src: use start condition with new destroy command

tests/py reports the following problem:

any/ct.t: ERROR: line 116: add rule ip test-ip4 output ct event set new | related | destroy | label: This rule should not have failed.
any/ct.t: ERROR: line 117: add rule ip test-ip4 output ct event set new,related,destroy,label: This rule should not have failed.
any/ct.t: ERROR: line 118: add rule ip test-ip4 output ct event set new,destroy: This rule should not have failed.

Use start condition and update parser to handle 'destroy' keyword.

Fixes: e1dfd5cc4c46 ("src: add support to command "destroy")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/parser.h b/include/parser.h
index 1bd490f085d2d994e53a4758e996a0dcd44d18a4..71df430932044149e9e99ae42b8941b1905d441b 100644 (file)
--- a/include/parser.h
+++ b/include/parser.h
@@ -52,6 +52,7 @@ enum startcond_type {
        PARSER_SC_TYPE,
        PARSER_SC_VLAN,
        PARSER_SC_XT,
+       PARSER_SC_CMD_DESTROY,
        PARSER_SC_CMD_EXPORT,
        PARSER_SC_CMD_IMPORT,
        PARSER_SC_CMD_LIST,

diff --git a/src/parser_bison.y b/src/parser_bison.y
index b229de7a5cf7d065b6ac65a8b4f68a93facbff21..043909d082ca24dbb12cd6be88f47cad51d8820e 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -969,6 +969,7 @@ close_scope_comp    : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_COMP);
 close_scope_ct         : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CT); };
 close_scope_counter    : { scanner_pop_start_cond(nft->scanner, PARSER_SC_COUNTER); };
 close_scope_dccp       : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_DCCP); };
+close_scope_destroy    : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CMD_DESTROY); };
 close_scope_dst                : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_DST); };
 close_scope_dup                : { scanner_pop_start_cond(nft->scanner, PARSER_SC_STMT_DUP); };
 close_scope_esp                : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_ESP); };
@@ -4912,6 +4913,7 @@ keyword_expr              :       ETHER   close_scope_eth { $$ = symbol_value(&@$, "ether"); }
                        |       SNAT    close_scope_nat { $$ = symbol_value(&@$, "snat"); }
                        |       ECN                     { $$ = symbol_value(&@$, "ecn"); }
                        |       RESET   close_scope_reset       { $$ = symbol_value(&@$, "reset"); }
+                       |       DESTROY close_scope_destroy     { $$ = symbol_value(&@$, "destroy"); }
                        |       ORIGINAL                { $$ = symbol_value(&@$, "original"); }
                        |       REPLY                   { $$ = symbol_value(&@$, "reply"); }
                        |       LABEL                   { $$ = symbol_value(&@$, "label"); }

diff --git a/src/scanner.l b/src/scanner.l
index c0c49b97ade7a407edf6abe317b095457c2bec01..bc5b5b62b9ce62e8d55ff835fe814ae9fc983892 100644 (file)
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -216,6 +216,7 @@ addrstring  ({macaddr}|{ip4addr}|{ip6addr})
 %s SCANSTATE_TYPE
 %s SCANSTATE_VLAN
 %s SCANSTATE_XT
+%s SCANSTATE_CMD_DESTROY
 %s SCANSTATE_CMD_EXPORT
 %s SCANSTATE_CMD_IMPORT
 %s SCANSTATE_CMD_LIST
@@ -359,7 +360,8 @@ addrstring  ({macaddr}|{ip4addr}|{ip6addr})
 "import"                { scanner_push_start_cond(yyscanner, SCANSTATE_CMD_IMPORT); return IMPORT; }
 "export"               { scanner_push_start_cond(yyscanner, SCANSTATE_CMD_EXPORT); return EXPORT; }
 "monitor"              { scanner_push_start_cond(yyscanner, SCANSTATE_CMD_MONITOR); return MONITOR; }
-"destroy"              { return DESTROY; }
+"destroy"              { scanner_push_start_cond(yyscanner, SCANSTATE_CMD_DESTROY); return DESTROY; }
+
 
 "position"             { return POSITION; }
 "index"                        { return INDEX; }