diff options
| -rw-r--r-- | include/parser.h | 1 | ||||
| -rw-r--r-- | src/parser_bison.y | 13 | ||||
| -rw-r--r-- | src/scanner.l | 21 |
3 files changed, 20 insertions, 15 deletions
diff --git a/include/parser.h b/include/parser.h index 79eadc0d..0ff0ecfb 100644 --- a/include/parser.h +++ b/include/parser.h @@ -74,6 +74,7 @@ enum startcond_type { PARSER_SC_EXPR_UDPLITE, PARSER_SC_STMT_LOG, + PARSER_SC_STMT_NAT, PARSER_SC_STMT_REJECT, PARSER_SC_STMT_SYNPROXY, }; diff --git a/src/parser_bison.y b/src/parser_bison.y index 2d419287..d8e9937b 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -955,6 +955,7 @@ close_scope_list : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CMD_LIST); } close_scope_limit : { scanner_pop_start_cond(nft->scanner, PARSER_SC_LIMIT); }; close_scope_mh : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_MH); }; close_scope_monitor : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CMD_MONITOR); }; +close_scope_nat : { scanner_pop_start_cond(nft->scanner, PARSER_SC_STMT_NAT); }; close_scope_numgen : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_NUMGEN); }; close_scope_osf : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_OSF); }; close_scope_policy : { scanner_pop_start_cond(nft->scanner, PARSER_SC_POLICY); }; @@ -2842,12 +2843,12 @@ stmt : verdict_stmt | meta_stmt | log_stmt close_scope_log | reject_stmt close_scope_reject - | nat_stmt + | nat_stmt close_scope_nat | tproxy_stmt | queue_stmt | ct_stmt - | masq_stmt - | redir_stmt + | masq_stmt close_scope_nat + | redir_stmt close_scope_nat | dup_stmt | fwd_stmt | set_stmt @@ -4768,8 +4769,8 @@ keyword_expr : ETHER close_scope_eth { $$ = symbol_value(&@$, "ether"); } | IP6 close_scope_ip6 { $$ = symbol_value(&@$, "ip6"); } | VLAN close_scope_vlan { $$ = symbol_value(&@$, "vlan"); } | ARP close_scope_arp { $$ = symbol_value(&@$, "arp"); } - | DNAT { $$ = symbol_value(&@$, "dnat"); } - | SNAT { $$ = symbol_value(&@$, "snat"); } + | DNAT close_scope_nat { $$ = symbol_value(&@$, "dnat"); } + | SNAT close_scope_nat { $$ = symbol_value(&@$, "snat"); } | ECN { $$ = symbol_value(&@$, "ecn"); } | RESET close_scope_reset { $$ = symbol_value(&@$, "reset"); } | ORIGINAL { $$ = symbol_value(&@$, "original"); } @@ -4858,7 +4859,7 @@ primary_rhs_expr : symbol_expr { $$ = $1; } BYTEORDER_HOST_ENDIAN, sizeof(data) * BITS_PER_BYTE, &data); } - | REDIRECT + | REDIRECT close_scope_nat { uint8_t data = ICMP_REDIRECT; $$ = constant_expr_alloc(&@$, &icmp_type_type, diff --git a/src/scanner.l b/src/scanner.l index b885f845..078bcc70 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -240,6 +240,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) %s SCANSTATE_EXPR_UDPLITE %s SCANSTATE_STMT_LOG +%s SCANSTATE_STMT_NAT %s SCANSTATE_STMT_REJECT %s SCANSTATE_STMT_SYNPROXY @@ -403,7 +404,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) } "log" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_LOG); return LOG; } -"prefix" { return PREFIX; } +<SCANSTATE_STMT_LOG,SCANSTATE_STMT_NAT,SCANSTATE_IP>"prefix" { return PREFIX; } <SCANSTATE_STMT_LOG>{ "snaplen" { return SNAPLEN; } "queue-threshold" { return QUEUE_THRESHOLD; } @@ -444,13 +445,16 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "icmpx" { return ICMPX; } } -"snat" { return SNAT; } -"dnat" { return DNAT; } -"masquerade" { return MASQUERADE; } -"redirect" { return REDIRECT; } +"snat" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_NAT); return SNAT; } +"dnat" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_NAT); return DNAT; } +"masquerade" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_NAT); return MASQUERADE; } +"redirect" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_NAT); return REDIRECT; } "random" { return RANDOM; } -"fully-random" { return FULLY_RANDOM; } -"persistent" { return PERSISTENT; } +<SCANSTATE_STMT_NAT>{ + "fully-random" { return FULLY_RANDOM; } + "persistent" { return PERSISTENT; } + "port" { return PORT; } +} "ll" { return LL_HDR; } "nh" { return NETWORK_HDR; } @@ -614,7 +618,6 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) <SCANSTATE_CT,SCANSTATE_EXPR_DCCP,SCANSTATE_SCTP,SCANSTATE_TCP,SCANSTATE_EXPR_TH,SCANSTATE_EXPR_UDP,SCANSTATE_EXPR_UDPLITE>{ "dport" { return DPORT; } } -"port" { return PORT; } "tcp" { scanner_push_start_cond(yyscanner, SCANSTATE_TCP); return TCP; } @@ -668,7 +671,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "rt0" { scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_RT); return RT0; } "rt2" { scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_RT); return RT2; } "srh" { scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_RT); return RT4; } -"addr" { return ADDR; } +<SCANSTATE_EXPR_RT,SCANSTATE_STMT_NAT>"addr" { return ADDR; } "hbh" { scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_HBH); return HBH; } |