|
 |
81eb9cb |
From 45ef10dd7b9d4337bfef9573803c1c7cadc012e6 Mon Sep 17 00:00:00 2001
|
|
|
81eb9cb |
From: Phil Sutter <phil@nwl.cc>
|
|
|
81eb9cb |
Date: Tue, 14 Aug 2018 14:18:06 +0200
|
|
|
81eb9cb |
Subject: [PATCH] ss: Review ssfilter
|
|
|
81eb9cb |
|
|
|
81eb9cb |
The original problem was ssfilter rejecting single expressions if
|
|
|
81eb9cb |
enclosed in braces, such as:
|
|
|
81eb9cb |
|
|
|
81eb9cb |
| sport = 22 or ( dport = 22 )
|
|
|
81eb9cb |
|
|
|
81eb9cb |
This is fixed by allowing 'expr' to be an 'exprlist' enclosed in braces.
|
|
|
81eb9cb |
The no longer required recursion in 'exprlist' being an 'exprlist'
|
|
|
81eb9cb |
enclosed in braces is dropped.
|
|
|
81eb9cb |
|
|
|
81eb9cb |
In addition to that, a few other things are changed:
|
|
|
81eb9cb |
|
|
|
81eb9cb |
* Remove pointless 'null' prefix in 'appled' before 'exprlist'.
|
|
|
81eb9cb |
* For simple equals matches, '=' operator was required for ports but not
|
|
|
81eb9cb |
allowed for hosts. Make this consistent by making '=' operator
|
|
|
81eb9cb |
optional in both cases.
|
|
|
81eb9cb |
|
|
|
81eb9cb |
Reported-by: Samuel Mannehed <samuel@cendio.se>
|
|
|
81eb9cb |
Fixes: b2038cc0b2403 ("ssfilter: Eliminate shift/reduce conflicts")
|
|
|
81eb9cb |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
81eb9cb |
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
|
81eb9cb |
(cherry picked from commit 38d209ecf2ae966b9b25de4acb60cdffb0e06ced)
|
|
|
81eb9cb |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
81eb9cb |
---
|
|
|
81eb9cb |
misc/ssfilter.y | 36 +++++++++++++++++++++---------------
|
|
|
81eb9cb |
1 file changed, 21 insertions(+), 15 deletions(-)
|
|
|
81eb9cb |
|
|
|
81eb9cb |
diff --git a/misc/ssfilter.y b/misc/ssfilter.y
|
|
|
81eb9cb |
index 88d4229a9b241..0413dddaa7584 100644
|
|
|
81eb9cb |
--- a/misc/ssfilter.y
|
|
|
81eb9cb |
+++ b/misc/ssfilter.y
|
|
|
81eb9cb |
@@ -42,24 +42,22 @@ static void yyerror(char *s)
|
|
|
81eb9cb |
%nonassoc '!'
|
|
|
81eb9cb |
|
|
|
81eb9cb |
%%
|
|
|
81eb9cb |
-applet: null exprlist
|
|
|
81eb9cb |
+applet: exprlist
|
|
|
81eb9cb |
{
|
|
|
81eb9cb |
- *yy_ret = $2;
|
|
|
81eb9cb |
- $$ = $2;
|
|
|
81eb9cb |
+ *yy_ret = $1;
|
|
|
81eb9cb |
+ $$ = $1;
|
|
|
81eb9cb |
}
|
|
|
81eb9cb |
| null
|
|
|
81eb9cb |
;
|
|
|
81eb9cb |
+
|
|
|
81eb9cb |
null: /* NOTHING */ { $$ = NULL; }
|
|
|
81eb9cb |
;
|
|
|
81eb9cb |
+
|
|
|
81eb9cb |
exprlist: expr
|
|
|
81eb9cb |
| '!' expr
|
|
|
81eb9cb |
{
|
|
|
81eb9cb |
$$ = alloc_node(SSF_NOT, $2);
|
|
|
81eb9cb |
}
|
|
|
81eb9cb |
- | '(' exprlist ')'
|
|
|
81eb9cb |
- {
|
|
|
81eb9cb |
- $$ = $2;
|
|
|
81eb9cb |
- }
|
|
|
81eb9cb |
| exprlist '|' expr
|
|
|
81eb9cb |
{
|
|
|
81eb9cb |
$$ = alloc_node(SSF_OR, $1);
|
|
|
81eb9cb |
@@ -77,13 +75,21 @@ exprlist: expr
|
|
|
81eb9cb |
}
|
|
|
81eb9cb |
;
|
|
|
81eb9cb |
|
|
|
81eb9cb |
-expr: DCOND HOSTCOND
|
|
|
81eb9cb |
+eq: '='
|
|
|
81eb9cb |
+ | /* nothing */
|
|
|
81eb9cb |
+ ;
|
|
|
81eb9cb |
+
|
|
|
81eb9cb |
+expr: '(' exprlist ')'
|
|
|
81eb9cb |
+ {
|
|
|
81eb9cb |
+ $$ = $2;
|
|
|
81eb9cb |
+ }
|
|
|
81eb9cb |
+ | DCOND eq HOSTCOND
|
|
|
81eb9cb |
{
|
|
|
81eb9cb |
- $$ = alloc_node(SSF_DCOND, $2);
|
|
|
81eb9cb |
+ $$ = alloc_node(SSF_DCOND, $3);
|
|
|
81eb9cb |
}
|
|
|
81eb9cb |
- | SCOND HOSTCOND
|
|
|
81eb9cb |
+ | SCOND eq HOSTCOND
|
|
|
81eb9cb |
{
|
|
|
81eb9cb |
- $$ = alloc_node(SSF_SCOND, $2);
|
|
|
81eb9cb |
+ $$ = alloc_node(SSF_SCOND, $3);
|
|
|
81eb9cb |
}
|
|
|
81eb9cb |
| DPORT GEQ HOSTCOND
|
|
|
81eb9cb |
{
|
|
|
81eb9cb |
@@ -101,7 +107,7 @@ expr: DCOND HOSTCOND
|
|
|
81eb9cb |
{
|
|
|
81eb9cb |
$$ = alloc_node(SSF_NOT, alloc_node(SSF_D_GE, $3));
|
|
|
81eb9cb |
}
|
|
|
81eb9cb |
- | DPORT '=' HOSTCOND
|
|
|
81eb9cb |
+ | DPORT eq HOSTCOND
|
|
|
81eb9cb |
{
|
|
|
81eb9cb |
$$ = alloc_node(SSF_DCOND, $3);
|
|
|
81eb9cb |
}
|
|
|
81eb9cb |
@@ -126,7 +132,7 @@ expr: DCOND HOSTCOND
|
|
|
81eb9cb |
{
|
|
|
81eb9cb |
$$ = alloc_node(SSF_NOT, alloc_node(SSF_S_GE, $3));
|
|
|
81eb9cb |
}
|
|
|
81eb9cb |
- | SPORT '=' HOSTCOND
|
|
|
81eb9cb |
+ | SPORT eq HOSTCOND
|
|
|
81eb9cb |
{
|
|
|
81eb9cb |
$$ = alloc_node(SSF_SCOND, $3);
|
|
|
81eb9cb |
}
|
|
|
81eb9cb |
@@ -134,7 +140,7 @@ expr: DCOND HOSTCOND
|
|
|
81eb9cb |
{
|
|
|
81eb9cb |
$$ = alloc_node(SSF_NOT, alloc_node(SSF_SCOND, $3));
|
|
|
81eb9cb |
}
|
|
|
81eb9cb |
- | DEVNAME '=' DEVCOND
|
|
|
81eb9cb |
+ | DEVNAME eq DEVCOND
|
|
|
81eb9cb |
{
|
|
|
81eb9cb |
$$ = alloc_node(SSF_DEVCOND, $3);
|
|
|
81eb9cb |
}
|
|
|
81eb9cb |
@@ -142,7 +148,7 @@ expr: DCOND HOSTCOND
|
|
|
81eb9cb |
{
|
|
|
81eb9cb |
$$ = alloc_node(SSF_NOT, alloc_node(SSF_DEVCOND, $3));
|
|
|
81eb9cb |
}
|
|
|
81eb9cb |
- | FWMARK '=' MARKMASK
|
|
|
81eb9cb |
+ | FWMARK eq MARKMASK
|
|
|
81eb9cb |
{
|
|
|
81eb9cb |
$$ = alloc_node(SSF_MARKMASK, $3);
|
|
|
81eb9cb |
}
|
|
|
81eb9cb |
--
|
|
|
81eb9cb |
2.18.0
|
|
|
81eb9cb |
|