From 4b8ca33f404423d60ae59fef50f494d13fd10e11 Mon Sep 17 00:00:00 2001
From: Richard Scheffenegger <rscheff@FreeBSD.org>
Date: Thu, 27 Jul 2023 19:45:53 +0200
Subject: [PATCH 1/6] "tcp[tcpflags]" allow access to all flag bits including
 tcp-ae

---
 grammar.y.in | 7 +++++--
 scanner.l    | 3 ++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/grammar.y.in b/grammar.y.in
index 6047aeac66..c239bb2502 100644
--- a/grammar.y.in
+++ b/grammar.y.in
@@ -389,7 +389,7 @@ DIAG_OFF_BISON_BYACC
 
 %token  DST SRC HOST GATEWAY
 %token  NET NETMASK PORT PORTRANGE LESS GREATER PROTO PROTOCHAIN CBYTE
-%token  ARP RARP IP SCTP TCP UDP ICMP IGMP IGRP PIM VRRP CARP
+%token  ARP RARP IP SCTP TCP TCPFLAGS UDP ICMP IGMP IGRP PIM VRRP CARP
 %token  ATALK AARP DECNET LAT SCA MOPRC MOPDL
 %token  TK_BROADCAST TK_MULTICAST
 %token  NUM INBOUND OUTBOUND
@@ -852,7 +852,10 @@ irelop:	  LEQ			{ $$ = BPF_JGT; }
 arth:	  pnum			{ CHECK_PTR_VAL(($$ = gen_loadi(cstate, $1))); }
 	| narth
 	;
-narth:	  pname '[' arth ']'		{ CHECK_PTR_VAL(($$ = gen_load(cstate, $1, $3, 1))); }
+tcpflags: TCPFLAGS
+	;
+narth:	  pname '[' tcpflags ']'	{ CHECK_PTR_VAL(($$ = gen_load(cstate, $1, gen_loadi(cstate, 12), 2))); }
+	| pname '[' arth ']'		{ CHECK_PTR_VAL(($$ = gen_load(cstate, $1, $3, 1))); }
 	| pname '[' arth ':' NUM ']'	{ CHECK_PTR_VAL(($$ = gen_load(cstate, $1, $3, $5))); }
 	| arth '+' arth			{ CHECK_PTR_VAL(($$ = gen_arth(cstate, BPF_ADD, $1, $3))); }
 	| arth '-' arth			{ CHECK_PTR_VAL(($$ = gen_arth(cstate, BPF_SUB, $1, $3))); }
diff --git a/scanner.l b/scanner.l
index ce1c91a045..c9844096eb 100644
--- a/scanner.l
+++ b/scanner.l
@@ -276,6 +276,7 @@ rarp		return RARP;
 ip		return IP;
 sctp		return SCTP;
 tcp		return TCP;
+tcpflags	return TCPFLAGS;
 udp		return UDP;
 icmp		return ICMP;
 igmp		return IGMP;
@@ -483,7 +484,6 @@ icmp6-multicastrouteradvert     { yylval->h = 151; return NUM; }
 icmp6-multicastroutersolicit    { yylval->h = 152; return NUM; }
 icmp6-multicastrouterterm       { yylval->h = 153; return NUM; }
 
-tcpflags		{ yylval->h = 13; return NUM; }
 tcp-fin			{ yylval->h = 0x01; return NUM; }
 tcp-syn			{ yylval->h = 0x02; return NUM; }
 tcp-rst			{ yylval->h = 0x04; return NUM; }
@@ -492,6 +492,7 @@ tcp-ack			{ yylval->h = 0x10; return NUM; }
 tcp-urg			{ yylval->h = 0x20; return NUM; }
 tcp-ece			{ yylval->h = 0x40; return NUM; }
 tcp-cwr			{ yylval->h = 0x80; return NUM; }
+tcp-ae			{ yylval->h = 0x100; return NUM; }
 [A-Za-z0-9]([-_.A-Za-z0-9]*[.A-Za-z0-9])? {
 			 yylval->s = sdup(yyextra, (char *)yytext); return ID; }
 "\\"[^ !()\n\t]+	{ yylval->s = sdup(yyextra, (char *)yytext + 1); return ID; }

From cc84568cc9f93e0937706290aaf4870ebb20a11e Mon Sep 17 00:00:00 2001
From: Richard Scheffenegger <rscheff@FreeBSD.org>
Date: Thu, 27 Jul 2023 23:30:24 +0200
Subject: [PATCH 2/6] mask tcp[tcpflags] with 0x0fff to provide tcp flags only

---
 grammar.y.in | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/grammar.y.in b/grammar.y.in
index c239bb2502..41b7aaeaa7 100644
--- a/grammar.y.in
+++ b/grammar.y.in
@@ -854,7 +854,10 @@ arth:	  pnum			{ CHECK_PTR_VAL(($$ = gen_loadi(cstate, $1))); }
 	;
 tcpflags: TCPFLAGS
 	;
-narth:	  pname '[' tcpflags ']'	{ CHECK_PTR_VAL(($$ = gen_load(cstate, $1, gen_loadi(cstate, 12), 2))); }
+narth:	  pname '[' tcpflags ']'	{ CHECK_PTR_VAL(($$ =
+						gen_arth(cstate, BPF_AND,
+						    gen_load(cstate, $1, gen_loadi(cstate, 12), 2),
+						    gen_loadi(cstate, 0x0FFF)))); }
 	| pname '[' arth ']'		{ CHECK_PTR_VAL(($$ = gen_load(cstate, $1, $3, 1))); }
 	| pname '[' arth ':' NUM ']'	{ CHECK_PTR_VAL(($$ = gen_load(cstate, $1, $3, $5))); }
 	| arth '+' arth			{ CHECK_PTR_VAL(($$ = gen_arth(cstate, BPF_ADD, $1, $3))); }

From a0398d29d6b73f9291f1fb9ac3c194bcdadd7a22 Mon Sep 17 00:00:00 2001
From: Richard Scheffenegger <rscheff@FreeBSD.org>
Date: Sat, 30 Dec 2023 22:37:29 +0100
Subject: [PATCH 3/6] add reserved tcp header flags for non-numeric filter
 expressions

---
 scanner.l | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scanner.l b/scanner.l
index c9844096eb..de8eea522a 100644
--- a/scanner.l
+++ b/scanner.l
@@ -493,6 +493,10 @@ tcp-urg			{ yylval->h = 0x20; return NUM; }
 tcp-ece			{ yylval->h = 0x40; return NUM; }
 tcp-cwr			{ yylval->h = 0x80; return NUM; }
 tcp-ae			{ yylval->h = 0x100; return NUM; }
+tcp-res3		{ yylval->h = 0x200; return NUM; }
+tcp-res2		{ yylval->h = 0x400; return NUM; }
+tcp-res1		{ yylval->h = 0x800; return NUM; }
+tcp-res			{ yylval->h = 0xE00; return NUM; }
 [A-Za-z0-9]([-_.A-Za-z0-9]*[.A-Za-z0-9])? {
 			 yylval->s = sdup(yyextra, (char *)yytext); return ID; }
 "\\"[^ !()\n\t]+	{ yylval->s = sdup(yyextra, (char *)yytext + 1); return ID; }

From 5221aec0ebf2815f7dcd966ab601d145628fbb75 Mon Sep 17 00:00:00 2001
From: Richard Scheffenegger <rscheff@FreeBSD.org>
Date: Sun, 31 Dec 2023 00:15:35 +0100
Subject: [PATCH 4/6] add description of tcp-ae, tcp-res[1|2|3] to the
 pcap-filter.manmisc

---
 pcap-filter.manmisc.in | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/pcap-filter.manmisc.in b/pcap-filter.manmisc.in
index 49782d60ec..8ba56ce7d1 100644
--- a/pcap-filter.manmisc.in
+++ b/pcap-filter.manmisc.in
@@ -18,7 +18,7 @@
 .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 .\"
-.TH PCAP-FILTER @MAN_MISC_INFO@ "12 February 2024"
+.TH PCAP-FILTER @MAN_MISC_INFO@ "28 March 2024"
 .SH NAME
 pcap-filter \- packet filter syntax
 .br
@@ -1030,10 +1030,15 @@ The following ICMPv6 type field values are available:
 .BR \%icmp6-multicastroutersolicit ,
 .BR \%icmp6-multicastrouterterm .
 .IP
-The following TCP flags field values are available: \fBtcp-fin\fP,
-\fBtcp-syn\fP, \fBtcp-rst\fP, \fBtcp-push\fP,
-\fBtcp-ack\fP, \fBtcp-urg\fP, \fBtcp-ece\fP,
-\fBtcp-cwr\fP.
+The following TCP flags field values are available:
+\fBtcp-fin\fP, \fBtcp-syn\fP, \fBtcp-rst\fP,
+\fBtcp-push\fP, \fBtcp-ack\fP, \fBtcp-urg\fP,
+\fBtcp-ece\fP, \fBtcp-cwr\fP, \fBtcp-ae\fP,
+\fBtcp-res1\fP, \fBtcp-res2\fP, \fBtcp-res3\fP and
+\fBtcp-res\fP.
+Among these, \fBtcp-res\fP is special as it can be
+used to check when any of the reserved TCP header
+flags is non-zero.
 .LP
 Primitives may be combined using:
 .IP

From 906e97942156372cc1242c2a2c99fb4bc32eaab4 Mon Sep 17 00:00:00 2001
From: Richard Scheffenegger <rscheff@FreeBSD.org>
Date: Sun, 31 Dec 2023 00:30:04 +0100
Subject: [PATCH 5/6] add section on new tokens and the expansion of
 tcp[tcpflags] in the man section on compatibility

---
 pcap-filter.manmisc.in | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pcap-filter.manmisc.in b/pcap-filter.manmisc.in
index 8ba56ce7d1..5bd2fb0d42 100644
--- a/pcap-filter.manmisc.in
+++ b/pcap-filter.manmisc.in
@@ -1187,6 +1187,10 @@ keyword became available in libpcap 1.8.0.
 The
 .B ifindex
 keyword became available in libpcap 1.10.0.
+.PP
+The \fBtcp-ae\fP, \fBtcp-res1\fP, \fBtcp-res2\fP, \fBtcp-res3\fP and \fBtcp-res\fP
+became available in libpcap 1.11. Also, \fBtcp[tcpflags]\fP was expanded to allow
+access to all 12 TCP header flags.
 .SH SEE ALSO
 .BR pcap (3PCAP)
 .SH BUGS

From d61501b1a2e2ec00feb216339c771097f18dd489 Mon Sep 17 00:00:00 2001
From: Richard Scheffenegger <rscheff@FreeBSD.org>
Date: Thu, 28 Mar 2024 10:37:50 +0100
Subject: [PATCH 6/6] remove reserved tcp header flags

---
 pcap-filter.manmisc.in | 11 +++--------
 scanner.l              |  4 ----
 2 files changed, 3 insertions(+), 12 deletions(-)

diff --git a/pcap-filter.manmisc.in b/pcap-filter.manmisc.in
index 5bd2fb0d42..b3045b7cd1 100644
--- a/pcap-filter.manmisc.in
+++ b/pcap-filter.manmisc.in
@@ -1033,12 +1033,7 @@ The following ICMPv6 type field values are available:
 The following TCP flags field values are available:
 \fBtcp-fin\fP, \fBtcp-syn\fP, \fBtcp-rst\fP,
 \fBtcp-push\fP, \fBtcp-ack\fP, \fBtcp-urg\fP,
-\fBtcp-ece\fP, \fBtcp-cwr\fP, \fBtcp-ae\fP,
-\fBtcp-res1\fP, \fBtcp-res2\fP, \fBtcp-res3\fP and
-\fBtcp-res\fP.
-Among these, \fBtcp-res\fP is special as it can be
-used to check when any of the reserved TCP header
-flags is non-zero.
+\fBtcp-ece\fP, \fBtcp-cwr\fP, and \fBtcp-ae\fP.
 .LP
 Primitives may be combined using:
 .IP
@@ -1188,8 +1183,8 @@ The
 .B ifindex
 keyword became available in libpcap 1.10.0.
 .PP
-The \fBtcp-ae\fP, \fBtcp-res1\fP, \fBtcp-res2\fP, \fBtcp-res3\fP and \fBtcp-res\fP
-became available in libpcap 1.11. Also, \fBtcp[tcpflags]\fP was expanded to allow
+The \fBtcp-ae\fP keyword became available in libpcap 1.11.
+Also, \fBtcp[tcpflags]\fP was expanded to allow
 access to all 12 TCP header flags.
 .SH SEE ALSO
 .BR pcap (3PCAP)
diff --git a/scanner.l b/scanner.l
index de8eea522a..c9844096eb 100644
--- a/scanner.l
+++ b/scanner.l
@@ -493,10 +493,6 @@ tcp-urg			{ yylval->h = 0x20; return NUM; }
 tcp-ece			{ yylval->h = 0x40; return NUM; }
 tcp-cwr			{ yylval->h = 0x80; return NUM; }
 tcp-ae			{ yylval->h = 0x100; return NUM; }
-tcp-res3		{ yylval->h = 0x200; return NUM; }
-tcp-res2		{ yylval->h = 0x400; return NUM; }
-tcp-res1		{ yylval->h = 0x800; return NUM; }
-tcp-res			{ yylval->h = 0xE00; return NUM; }
 [A-Za-z0-9]([-_.A-Za-z0-9]*[.A-Za-z0-9])? {
 			 yylval->s = sdup(yyextra, (char *)yytext); return ID; }
 "\\"[^ !()\n\t]+	{ yylval->s = sdup(yyextra, (char *)yytext + 1); return ID; }