diff options
-rw-r--r-- | include/parser.h | 3 | ||||
-rw-r--r-- | src/parser_bison.y | 9 | ||||
-rw-r--r-- | src/scanner.l | 11 |
3 files changed, 16 insertions, 7 deletions
diff --git a/include/parser.h b/include/parser.h index bc42229c..f32154cc 100644 --- a/include/parser.h +++ b/include/parser.h @@ -75,10 +75,13 @@ enum startcond_type { PARSER_SC_EXPR_UDP, PARSER_SC_EXPR_UDPLITE, + PARSER_SC_STMT_DUP, + PARSER_SC_STMT_FWD, PARSER_SC_STMT_LOG, PARSER_SC_STMT_NAT, PARSER_SC_STMT_REJECT, PARSER_SC_STMT_SYNPROXY, + PARSER_SC_STMT_TPROXY, }; struct mnl_socket; diff --git a/src/parser_bison.y b/src/parser_bison.y index 428df690..ca5c488c 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -937,12 +937,14 @@ close_scope_ct : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CT); }; close_scope_counter : { scanner_pop_start_cond(nft->scanner, PARSER_SC_COUNTER); }; close_scope_dccp : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_DCCP); }; close_scope_dst : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_DST); }; +close_scope_dup : { scanner_pop_start_cond(nft->scanner, PARSER_SC_STMT_DUP); }; close_scope_esp : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_ESP); }; close_scope_eth : { scanner_pop_start_cond(nft->scanner, PARSER_SC_ETH); }; close_scope_export : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CMD_EXPORT); }; close_scope_fib : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_FIB); }; close_scope_flags : { scanner_pop_start_cond(nft->scanner, PARSER_SC_FLAGS); }; close_scope_frag : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_FRAG); }; +close_scope_fwd : { scanner_pop_start_cond(nft->scanner, PARSER_SC_STMT_FWD); }; close_scope_hash : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_HASH); }; close_scope_hbh : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_HBH); }; close_scope_ip : { scanner_pop_start_cond(nft->scanner, PARSER_SC_IP); }; @@ -971,6 +973,7 @@ close_scope_sctp_chunk : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_S close_scope_secmark : { scanner_pop_start_cond(nft->scanner, PARSER_SC_SECMARK); }; close_scope_socket : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_SOCKET); } close_scope_tcp : { scanner_pop_start_cond(nft->scanner, PARSER_SC_TCP); }; +close_scope_tproxy : { scanner_pop_start_cond(nft->scanner, PARSER_SC_STMT_TPROXY); }; close_scope_type : { scanner_pop_start_cond(nft->scanner, PARSER_SC_TYPE); }; close_scope_th : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_TH); }; close_scope_udp : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_UDP); }; @@ -2846,13 +2849,13 @@ stmt : verdict_stmt | log_stmt close_scope_log | reject_stmt close_scope_reject | nat_stmt close_scope_nat - | tproxy_stmt + | tproxy_stmt close_scope_tproxy | queue_stmt | ct_stmt | masq_stmt close_scope_nat | redir_stmt close_scope_nat - | dup_stmt - | fwd_stmt + | dup_stmt close_scope_dup + | fwd_stmt close_scope_fwd | set_stmt | map_stmt | synproxy_stmt close_scope_synproxy diff --git a/src/scanner.l b/src/scanner.l index be01c6f3..fd1cf059 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -241,10 +241,13 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) %s SCANSTATE_EXPR_UDP %s SCANSTATE_EXPR_UDPLITE +%s SCANSTATE_STMT_DUP +%s SCANSTATE_STMT_FWD %s SCANSTATE_STMT_LOG %s SCANSTATE_STMT_NAT %s SCANSTATE_STMT_REJECT %s SCANSTATE_STMT_SYNPROXY +%s SCANSTATE_STMT_TPROXY %% @@ -328,7 +331,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "cgroupv2" { return CGROUPV2; } "level" { return LEVEL; } } -"tproxy" { return TPROXY; } +"tproxy" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_TPROXY); return TPROXY; } "accept" { return ACCEPT; } "drop" { return DROP; } @@ -336,7 +339,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "jump" { return JUMP; } "goto" { return GOTO; } "return" { return RETURN; } -"to" { return TO; } +<SCANSTATE_EXPR_QUEUE,SCANSTATE_STMT_DUP,SCANSTATE_STMT_FWD,SCANSTATE_STMT_NAT,SCANSTATE_STMT_TPROXY,SCANSTATE_FLAGS,SCANSTATE_IP,SCANSTATE_IP6>"to" { return TO; } /* XXX: SCANSTATE_FLAGS and SCANSTATE_IP here are workarounds */ "inet" { return INET; } "netdev" { return NETDEV; } @@ -759,8 +762,8 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "mod" { return MOD; } "offset" { return OFFSET; } } -"dup" { return DUP; } -"fwd" { return FWD; } +"dup" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_DUP); return DUP; } +"fwd" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_FWD); return FWD; } "fib" { scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_FIB); return FIB; } |