git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 12 May 2021 23:34:01 +0000 (01:34 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Sat, 15 May 2021 23:01:32 +0000 (01:01 +0200)
commit	c3d57114f119b89ec0caa0b4dfa8527826a38792
tree	e05672750206c02c70d0927cbd4b8ca6aae4b31c	tree
parent	3adb0316e2b5683acd0f93661a278f059a13cc5b	commit \| diff

parser_bison: add shortcut syntax for matching flags without binary operations

This patch adds the following shortcut syntax:

expression flags / flags

instead of:

expression and flags == flags

For example:

tcp flags syn,ack / syn,ack,fin,rst
^^^^^^^ ^^^^^^^^^^^^^^^
value mask

instead of:

tcp flags and (syn|ack|fin|rst) == syn|ack

The second list of comma-separated flags represents the mask which are
examined and the first list of comma-separated flags must be set.

You can also use the != operator with this syntax:

tcp flags != fin,rst / syn,ack,fin,rst

This shortcut is based on the prefix notation, but it is also similar to
the iptables tcp matching syntax.

This patch introduces the flagcmp expression to print the tcp flags in
this new notation. The delinearize path transforms the binary expression
to this new flagcmp expression whenever possible.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/expression.h		diff \| blob \| blame \| history
include/json.h		diff \| blob \| blame \| history
src/evaluate.c		diff \| blob \| blame \| history
src/expression.c		diff \| blob \| blame \| history
src/json.c		diff \| blob \| blame \| history
src/netlink_delinearize.c		diff \| blob \| blame \| history
src/parser_bison.y		diff \| blob \| blame \| history
tests/py/inet/tcp.t		diff \| blob \| blame \| history
tests/py/inet/tcp.t.payload		diff \| blob \| blame \| history