Parse 'snat' and 'dnat' reserved keywords from the right-hand side as symbols. Thus, we can use them as values from ct status. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=950 Reported-by: Ana Rey <anarey@xxxxxxxxx> Reported-by: Karol Babioch <karol@xxxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- src/parser_bison.y | 12 ++++++++++++ tests/py/any/ct.t | 8 +++----- tests/py/any/ct.t.payload | 19 +++++++++++++++++++ 3 files changed, 34 insertions(+), 5 deletions(-) diff --git a/src/parser_bison.y b/src/parser_bison.y index 3f22639..90978ab 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -2196,6 +2196,18 @@ primary_rhs_expr : symbol_expr { $$ = $1; } BYTEORDER_HOST_ENDIAN, sizeof(data) * BITS_PER_BYTE, &data); } + | SNAT + { + $$ = symbol_expr_alloc(&@$, SYMBOL_VALUE, + current_scope(state), + "snat"); + } + | DNAT + { + $$ = symbol_expr_alloc(&@$, SYMBOL_VALUE, + current_scope(state), + "dnat"); + } ; relational_op : EQ { $$ = OP_EQ; } diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t index 6896b1f..095e86c 100644 --- a/tests/py/any/ct.t +++ b/tests/py/any/ct.t @@ -26,13 +26,11 @@ ct status != expected;ok ct status seen-reply;ok ct status != seen-reply;ok ct status {expected, seen-reply, assured, confirmed, dying};ok +ct status expected,seen-reply,assured,confirmed,snat,dnat,dying;ok +ct status snat;ok +ct status dnat;ok ct status xxx;fail -# SYMBOL("snat", IPS_SRC_NAT) -# SYMBOL("dnat", IPS_DST_NAT) -- ct status snat;ok -- ct status dnat;ok - ct mark 0;ok;ct mark 0x00000000 ct mark or 0x23 == 0x11;ok;ct mark | 0x00000023 == 0x00000011 ct mark or 0x3 != 0x1;ok;ct mark | 0x00000003 != 0x00000001 diff --git a/tests/py/any/ct.t.payload b/tests/py/any/ct.t.payload index ac99429..62e9259 100644 --- a/tests/py/any/ct.t.payload +++ b/tests/py/any/ct.t.payload @@ -304,3 +304,22 @@ ip test-ip4 output [ ct load bytes => reg 1 ] [ byteorder reg 1 = hton(reg 1, 8, 8) ] [ cmp gt reg 1 0x00000000 0xa0860100 ] + +# ct status expected,seen-reply,assured,confirmed,snat,dnat,dying +ip test-ip4 output + [ ct load status => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x0000023f ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ct status snat +ip test-ip4 output + [ ct load status => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000010 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + +# ct status dnat +ip test-ip4 output + [ ct load status => reg 1 ] + [ bitwise reg 1 = (reg=1 & 0x00000020 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + -- 2.1.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
