@@ -2661,7 +2661,7 @@
}
},
"op": "==",
- "right": "17:00"
+ "right": "17:00:00"
}
},
{
@@ -192,7 +192,7 @@
"left": {
"tcp option": {
"field": "left",
- "name": "sack"
+ "name": "sack0"
}
},
"op": "==",
@@ -272,7 +272,7 @@
"left": {
"tcp option": {
"field": "right",
- "name": "sack"
+ "name": "sack0"
}
},
"op": "==",
@@ -1370,13 +1370,13 @@
"op": "==",
"right": {
"set": [
+ "syn",
{
"|": [
"syn",
"ack"
]
- },
- "syn"
+ }
]
}
}
@@ -1401,10 +1401,10 @@
"op": "==",
"right": {
"set": [
- { "|": [ "fin", "psh", "ack" ] },
"fin",
+ "ack",
{ "|": [ "psh", "ack" ] },
- "ack"
+ { "|": [ "fin", "psh", "ack" ] }
]
}
}
@@ -1442,17 +1442,21 @@
"protocol": "tcp"
}
},
- [
- "fin",
- "syn"
- ]
+ {
+ "|": [
+ "fin",
+ "syn"
+ ]
+ }
]
},
"op": "==",
- "right": [
- "fin",
- "syn"
- ]
+ "right": {
+ "|": [
+ "fin",
+ "syn"
+ ]
+ }
}
}
]
@@ -1469,10 +1473,12 @@
"protocol": "tcp"
}
},
- [
- "fin",
- "syn"
- ]
+ {
+ "|": [
+ "fin",
+ "syn"
+ ]
+ }
]
},
"op": "!=",
@@ -1605,12 +1611,14 @@
"protocol": "tcp"
}
},
- [
- "fin",
- "syn",
- "rst",
- "ack"
- ]
+ {
+ "|": [
+ "fin",
+ "syn",
+ "rst",
+ "ack"
+ ]
+ }
]
},
"op": "==",
@@ -1631,12 +1639,14 @@
"protocol": "tcp"
}
},
- [
- "fin",
- "syn",
- "rst",
- "ack"
- ]
+ {
+ "|": [
+ "fin",
+ "syn",
+ "rst",
+ "ack"
+ ]
+ }
]
},
"op": "==",
@@ -1658,12 +1668,14 @@
"protocol": "tcp"
}
},
- [
- "fin",
- "syn",
- "rst",
- "ack"
- ]
+ {
+ "|": [
+ "fin",
+ "syn",
+ "rst",
+ "ack"
+ ]
+ }
]
},
"op": "!=",
@@ -1684,19 +1696,23 @@
"protocol": "tcp"
}
},
- [
- "fin",
- "syn",
- "rst",
- "ack"
- ]
+ {
+ "|": [
+ "fin",
+ "syn",
+ "rst",
+ "ack"
+ ]
+ }
]
},
"op": "==",
- "right": [
- "syn",
- "ack"
- ]
+ "right": {
+ "|": [
+ "syn",
+ "ack"
+ ]
+ }
}
}
]
@@ -1713,17 +1729,21 @@
"protocol": "tcp"
}
},
- [
- "syn",
- "ack"
- ]
+ {
+ "|": [
+ "syn",
+ "ack"
+ ]
+ }
]
},
"op": "==",
- "right": [
- "syn",
- "ack"
- ]
+ "right": {
+ "|": [
+ "syn",
+ "ack"
+ ]
+ }
}
}
]
Make sure they match the standard syntax input as much as possible. For some reason inet/tcp.t.json was using plain arrays in place of binary OR expressions in many cases. These arrays are interpreted as list expressions, which seems to be semantically identical but the goal here is to present an accurate equivalent to the rule in standard syntax. Signed-off-by: Phil Sutter <phil@nwl.cc> --- tests/py/any/meta.t.json | 2 +- tests/py/any/tcpopt.t.json | 4 +- tests/py/inet/tcp.t.json | 124 +++++++++++++++++++++---------------- 3 files changed, 75 insertions(+), 55 deletions(-)