diff options
| -rw-r--r-- | include/parser.h | 1 | ||||
| -rw-r--r-- | src/parser_bison.y | 21 | ||||
| -rw-r--r-- | src/scanner.l | 9 |
3 files changed, 18 insertions, 13 deletions
diff --git a/include/parser.h b/include/parser.h index a778cb59..586a9848 100644 --- a/include/parser.h +++ b/include/parser.h @@ -30,6 +30,7 @@ enum startcond_type { PARSER_SC_BEGIN, PARSER_SC_CT, PARSER_SC_IP, + PARSER_SC_IP6, PARSER_SC_EXPR_HASH, PARSER_SC_EXPR_IPSEC, PARSER_SC_EXPR_NUMGEN, diff --git a/src/parser_bison.y b/src/parser_bison.y index ba15366c..9ef2602e 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -864,6 +864,7 @@ opt_newline : NEWLINE close_scope_ct : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CT); }; close_scope_hash : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_HASH); }; close_scope_ip : { scanner_pop_start_cond(nft->scanner, PARSER_SC_IP); }; +close_scope_ip6 : { scanner_pop_start_cond(nft->scanner, PARSER_SC_IP6); }; close_scope_ipsec : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_IPSEC); }; close_scope_numgen : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_NUMGEN); }; close_scope_queue : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_QUEUE); }; @@ -2426,11 +2427,11 @@ family_spec : /* empty */ { $$ = NFPROTO_IPV4; } ; family_spec_explicit : IP close_scope_ip { $$ = NFPROTO_IPV4; } - | IP6 { $$ = NFPROTO_IPV6; } - | INET { $$ = NFPROTO_INET; } - | ARP { $$ = NFPROTO_ARP; } - | BRIDGE { $$ = NFPROTO_BRIDGE; } - | NETDEV { $$ = NFPROTO_NETDEV; } + | IP6 close_scope_ip6 { $$ = NFPROTO_IPV6; } + | INET { $$ = NFPROTO_INET; } + | ARP { $$ = NFPROTO_ARP; } + | BRIDGE { $$ = NFPROTO_BRIDGE; } + | NETDEV { $$ = NFPROTO_NETDEV; } ; table_spec : family_spec identifier @@ -4539,7 +4540,7 @@ boolean_expr : boolean_keys keyword_expr : ETHER { $$ = symbol_value(&@$, "ether"); } | IP close_scope_ip { $$ = symbol_value(&@$, "ip"); } - | IP6 { $$ = symbol_value(&@$, "ip6"); } + | IP6 close_scope_ip6 { $$ = symbol_value(&@$, "ip6"); } | VLAN { $$ = symbol_value(&@$, "vlan"); } | ARP { $$ = symbol_value(&@$, "arp"); } | DNAT { $$ = symbol_value(&@$, "dnat"); } @@ -4894,7 +4895,7 @@ hash_expr : JHASH expr MOD NUM SEED NUM offset_opt close_scope_hash ; nf_key_proto : IP close_scope_ip { $$ = NFPROTO_IPV4; } - | IP6 { $$ = NFPROTO_IPV6; } + | IP6 close_scope_ip6 { $$ = NFPROTO_IPV6; } ; rt_expr : RT rt_key close_scope_rt @@ -4975,8 +4976,8 @@ ct_key_dir : SADDR { $$ = NFT_CT_SRC; } ct_key_proto_field : IP SADDR close_scope_ip { $$ = NFT_CT_SRC_IP; } | IP DADDR close_scope_ip { $$ = NFT_CT_DST_IP; } - | IP6 SADDR { $$ = NFT_CT_SRC_IP6; } - | IP6 DADDR { $$ = NFT_CT_DST_IP6; } + | IP6 SADDR close_scope_ip6 { $$ = NFT_CT_SRC_IP6; } + | IP6 DADDR close_scope_ip6 { $$ = NFT_CT_DST_IP6; } ; ct_key_dir_optional : BYTES { $$ = NFT_CT_BYTES; } @@ -5187,7 +5188,7 @@ igmp_hdr_field : TYPE { $$ = IGMPHDR_TYPE; } | GROUP { $$ = IGMPHDR_GROUP; } ; -ip6_hdr_expr : IP6 ip6_hdr_field +ip6_hdr_expr : IP6 ip6_hdr_field close_scope_ip6 { $$ = payload_expr_alloc(&@$, &proto_ip6, $2); } diff --git a/src/scanner.l b/src/scanner.l index 26294506..15d1beca 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -198,6 +198,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) %option stack %s SCANSTATE_CT %s SCANSTATE_IP +%s SCANSTATE_IP6 %s SCANSTATE_EXPR_HASH %s SCANSTATE_EXPR_IPSEC %s SCANSTATE_EXPR_NUMGEN @@ -462,11 +463,13 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "igmp" { return IGMP; } "mrt" { return MRT; } -"ip6" { return IP6; } +"ip6" { scanner_push_start_cond(yyscanner, SCANSTATE_IP6); return IP6; } "priority" { return PRIORITY; } -"flowlabel" { return FLOWLABEL; } +<SCANSTATE_IP6>{ + "flowlabel" { return FLOWLABEL; } + "hoplimit" { return HOPLIMIT; } +} "nexthdr" { return NEXTHDR; } -"hoplimit" { return HOPLIMIT; } "icmpv6" { return ICMP6; } "param-problem" { return PPTR; } |