|
|
4e0227 |
From f87960ecc2ed04c803b27bb6a9c42ecd0ba0bc96 Mon Sep 17 00:00:00 2001
|
|
|
4e0227 |
From: Phil Sutter <psutter@redhat.com>
|
|
|
4e0227 |
Date: Mon, 12 Jul 2021 17:44:08 +0200
|
|
|
4e0227 |
Subject: [PATCH] parser: merge sack-perm/sack-permitted and maxseg/mss
|
|
|
4e0227 |
|
|
|
4e0227 |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1979334
|
|
|
4e0227 |
Upstream Status: nftables commit 2a9aea6f2dfb6
|
|
|
4e0227 |
|
|
|
4e0227 |
commit 2a9aea6f2dfb6ee61528809af98860e06b38762b
|
|
|
4e0227 |
Author: Florian Westphal <fw@strlen.de>
|
|
|
4e0227 |
Date: Mon Nov 2 00:27:04 2020 +0100
|
|
|
4e0227 |
|
|
|
4e0227 |
parser: merge sack-perm/sack-permitted and maxseg/mss
|
|
|
4e0227 |
|
|
|
4e0227 |
One was added by the tcp option parsing ocde, the other by synproxy.
|
|
|
4e0227 |
|
|
|
4e0227 |
So we have:
|
|
|
4e0227 |
synproxy ... sack-perm
|
|
|
4e0227 |
synproxy ... mss
|
|
|
4e0227 |
|
|
|
4e0227 |
and
|
|
|
4e0227 |
|
|
|
4e0227 |
tcp option maxseg
|
|
|
4e0227 |
tcp option sack-permitted
|
|
|
4e0227 |
|
|
|
4e0227 |
This kills the extra tokens on the scanner/parser side,
|
|
|
4e0227 |
so sack-perm and sack-permitted can both be used.
|
|
|
4e0227 |
|
|
|
4e0227 |
Likewise, 'synproxy maxseg' and 'tcp option mss size 42' will work too.
|
|
|
4e0227 |
On the output side, the shorter form is now preferred, i.e. sack-perm
|
|
|
4e0227 |
and mss.
|
|
|
4e0227 |
|
|
|
4e0227 |
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
4e0227 |
---
|
|
|
4e0227 |
doc/payload-expression.txt | 8 ++++----
|
|
|
4e0227 |
src/parser_bison.y | 12 +++++-------
|
|
|
4e0227 |
src/scanner.l | 8 ++++----
|
|
|
4e0227 |
src/tcpopt.c | 2 +-
|
|
|
4e0227 |
tests/py/any/tcpopt.t | 4 ++--
|
|
|
4e0227 |
tests/py/any/tcpopt.t.json | 8 ++++----
|
|
|
4e0227 |
tests/py/any/tcpopt.t.payload | 12 ++++++------
|
|
|
4e0227 |
7 files changed, 26 insertions(+), 28 deletions(-)
|
|
|
4e0227 |
|
|
|
4e0227 |
diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt
|
|
|
4e0227 |
index dba42fd..3d7057c 100644
|
|
|
4e0227 |
--- a/doc/payload-expression.txt
|
|
|
4e0227 |
+++ b/doc/payload-expression.txt
|
|
|
4e0227 |
@@ -525,13 +525,13 @@ nftables currently supports matching (finding) a given ipv6 extension header, TC
|
|
|
4e0227 |
*dst* {*nexthdr* | *hdrlength*}
|
|
|
4e0227 |
*mh* {*nexthdr* | *hdrlength* | *checksum* | *type*}
|
|
|
4e0227 |
*srh* {*flags* | *tag* | *sid* | *seg-left*}
|
|
|
4e0227 |
-*tcp option* {*eol* | *noop* | *maxseg* | *window* | *sack-permitted* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp*} 'tcp_option_field'
|
|
|
4e0227 |
+*tcp option* {*eol* | *noop* | *maxseg* | *window* | *sack-perm* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp*} 'tcp_option_field'
|
|
|
4e0227 |
*ip option* { lsrr | ra | rr | ssrr } 'ip_option_field'
|
|
|
4e0227 |
|
|
|
4e0227 |
The following syntaxes are valid only in a relational expression with boolean type on right-hand side for checking header existence only:
|
|
|
4e0227 |
[verse]
|
|
|
4e0227 |
*exthdr* {*hbh* | *frag* | *rt* | *dst* | *mh*}
|
|
|
4e0227 |
-*tcp option* {*eol* | *noop* | *maxseg* | *window* | *sack-permitted* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp*}
|
|
|
4e0227 |
+*tcp option* {*eol* | *noop* | *maxseg* | *window* | *sack-perm* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp*}
|
|
|
4e0227 |
*ip option* { lsrr | ra | rr | ssrr }
|
|
|
4e0227 |
|
|
|
4e0227 |
.IPv6 extension headers
|
|
|
4e0227 |
@@ -568,7 +568,7 @@ kind, length, size
|
|
|
4e0227 |
|window|
|
|
|
4e0227 |
TCP Window Scaling |
|
|
|
4e0227 |
kind, length, count
|
|
|
4e0227 |
-|sack-permitted|
|
|
|
4e0227 |
+|sack-perm |
|
|
|
4e0227 |
TCP SACK permitted |
|
|
|
4e0227 |
kind, length
|
|
|
4e0227 |
|sack|
|
|
|
4e0227 |
@@ -611,7 +611,7 @@ type, length, ptr, addr
|
|
|
4e0227 |
|
|
|
4e0227 |
.finding TCP options
|
|
|
4e0227 |
--------------------
|
|
|
4e0227 |
-filter input tcp option sack-permitted kind 1 counter
|
|
|
4e0227 |
+filter input tcp option sack-perm kind 1 counter
|
|
|
4e0227 |
--------------------
|
|
|
4e0227 |
|
|
|
4e0227 |
.matching IPv6 exthdr
|
|
|
4e0227 |
diff --git a/src/parser_bison.y b/src/parser_bison.y
|
|
|
4e0227 |
index 4cca31b..56d26e3 100644
|
|
|
4e0227 |
--- a/src/parser_bison.y
|
|
|
4e0227 |
+++ b/src/parser_bison.y
|
|
|
4e0227 |
@@ -221,7 +221,6 @@ int nft_lex(void *, void *, void *);
|
|
|
4e0227 |
%token SYNPROXY "synproxy"
|
|
|
4e0227 |
%token MSS "mss"
|
|
|
4e0227 |
%token WSCALE "wscale"
|
|
|
4e0227 |
-%token SACKPERM "sack-perm"
|
|
|
4e0227 |
|
|
|
4e0227 |
%token HOOK "hook"
|
|
|
4e0227 |
%token DEVICE "device"
|
|
|
4e0227 |
@@ -385,14 +384,13 @@ int nft_lex(void *, void *, void *);
|
|
|
4e0227 |
%token OPTION "option"
|
|
|
4e0227 |
%token ECHO "echo"
|
|
|
4e0227 |
%token EOL "eol"
|
|
|
4e0227 |
-%token MAXSEG "maxseg"
|
|
|
4e0227 |
%token NOOP "noop"
|
|
|
4e0227 |
%token SACK "sack"
|
|
|
4e0227 |
%token SACK0 "sack0"
|
|
|
4e0227 |
%token SACK1 "sack1"
|
|
|
4e0227 |
%token SACK2 "sack2"
|
|
|
4e0227 |
%token SACK3 "sack3"
|
|
|
4e0227 |
-%token SACK_PERMITTED "sack-permitted"
|
|
|
4e0227 |
+%token SACK_PERM "sack-permitted"
|
|
|
4e0227 |
%token TIMESTAMP "timestamp"
|
|
|
4e0227 |
%token KIND "kind"
|
|
|
4e0227 |
%token COUNT "count"
|
|
|
4e0227 |
@@ -2889,7 +2887,7 @@ synproxy_arg : MSS NUM
|
|
|
4e0227 |
{
|
|
|
4e0227 |
$<stmt>0->synproxy.flags |= NF_SYNPROXY_OPT_TIMESTAMP;
|
|
|
4e0227 |
}
|
|
|
4e0227 |
- | SACKPERM
|
|
|
4e0227 |
+ | SACK_PERM
|
|
|
4e0227 |
{
|
|
|
4e0227 |
$<stmt>0->synproxy.flags |= NF_SYNPROXY_OPT_SACK_PERM;
|
|
|
4e0227 |
}
|
|
|
4e0227 |
@@ -2944,7 +2942,7 @@ synproxy_ts : /* empty */ { $$ = 0; }
|
|
|
4e0227 |
;
|
|
|
4e0227 |
|
|
|
4e0227 |
synproxy_sack : /* empty */ { $$ = 0; }
|
|
|
4e0227 |
- | SACKPERM
|
|
|
4e0227 |
+ | SACK_PERM
|
|
|
4e0227 |
{
|
|
|
4e0227 |
$$ = NF_SYNPROXY_OPT_SACK_PERM;
|
|
|
4e0227 |
}
|
|
|
4e0227 |
@@ -4736,9 +4734,9 @@ tcp_hdr_field : SPORT { $$ = TCPHDR_SPORT; }
|
|
|
4e0227 |
|
|
|
4e0227 |
tcp_hdr_option_type : EOL { $$ = TCPOPTHDR_EOL; }
|
|
|
4e0227 |
| NOOP { $$ = TCPOPTHDR_NOOP; }
|
|
|
4e0227 |
- | MAXSEG { $$ = TCPOPTHDR_MAXSEG; }
|
|
|
4e0227 |
+ | MSS { $$ = TCPOPTHDR_MAXSEG; }
|
|
|
4e0227 |
| WINDOW { $$ = TCPOPTHDR_WINDOW; }
|
|
|
4e0227 |
- | SACK_PERMITTED { $$ = TCPOPTHDR_SACK_PERMITTED; }
|
|
|
4e0227 |
+ | SACK_PERM { $$ = TCPOPTHDR_SACK_PERMITTED; }
|
|
|
4e0227 |
| SACK { $$ = TCPOPTHDR_SACK0; }
|
|
|
4e0227 |
| SACK0 { $$ = TCPOPTHDR_SACK0; }
|
|
|
4e0227 |
| SACK1 { $$ = TCPOPTHDR_SACK1; }
|
|
|
4e0227 |
diff --git a/src/scanner.l b/src/scanner.l
|
|
|
4e0227 |
index 7daf5c1..a369802 100644
|
|
|
4e0227 |
--- a/src/scanner.l
|
|
|
4e0227 |
+++ b/src/scanner.l
|
|
|
4e0227 |
@@ -419,14 +419,16 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
|
|
|
4e0227 |
|
|
|
4e0227 |
"echo" { return ECHO; }
|
|
|
4e0227 |
"eol" { return EOL; }
|
|
|
4e0227 |
-"maxseg" { return MAXSEG; }
|
|
|
4e0227 |
+"maxseg" { return MSS; }
|
|
|
4e0227 |
+"mss" { return MSS; }
|
|
|
4e0227 |
"noop" { return NOOP; }
|
|
|
4e0227 |
"sack" { return SACK; }
|
|
|
4e0227 |
"sack0" { return SACK0; }
|
|
|
4e0227 |
"sack1" { return SACK1; }
|
|
|
4e0227 |
"sack2" { return SACK2; }
|
|
|
4e0227 |
"sack3" { return SACK3; }
|
|
|
4e0227 |
-"sack-permitted" { return SACK_PERMITTED; }
|
|
|
4e0227 |
+"sack-permitted" { return SACK_PERM; }
|
|
|
4e0227 |
+"sack-perm" { return SACK_PERM; }
|
|
|
4e0227 |
"timestamp" { return TIMESTAMP; }
|
|
|
4e0227 |
"time" { return TIME; }
|
|
|
4e0227 |
|
|
|
4e0227 |
@@ -562,9 +564,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
|
|
|
4e0227 |
"osf" { return OSF; }
|
|
|
4e0227 |
|
|
|
4e0227 |
"synproxy" { return SYNPROXY; }
|
|
|
4e0227 |
-"mss" { return MSS; }
|
|
|
4e0227 |
"wscale" { return WSCALE; }
|
|
|
4e0227 |
-"sack-perm" { return SACKPERM; }
|
|
|
4e0227 |
|
|
|
4e0227 |
"notrack" { return NOTRACK; }
|
|
|
4e0227 |
|
|
|
4e0227 |
diff --git a/src/tcpopt.c b/src/tcpopt.c
|
|
|
4e0227 |
index ec305d9..6dbaa9e 100644
|
|
|
4e0227 |
--- a/src/tcpopt.c
|
|
|
4e0227 |
+++ b/src/tcpopt.c
|
|
|
4e0227 |
@@ -55,7 +55,7 @@ static const struct exthdr_desc tcpopt_window = {
|
|
|
4e0227 |
};
|
|
|
4e0227 |
|
|
|
4e0227 |
static const struct exthdr_desc tcpopt_sack_permitted = {
|
|
|
4e0227 |
- .name = "sack-permitted",
|
|
|
4e0227 |
+ .name = "sack-perm",
|
|
|
4e0227 |
.type = TCPOPT_SACK_PERMITTED,
|
|
|
4e0227 |
.templates = {
|
|
|
4e0227 |
[TCPOPTHDR_FIELD_KIND] = PHT("kind", 0, 8),
|
|
|
4e0227 |
diff --git a/tests/py/any/tcpopt.t b/tests/py/any/tcpopt.t
|
|
|
4e0227 |
index 08b1dcb..5f21d49 100644
|
|
|
4e0227 |
--- a/tests/py/any/tcpopt.t
|
|
|
4e0227 |
+++ b/tests/py/any/tcpopt.t
|
|
|
4e0227 |
@@ -12,8 +12,8 @@ tcp option maxseg size 1;ok
|
|
|
4e0227 |
tcp option window kind 1;ok
|
|
|
4e0227 |
tcp option window length 1;ok
|
|
|
4e0227 |
tcp option window count 1;ok
|
|
|
4e0227 |
-tcp option sack-permitted kind 1;ok
|
|
|
4e0227 |
-tcp option sack-permitted length 1;ok
|
|
|
4e0227 |
+tcp option sack-perm kind 1;ok
|
|
|
4e0227 |
+tcp option sack-perm length 1;ok
|
|
|
4e0227 |
tcp option sack kind 1;ok
|
|
|
4e0227 |
tcp option sack length 1;ok
|
|
|
4e0227 |
tcp option sack left 1;ok
|
|
|
4e0227 |
diff --git a/tests/py/any/tcpopt.t.json b/tests/py/any/tcpopt.t.json
|
|
|
4e0227 |
index 48eb339..2c6236a 100644
|
|
|
4e0227 |
--- a/tests/py/any/tcpopt.t.json
|
|
|
4e0227 |
+++ b/tests/py/any/tcpopt.t.json
|
|
|
4e0227 |
@@ -126,14 +126,14 @@
|
|
|
4e0227 |
}
|
|
|
4e0227 |
]
|
|
|
4e0227 |
|
|
|
4e0227 |
-# tcp option sack-permitted kind 1
|
|
|
4e0227 |
+# tcp option sack-perm kind 1
|
|
|
4e0227 |
[
|
|
|
4e0227 |
{
|
|
|
4e0227 |
"match": {
|
|
|
4e0227 |
"left": {
|
|
|
4e0227 |
"tcp option": {
|
|
|
4e0227 |
"field": "kind",
|
|
|
4e0227 |
- "name": "sack-permitted"
|
|
|
4e0227 |
+ "name": "sack-perm"
|
|
|
4e0227 |
}
|
|
|
4e0227 |
},
|
|
|
4e0227 |
"op": "==",
|
|
|
4e0227 |
@@ -142,14 +142,14 @@
|
|
|
4e0227 |
}
|
|
|
4e0227 |
]
|
|
|
4e0227 |
|
|
|
4e0227 |
-# tcp option sack-permitted length 1
|
|
|
4e0227 |
+# tcp option sack-perm length 1
|
|
|
4e0227 |
[
|
|
|
4e0227 |
{
|
|
|
4e0227 |
"match": {
|
|
|
4e0227 |
"left": {
|
|
|
4e0227 |
"tcp option": {
|
|
|
4e0227 |
"field": "length",
|
|
|
4e0227 |
- "name": "sack-permitted"
|
|
|
4e0227 |
+ "name": "sack-perm"
|
|
|
4e0227 |
}
|
|
|
4e0227 |
},
|
|
|
4e0227 |
"op": "==",
|
|
|
4e0227 |
diff --git a/tests/py/any/tcpopt.t.payload b/tests/py/any/tcpopt.t.payload
|
|
|
4e0227 |
index 63751cf..f63076a 100644
|
|
|
4e0227 |
--- a/tests/py/any/tcpopt.t.payload
|
|
|
4e0227 |
+++ b/tests/py/any/tcpopt.t.payload
|
|
|
4e0227 |
@@ -166,42 +166,42 @@ inet
|
|
|
4e0227 |
[ exthdr load tcpopt 1b @ 3 + 2 => reg 1 ]
|
|
|
4e0227 |
[ cmp eq reg 1 0x00000001 ]
|
|
|
4e0227 |
|
|
|
4e0227 |
-# tcp option sack-permitted kind 1
|
|
|
4e0227 |
+# tcp option sack-perm kind 1
|
|
|
4e0227 |
ip
|
|
|
4e0227 |
[ meta load l4proto => reg 1 ]
|
|
|
4e0227 |
[ cmp eq reg 1 0x00000006 ]
|
|
|
4e0227 |
[ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ]
|
|
|
4e0227 |
[ cmp eq reg 1 0x00000001 ]
|
|
|
4e0227 |
|
|
|
4e0227 |
-# tcp option sack-permitted kind 1
|
|
|
4e0227 |
+# tcp option sack-perm kind 1
|
|
|
4e0227 |
ip6
|
|
|
4e0227 |
[ meta load l4proto => reg 1 ]
|
|
|
4e0227 |
[ cmp eq reg 1 0x00000006 ]
|
|
|
4e0227 |
[ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ]
|
|
|
4e0227 |
[ cmp eq reg 1 0x00000001 ]
|
|
|
4e0227 |
|
|
|
4e0227 |
-# tcp option sack-permitted kind 1
|
|
|
4e0227 |
+# tcp option sack-perm kind 1
|
|
|
4e0227 |
inet
|
|
|
4e0227 |
[ meta load l4proto => reg 1 ]
|
|
|
4e0227 |
[ cmp eq reg 1 0x00000006 ]
|
|
|
4e0227 |
[ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ]
|
|
|
4e0227 |
[ cmp eq reg 1 0x00000001 ]
|
|
|
4e0227 |
|
|
|
4e0227 |
-# tcp option sack-permitted length 1
|
|
|
4e0227 |
+# tcp option sack-perm length 1
|
|
|
4e0227 |
ip
|
|
|
4e0227 |
[ meta load l4proto => reg 1 ]
|
|
|
4e0227 |
[ cmp eq reg 1 0x00000006 ]
|
|
|
4e0227 |
[ exthdr load tcpopt 1b @ 4 + 1 => reg 1 ]
|
|
|
4e0227 |
[ cmp eq reg 1 0x00000001 ]
|
|
|
4e0227 |
|
|
|
4e0227 |
-# tcp option sack-permitted length 1
|
|
|
4e0227 |
+# tcp option sack-perm length 1
|
|
|
4e0227 |
ip6
|
|
|
4e0227 |
[ meta load l4proto => reg 1 ]
|
|
|
4e0227 |
[ cmp eq reg 1 0x00000006 ]
|
|
|
4e0227 |
[ exthdr load tcpopt 1b @ 4 + 1 => reg 1 ]
|
|
|
4e0227 |
[ cmp eq reg 1 0x00000001 ]
|
|
|
4e0227 |
|
|
|
4e0227 |
-# tcp option sack-permitted length 1
|
|
|
4e0227 |
+# tcp option sack-perm length 1
|
|
|
4e0227 |
inet
|
|
|
4e0227 |
[ meta load l4proto => reg 1 ]
|
|
|
4e0227 |
[ cmp eq reg 1 0x00000006 ]
|
|
|
4e0227 |
--
|
|
|
4e0227 |
2.31.1
|
|
|
4e0227 |
|