Issue 225 - Make sub_rule_number optional in the filterlog grammar

Author: trink

syslog/modules/lpeg/bsd/filterlog.lua

@@ -33,7 +33,7 @@ local function hex2integer(s)
 end
 
 local rule_number                   = integer("rule_number")
-local sub_rule_number               = integer("sub_rule_number")
+local sub_rule_number               = integer("sub_rule_number")^-1
 local anchor                        = text("anchor")
 local tracker                       = integer("tracker")
 local real_interface                = text("real_interface")
@@ -55,7 +55,7 @@ local ip4                           = tos * "," * ecn * "," * ttl * "," * id * "
 local class                         = l.Cg((l.P"0x" * l.xdigit^1), "class")
 local flow_label                    = text("flow_label")
 local hop_limit                     = integer("hop_limit")
-local ip6                           = class * "," * flow_label * "," * hop_limit * "," * protocol_text * "," * protocol_id 
+local ip6                           = class * "," * flow_label * "," * hop_limit * "," * protocol_text * "," * protocol_id
 
 local length                        = integer("length")
 local source_address                = l.Cg(ip.v4 + ip.v6, "source_address")
@@ -85,7 +85,7 @@ local icmp_data                     = icmp_type * "," * (echo_data + unreachprot
 
 local carp_data                     = text("carp_type") * "," * integer("carp_ttl") * "," * integer("vhid") * "," * integer("version") * "," * integer("advbase") * "," * integer("advskew")
 
-local protocol_specific_data        = tcp_data + udp_data + icmp_data + carp_data 
+local protocol_specific_data        = tcp_data + udp_data + icmp_data + carp_data
 local ip_specific_data              = (ip4 + ip6) * "," * ip_data * (l.P"," * protocol_specific_data)^-1
 
 syslog_grammar = l.Ct(rule_number * "," * sub_rule_number * "," * anchor * "," * tracker * "," * real_interface * "," * reason * "," * action * "," * direction * "," * ip_version * (l.P"," * ip_specific_data)^-1)

syslog/tests/bsd/filterlog.lua

@@ -77,3 +77,22 @@ assert(fields.sub_rule_number.value == 16777216, tostring(fields.sub_rule_number
 assert(fields.action == "block", fields.action)
 assert(fields.protocol_id.value == 58, tostring(fields.protocol_id.value))
 assert(fields.length.value == 144, tostring(fields.length.value))
+
+log = "5,,,1000000003,igb0,match,block,in,6,0x00,0x00000,255,ICMPv6,58,144,fe80::201:5cff:fe63:de46,ff02::1,"
+fields = grammar:match(log)
+assert(fields.direction == "in", fields.direction)
+assert(fields.class == "0x00", fields.class)
+assert(fields.reason == "match", fields.reason)
+assert(fields.ip_version == "6", fields.ip_version)
+assert(fields.protocol_text == "ICMPv6", fields.protocol_text)
+assert(fields.real_interface == "igb0", fields,real_interface)
+assert(fields.source_address == "fe80::201:5cff:fe63:de46", fields.source_address)
+assert(fields.flow_label == "0x00000", fields.flow_label)
+assert(fields.hop_limit.value == 255, tostring(fields.hop_limit.value))
+assert(fields.destination_address == "ff02::1", fields.destination_address)
+assert(fields.tracker.value == 1000000003, tostring(fields.tracker.value))
+assert(fields.anchor == "", fields.anchor)
+assert(fields.rule_number.value == 5, tostring(fields.rule_number.value))
+assert(fields.action == "block", fields.action)
+assert(fields.protocol_id.value == 58, tostring(fields.protocol_id.value))
+assert(fields.length.value == 144, tostring(fields.length.value))