;
close_scope_hash : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_HASH); };
+close_scope_ipsec : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_IPSEC); };
close_scope_numgen : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_NUMGEN); };
close_scope_queue : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_QUEUE); };
| IIFGROUP { $$ = NFT_META_IIFGROUP; }
| OIFGROUP { $$ = NFT_META_OIFGROUP; }
| CGROUP { $$ = NFT_META_CGROUP; }
- | IPSEC { $$ = NFT_META_SECPATH; }
+ | IPSEC close_scope_ipsec { $$ = NFT_META_SECPATH; }
| TIME { $$ = NFT_META_TIME_NS; }
| DAY { $$ = NFT_META_TIME_DAY; }
| HOUR { $$ = NFT_META_TIME_HOUR; }
| SADDR { $$ = NFT_XFRM_KEY_SADDR_IP4; }
;
-xfrm_expr : IPSEC xfrm_dir xfrm_spnum xfrm_state_key
+xfrm_expr : IPSEC xfrm_dir xfrm_spnum xfrm_state_key close_scope_ipsec
{
if ($3 > 255) {
erec_queue(error(&@3, "value too large"), state->msgs);
}
$$ = xfrm_expr_alloc(&@$, $2, $3, $4);
}
- | IPSEC xfrm_dir xfrm_spnum nf_key_proto xfrm_state_proto_key
+ | IPSEC xfrm_dir xfrm_spnum nf_key_proto xfrm_state_proto_key close_scope_ipsec
{
enum nft_xfrm_keys xfrmk = $5;
rt_key : CLASSID { $$ = NFT_RT_CLASSID; }
| NEXTHOP { $$ = NFT_RT_NEXTHOP4; }
| MTU { $$ = NFT_RT_TCPMSS; }
- | IPSEC { $$ = NFT_RT_XFRM; }
+ | IPSEC close_scope_ipsec { $$ = NFT_RT_XFRM; }
;
ct_expr : CT ct_key
%option warn
%option stack
%s SCANSTATE_EXPR_HASH
+%s SCANSTATE_EXPR_IPSEC
%s SCANSTATE_EXPR_NUMGEN
%s SCANSTATE_EXPR_QUEUE
"exthdr" { return EXTHDR; }
-"ipsec" { return IPSEC; }
-"reqid" { return REQID; }
-"spnum" { return SPNUM; }
+"ipsec" { scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_IPSEC); return IPSEC; }
+<SCANSTATE_EXPR_IPSEC>{
+ "reqid" { return REQID; }
+ "spnum" { return SPNUM; }
-"in" { return IN; }
-"out" { return OUT; }
+ "in" { return IN; }
+ "out" { return OUT; }
+}
"secmark" { return SECMARK; }
"secmarks" { return SECMARKS; }
projects / thirdparty / nftables.git / commitdiff
