summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/parser.h1
-rw-r--r--src/parser_bison.y11
-rw-r--r--src/scanner.l17
3 files changed, 18 insertions, 11 deletions
diff --git a/include/parser.h b/include/parser.h
index e8635b4c..cb7d12a3 100644
--- a/include/parser.h
+++ b/include/parser.h
@@ -40,6 +40,7 @@ enum startcond_type {
PARSER_SC_QUOTA,
PARSER_SC_SCTP,
PARSER_SC_SECMARK,
+ PARSER_SC_TCP,
PARSER_SC_VLAN,
PARSER_SC_CMD_LIST,
PARSER_SC_EXPR_FIB,
diff --git a/src/parser_bison.y b/src/parser_bison.y
index bc5ec2e6..26060985 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -929,6 +929,7 @@ close_scope_list : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CMD_LIST); }
close_scope_limit : { scanner_pop_start_cond(nft->scanner, PARSER_SC_LIMIT); };
close_scope_numgen : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_NUMGEN); };
close_scope_quota : { scanner_pop_start_cond(nft->scanner, PARSER_SC_QUOTA); };
+close_scope_tcp : { scanner_pop_start_cond(nft->scanner, PARSER_SC_TCP); }
close_scope_queue : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_QUEUE); };
close_scope_rt : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_RT); };
close_scope_sctp : { scanner_pop_start_cond(nft->scanner, PARSER_SC_SCTP); };
@@ -3109,7 +3110,7 @@ level_type : string
}
;
-log_flags : TCP log_flags_tcp
+log_flags : TCP log_flags_tcp close_scope_tcp
{
$$ = $2;
}
@@ -3360,7 +3361,7 @@ reject_opts : /* empty */
$<stmt>0->reject.expr = $3;
datatype_set($<stmt>0->reject.expr, &icmpx_code_type);
}
- | WITH TCP RESET
+ | WITH TCP close_scope_tcp RESET
{
$<stmt>0->reject.type = NFT_REJECT_TCP_RST;
}
@@ -4460,7 +4461,7 @@ ct_cmd_type : HELPERS { $$ = CMD_OBJ_CT_HELPERS; }
| EXPECTATION { $$ = CMD_OBJ_CT_EXPECT; }
;
-ct_l4protoname : TCP { $$ = IPPROTO_TCP; }
+ct_l4protoname : TCP close_scope_tcp { $$ = IPPROTO_TCP; }
| UDP { $$ = IPPROTO_UDP; }
;
@@ -4734,7 +4735,7 @@ primary_rhs_expr : symbol_expr { $$ = $1; }
| integer_expr { $$ = $1; }
| boolean_expr { $$ = $1; }
| keyword_expr { $$ = $1; }
- | TCP
+ | TCP close_scope_tcp
{
uint8_t data = IPPROTO_TCP;
$$ = constant_expr_alloc(&@$, &inet_protocol_type,
@@ -5241,7 +5242,7 @@ payload_expr : payload_raw_expr
| comp_hdr_expr
| udp_hdr_expr
| udplite_hdr_expr
- | tcp_hdr_expr
+ | tcp_hdr_expr close_scope_tcp
| dccp_hdr_expr
| sctp_hdr_expr
| th_hdr_expr
diff --git a/src/scanner.l b/src/scanner.l
index 455ef99f..09fcbd09 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -206,6 +206,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
%s SCANSTATE_QUOTA
%s SCANSTATE_SCTP
%s SCANSTATE_SECMARK
+%s SCANSTATE_TCP
%s SCANSTATE_VLAN
%s SCANSTATE_CMD_LIST
%s SCANSTATE_EXPR_FIB
@@ -465,10 +466,9 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"value" { return VALUE; }
}
+<SCANSTATE_TCP>{
"echo" { return ECHO; }
"eol" { return EOL; }
-"maxseg" { return MSS; }
-"mss" { return MSS; }
"nop" { return NOP; }
"noop" { return NOP; }
"sack" { return SACK; }
@@ -476,9 +476,6 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"sack1" { return SACK1; }
"sack2" { return SACK2; }
"sack3" { return SACK3; }
-"sack-permitted" { return SACK_PERM; }
-"sack-perm" { return SACK_PERM; }
-"timestamp" { return TIMESTAMP; }
"time" { return TIME; }
"count" { return COUNT; }
@@ -486,6 +483,12 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"right" { return RIGHT; }
"tsval" { return TSVAL; }
"tsecr" { return TSECR; }
+}
+"maxseg" { return MSS; }
+"mss" { return MSS; }
+"sack-permitted" { return SACK_PERM; }
+"sack-perm" { return SACK_PERM; }
+"timestamp" { return TIMESTAMP; }
"icmp" { return ICMP; }
"code" { return CODE; }
@@ -524,7 +527,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"dport" { return DPORT; }
"port" { return PORT; }
-"tcp" { return TCP; }
+"tcp" { scanner_push_start_cond(yyscanner, SCANSTATE_TCP); return TCP; }
"ackseq" { return ACKSEQ; }
"doff" { return DOFF; }
"window" { return WINDOW; }
@@ -560,6 +563,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"asconf" { return ASCONF; }
"tsn" { return TSN; }
+ "sack" { return SACK; }
"stream" { return STREAM; }
"ssn" { return SSN; }
"ppid" { return PPID; }
@@ -641,6 +645,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"label" { return LABEL; }
"state" { return STATE; }
"status" { return STATUS; }
+ "count" { return COUNT; }
}
"numgen" { scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_NUMGEN); return NUMGEN; }