summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2022-06-10 13:01:46 +0200
committerFlorian Westphal <fw@strlen.de>2022-06-10 13:09:11 +0200
commit638af0ceb2b22307098bb2730822e148ef0b9424 (patch)
treeec439ae301850e2f531d5edc7de19872f6921542 /include
parent3eb0da9f47b10d4a98e9150e0fd67d8f616250f9 (diff)
Revert "scanner: flags: move to own scope"
Excess nesting of scanner scopes is very fragile and error prone: rule `iif != lo ip daddr 127.0.0.1/8 counter limit rate 1/second log flags all prefix "nft_lo4 " drop` fails with `Error: No symbol type information` hinting at `prefix` Problem is that we nest via: counter limit log flags By the time 'prefix' is scanned, state is still stuck in 'counter' due to this nesting. Working around "prefix" isn't enough, any other keyword, e.g. "level" in 'flags all level debug' will be parsed as 'string' too. So, revert this. Fixes: a16697097e2b ("scanner: flags: move to own scope") Reported-by: Christian Göttsche <cgzones@googlemail.com> Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'include')
-rw-r--r--include/parser.h1
1 files changed, 0 insertions, 1 deletions
diff --git a/include/parser.h b/include/parser.h
index f32154cc..d8d2eb11 100644
--- a/include/parser.h
+++ b/include/parser.h
@@ -35,7 +35,6 @@ enum startcond_type {
PARSER_SC_CT,
PARSER_SC_COUNTER,
PARSER_SC_ETH,
- PARSER_SC_FLAGS,
PARSER_SC_ICMP,
PARSER_SC_IGMP,
PARSER_SC_IP,