parser_bison: allow 'snat' and 'dnat' keywords from the right-hand side

Parse 'snat' and 'dnat' reserved keywords from the right-hand side as
symbols. Thus, we can use them as values from ct status.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=950
Reported-by: Ana Rey <anarey@gmail.com>
Reported-by: Karol Babioch <karol@babioch.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 3f2263994d124d2dc63e83d6efeda4e50cfcbba8..90978ab6aff4ebf7cd8042933b46cf855bfe5ff3 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2196,6 +2196,18 @@ primary_rhs_expr :       symbol_expr             { $$ = $1; }
                                                         BYTEORDER_HOST_ENDIAN,
                                                         sizeof(data) * BITS_PER_BYTE, &data);
                        }
+                       |       SNAT
+                       {
+                               $$ = symbol_expr_alloc(&@$, SYMBOL_VALUE,
+                                                      current_scope(state),
+                                                      "snat");
+                       }
+                       |       DNAT
+                       {
+                               $$ = symbol_expr_alloc(&@$, SYMBOL_VALUE,
+                                                      current_scope(state),
+                                                      "dnat");
+                       }
                        ;
 
 relational_op          :       EQ              { $$ = OP_EQ; }

diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t
index 6896b1f57f712cd131487505e5a8505035350f63..095e86c77b777fc9e90bcfd4894b60499b8895b1 100644 (file)
--- a/tests/py/any/ct.t
+++ b/tests/py/any/ct.t
@@ -26,13 +26,11 @@ ct status != expected;ok
 ct status seen-reply;ok
 ct status != seen-reply;ok
 ct status {expected, seen-reply, assured, confirmed, dying};ok
+ct status expected,seen-reply,assured,confirmed,snat,dnat,dying;ok
+ct status snat;ok
+ct status dnat;ok
 ct status xxx;fail
 
-# SYMBOL("snat", IPS_SRC_NAT)
-# SYMBOL("dnat", IPS_DST_NAT)
-- ct status snat;ok
-- ct status dnat;ok
-
 ct mark 0;ok;ct mark 0x00000000
 ct mark or 0x23 == 0x11;ok;ct mark | 0x00000023 == 0x00000011
 ct mark or 0x3 != 0x1;ok;ct mark | 0x00000003 != 0x00000001

diff --git a/tests/py/any/ct.t.payload b/tests/py/any/ct.t.payload
index ac99429cd4998c3f7beef7c574c3abe6b141dd3d..62e9259276d13071de9af3534ac51e76a8de8c8a 100644 (file)
--- a/tests/py/any/ct.t.payload
+++ b/tests/py/any/ct.t.payload
@@ -304,3 +304,22 @@ ip test-ip4 output
   [ ct load bytes => reg 1 ]
   [ byteorder reg 1 = hton(reg 1, 8, 8) ]
   [ cmp gt reg 1 0x00000000 0xa0860100 ]
+
+# ct status expected,seen-reply,assured,confirmed,snat,dnat,dying
+ip test-ip4 output
+  [ ct load status => reg 1 ]
+  [ bitwise reg 1 = (reg=1 & 0x0000023f ) ^ 0x00000000 ]
+  [ cmp neq reg 1 0x00000000 ]
+
+# ct status snat
+ip test-ip4 output
+  [ ct load status => reg 1 ]
+  [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ]
+  [ cmp neq reg 1 0x00000000 ]
+
+# ct status dnat
+ip test-ip4 output
+  [ ct load status => reg 1 ]
+  [ bitwise reg 1 = (reg=1 & 0x00000020 ) ^ 0x00000000 ]
+  [ cmp neq reg 1 0x00000000 ]
+