One was added by the tcp option parsing ocde, the other by synproxy. So we have: synproxy ... sack-perm synproxy ... mss and tcp option maxseg tcp option sack-permitted This kills the extra tokens on the scanner/parser side, so sack-perm and sack-permitted can both be used. Likewise, 'synproxy maxseg' and 'tcp option mss size 42' will work too. On the output side, the shorter form is now preferred, i.e. sack-perm and mss. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- doc/payload-expression.txt | 8 ++++---- src/parser_bison.y | 13 ++++++------- src/scanner.l | 8 ++++---- src/tcpopt.c | 2 +- tests/py/any/tcpopt.t | 4 ++-- tests/py/any/tcpopt.t.json | 8 ++++---- tests/py/any/tcpopt.t.payload | 12 ++++++------ 7 files changed, 27 insertions(+), 28 deletions(-) diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt index 93d4d22f59f5..9df20a18ae8a 100644 --- a/doc/payload-expression.txt +++ b/doc/payload-expression.txt @@ -525,13 +525,13 @@ nftables currently supports matching (finding) a given ipv6 extension header, TC *dst* {*nexthdr* | *hdrlength*} *mh* {*nexthdr* | *hdrlength* | *checksum* | *type*} *srh* {*flags* | *tag* | *sid* | *seg-left*} -*tcp option* {*eol* | *noop* | *maxseg* | *window* | *sack-permitted* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp*} 'tcp_option_field' +*tcp option* {*eol* | *noop* | *maxseg* | *window* | *sack-perm* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp*} 'tcp_option_field' *ip option* { lsrr | ra | rr | ssrr } 'ip_option_field' The following syntaxes are valid only in a relational expression with boolean type on right-hand side for checking header existence only: [verse] *exthdr* {*hbh* | *frag* | *rt* | *dst* | *mh*} -*tcp option* {*eol* | *noop* | *maxseg* | *window* | *sack-permitted* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp*} +*tcp option* {*eol* | *noop* | *maxseg* | *window* | *sack-perm* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp*} *ip option* { lsrr | ra | rr | ssrr } .IPv6 extension headers @@ -568,7 +568,7 @@ kind, length, size |window| TCP Window Scaling | kind, length, count -|sack-permitted| +|sack-perm | TCP SACK permitted | kind, length |sack| @@ -611,7 +611,7 @@ type, length, ptr, addr .finding TCP options -------------------- -filter input tcp option sack-permitted kind 1 counter +filter input tcp option sack-perm kind 1 counter -------------------- .matching IPv6 exthdr diff --git a/src/parser_bison.y b/src/parser_bison.y index 9bf4f71f1f66..8c37f895167e 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -233,7 +233,6 @@ int nft_lex(void *, void *, void *); %token SYNPROXY "synproxy" %token MSS "mss" %token WSCALE "wscale" -%token SACKPERM "sack-perm" %token TYPEOF "typeof" @@ -400,14 +399,13 @@ int nft_lex(void *, void *, void *); %token OPTION "option" %token ECHO "echo" %token EOL "eol" -%token MAXSEG "maxseg" %token NOOP "noop" %token SACK "sack" %token SACK0 "sack0" %token SACK1 "sack1" %token SACK2 "sack2" %token SACK3 "sack3" -%token SACK_PERMITTED "sack-permitted" +%token SACK_PERM "sack-permitted" %token TIMESTAMP "timestamp" %token KIND "kind" %token COUNT "count" @@ -3279,7 +3277,7 @@ synproxy_arg : MSS NUM { $<stmt>0->synproxy.flags |= NF_SYNPROXY_OPT_TIMESTAMP; } - | SACKPERM + | SACK_PERM { $<stmt>0->synproxy.flags |= NF_SYNPROXY_OPT_SACK_PERM; } @@ -3334,7 +3332,7 @@ synproxy_ts : /* empty */ { $$ = 0; } ; synproxy_sack : /* empty */ { $$ = 0; } - | SACKPERM + | SACK_PERM { $$ = NF_SYNPROXY_OPT_SACK_PERM; } @@ -5216,9 +5214,10 @@ tcp_hdr_field : SPORT { $$ = TCPHDR_SPORT; } tcp_hdr_option_type : EOL { $$ = TCPOPTHDR_EOL; } | NOOP { $$ = TCPOPTHDR_NOOP; } - | MAXSEG { $$ = TCPOPTHDR_MAXSEG; } + | MSS { $$ = TCPOPTHDR_MAXSEG; } + | SACK_PERM { $$ = TCPOPTHDR_SACK_PERMITTED; } | WINDOW { $$ = TCPOPTHDR_WINDOW; } - | SACK_PERMITTED { $$ = TCPOPTHDR_SACK_PERMITTED; } + | WSCALE { $$ = TCPOPTHDR_WINDOW; } | SACK { $$ = TCPOPTHDR_SACK0; } | SACK0 { $$ = TCPOPTHDR_SACK0; } | SACK1 { $$ = TCPOPTHDR_SACK1; } diff --git a/src/scanner.l b/src/scanner.l index 7afd9bfb8893..516c648f1c1f 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -421,14 +421,16 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "echo" { return ECHO; } "eol" { return EOL; } -"maxseg" { return MAXSEG; } +"maxseg" { return MSS; } +"mss" { return MSS; } "noop" { return NOOP; } "sack" { return SACK; } "sack0" { return SACK0; } "sack1" { return SACK1; } "sack2" { return SACK2; } "sack3" { return SACK3; } -"sack-permitted" { return SACK_PERMITTED; } +"sack-permitted" { return SACK_PERM; } +"sack-perm" { return SACK_PERM; } "timestamp" { return TIMESTAMP; } "time" { return TIME; } @@ -565,9 +567,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "osf" { return OSF; } "synproxy" { return SYNPROXY; } -"mss" { return MSS; } "wscale" { return WSCALE; } -"sack-perm" { return SACKPERM; } "notrack" { return NOTRACK; } diff --git a/src/tcpopt.c b/src/tcpopt.c index ec305d9466d5..6dbaa9e6dd17 100644 --- a/src/tcpopt.c +++ b/src/tcpopt.c @@ -55,7 +55,7 @@ static const struct exthdr_desc tcpopt_window = { }; static const struct exthdr_desc tcpopt_sack_permitted = { - .name = "sack-permitted", + .name = "sack-perm", .type = TCPOPT_SACK_PERMITTED, .templates = { [TCPOPTHDR_FIELD_KIND] = PHT("kind", 0, 8), diff --git a/tests/py/any/tcpopt.t b/tests/py/any/tcpopt.t index 08b1dcb3c489..5f21d4989fea 100644 --- a/tests/py/any/tcpopt.t +++ b/tests/py/any/tcpopt.t @@ -12,8 +12,8 @@ tcp option maxseg size 1;ok tcp option window kind 1;ok tcp option window length 1;ok tcp option window count 1;ok -tcp option sack-permitted kind 1;ok -tcp option sack-permitted length 1;ok +tcp option sack-perm kind 1;ok +tcp option sack-perm length 1;ok tcp option sack kind 1;ok tcp option sack length 1;ok tcp option sack left 1;ok diff --git a/tests/py/any/tcpopt.t.json b/tests/py/any/tcpopt.t.json index 48eb339cee35..2c6236a1a152 100644 --- a/tests/py/any/tcpopt.t.json +++ b/tests/py/any/tcpopt.t.json @@ -126,14 +126,14 @@ } ] -# tcp option sack-permitted kind 1 +# tcp option sack-perm kind 1 [ { "match": { "left": { "tcp option": { "field": "kind", - "name": "sack-permitted" + "name": "sack-perm" } }, "op": "==", @@ -142,14 +142,14 @@ } ] -# tcp option sack-permitted length 1 +# tcp option sack-perm length 1 [ { "match": { "left": { "tcp option": { "field": "length", - "name": "sack-permitted" + "name": "sack-perm" } }, "op": "==", diff --git a/tests/py/any/tcpopt.t.payload b/tests/py/any/tcpopt.t.payload index 63751cf26e75..f63076ae497e 100644 --- a/tests/py/any/tcpopt.t.payload +++ b/tests/py/any/tcpopt.t.payload @@ -166,42 +166,42 @@ inet [ exthdr load tcpopt 1b @ 3 + 2 => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option sack-permitted kind 1 +# tcp option sack-perm kind 1 ip [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option sack-permitted kind 1 +# tcp option sack-perm kind 1 ip6 [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option sack-permitted kind 1 +# tcp option sack-perm kind 1 inet [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option sack-permitted length 1 +# tcp option sack-perm length 1 ip [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 4 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option sack-permitted length 1 +# tcp option sack-perm length 1 ip6 [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ exthdr load tcpopt 1b @ 4 + 1 => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# tcp option sack-permitted length 1 +# tcp option sack-perm length 1 inet [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] -- 2.26.2