scanner: policy: move to own scope

Isolate 'performance' and 'memory' keywords.

Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/include/parser.h b/include/parser.h
index 57f1fcc56bd5451f4fbd615e829a259f073d3bfe..79eadc0d7e52f8bd40a33ef07cec1484017d4547 100644 (file)
--- a/include/parser.h
+++ b/include/parser.h
@@ -40,6 +40,7 @@ enum startcond_type {
        PARSER_SC_IP,
        PARSER_SC_IP6,
        PARSER_SC_LIMIT,
+       PARSER_SC_POLICY,
        PARSER_SC_QUOTA,
        PARSER_SC_SCTP,
        PARSER_SC_SECMARK,

diff --git a/src/parser_bison.y b/src/parser_bison.y
index f75fe4ae4987687f0ebd7d3546cc16538efba5b8..2d419287a788c5801f1840e95ed88fb1f8437374 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -957,6 +957,7 @@ close_scope_mh              : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_MH); };
 close_scope_monitor    : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CMD_MONITOR); };
 close_scope_numgen     : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_NUMGEN); };
 close_scope_osf                : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_OSF); };
+close_scope_policy     : { scanner_pop_start_cond(nft->scanner, PARSER_SC_POLICY); };
 close_scope_quota      : { scanner_pop_start_cond(nft->scanner, PARSER_SC_QUOTA); };
 close_scope_queue      : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_QUEUE); };
 close_scope_reject     : { scanner_pop_start_cond(nft->scanner, PARSER_SC_STMT_REJECT); };
@@ -2101,7 +2102,7 @@ map_block         :       /* empty */     { $$ = $<set>-1; }
                        |       map_block       set_mechanism   stmt_separator
                        ;
 
-set_mechanism          :       POLICY          set_policy_spec
+set_mechanism          :       POLICY          set_policy_spec close_scope_policy
                        {
                                $<set>0->policy = $2;
                        }
@@ -2519,7 +2520,7 @@ flags_spec                :       FLAGS           OFFLOAD close_scope_flags
                        }
                        ;
 
-policy_spec            :       POLICY          policy_expr
+policy_spec            :       POLICY          policy_expr     close_scope_policy
                        {
                                if ($<chain>0->policy) {
                                        erec_queue(error(&@$, "you cannot set chain policy twice"),
@@ -4567,7 +4568,7 @@ ct_timeout_config :       PROTOCOL        ct_l4protoname  stmt_separator
                                ct = &$<obj>0->ct_timeout;
                                ct->l4proto = l4proto;
                        }
-                       |       POLICY  '='     '{'     timeout_states  '}'      stmt_separator
+                       |       POLICY  '='     '{'     timeout_states  '}'      stmt_separator close_scope_policy
                        {
                                struct ct_timeout *ct;
 

diff --git a/src/scanner.l b/src/scanner.l
index 608471b39898d6f63eaf40e7163ecb6194c8e09c..b885f84523b9761fd7d442df6632cc3c3a3a51ac 100644 (file)
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -206,6 +206,7 @@ addrstring  ({macaddr}|{ip4addr}|{ip6addr})
 %s SCANSTATE_IP
 %s SCANSTATE_IP6
 %s SCANSTATE_LIMIT
+%s SCANSTATE_POLICY
 %s SCANSTATE_QUOTA
 %s SCANSTATE_SCTP
 %s SCANSTATE_SECMARK
@@ -370,10 +371,12 @@ addrstring        ({macaddr}|{ip4addr}|{ip6addr})
 "elements"             { return ELEMENTS; }
 "expires"              { return EXPIRES; }
 
-"policy"               { return POLICY; }
+"policy"               { scanner_push_start_cond(yyscanner, SCANSTATE_POLICY); return POLICY; }
 "size"                 { return SIZE; }
-"performance"          { return PERFORMANCE; }
-"memory"               { return MEMORY; }
+<SCANSTATE_POLICY>{
+       "performance"           { return PERFORMANCE; }
+       "memory"                { return MEMORY; }
+}
 
 "flow"                 { return FLOW; }
 "offload"              { return OFFLOAD; }