diff options
| -rw-r--r-- | include/parser.h | 1 | ||||
| -rw-r--r-- | src/parser_bison.y | 9 | ||||
| -rw-r--r-- | src/scanner.l | 7 |
3 files changed, 10 insertions, 7 deletions
diff --git a/include/parser.h b/include/parser.h index 0dcc30be..bc42229c 100644 --- a/include/parser.h +++ b/include/parser.h @@ -41,6 +41,7 @@ enum startcond_type { PARSER_SC_IP, PARSER_SC_IP6, PARSER_SC_LIMIT, + PARSER_SC_META, PARSER_SC_POLICY, PARSER_SC_QUOTA, PARSER_SC_SCTP, diff --git a/src/parser_bison.y b/src/parser_bison.y index 794a273f..428df690 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -954,6 +954,7 @@ close_scope_import : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CMD_IMPORT close_scope_ipsec : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_IPSEC); }; close_scope_list : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CMD_LIST); }; close_scope_limit : { scanner_pop_start_cond(nft->scanner, PARSER_SC_LIMIT); }; +close_scope_meta : { scanner_pop_start_cond(nft->scanner, PARSER_SC_META); }; close_scope_mh : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_MH); }; close_scope_monitor : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CMD_MONITOR); }; close_scope_nat : { scanner_pop_start_cond(nft->scanner, PARSER_SC_STMT_NAT); }; @@ -4916,7 +4917,7 @@ chain_expr : variable_expr } ; -meta_expr : META meta_key +meta_expr : META meta_key close_scope_meta { $$ = meta_expr_alloc(&@$, $2); } @@ -4924,7 +4925,7 @@ meta_expr : META meta_key { $$ = meta_expr_alloc(&@$, $1); } - | META STRING + | META STRING close_scope_meta { struct error_record *erec; unsigned int key; @@ -4977,7 +4978,7 @@ meta_key_unqualified : MARK { $$ = NFT_META_MARK; } | HOUR { $$ = NFT_META_TIME_HOUR; } ; -meta_stmt : META meta_key SET stmt_expr +meta_stmt : META meta_key SET stmt_expr close_scope_meta { switch ($2) { case NFT_META_SECMARK: @@ -5001,7 +5002,7 @@ meta_stmt : META meta_key SET stmt_expr { $$ = meta_stmt_alloc(&@$, $1, $3); } - | META STRING SET stmt_expr + | META STRING SET stmt_expr close_scope_meta { struct error_record *erec; unsigned int key; diff --git a/src/scanner.l b/src/scanner.l index 8d4907dc..be01c6f3 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -207,6 +207,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) %s SCANSTATE_IP %s SCANSTATE_IP6 %s SCANSTATE_LIMIT +%s SCANSTATE_META %s SCANSTATE_POLICY %s SCANSTATE_QUOTA %s SCANSTATE_SCTP @@ -503,14 +504,14 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "dscp" { return DSCP; } } "ecn" { return ECN; } -"length" { return LENGTH; } +<SCANSTATE_EXPR_UDP,SCANSTATE_IP,SCANSTATE_IP6,SCANSTATE_META,SCANSTATE_TCP,SCANSTATE_SCTP,SCANSTATE_EXPR_SCTP_CHUNK>"length" { return LENGTH; } <SCANSTATE_EXPR_FRAG,SCANSTATE_IP>{ "frag-off" { return FRAG_OFF; } } <SCANSTATE_EXPR_OSF,SCANSTATE_IP>{ "ttl" { return TTL; } } -"protocol" { return PROTOCOL; } +<SCANSTATE_CT,SCANSTATE_IP,SCANSTATE_META,SCANSTATE_TYPE>"protocol" { return PROTOCOL; } <SCANSTATE_EXPR_MH,SCANSTATE_EXPR_UDP,SCANSTATE_EXPR_UDPLITE,SCANSTATE_ICMP,SCANSTATE_IGMP,SCANSTATE_IP,SCANSTATE_SCTP,SCANSTATE_TCP>{ "checksum" { return CHECKSUM; } } @@ -688,7 +689,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "mh" { scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_MH); return MH; } -"meta" { return META; } +"meta" { scanner_push_start_cond(yyscanner, SCANSTATE_META); return META; } "mark" { return MARK; } "iif" { return IIF; } "iifname" { return IIFNAME; } |