scanner: ip: move to own scope

author Florian Westphal <fw@strlen.de>

Thu, 11 Mar 2021 13:23:03 +0000 (14:23 +0100)

committer Florian Westphal <fw@strlen.de>

Tue, 16 Mar 2021 22:59:38 +0000 (23:59 +0100)
author Florian Westphal <fw@strlen.de>
Thu, 11 Mar 2021 13:23:03 +0000 (14:23 +0100)
committer Florian Westphal <fw@strlen.de>
Tue, 16 Mar 2021 22:59:38 +0000 (23:59 +0100)
diff --git a/include/parser.h b/include/parser.h

index be29f400c02391c450aec8303805fe91b8b93591..a778cb59c2c97d9348d1e27ae44424cb27e87480 100644 (file)
--- a/include/parser.h
+++ b/include/parser.h
@@ -29,6 +29,7 @@ struct parser_state {
  enum startcond_type {
         PARSER_SC_BEGIN,
         PARSER_SC_CT,
+       PARSER_SC_IP,
         PARSER_SC_EXPR_HASH,
         PARSER_SC_EXPR_IPSEC,
         PARSER_SC_EXPR_NUMGEN,
diff --git a/src/parser_bison.y b/src/parser_bison.y

index 2d2563c823ea02d7a8f6f30757058e757d2e6793..ba15366cb3dba85ba5efdf08302939008de315a1 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -863,6 +863,7 @@ opt_newline         :       NEWLINE
  
  close_scope_ct         : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CT); };
  close_scope_hash       : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_HASH); };
+close_scope_ip         : { scanner_pop_start_cond(nft->scanner, PARSER_SC_IP); };
  close_scope_ipsec      : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_IPSEC); };
  close_scope_numgen     : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_NUMGEN); };
  close_scope_queue      : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_QUEUE); };
@@ -2424,7 +2425,7 @@ family_spec               :       /* empty */             { $$ = NFPROTO_IPV4; }
                         |       family_spec_explicit
                         ;
  
-family_spec_explicit   :       IP              { $$ = NFPROTO_IPV4; }
+family_spec_explicit   :       IP      close_scope_ip  { $$ = NFPROTO_IPV4; }
                         |       IP6             { $$ = NFPROTO_IPV6; }
                         |       INET            { $$ = NFPROTO_INET; }
                         |       ARP             { $$ = NFPROTO_ARP; }
@@ -3004,7 +3005,7 @@ log_flags         :       TCP     log_flags_tcp
                         {
                                 $$ = $2;
                         }
-                       |       IP      OPTIONS
+                       |       IP      OPTIONS close_scope_ip
                         {
                                 $$ = NF_LOG_IPOPT;
                         }
@@ -4537,7 +4538,7 @@ boolean_expr              :       boolean_keys
                         ;
  
  keyword_expr           :       ETHER                   { $$ = symbol_value(&@$, "ether"); }
-                       |       IP                      { $$ = symbol_value(&@$, "ip"); }
+                       |       IP      close_scope_ip  { $$ = symbol_value(&@$, "ip"); }
                         |       IP6                     { $$ = symbol_value(&@$, "ip6"); }
                         |       VLAN                    { $$ = symbol_value(&@$, "vlan"); }
                         |       ARP                     { $$ = symbol_value(&@$, "arp"); }
@@ -4892,7 +4893,7 @@ hash_expr         :       JHASH           expr    MOD     NUM     SEED    NUM     offset_opt      close_scope_hash
                         }
                         ;
  
-nf_key_proto           :       IP              { $$ = NFPROTO_IPV4; }
+nf_key_proto           :       IP      close_scope_ip { $$ = NFPROTO_IPV4; }
                         |       IP6             { $$ = NFPROTO_IPV6; }
                         ;
  
@@ -4972,8 +4973,8 @@ ct_key_dir                :       SADDR           { $$ = NFT_CT_SRC; }
                         |       ct_key_dir_optional
                         ;
  
-ct_key_proto_field     :       IP      SADDR   { $$ = NFT_CT_SRC_IP; }
-                       |       IP      DADDR   { $$ = NFT_CT_DST_IP; }
+ct_key_proto_field     :       IP      SADDR   close_scope_ip { $$ = NFT_CT_SRC_IP; }
+                       |       IP      DADDR   close_scope_ip { $$ = NFT_CT_DST_IP; }
                         |       IP6     SADDR   { $$ = NFT_CT_SRC_IP6; }
                         |       IP6     DADDR   { $$ = NFT_CT_DST_IP6; }
                         ;
@@ -5113,19 +5114,19 @@ arp_hdr_field           :       HTYPE           { $$ = ARPHDR_HRD; }
                         |       OPERATION       { $$ = ARPHDR_OP; }
                         |       SADDR ETHER     { $$ = ARPHDR_SADDR_ETHER; }
                         |       DADDR ETHER     { $$ = ARPHDR_DADDR_ETHER; }
-                       |       SADDR IP        { $$ = ARPHDR_SADDR_IP; }
-                       |       DADDR IP        { $$ = ARPHDR_DADDR_IP; }
+                       |       SADDR IP        close_scope_ip  { $$ = ARPHDR_SADDR_IP; }
+                       |       DADDR IP        close_scope_ip  { $$ = ARPHDR_DADDR_IP; }
                         ;
  
-ip_hdr_expr            :       IP      ip_hdr_field
+ip_hdr_expr            :       IP      ip_hdr_field    close_scope_ip
                         {
                                 $$ = payload_expr_alloc(&@$, &proto_ip, $2);
                         }
-                       |       IP      OPTION  ip_option_type ip_option_field
+                       |       IP      OPTION  ip_option_type ip_option_field  close_scope_ip
                         {
                                 $$ = ipopt_expr_alloc(&@$, $3, $4, 0);
                         }
-                       |       IP      OPTION  ip_option_type
+                       |       IP      OPTION  ip_option_type close_scope_ip
                         {
                                 $$ = ipopt_expr_alloc(&@$, $3, IPOPT_FIELD_TYPE, 0);
                                 $$->exthdr.flags = NFT_EXTHDR_F_PRESENT;
diff --git a/src/scanner.l b/src/scanner.l

index 1358f9d01d6aacb14293cf8a517546c08227ff19..262945064e8074dc3322df907c429e3761e2aad2 100644 (file)
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -197,6 +197,7 @@ addrstring  ({macaddr}|{ip4addr}|{ip6addr})
  %option warn
  %option stack
  %s SCANSTATE_CT
+%s SCANSTATE_IP
  %s SCANSTATE_EXPR_HASH
  %s SCANSTATE_EXPR_IPSEC
  %s SCANSTATE_EXPR_NUMGEN
@@ -408,7 +409,7 @@ addrstring  ({macaddr}|{ip4addr}|{ip6addr})
  "plen"                 { return PLEN; }
  "operation"            { return OPERATION; }
  
-"ip"                   { return IP; }
+"ip"                   { scanner_push_start_cond(yyscanner, SCANSTATE_IP); return IP; }
  "version"              { return HDRVERSION; }
  "hdrlength"            { return HDRLENGTH; }
  "dscp"                 { return DSCP; }
@@ -419,13 +420,15 @@ addrstring        ({macaddr}|{ip4addr}|{ip6addr})
  "protocol"             { return PROTOCOL; }
  "checksum"             { return CHECKSUM; }
  
-"lsrr"                 { return LSRR; }
-"rr"                   { return RR; }
-"ssrr"                 { return SSRR; }
-"ra"                   { return RA; }
+<SCANSTATE_IP>{
+       "lsrr"                  { return LSRR; }
+       "rr"                    { return RR; }
+       "ssrr"                  { return SSRR; }
+       "ra"                    { return RA; }
  
-"value"                        { return VALUE; }
-"ptr"                  { return PTR; }
+       "ptr"                   { return PTR; }
+       "value"                 { return VALUE; }
+}
  
  "echo"                 { return ECHO; }
  "eol"                  { return EOL; }
author	Florian Westphal <fw@strlen.de>
	Thu, 11 Mar 2021 13:23:03 +0000 (14:23 +0100)
committer	Florian Westphal <fw@strlen.de>
	Tue, 16 Mar 2021 22:59:38 +0000 (23:59 +0100)
include/parser.h		patch \| blob \| blame \| history
src/parser_bison.y		patch \| blob \| blame \| history
src/scanner.l		patch \| blob \| blame \| history