This patch adds the following shortcut syntax:
expression flags / flags
instead of:
expression and flags == flags
For example:
tcp flags syn,ack / syn,ack,fin,rst
^^^^^^^ ^^^^^^^^^^^^^^^
value mask
instead of:
tcp flags and (syn|ack|fin|rst) == syn|ack
The second list of comma-separated flags represents the mask which are
examined and the first list of comma-separated flags must be set.
You can also use the != operator with this syntax:
tcp flags != fin,rst / syn,ack,fin,rst
This short is based on the prefix notation, but it is also similar to
the iptables tcp matching syntax.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
netlink delinearize code update to list this new syntax is missing in
this patch.
src/parser_bison.y | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index b50b60649d2e..0747601e551d 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -4469,6 +4469,34 @@ relational_expr : expr /* implicit */ rhs_expr
{
$$ = relational_expr_alloc(&@$, OP_IMPLICIT, $1, $2);
}
+ | expr /* implicit */ basic_rhs_expr SLASH list_rhs_expr
+ {
+ struct expr *expr;
+
+ expr = binop_expr_alloc(&@$, OP_AND, $1, $4);
+ $$ = relational_expr_alloc(&@$, OP_EQ, expr, $2);
+ }
+ | expr /* implicit */ list_rhs_expr SLASH list_rhs_expr
+ {
+ struct expr *expr;
+
+ expr = binop_expr_alloc(&@$, OP_AND, $1, $4);
+ $$ = relational_expr_alloc(&@$, OP_EQ, expr, $2);
+ }
+ | expr relational_op basic_rhs_expr SLASH list_rhs_expr
+ {
+ struct expr *expr;
+
+ expr = binop_expr_alloc(&@$, OP_AND, $1, $5);
+ $$ = relational_expr_alloc(&@$, $2, expr, $3);
+ }
+ | expr relational_op list_rhs_expr SLASH list_rhs_expr
+ {
+ struct expr *expr;
+
+ expr = binop_expr_alloc(&@$, OP_AND, $1, $5);
+ $$ = relational_expr_alloc(&@$, $2, expr, $3);
+ }
| expr relational_op rhs_expr
{
$$ = relational_expr_alloc(&@2, $2, $1, $3);
--
2.20.1
