diff options
author | Florian Westphal <fw@strlen.de> | 2017-06-07 12:11:36 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2017-06-07 12:38:45 +0200 |
commit | 89e5a141b797b7df81f6ba9d9ea023f5fb6af978 (patch) | |
tree | e84f4fc08c81007ec698033568d71e71c5230224 | |
parent | ae07c2361472b1852d886bf06ed9f2a1fd8aca38 (diff) |
parser: allow ct eventmask set new,related
In case of bitmask types (tcp flags, ct eventmask) nft
allows to use comma operator to test multiple values, i.e.
tcp flags syn,ack ct event new,destroy etc.
But currently nft fails to use this when used in a statement, i.e.
... ct eventmask set new,destroy
gives:
syntax error, unexpected comma
This allows makes this work, it is the same as
ct eventmask set new|destroy
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/parser_bison.y | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index 6be94a9b..a8448e14 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -635,8 +635,11 @@ static void location_update(struct location *loc, struct location *rhs, int n) %destructor { expr_free($$); } rt_expr %type <val> rt_key -%type <expr> ct_expr -%destructor { expr_free($$); } ct_expr +%type <expr> list_stmt_expr +%destructor { expr_free($$); } list_stmt_expr + +%type <expr> ct_expr ct_stmt_expr +%destructor { expr_free($$); } ct_expr ct_stmt_expr %type <val> ct_key ct_key_dir ct_key_dir_optional %type <expr> fib_expr @@ -3174,11 +3177,29 @@ ct_key_dir_optional : BYTES { $$ = NFT_CT_BYTES; } | ZONE { $$ = NFT_CT_ZONE; } ; +list_stmt_expr : symbol_expr COMMA symbol_expr + { + $$ = list_expr_alloc(&@$); + compound_expr_add($$, $1); + compound_expr_add($$, $3); + } + | list_stmt_expr COMMA symbol_expr + { + $1->location = @$; + compound_expr_add($1, $3); + $$ = $1; + } + ; + +ct_stmt_expr : expr + | list_stmt_expr + ; + ct_stmt : CT ct_key SET expr { $$ = ct_stmt_alloc(&@$, $2, -1, $4); } - | CT STRING SET expr + | CT STRING SET ct_stmt_expr { struct error_record *erec; unsigned int key; |