From patchwork Tue Jul 27 22:39:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 1510671 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4GZBYc4RYKz9sV8 for ; Wed, 28 Jul 2021 08:39:32 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232449AbhG0Wjb (ORCPT ); Tue, 27 Jul 2021 18:39:31 -0400 Received: from mail.netfilter.org ([217.70.188.207]:36886 "EHLO mail.netfilter.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231730AbhG0Wjb (ORCPT ); Tue, 27 Jul 2021 18:39:31 -0400 Received: from salvia.lan (bl11-146-165.dsl.telepac.pt [85.244.146.165]) by mail.netfilter.org (Postfix) with ESMTPSA id 1FFE46429D; Wed, 28 Jul 2021 00:38:59 +0200 (CEST) From: Pablo Neira Ayuso To: netfilter-devel@vger.kernel.org Cc: tom.ty89@gmail.com Subject: [PATCH nft,v2 1/3] tests: py: idempotent tcp flags & syn != 0 to tcp flag syn Date: Wed, 28 Jul 2021 00:39:19 +0200 Message-Id: <20210727223921.29746-1-pablo@netfilter.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Add a test to cover this case. Signed-off-by: Pablo Neira Ayuso --- v2: no changes tests/py/inet/tcp.t | 1 + tests/py/inet/tcp.t.json | 16 ++++++++++++++++ tests/py/inet/tcp.t.payload | 8 ++++++++ 3 files changed, 25 insertions(+) diff --git a/tests/py/inet/tcp.t b/tests/py/inet/tcp.t index 13b84215bd86..5e2830b679a8 100644 --- a/tests/py/inet/tcp.t +++ b/tests/py/inet/tcp.t @@ -69,6 +69,7 @@ tcp flags != cwr;ok tcp flags == syn;ok tcp flags fin,syn / fin,syn;ok tcp flags != syn / fin,syn;ok +tcp flags & syn != 0;ok;tcp flags syn tcp flags & (fin | syn | rst | ack) syn;ok;tcp flags syn / fin,syn,rst,ack tcp flags & (fin | syn | rst | ack) != syn;ok;tcp flags != syn / fin,syn,rst,ack tcp flags & (fin | syn | rst | psh | ack | urg | ecn | cwr) == fin | syn | rst | psh | ack | urg | ecn | cwr;ok;tcp flags == 0xff diff --git a/tests/py/inet/tcp.t.json b/tests/py/inet/tcp.t.json index 033a4f22e0fd..6155c81f6150 100644 --- a/tests/py/inet/tcp.t.json +++ b/tests/py/inet/tcp.t.json @@ -1521,6 +1521,22 @@ } ] +# tcp flags & syn != 0 +[ + { + "match": { + "left": { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + "op": "in", + "right": "syn" + } + } +] + # tcp flags & (fin | syn | rst | ack) syn [ { diff --git a/tests/py/inet/tcp.t.payload b/tests/py/inet/tcp.t.payload index eaa7cd099bd6..6b8b4ecdb4ac 100644 --- a/tests/py/inet/tcp.t.payload +++ b/tests/py/inet/tcp.t.payload @@ -370,6 +370,14 @@ inet test-inet input [ bitwise reg 1 = ( reg 1 & 0x00000003 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000002 ] +# tcp flags & syn != 0 +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000002 ) ^ 0x00000000 ] + [ cmp neq reg 1 0x00000000 ] + # tcp flags & (fin | syn | rst | ack) syn inet test-inet input [ meta load l4proto => reg 1 ] From patchwork Tue Jul 27 22:39:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 1510672 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4GZBYd5wP7z9sV8 for ; Wed, 28 Jul 2021 08:39:33 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232506AbhG0Wjd (ORCPT ); Tue, 27 Jul 2021 18:39:33 -0400 Received: from mail.netfilter.org ([217.70.188.207]:36890 "EHLO mail.netfilter.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231730AbhG0Wjd (ORCPT ); Tue, 27 Jul 2021 18:39:33 -0400 Received: from salvia.lan (bl11-146-165.dsl.telepac.pt [85.244.146.165]) by mail.netfilter.org (Postfix) with ESMTPSA id 51C1D642B2; Wed, 28 Jul 2021 00:39:01 +0200 (CEST) From: Pablo Neira Ayuso To: netfilter-devel@vger.kernel.org Cc: tom.ty89@gmail.com Subject: [PATCH nft,v2 2/3] netlink_delinearize: skip flags / mask notation for singleton bitmask Date: Wed, 28 Jul 2021 00:39:20 +0200 Message-Id: <20210727223921.29746-2-pablo@netfilter.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210727223921.29746-1-pablo@netfilter.org> References: <20210727223921.29746-1-pablo@netfilter.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Do not transform 'tcp flags & flag == flag' to 'flag / flag'. The parser does not accept this notation yet. Fixes: c3d57114f119 ("parser_bison: add shortcut syntax for matching flags without binary operations") Signed-off-by: Pablo Neira Ayuso --- v2: skip transformation to flag / flag from delinearize path. src/netlink_delinearize.c | 8 ++++++++ tests/py/inet/tcp.t | 2 ++ tests/py/inet/tcp.t.json | 21 +++++++++++++++++++++ tests/py/inet/tcp.t.payload | 8 ++++++++ 4 files changed, 39 insertions(+) diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index c7dae26684cd..49870eeadd57 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -2285,6 +2285,14 @@ static void relational_binop_postprocess(struct rule_pp_ctx *ctx, BUG("unknown operation type %d\n", expr->op); } expr_free(binop); + } else if (binop->right->etype == EXPR_VALUE && + value->etype == EXPR_VALUE && + expr->op == OP_EQ && + !mpz_cmp(value->value, binop->right->value)) { + /* Skip flag / flag representation for: + * data & flag == flag + */ + ; } else { *exprp = flagcmp_expr_alloc(&expr->location, expr->op, expr_get(binop->left), diff --git a/tests/py/inet/tcp.t b/tests/py/inet/tcp.t index 5e2830b679a8..17e0d9b6df9f 100644 --- a/tests/py/inet/tcp.t +++ b/tests/py/inet/tcp.t @@ -70,6 +70,8 @@ tcp flags == syn;ok tcp flags fin,syn / fin,syn;ok tcp flags != syn / fin,syn;ok tcp flags & syn != 0;ok;tcp flags syn +# it should be possible to transform this to: tcp flags syn +tcp flags & syn == syn;ok tcp flags & (fin | syn | rst | ack) syn;ok;tcp flags syn / fin,syn,rst,ack tcp flags & (fin | syn | rst | ack) != syn;ok;tcp flags != syn / fin,syn,rst,ack tcp flags & (fin | syn | rst | psh | ack | urg | ecn | cwr) == fin | syn | rst | psh | ack | urg | ecn | cwr;ok;tcp flags == 0xff diff --git a/tests/py/inet/tcp.t.json b/tests/py/inet/tcp.t.json index 6155c81f6150..c1e4fb35a87c 100644 --- a/tests/py/inet/tcp.t.json +++ b/tests/py/inet/tcp.t.json @@ -1537,6 +1537,27 @@ } ] +# tcp flags & syn == syn +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + "syn" + ] + }, + "op": "==", + "right": "syn" + } + } +] + # tcp flags & (fin | syn | rst | ack) syn [ { diff --git a/tests/py/inet/tcp.t.payload b/tests/py/inet/tcp.t.payload index 6b8b4ecdb4ac..77b301883a15 100644 --- a/tests/py/inet/tcp.t.payload +++ b/tests/py/inet/tcp.t.payload @@ -378,6 +378,14 @@ inet test-inet input [ bitwise reg 1 = ( reg 1 & 0x00000002 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] +# tcp flags & syn == syn +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000002 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000002 ] + # tcp flags & (fin | syn | rst | ack) syn inet test-inet input [ meta load l4proto => reg 1 ] From patchwork Tue Jul 27 22:39:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 1510673 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4GZBYg1GLlz9sV8 for ; Wed, 28 Jul 2021 08:39:35 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232516AbhG0Wjf (ORCPT ); Tue, 27 Jul 2021 18:39:35 -0400 Received: from mail.netfilter.org ([217.70.188.207]:36896 "EHLO mail.netfilter.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231730AbhG0Wje (ORCPT ); Tue, 27 Jul 2021 18:39:34 -0400 Received: from salvia.lan (bl11-146-165.dsl.telepac.pt [85.244.146.165]) by mail.netfilter.org (Postfix) with ESMTPSA id 952036429D; Wed, 28 Jul 2021 00:39:02 +0200 (CEST) From: Pablo Neira Ayuso To: netfilter-devel@vger.kernel.org Cc: tom.ty89@gmail.com Subject: [PATCH nft,v2 3/3] tests: py: tcp flags & (fin | syn | rst | ack) == syn Date: Wed, 28 Jul 2021 00:39:21 +0200 Message-Id: <20210727223921.29746-3-pablo@netfilter.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210727223921.29746-1-pablo@netfilter.org> References: <20210727223921.29746-1-pablo@netfilter.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Add a test case to cover translation to tcp flags syn / fin,syn,rst,ack. Signed-off-by: Pablo Neira Ayuso --- v2: new in this series. tests/py/inet/tcp.t | 1 + tests/py/inet/tcp.t.json | 27 +++++++++++++++++++++++++++ tests/py/inet/tcp.t.payload | 8 ++++++++ 3 files changed, 36 insertions(+) diff --git a/tests/py/inet/tcp.t b/tests/py/inet/tcp.t index 17e0d9b6df9f..dece9eaa89f8 100644 --- a/tests/py/inet/tcp.t +++ b/tests/py/inet/tcp.t @@ -73,6 +73,7 @@ tcp flags & syn != 0;ok;tcp flags syn # it should be possible to transform this to: tcp flags syn tcp flags & syn == syn;ok tcp flags & (fin | syn | rst | ack) syn;ok;tcp flags syn / fin,syn,rst,ack +tcp flags & (fin | syn | rst | ack) == syn;ok;tcp flags syn / fin,syn,rst,ack tcp flags & (fin | syn | rst | ack) != syn;ok;tcp flags != syn / fin,syn,rst,ack tcp flags & (fin | syn | rst | psh | ack | urg | ecn | cwr) == fin | syn | rst | psh | ack | urg | ecn | cwr;ok;tcp flags == 0xff tcp flags { syn, syn | ack };ok diff --git a/tests/py/inet/tcp.t.json b/tests/py/inet/tcp.t.json index c1e4fb35a87c..23244eaa2339 100644 --- a/tests/py/inet/tcp.t.json +++ b/tests/py/inet/tcp.t.json @@ -1584,6 +1584,33 @@ } ] +# tcp flags & (fin | syn | rst | ack) == syn +[ + { + "match": { + "left": { + "&": [ + { + "payload": { + "field": "flags", + "protocol": "tcp" + } + }, + [ + "fin", + "syn", + "rst", + "ack" + ] + ] + }, + "op": "==", + "right": "syn" + } + } +] + + # tcp flags & (fin | syn | rst | ack) != syn [ { diff --git a/tests/py/inet/tcp.t.payload b/tests/py/inet/tcp.t.payload index 77b301883a15..4e795aa931ac 100644 --- a/tests/py/inet/tcp.t.payload +++ b/tests/py/inet/tcp.t.payload @@ -394,6 +394,14 @@ inet test-inet input [ bitwise reg 1 = ( reg 1 & 0x00000017 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000002 ] +# tcp flags & (fin | syn | rst | ack) == syn +inet test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 1b @ transport header + 13 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x00000017 ) ^ 0x00000000 ] + [ cmp eq reg 1 0x00000002 ] + # tcp flags & (fin | syn | rst | ack) != syn inet test-inet input [ meta load l4proto => reg 1 ]