611,7 @@ type, length, ptr, addr .finding TCP options -------------------- -filter input tcp option sack-permitted kind 1 counter +filter input tcp option sack-perm kind 1 counter -------------------- .matching IPv6 exthdr diff --git a/src/parser_bison.y b/src/parser_bison.y index 4cca31b..56d26e3 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -221,7 +221,6 @@ int nft_lex(void *, void *, void *); %token SYNPROXY "synproxy" %token MSS "mss" %token WSCALE "wscale" -%token SACKPERM "sack-perm" %token HOOK "hook" %token DEVICE "device" @@ -385,14 +384,13 @@ int nft_lex(void *, void *, void *); %token OPTION "option" %token ECHO "echo" %token EOL "eol" -%token MAXSEG "maxseg" %token NOOP "noop" %token SACK "sack" %token SACK0 "sack0" %token SACK1 "sack1" %token SACK2 "sack2" %token SACK3 "sack3" -%token SACK_PERMITTED "sack-permitted" +%token SACK_PERM "sack-permitted" %token TIMESTAMP "timestamp" %token KIND "kind" %token COUNT "count" @@ -2889,7 +2887,7 @@ synproxy_arg : MSS NUM { $0->synproxy.flags |= NF_SYNPROXY_OPT_TIMESTAMP; } - | SACKPERM + | SACK_PERM { $0->synproxy.flags |= NF_SYNPROXY_OPT_SACK_PERM; } @@ -2944,7 +2942,7 @@ synproxy_ts : /* empty */ { $$ = 0; } ; synproxy_sack : /* empty */ { $$ = 0; } - | SACKPERM + | SACK_PERM { $$ = NF_SYNPROXY_OPT_SACK_PERM; } @@ -4736,9 +4734,9 @@ tcp_hdr_field : SPORT { $$ = TCPHDR_SPORT; } tcp_hdr_option_type : EOL { $$ = TCPOPTHDR_EOL; } | NOOP { $$ = TCPOPTHDR_NOOP; } - | MAXSEG { $$ = TCPOPTHDR_MAXSEG; } + | MSS { $$ = TCPOPTHDR_MAXSEG; } | WINDOW { $$ = TCPOPTHDR_WINDOW; } - | SACK_PERMITTED { $$ = TCPOPTHDR_SACK_PERMITTED; } + | SACK_PERM { $$ = TCPOPTHDR_SACK_PERMITTED; } | SACK { $$ = TCPOPTHDR_SACK0; } | SACK0 { $$ = TCPOPTHDR_SACK0; } | SACK1 { $$ = TCPOPTHDR_SACK1; } diff --git a/src/scanner.l b/src/scanner.l index 7daf5c1..a369802 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -419,14 +419,16 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "echo" { return ECHO; } "eol" { return EOL; } -"maxseg" { return MAXSEG; } +"maxseg" { return MSS; } +"mss" { return MSS; } "noop" { return NOOP; } "sack" { return SACK; } "sack0" { return SACK0; } "sack1" { return SACK1; } "sack2" { return SACK2; } "sack3" { return SACK3; } -"sack-permitted" { return SACK_PERMITTED; } +"sack-permitted" { return SACK_PERM; } +"sack-perm" { return SACK_PERM; } "timestamp" { return TIMESTAMP; } "time" { return TIME; } @@ -562,9 +564,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "osf" { return OSF; } "synproxy" { return SYNPROXY; } -"mss" { return MSS; } "wscale" { return WSCALE; } -"sack-perm" { return SACKPERM; } "notrack" { return NOTRACK; } diff --git a/src/tcpopt.c b/src/tcpopt.c index ec305d9..6dbaa9e 100644 --- a/src/tcpopt.c +++ b/src/tcpopt.c @@ -55,7 +55,7 @@ static const struct exthdr_desc tcpopt_window = { }; static const struct exthdr_desc tcpopt_sack_permitted = { - .name = "sack-permitted", + .name = "sack-perm", .type = TCPOPT_SACK_PERMITTED, .templates = { [TCPOPTHDR_FIELD_KIND] = PHT("kind", 0, 8), diff --git a/tests/py/any/tcpopt.t b/tests/py/any/tcpopt.t index 08b1dcb..5f21d49 100644 --- a/tests/py/any/tcpopt.t +++ b/tests/py/any/tcpopt.t @@ -12,8 +12,8 @@ tcp option maxseg size 1;ok tcp option window kind 1;ok tcp option window length 1;ok tcp option window count 1;ok -tcp option sack-permitted kind 1;ok -tcp option sack-permitted length 1;ok +tcp option sack-perm kind 1;ok +tcp option sack-perm length 1;ok tcp option sack kind 1;ok tcp option sack length 1;ok tcp option sack left 1;ok diff --git a/tests/py/any/tcpopt.t.json b/tests/py/any/tcpopt.t.json index 48eb339..2c6236a 100644 --- a/tests/py/any/tcpopt.t.json +++ b/tests/py/any/tcpopt.t.json @@ -126,14 +126,14 @@ } ] -# tcp option sack-permitted kind 1 +# tcp option sack-perm kind 1 [ { "match": { "left": { "tcp option": { "field": "kind", - "name": "sack-permitted" + "name": "sack-perm" } }, "op": "==", @@ -142,14 +142,14 @@ } ] -# tcp option sack-permitted length 1 +# tcp option sack-perm length 1 [ { "match": { "left": { "tcp option": { "field": "length", - "name": "sack-permitted" + "name": "sack-perm" } }, "op": "==", diff --git a/tests/py/any/tcpopt.t.payload b/tests/py/any/tcpopt.t.payload index 63751cf..f63076a 100644 --- a/tests/py/any/tcpopt.t.payload +++ b/tests/py/any/tcpopt.t.payload @@ -166,42 +166,42 @@ inet [ exthdr load tcpopt 1b @ 3 + 2 => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option sack-permitted kind 1 +# tcp option sack-perm kind 1 ip [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option sack-permitted kind 1 +# tcp option sack-perm kind 1 ip6 [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option sack-permitted kind 1 +# tcp option sack-perm kind 1 inet [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option sack-permitted length 1 +# tcp option sack-perm length 1 ip [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 4 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option sack-permitted length 1 +# tcp option sack-perm length 1 ip6 [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 4 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option sack-permitted length 1 +# tcp option sack-perm length 1 inet [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] -- 2.31.1