From 578467c10f0ec10faf456cec529c2af14fc81495 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Fri, 30 Jul 2021 17:20:27 +0200
Subject: scanner: policy: move to own scope

Isolate 'performance' and 'memory' keywords.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 include/parser.h   | 1 +
 src/parser_bison.y | 7 ++++---
 src/scanner.l      | 9 ++++++---
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/include/parser.h b/include/parser.h
index 57f1fcc5..79eadc0d 100644
--- a/include/parser.h
+++ b/include/parser.h
@@ -40,6 +40,7 @@ enum startcond_type {
 	PARSER_SC_IP,
 	PARSER_SC_IP6,
 	PARSER_SC_LIMIT,
+	PARSER_SC_POLICY,
 	PARSER_SC_QUOTA,
 	PARSER_SC_SCTP,
 	PARSER_SC_SECMARK,
diff --git a/src/parser_bison.y b/src/parser_bison.y
index f75fe4ae..2d419287 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -957,6 +957,7 @@ close_scope_mh		: { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_MH); };
 close_scope_monitor	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_CMD_MONITOR); };
 close_scope_numgen	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_NUMGEN); };
 close_scope_osf		: { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_OSF); };
+close_scope_policy	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_POLICY); };
 close_scope_quota	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_QUOTA); };
 close_scope_queue	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_QUEUE); };
 close_scope_reject	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_STMT_REJECT); };
@@ -2101,7 +2102,7 @@ map_block		:	/* empty */	{ $$ = $<set>-1; }
 			|	map_block	set_mechanism	stmt_separator
 			;
 
-set_mechanism		:	POLICY		set_policy_spec
+set_mechanism		:	POLICY		set_policy_spec	close_scope_policy
 			{
 				$<set>0->policy = $2;
 			}
@@ -2519,7 +2520,7 @@ flags_spec		:	FLAGS		OFFLOAD	close_scope_flags
 			}
 			;
 
-policy_spec		:	POLICY		policy_expr
+policy_spec		:	POLICY		policy_expr	close_scope_policy
 			{
 				if ($<chain>0->policy) {
 					erec_queue(error(&@$, "you cannot set chain policy twice"),
@@ -4567,7 +4568,7 @@ ct_timeout_config	:	PROTOCOL	ct_l4protoname	stmt_separator
 				ct = &$<obj>0->ct_timeout;
 				ct->l4proto = l4proto;
 			}
-			|	POLICY 	'=' 	'{' 	timeout_states 	'}'	 stmt_separator
+			|	POLICY 	'=' 	'{' 	timeout_states 	'}'	 stmt_separator	close_scope_policy
 			{
 				struct ct_timeout *ct;
 
diff --git a/src/scanner.l b/src/scanner.l
index 608471b3..b885f845 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -206,6 +206,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
 %s SCANSTATE_IP
 %s SCANSTATE_IP6
 %s SCANSTATE_LIMIT
+%s SCANSTATE_POLICY
 %s SCANSTATE_QUOTA
 %s SCANSTATE_SCTP
 %s SCANSTATE_SECMARK
@@ -370,10 +371,12 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
 "elements"		{ return ELEMENTS; }
 "expires"		{ return EXPIRES; }
 
-"policy"		{ return POLICY; }
+"policy"		{ scanner_push_start_cond(yyscanner, SCANSTATE_POLICY); return POLICY; }
 "size"			{ return SIZE; }
-"performance"		{ return PERFORMANCE; }
-"memory"		{ return MEMORY; }
+<SCANSTATE_POLICY>{
+	"performance"		{ return PERFORMANCE; }
+	"memory"		{ return MEMORY; }
+}
 
 "flow"			{ return FLOW; }
 "offload"		{ return OFFLOAD; }
-- 
cgit v1.2.3