ss: Review ssfilter

The original problem was ssfilter rejecting single expressions if enclosed in braces, such as: | sport = 22 or ( dport = 22 ) This is fixed by allowing 'expr' to be an 'exprlist' enclosed in braces. The no longer required recursion in 'exprlist' being an 'exprlist' enclosed in braces is dropped. In addition to that, a few other things are changed: * Remove pointless 'null' prefix in 'appled' before 'exprlist'. * For simple equals matches, '=' operator was required for ports but not allowed for hosts. Make this consistent by making '=' operator optional in both cases. Reported-by: Samuel Mannehed <samuel@cendio.se> Fixes: b2038cc0b2 ("ssfilter: Eliminate shift/reduce conflicts") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
2025-10-04 19:29:30 +00:00 · 2018-08-14 14:18:06 +02:00 · 2018-08-14 14:18:06 +02:00 · 38d209ecf2
commit 38d209ecf2
parent 8a03a2f36f
1 changed files with 21 additions and 15 deletions
--- a/misc/ssfilter.y
+++ b/misc/ssfilter.y
@ -42,24 +42,22 @@ static void yyerror(char *s)
 %nonassoc '!'

 %%
-applet: null exprlist
+applet: exprlist
        {
-                *yy_ret = $2;
-                $$ = $2;
+                *yy_ret = $1;
+                $$ = $1;
        }
        | null
        ;
+
 null:   /* NOTHING */ { $$ = NULL; }
        ;
+
 exprlist: expr
        | '!' expr
        {
                $$ = alloc_node(SSF_NOT, $2);
        }
-        | '(' exprlist ')'
-        {
-                $$ = $2;
-        }
        | exprlist '|' expr
        {
                $$ = alloc_node(SSF_OR, $1);
@ -77,13 +75,21 @@ exprlist: expr
        }
        ;

-expr:	DCOND HOSTCOND
+eq:	'='
+	| /* nothing */
+	;
+
+expr:	'(' exprlist ')'
+	{
+		$$ = $2;
+	}
+	| DCOND eq HOSTCOND
        {
-		$$ = alloc_node(SSF_DCOND, $2);
+		$$ = alloc_node(SSF_DCOND, $3);
        }
-        | SCOND HOSTCOND
+        | SCOND eq HOSTCOND
        {
-		$$ = alloc_node(SSF_SCOND, $2);
+		$$ = alloc_node(SSF_SCOND, $3);
        }
        | DPORT GEQ HOSTCOND
        {
@ -101,7 +107,7 @@ expr:	DCOND HOSTCOND
        {
                $$ = alloc_node(SSF_NOT, alloc_node(SSF_D_GE, $3));
        }
-        | DPORT '=' HOSTCOND
+        | DPORT eq HOSTCOND
        {
 		$$ = alloc_node(SSF_DCOND, $3);
        }
@ -126,7 +132,7 @@ expr:	DCOND HOSTCOND
        {
                $$ = alloc_node(SSF_NOT, alloc_node(SSF_S_GE, $3));
        }
-        | SPORT '=' HOSTCOND
+        | SPORT eq HOSTCOND
        {
 		$$ = alloc_node(SSF_SCOND, $3);
        }
@ -134,7 +140,7 @@ expr:	DCOND HOSTCOND
        {
 		$$ = alloc_node(SSF_NOT, alloc_node(SSF_SCOND, $3));
        }
-        | DEVNAME '=' DEVCOND
+        | DEVNAME eq DEVCOND
        {
 		$$ = alloc_node(SSF_DEVCOND, $3);
        }
@ -142,7 +148,7 @@ expr:	DCOND HOSTCOND
        {
 		$$ = alloc_node(SSF_NOT, alloc_node(SSF_DEVCOND, $3));
        }
-        | FWMARK '=' MARKMASK
+        | FWMARK eq MARKMASK
        {
                $$ = alloc_node(SSF_MARKMASK, $3);
        }