@@ -73,6 +73,7 @@ tcp flags & syn != 0;ok;tcp flags syn
# it should be possible to transform this to: tcp flags syn
tcp flags & syn == syn;ok
tcp flags & (fin | syn | rst | ack) syn;ok;tcp flags syn / fin,syn,rst,ack
+tcp flags & (fin | syn | rst | ack) == syn;ok;tcp flags syn / fin,syn,rst,ack
tcp flags & (fin | syn | rst | ack) != syn;ok;tcp flags != syn / fin,syn,rst,ack
tcp flags & (fin | syn | rst | psh | ack | urg | ecn | cwr) == fin | syn | rst | psh | ack | urg | ecn | cwr;ok;tcp flags == 0xff
tcp flags { syn, syn | ack };ok
@@ -1584,6 +1584,33 @@
}
]
+# tcp flags & (fin | syn | rst | ack) == syn
+[
+ {
+ "match": {
+ "left": {
+ "&": [
+ {
+ "payload": {
+ "field": "flags",
+ "protocol": "tcp"
+ }
+ },
+ [
+ "fin",
+ "syn",
+ "rst",
+ "ack"
+ ]
+ ]
+ },
+ "op": "==",
+ "right": "syn"
+ }
+ }
+]
+
+
# tcp flags & (fin | syn | rst | ack) != syn
[
{
@@ -394,6 +394,14 @@ inet test-inet input
[ bitwise reg 1 = ( reg 1 & 0x00000017 ) ^ 0x00000000 ]
[ cmp eq reg 1 0x00000002 ]
+# tcp flags & (fin | syn | rst | ack) == syn
+inet test-inet input
+ [ meta load l4proto => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 1b @ transport header + 13 => reg 1 ]
+ [ bitwise reg 1 = ( reg 1 & 0x00000017 ) ^ 0x00000000 ]
+ [ cmp eq reg 1 0x00000002 ]
+
# tcp flags & (fin | syn | rst | ack) != syn
inet test-inet input
[ meta load l4proto => reg 1 ]
Add a test case to cover translation to tcp flags syn / fin,syn,rst,ack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- v2: new in this series. tests/py/inet/tcp.t | 1 + tests/py/inet/tcp.t.json | 27 +++++++++++++++++++++++++++ tests/py/inet/tcp.t.payload | 8 ++++++++ 3 files changed, 36 insertions(+)