@@ -4469,6 +4469,34 @@ relational_expr : expr /* implicit */ rhs_expr
{
$$ = relational_expr_alloc(&@$, OP_IMPLICIT, $1, $2);
}
+ | expr /* implicit */ basic_rhs_expr SLASH list_rhs_expr
+ {
+ struct expr *expr;
+
+ expr = binop_expr_alloc(&@$, OP_AND, $1, $4);
+ $$ = relational_expr_alloc(&@$, OP_EQ, expr, $2);
+ }
+ | expr /* implicit */ list_rhs_expr SLASH list_rhs_expr
+ {
+ struct expr *expr;
+
+ expr = binop_expr_alloc(&@$, OP_AND, $1, $4);
+ $$ = relational_expr_alloc(&@$, OP_EQ, expr, $2);
+ }
+ | expr relational_op basic_rhs_expr SLASH list_rhs_expr
+ {
+ struct expr *expr;
+
+ expr = binop_expr_alloc(&@$, OP_AND, $1, $5);
+ $$ = relational_expr_alloc(&@$, $2, expr, $3);
+ }
+ | expr relational_op list_rhs_expr SLASH list_rhs_expr
+ {
+ struct expr *expr;
+
+ expr = binop_expr_alloc(&@$, OP_AND, $1, $5);
+ $$ = relational_expr_alloc(&@$, $2, expr, $3);
+ }
| expr relational_op rhs_expr
{
$$ = relational_expr_alloc(&@2, $2, $1, $3);
This patch adds the following shortcut syntax: expression flags / flags instead of: expression and flags == flags For example: tcp flags syn,ack / syn,ack,fin,rst ^^^^^^^ ^^^^^^^^^^^^^^^ value mask instead of: tcp flags and (syn|ack|fin|rst) == syn|ack The second list of comma-separated flags represents the mask which are examined and the first list of comma-separated flags must be set. You can also use the != operator with this syntax: tcp flags != fin,rst / syn,ack,fin,rst This short is based on the prefix notation, but it is also similar to the iptables tcp matching syntax. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- netlink delinearize code update to list this new syntax is missing in this patch. src/parser_bison.y | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+)