summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/parser.h3
-rw-r--r--src/parser_bison.y9
-rw-r--r--src/scanner.l11
3 files changed, 16 insertions, 7 deletions
diff --git a/include/parser.h b/include/parser.h
index bc42229c..f32154cc 100644
--- a/include/parser.h
+++ b/include/parser.h
@@ -75,10 +75,13 @@ enum startcond_type {
PARSER_SC_EXPR_UDP,
PARSER_SC_EXPR_UDPLITE,
+ PARSER_SC_STMT_DUP,
+ PARSER_SC_STMT_FWD,
PARSER_SC_STMT_LOG,
PARSER_SC_STMT_NAT,
PARSER_SC_STMT_REJECT,
PARSER_SC_STMT_SYNPROXY,
+ PARSER_SC_STMT_TPROXY,
};
struct mnl_socket;
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 428df690..ca5c488c 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -937,12 +937,14 @@ close_scope_ct : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CT); };
close_scope_counter : { scanner_pop_start_cond(nft->scanner, PARSER_SC_COUNTER); };
close_scope_dccp : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_DCCP); };
close_scope_dst : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_DST); };
+close_scope_dup : { scanner_pop_start_cond(nft->scanner, PARSER_SC_STMT_DUP); };
close_scope_esp : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_ESP); };
close_scope_eth : { scanner_pop_start_cond(nft->scanner, PARSER_SC_ETH); };
close_scope_export : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CMD_EXPORT); };
close_scope_fib : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_FIB); };
close_scope_flags : { scanner_pop_start_cond(nft->scanner, PARSER_SC_FLAGS); };
close_scope_frag : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_FRAG); };
+close_scope_fwd : { scanner_pop_start_cond(nft->scanner, PARSER_SC_STMT_FWD); };
close_scope_hash : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_HASH); };
close_scope_hbh : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_HBH); };
close_scope_ip : { scanner_pop_start_cond(nft->scanner, PARSER_SC_IP); };
@@ -971,6 +973,7 @@ close_scope_sctp_chunk : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_S
close_scope_secmark : { scanner_pop_start_cond(nft->scanner, PARSER_SC_SECMARK); };
close_scope_socket : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_SOCKET); }
close_scope_tcp : { scanner_pop_start_cond(nft->scanner, PARSER_SC_TCP); };
+close_scope_tproxy : { scanner_pop_start_cond(nft->scanner, PARSER_SC_STMT_TPROXY); };
close_scope_type : { scanner_pop_start_cond(nft->scanner, PARSER_SC_TYPE); };
close_scope_th : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_TH); };
close_scope_udp : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_UDP); };
@@ -2846,13 +2849,13 @@ stmt : verdict_stmt
| log_stmt close_scope_log
| reject_stmt close_scope_reject
| nat_stmt close_scope_nat
- | tproxy_stmt
+ | tproxy_stmt close_scope_tproxy
| queue_stmt
| ct_stmt
| masq_stmt close_scope_nat
| redir_stmt close_scope_nat
- | dup_stmt
- | fwd_stmt
+ | dup_stmt close_scope_dup
+ | fwd_stmt close_scope_fwd
| set_stmt
| map_stmt
| synproxy_stmt close_scope_synproxy
diff --git a/src/scanner.l b/src/scanner.l
index be01c6f3..fd1cf059 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -241,10 +241,13 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
%s SCANSTATE_EXPR_UDP
%s SCANSTATE_EXPR_UDPLITE
+%s SCANSTATE_STMT_DUP
+%s SCANSTATE_STMT_FWD
%s SCANSTATE_STMT_LOG
%s SCANSTATE_STMT_NAT
%s SCANSTATE_STMT_REJECT
%s SCANSTATE_STMT_SYNPROXY
+%s SCANSTATE_STMT_TPROXY
%%
@@ -328,7 +331,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"cgroupv2" { return CGROUPV2; }
"level" { return LEVEL; }
}
-"tproxy" { return TPROXY; }
+"tproxy" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_TPROXY); return TPROXY; }
"accept" { return ACCEPT; }
"drop" { return DROP; }
@@ -336,7 +339,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"jump" { return JUMP; }
"goto" { return GOTO; }
"return" { return RETURN; }
-"to" { return TO; }
+<SCANSTATE_EXPR_QUEUE,SCANSTATE_STMT_DUP,SCANSTATE_STMT_FWD,SCANSTATE_STMT_NAT,SCANSTATE_STMT_TPROXY,SCANSTATE_FLAGS,SCANSTATE_IP,SCANSTATE_IP6>"to" { return TO; } /* XXX: SCANSTATE_FLAGS and SCANSTATE_IP here are workarounds */
"inet" { return INET; }
"netdev" { return NETDEV; }
@@ -759,8 +762,8 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"mod" { return MOD; }
"offset" { return OFFSET; }
}
-"dup" { return DUP; }
-"fwd" { return FWD; }
+"dup" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_DUP); return DUP; }
+"fwd" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_FWD); return FWD; }
"fib" { scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_FIB); return FIB; }