diff options
| author | Phil Sutter <phil@nwl.cc> | 2021-07-30 17:26:31 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2022-03-01 10:54:03 +0100 |
| commit | a67fce7ffe7e4f38c54b65541d4f3372dd2516e9 (patch) | |
| tree | 6f7541312ce092605f82ce76abc2d4525b655389 /src/scanner.l | |
| parent | 578467c10f0ec10faf456cec529c2af14fc81495 (diff) | |
scanner: nat: Move to own scope
Unify nat, masquerade and redirect statements, they widely share their
syntax.
Note the workaround of adding "prefix" to SCANSTATE_IP. This is required
to fix for 'snat ip prefix ...' style expressions.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'src/scanner.l')
| -rw-r--r-- | src/scanner.l | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/src/scanner.l b/src/scanner.l index b885f845..078bcc70 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -240,6 +240,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) %s SCANSTATE_EXPR_UDPLITE %s SCANSTATE_STMT_LOG +%s SCANSTATE_STMT_NAT %s SCANSTATE_STMT_REJECT %s SCANSTATE_STMT_SYNPROXY @@ -403,7 +404,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) } "log" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_LOG); return LOG; } -"prefix" { return PREFIX; } +<SCANSTATE_STMT_LOG,SCANSTATE_STMT_NAT,SCANSTATE_IP>"prefix" { return PREFIX; } <SCANSTATE_STMT_LOG>{ "snaplen" { return SNAPLEN; } "queue-threshold" { return QUEUE_THRESHOLD; } @@ -444,13 +445,16 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "icmpx" { return ICMPX; } } -"snat" { return SNAT; } -"dnat" { return DNAT; } -"masquerade" { return MASQUERADE; } -"redirect" { return REDIRECT; } +"snat" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_NAT); return SNAT; } +"dnat" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_NAT); return DNAT; } +"masquerade" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_NAT); return MASQUERADE; } +"redirect" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_NAT); return REDIRECT; } "random" { return RANDOM; } -"fully-random" { return FULLY_RANDOM; } -"persistent" { return PERSISTENT; } +<SCANSTATE_STMT_NAT>{ + "fully-random" { return FULLY_RANDOM; } + "persistent" { return PERSISTENT; } + "port" { return PORT; } +} "ll" { return LL_HDR; } "nh" { return NETWORK_HDR; } @@ -614,7 +618,6 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) <SCANSTATE_CT,SCANSTATE_EXPR_DCCP,SCANSTATE_SCTP,SCANSTATE_TCP,SCANSTATE_EXPR_TH,SCANSTATE_EXPR_UDP,SCANSTATE_EXPR_UDPLITE>{ "dport" { return DPORT; } } -"port" { return PORT; } "tcp" { scanner_push_start_cond(yyscanner, SCANSTATE_TCP); return TCP; } @@ -668,7 +671,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "rt0" { scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_RT); return RT0; } "rt2" { scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_RT); return RT2; } "srh" { scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_RT); return RT4; } -"addr" { return ADDR; } +<SCANSTATE_EXPR_RT,SCANSTATE_STMT_NAT>"addr" { return ADDR; } "hbh" { scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_HBH); return HBH; } |