fib: allow to use it in set statements

author Pablo Neira Ayuso <pablo@netfilter.org>

Tue, 24 Jun 2025 16:11:10 +0000 (18:11 +0200)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Thu, 26 Jun 2025 22:39:05 +0000 (00:39 +0200)
author Pablo Neira Ayuso <pablo@netfilter.org>
Tue, 24 Jun 2025 16:11:10 +0000 (18:11 +0200)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Thu, 26 Jun 2025 22:39:05 +0000 (00:39 +0200)
diff --git a/src/parser_bison.y b/src/parser_bison.y

index e1afbbb6e56ef04ab8a3cf2a9338955df6f72e30..f9cc909836bcb36fb445409f7bbeb96596a4b0df 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -3873,6 +3873,7 @@ primary_stmt_expr :       symbol_expr                     { $$ = $1; }
                         |       payload_expr                    { $$ = $1; }
                         |       keyword_expr                    { $$ = $1; }
                         |       socket_expr                     { $$ = $1; }
+                       |       fib_expr                        { $$ = $1; }
                         |       osf_expr                        { $$ = $1; }
                         |       '('     basic_stmt_expr ')'     { $$ = $2; }
                         ;
diff --git a/src/parser_json.c b/src/parser_json.c

index ce944740861f2fb73f12b3dd6a7fa56f94879a5f..08657f2849a57bcf2cd770204a82788bf0107030 100644 (file)
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -1627,7 +1627,7 @@ static struct expr *json_parse_expr(struct json_ctx *ctx, json_t *root)
                 /* below two are hash expr */
                 { "jhash", json_parse_hash_expr, CTX_F_STMT | CTX_F_PRIMARY | CTX_F_SET_RHS | CTX_F_SES | CTX_F_MAP | CTX_F_CONCAT },
                 { "symhash", json_parse_hash_expr, CTX_F_STMT | CTX_F_PRIMARY | CTX_F_SET_RHS | CTX_F_SES | CTX_F_MAP | CTX_F_CONCAT },
-               { "fib", json_parse_fib_expr, CTX_F_PRIMARY | CTX_F_SET_RHS | CTX_F_SES | CTX_F_MAP | CTX_F_CONCAT },
+               { "fib", json_parse_fib_expr, CTX_F_STMT | CTX_F_PRIMARY | CTX_F_SET_RHS | CTX_F_SES | CTX_F_MAP | CTX_F_CONCAT },
                 { "|", json_parse_binop_expr, CTX_F_RHS | CTX_F_STMT | CTX_F_PRIMARY | CTX_F_SET_RHS | CTX_F_SES | CTX_F_MAP | CTX_F_CONCAT },
                 { "^", json_parse_binop_expr, CTX_F_RHS | CTX_F_STMT | CTX_F_PRIMARY | CTX_F_SET_RHS | CTX_F_SES | CTX_F_MAP | CTX_F_CONCAT },
                 { "&", json_parse_binop_expr, CTX_F_RHS | CTX_F_STMT | CTX_F_PRIMARY | CTX_F_SET_RHS | CTX_F_SES | CTX_F_MAP | CTX_F_CONCAT },
diff --git a/tests/py/inet/fib.t b/tests/py/inet/fib.t

index f9c03b3ad2be228f609a5d91773ec1d93a09924f..60b77a4ac00a92c952fbc81821067062ba8683d9 100644 (file)
--- a/tests/py/inet/fib.t
+++ b/tests/py/inet/fib.t
@@ -17,3 +17,5 @@ fib daddr check missing;ok
  fib daddr oif exists;ok;fib daddr check exists
  
  fib daddr check vmap { missing : drop, exists : accept };ok
+
+meta mark set fib daddr check . ct mark map { exists . 0x00000000 : 0x00000001 };ok
diff --git a/tests/py/inet/fib.t.json b/tests/py/inet/fib.t.json

index c2e9d4548a06e78b3e60f39caa2dd006eea6eb43..14a6249ad9b2accd807c0f023723ee50e3984327 100644 (file)
--- a/tests/py/inet/fib.t.json
+++ b/tests/py/inet/fib.t.json
@@ -159,3 +159,48 @@
          }
      }
  ]
+
+# meta mark set fib daddr check . ct mark map { exists . 0x00000000 : 0x00000001 }
+[
+    {
+        "mangle": {
+            "key": {
+                "meta": {
+                    "key": "mark"
+                }
+            },
+            "value": {
+                "map": {
+                    "data": {
+                        "set": [
+                            [
+                                {
+                                    "concat": [
+                                        true,
+                                        0
+                                    ]
+                                },
+                                1
+                            ]
+                        ]
+                    },
+                    "key": {
+                        "concat": [
+                            {
+                                "fib": {
+                                    "flags": "daddr",
+                                    "result": "check"
+                                }
+                            },
+                            {
+                                "ct": {
+                                    "key": "mark"
+                                }
+                            }
+                        ]
+                    }
+                }
+            }
+        }
+    }
+]
diff --git a/tests/py/inet/fib.t.payload b/tests/py/inet/fib.t.payload

index e09a260cc41ee48d933fc4886948d70278cc642d..02d92b57a47763c5cb19085f6cdfe76457cb05dd 100644 (file)
--- a/tests/py/inet/fib.t.payload
+++ b/tests/py/inet/fib.t.payload
@@ -36,3 +36,11 @@ ip test-ip prerouting
  ip test-ip prerouting
    [ fib daddr oif present => reg 1 ]
    [ lookup reg 1 set __map%d dreg 0 ]
+
+# meta mark set fib daddr check . ct mark map { exists . 0x00000000 : 0x00000001 }
+        element 00000001 00000000  : 00000001 0 [end]
+ip test-ip prerouting
+  [ fib daddr oif present => reg 1 ]
+  [ ct load mark => reg 9 ]
+  [ lookup reg 1 set __map%d dreg 1 ]
+  [ meta set mark with reg 1 ]
author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 24 Jun 2025 16:11:10 +0000 (18:11 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 26 Jun 2025 22:39:05 +0000 (00:39 +0200)
src/parser_bison.y		patch \| blob \| blame \| history
src/parser_json.c		patch \| blob \| blame \| history
tests/py/inet/fib.t		patch \| blob \| blame \| history
tests/py/inet/fib.t.json		patch \| blob \| blame \| history
tests/py/inet/fib.t.payload		patch \| blob \| blame \| history