[PATCH nft 1/2,v2] parser_bison: missing tproxy syntax with port only for inet family

[Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>]

 # nft add rule inet filter divert ip daddr 0.0.0.0/0 meta l4proto tcp tproxy ip to :2000
 Error: syntax error, unexpected colon
 add rule inet filter divert ip daddr 0.0.0.0/0 meta l4proto tcp tproxy ip to :2000
                                                                              ^

Syntax with no protocol for tproxy complains with:

 # nft add rule inet filter divert ip daddr 0.0.0.0/0 meta l4proto tcp tproxy to :2000
 Error: Conflicting network layer protocols.
 add rule inet filter divert ip daddr 0.0.0.0/0 meta l4proto tcp tproxy to :2000
                                                                 ^^^^^^^^^^^^^^^

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1310
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 src/parser_bison.y             |  6 ++++++
 tests/py/inet/tproxy.t         |  5 +++--
 tests/py/inet/tproxy.t.payload | 26 ++++++++++++++++++++++++++
 tests/py/ip/tproxy.t           |  2 +-
 tests/py/ip/tproxy.t.payload   |  8 ++++++++
 tests/py/ip6/tproxy.t          |  2 +-
 tests/py/ip6/tproxy.t.payload  |  7 +++++++
 7 files changed, 52 insertions(+), 4 deletions(-)

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 65b3fb3ebac2..50642b4e02f4 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2687,6 +2687,12 @@ tproxy_stmt		:	TPROXY TO stmt_expr
 				$$->tproxy.addr = $4;
 				$$->tproxy.port = $6;
 			}
+			|	TPROXY nf_key_proto	TO COLON stmt_expr
+			{
+				$$ = tproxy_stmt_alloc(&@$);
+				$$->tproxy.family = $2;
+				$$->tproxy.port = $5;
+			}
 			;
 
 primary_stmt_expr	:	symbol_expr		{ $$ = $1; }
diff --git a/tests/py/inet/tproxy.t b/tests/py/inet/tproxy.t
index f80f77347b86..0ba78ef1826a 100644
--- a/tests/py/inet/tproxy.t
+++ b/tests/py/inet/tproxy.t
@@ -15,6 +15,7 @@ meta l4proto 6 tproxy ip6 to [2001:db8::1];ok
 meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080;ok
 ip6 nexthdr 6 tproxy ip to 192.0.2.1;fail
 
-meta l4proto 17 tproxy ip to :50080;fail
-meta l4proto 17 tproxy ip6 to :50080;fail
+meta l4proto 17 tproxy ip to :50080;ok
+meta l4proto 17 tproxy ip6 to :50080;ok
 meta l4proto 17 tproxy to :50080;ok
+ip daddr 0.0.0.0/0 meta l4proto tcp tproxy ip to :2000;ok
diff --git a/tests/py/inet/tproxy.t.payload b/tests/py/inet/tproxy.t.payload
index 4b18460d8b8d..8a6ba0365605 100644
--- a/tests/py/inet/tproxy.t.payload
+++ b/tests/py/inet/tproxy.t.payload
@@ -35,3 +35,29 @@ inet x y
   [ immediate reg 1 0x0000a0c3 ]
   [ tproxy port reg 1 ]
 
+# meta l4proto 17 tproxy ip to :50080
+inet x y 
+  [ meta load l4proto => reg 1 ]
+  [ cmp eq reg 1 0x00000011 ]
+  [ immediate reg 1 0x0000a0c3 ]
+  [ tproxy ip port reg 1 ]
+
+# meta l4proto 17 tproxy ip6 to :50080
+inet x y 
+  [ meta load l4proto => reg 1 ]
+  [ cmp eq reg 1 0x00000011 ]
+  [ immediate reg 1 0x0000a0c3 ]
+  [ tproxy ip6 port reg 1 ]
+
+# ip daddr 0.0.0.0/0 meta l4proto tcp tproxy ip to :2000
+inet x y 
+  [ meta load nfproto => reg 1 ]
+  [ cmp eq reg 1 0x00000002 ]
+  [ payload load 4b @ network header + 16 => reg 1 ]
+  [ bitwise reg 1 = (reg=1 & 0x00000000 ) ^ 0x00000000 ]
+  [ cmp eq reg 1 0x00000000 ]
+  [ meta load l4proto => reg 1 ]
+  [ cmp eq reg 1 0x00000006 ]
+  [ immediate reg 1 0x0000d007 ]
+  [ tproxy ip port reg 1 ]
+
diff --git a/tests/py/ip/tproxy.t b/tests/py/ip/tproxy.t
index dbd8f5e90a04..966898c037b2 100644
--- a/tests/py/ip/tproxy.t
+++ b/tests/py/ip/tproxy.t
@@ -11,4 +11,4 @@ meta l4proto 6 tproxy to 192.0.2.1:50080;ok
 ip protocol 6 tproxy to :50080;ok
 meta l4proto 17 tproxy ip to 192.0.2.1;ok;meta l4proto 17 tproxy to 192.0.2.1
 meta l4proto 6 tproxy ip to 192.0.2.1:50080;ok;meta l4proto 6 tproxy to 192.0.2.1:50080
-ip protocol 6 tproxy ip to :50080;fail
+ip protocol 6 tproxy ip to :50080;ok
diff --git a/tests/py/ip/tproxy.t.payload b/tests/py/ip/tproxy.t.payload
index 035651f48cb3..dfe830ec3715 100644
--- a/tests/py/ip/tproxy.t.payload
+++ b/tests/py/ip/tproxy.t.payload
@@ -34,3 +34,11 @@ ip x y
   [ immediate reg 1 0x010200c0 ]
   [ immediate reg 2 0x0000a0c3 ]
   [ tproxy ip addr reg 1 port reg 2 ]
+
+# ip protocol 6 tproxy ip to :50080
+ip x y 
+  [ payload load 1b @ network header + 9 => reg 1 ]
+  [ cmp eq reg 1 0x00000006 ]
+  [ immediate reg 1 0x0000a0c3 ]
+  [ tproxy ip port reg 1 ]
+
diff --git a/tests/py/ip6/tproxy.t b/tests/py/ip6/tproxy.t
index 4e48d81f13cc..48fe4ca76505 100644
--- a/tests/py/ip6/tproxy.t
+++ b/tests/py/ip6/tproxy.t
@@ -11,4 +11,4 @@ meta l4proto 17 tproxy to [2001:db8::1]:50080;ok
 meta l4proto 6 tproxy to :50080;ok
 meta l4proto 6 tproxy ip6 to [2001:db8::1];ok;meta l4proto 6 tproxy to [2001:db8::1]
 meta l4proto 17 tproxy ip6 to [2001:db8::1]:50080;ok;meta l4proto 17 tproxy to [2001:db8::1]:50080
-meta l4proto 6 tproxy ip6 to :50080;fail
+meta l4proto 6 tproxy ip6 to :50080;ok
diff --git a/tests/py/ip6/tproxy.t.payload b/tests/py/ip6/tproxy.t.payload
index c78c8a1dd20a..9f28e80b4142 100644
--- a/tests/py/ip6/tproxy.t.payload
+++ b/tests/py/ip6/tproxy.t.payload
@@ -35,3 +35,10 @@ ip6 x y
   [ immediate reg 2 0x0000a0c3 ]
   [ tproxy ip6 addr reg 1 port reg 2 ]
 
+# meta l4proto 6 tproxy ip6 to :50080
+ip6 x y 
+  [ meta load l4proto => reg 1 ]
+  [ cmp eq reg 1 0x00000006 ]
+  [ immediate reg 1 0x0000a0c3 ]
+  [ tproxy ip6 port reg 1 ]
+
-- 
2.11.0