From 232f2c3287fc780f31c076767799afc08d34cf02 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 23 Jul 2021 14:34:34 +0200 Subject: scanner: synproxy: Move to own scope Quite a few keywords are shared with PARSER_SC_TCP. Signed-off-by: Phil Sutter --- src/parser_bison.y | 15 ++++++++------- src/scanner.l | 20 +++++++++++++------- 2 files changed, 21 insertions(+), 14 deletions(-) (limited to 'src') diff --git a/src/parser_bison.y b/src/parser_bison.y index 8a1081a0..0fc8e855 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -954,6 +954,7 @@ close_scope_socket : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_SOCKE close_scope_tcp : { scanner_pop_start_cond(nft->scanner, PARSER_SC_TCP); }; close_scope_log : { scanner_pop_start_cond(nft->scanner, PARSER_SC_STMT_LOG); } +close_scope_synproxy : { scanner_pop_start_cond(nft->scanner, PARSER_SC_STMT_SYNPROXY); } common_block : INCLUDE QUOTED_STRING stmt_separator { @@ -1154,11 +1155,11 @@ add_cmd : TABLE table_spec { $$ = cmd_alloc(CMD_ADD, CMD_OBJ_SECMARK, &$2, &@$, $3); } - | SYNPROXY obj_spec synproxy_obj synproxy_config + | SYNPROXY obj_spec synproxy_obj synproxy_config close_scope_synproxy { $$ = cmd_alloc(CMD_ADD, CMD_OBJ_SYNPROXY, &$2, &@$, $3); } - | SYNPROXY obj_spec synproxy_obj '{' synproxy_block '}' + | SYNPROXY obj_spec synproxy_obj '{' synproxy_block '}' close_scope_synproxy { $$ = cmd_alloc(CMD_ADD, CMD_OBJ_SYNPROXY, &$2, &@$, $3); } @@ -1255,7 +1256,7 @@ create_cmd : TABLE table_spec { $$ = cmd_alloc(CMD_CREATE, CMD_OBJ_SECMARK, &$2, &@$, $3); } - | SYNPROXY obj_spec synproxy_obj synproxy_config + | SYNPROXY obj_spec synproxy_obj synproxy_config close_scope_synproxy { $$ = cmd_alloc(CMD_CREATE, CMD_OBJ_SYNPROXY, &$2, &@$, $3); } @@ -1344,7 +1345,7 @@ delete_cmd : TABLE table_or_id_spec { $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_SECMARK, &$2, &@$, NULL); } - | SYNPROXY obj_or_id_spec + | SYNPROXY obj_or_id_spec close_scope_synproxy { $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_SYNPROXY, &$2, &@$, NULL); } @@ -1440,7 +1441,7 @@ list_cmd : TABLE table_spec { $$ = cmd_alloc(CMD_LIST, CMD_OBJ_SYNPROXYS, &$3, &@$, NULL); } - | SYNPROXY obj_spec + | SYNPROXY obj_spec close_scope_synproxy { $$ = cmd_alloc(CMD_LIST, CMD_OBJ_SYNPROXY, &$2, &@$, NULL); } @@ -1796,7 +1797,7 @@ table_block : /* empty */ { $$ = $-1; } } | table_block SYNPROXY obj_identifier obj_block_alloc '{' synproxy_block '}' - stmt_separator + stmt_separator close_scope_synproxy { $4->location = @3; $4->type = NFT_OBJECT_SYNPROXY; @@ -2831,7 +2832,7 @@ stmt : verdict_stmt | fwd_stmt | set_stmt | map_stmt - | synproxy_stmt + | synproxy_stmt close_scope_synproxy | chain_stmt | optstrip_stmt ; diff --git a/src/scanner.l b/src/scanner.l index 95dcd033..01cb501c 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -221,6 +221,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) %s SCANSTATE_EXPR_SOCKET %s SCANSTATE_STMT_LOG +%s SCANSTATE_STMT_SYNPROXY %% @@ -492,6 +493,9 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "sack1" { return SACK1; } "sack2" { return SACK2; } "sack3" { return SACK3; } + "sack-permitted" { return SACK_PERM; } + "sack-perm" { return SACK_PERM; } + "timestamp" { return TIMESTAMP; } "fastopen" { return FASTOPEN; } "mptcp" { return MPTCP; } "md5sig" { return MD5SIG; } @@ -508,11 +512,6 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "option" { return OPTION; } } "time" { return TIME; } -"maxseg" { return MSS; } -"mss" { return MSS; } -"sack-permitted" { return SACK_PERM; } -"sack-perm" { return SACK_PERM; } -"timestamp" { return TIMESTAMP; } "icmp" { scanner_push_start_cond(yyscanner, SCANSTATE_ICMP); return ICMP; } "icmpv6" { scanner_push_start_cond(yyscanner, SCANSTATE_ICMP); return ICMP6; } @@ -694,8 +693,15 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "osf" { return OSF; } -"synproxy" { return SYNPROXY; } -"wscale" { return WSCALE; } +"synproxy" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_SYNPROXY); return SYNPROXY; } +{ + "wscale" { return WSCALE; } + "maxseg" { return MSS; } + "mss" { return MSS; } + "timestamp" { return TIMESTAMP; } + "sack-permitted" { return SACK_PERM; } + "sack-perm" { return SACK_PERM; } +} "notrack" { return NOTRACK; } -- cgit v1.2.3