diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/parser_bison.y | 9 | ||||
| -rw-r--r-- | src/scanner.l | 13 |
2 files changed, 13 insertions, 9 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index 423dddfc..83d78a23 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -862,6 +862,7 @@ opt_newline : NEWLINE ; close_scope_hash : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_HASH); }; +close_scope_ipsec : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_IPSEC); }; close_scope_numgen : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_NUMGEN); }; close_scope_queue : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_QUEUE); }; @@ -4738,7 +4739,7 @@ meta_key_unqualified : MARK { $$ = NFT_META_MARK; } | IIFGROUP { $$ = NFT_META_IIFGROUP; } | OIFGROUP { $$ = NFT_META_OIFGROUP; } | CGROUP { $$ = NFT_META_CGROUP; } - | IPSEC { $$ = NFT_META_SECPATH; } + | IPSEC close_scope_ipsec { $$ = NFT_META_SECPATH; } | TIME { $$ = NFT_META_TIME_NS; } | DAY { $$ = NFT_META_TIME_DAY; } | HOUR { $$ = NFT_META_TIME_HOUR; } @@ -4837,7 +4838,7 @@ xfrm_state_proto_key : DADDR { $$ = NFT_XFRM_KEY_DADDR_IP4; } | SADDR { $$ = NFT_XFRM_KEY_SADDR_IP4; } ; -xfrm_expr : IPSEC xfrm_dir xfrm_spnum xfrm_state_key +xfrm_expr : IPSEC xfrm_dir xfrm_spnum xfrm_state_key close_scope_ipsec { if ($3 > 255) { erec_queue(error(&@3, "value too large"), state->msgs); @@ -4845,7 +4846,7 @@ xfrm_expr : IPSEC xfrm_dir xfrm_spnum xfrm_state_key } $$ = xfrm_expr_alloc(&@$, $2, $3, $4); } - | IPSEC xfrm_dir xfrm_spnum nf_key_proto xfrm_state_proto_key + | IPSEC xfrm_dir xfrm_spnum nf_key_proto xfrm_state_proto_key close_scope_ipsec { enum nft_xfrm_keys xfrmk = $5; @@ -4919,7 +4920,7 @@ rt_expr : RT rt_key rt_key : CLASSID { $$ = NFT_RT_CLASSID; } | NEXTHOP { $$ = NFT_RT_NEXTHOP4; } | MTU { $$ = NFT_RT_TCPMSS; } - | IPSEC { $$ = NFT_RT_XFRM; } + | IPSEC close_scope_ipsec { $$ = NFT_RT_XFRM; } ; ct_expr : CT ct_key diff --git a/src/scanner.l b/src/scanner.l index 893364b7..cf3d7d52 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -197,6 +197,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) %option warn %option stack %s SCANSTATE_EXPR_HASH +%s SCANSTATE_EXPR_IPSEC %s SCANSTATE_EXPR_NUMGEN %s SCANSTATE_EXPR_QUEUE @@ -594,12 +595,14 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "exthdr" { return EXTHDR; } -"ipsec" { return IPSEC; } -"reqid" { return REQID; } -"spnum" { return SPNUM; } +"ipsec" { scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_IPSEC); return IPSEC; } +<SCANSTATE_EXPR_IPSEC>{ + "reqid" { return REQID; } + "spnum" { return SPNUM; } -"in" { return IN; } -"out" { return OUT; } + "in" { return IN; } + "out" { return OUT; } +} "secmark" { return SECMARK; } "secmarks" { return SECMARKS; } |