From a7d8cca9a18ac760913b55c8a2d1e915f3d0f612 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 23 Jul 2021 13:00:50 +0200 Subject: scanner: icmp{,v6}: Move to own scope Unify the two, header fields are almost identical. Signed-off-by: Phil Sutter --- src/parser_bison.y | 13 +++++++------ src/scanner.l | 19 +++++++++++-------- 2 files changed, 18 insertions(+), 14 deletions(-) (limited to 'src') diff --git a/src/parser_bison.y b/src/parser_bison.y index ffbaf181..0e1045ed 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -938,6 +938,7 @@ close_scope_hash : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_HASH); close_scope_ip : { scanner_pop_start_cond(nft->scanner, PARSER_SC_IP); }; close_scope_ip6 : { scanner_pop_start_cond(nft->scanner, PARSER_SC_IP6); }; close_scope_vlan : { scanner_pop_start_cond(nft->scanner, PARSER_SC_VLAN); }; +close_scope_icmp : { scanner_pop_start_cond(nft->scanner, PARSER_SC_ICMP); }; close_scope_ipsec : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_IPSEC); }; close_scope_list : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CMD_LIST); }; close_scope_limit : { scanner_pop_start_cond(nft->scanner, PARSER_SC_LIMIT); }; @@ -3344,7 +3345,7 @@ reject_opts : /* empty */ $0->reject.type = -1; $0->reject.icmp_code = -1; } - | WITH ICMP TYPE reject_with_expr + | WITH ICMP TYPE reject_with_expr close_scope_icmp { $0->reject.family = NFPROTO_IPV4; $0->reject.type = NFT_REJECT_ICMP_UNREACH; @@ -3358,7 +3359,7 @@ reject_opts : /* empty */ $0->reject.expr = $3; datatype_set($0->reject.expr, &icmp_code_type); } - | WITH ICMP6 TYPE reject_with_expr + | WITH ICMP6 TYPE reject_with_expr close_scope_icmp { $0->reject.family = NFPROTO_IPV6; $0->reject.type = NFT_REJECT_ICMP_UNREACH; @@ -4793,7 +4794,7 @@ primary_rhs_expr : symbol_expr { $$ = $1; } BYTEORDER_HOST_ENDIAN, sizeof(data) * BITS_PER_BYTE, &data); } - | ICMP + | ICMP close_scope_icmp { uint8_t data = IPPROTO_ICMP; $$ = constant_expr_alloc(&@$, &inet_protocol_type, @@ -4807,7 +4808,7 @@ primary_rhs_expr : symbol_expr { $$ = $1; } BYTEORDER_HOST_ENDIAN, sizeof(data) * BITS_PER_BYTE, &data); } - | ICMP6 + | ICMP6 close_scope_icmp { uint8_t data = IPPROTO_ICMPV6; $$ = constant_expr_alloc(&@$, &inet_protocol_type, @@ -5383,7 +5384,7 @@ ip_option_field : TYPE { $$ = IPOPT_FIELD_TYPE; } | ADDR { $$ = IPOPT_FIELD_ADDR_0; } ; -icmp_hdr_expr : ICMP icmp_hdr_field +icmp_hdr_expr : ICMP icmp_hdr_field close_scope_icmp { $$ = payload_expr_alloc(&@$, &proto_icmp, $2); } @@ -5426,7 +5427,7 @@ ip6_hdr_field : HDRVERSION { $$ = IP6HDR_VERSION; } | SADDR { $$ = IP6HDR_SADDR; } | DADDR { $$ = IP6HDR_DADDR; } ; -icmp6_hdr_expr : ICMP6 icmp6_hdr_field +icmp6_hdr_expr : ICMP6 icmp6_hdr_field close_scope_icmp { $$ = payload_expr_alloc(&@$, &proto_icmp6, $2); } diff --git a/src/scanner.l b/src/scanner.l index 9a189ec3..e8ec352f 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -200,6 +200,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) %s SCANSTATE_CT %s SCANSTATE_COUNTER %s SCANSTATE_ETH +%s SCANSTATE_ICMP %s SCANSTATE_IP %s SCANSTATE_IP6 %s SCANSTATE_LIMIT @@ -496,11 +497,16 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "sack-perm" { return SACK_PERM; } "timestamp" { return TIMESTAMP; } -"icmp" { return ICMP; } -"code" { return CODE; } +"icmp" { scanner_push_start_cond(yyscanner, SCANSTATE_ICMP); return ICMP; } +"icmpv6" { scanner_push_start_cond(yyscanner, SCANSTATE_ICMP); return ICMP6; } +{ + "gateway" { return GATEWAY; } + "code" { return CODE; } + "param-problem" { return PPTR; } + "max-delay" { return MAXDELAY; } + "mtu" { return MTU; } +} "sequence" { return SEQUENCE; } -"gateway" { return GATEWAY; } -"mtu" { return MTU; } "igmp" { return IGMP; } "mrt" { return MRT; } @@ -513,10 +519,6 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) } "nexthdr" { return NEXTHDR; } -"icmpv6" { return ICMP6; } -"param-problem" { return PPTR; } -"max-delay" { return MAXDELAY; } - "ah" { return AH; } "reserved" { return RESERVED; } "spi" { return SPI; } @@ -631,6 +633,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "classid" { return CLASSID; } "nexthop" { return NEXTHOP; } "seg-left" { return SEG_LEFT; } + "mtu" { return MTU; } } "ct" { scanner_push_start_cond(yyscanner, SCANSTATE_CT); return CT; } -- cgit v1.2.3