From c1f92755437ea4eee10950a196a5c749329ae5f6 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 2 Jan 2023 15:36:33 +0100 Subject: src: add gre support GRE has a number of fields that are conditional based on flags, which requires custom dependency code similar to icmp and icmpv6. Matching on optional fields is not supported at this stage. Since this is a layer 3 tunnel protocol, an implicit dependency on NFT_META_L4PROTO for IPPROTO_GRE is generated. To achieve this, this patch adds new infrastructure to remove an outer dependency based on the inner protocol from delinearize path. Signed-off-by: Pablo Neira Ayuso --- src/scanner.l | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'src/scanner.l') diff --git a/src/scanner.l b/src/scanner.l index 61a49286..3d9888ab 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -201,6 +201,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) %s SCANSTATE_CT %s SCANSTATE_COUNTER %s SCANSTATE_ETH +%s SCANSTATE_GRE %s SCANSTATE_ICMP %s SCANSTATE_IGMP %s SCANSTATE_IP @@ -492,7 +493,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) } "ip" { scanner_push_start_cond(yyscanner, SCANSTATE_IP); return IP; } -{ +{ "version" { return HDRVERSION; } } { @@ -509,7 +510,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) { "ttl" { return TTL; } } -"protocol" { return PROTOCOL; } +"protocol" { return PROTOCOL; } { "checksum" { return CHECKSUM; } } @@ -624,6 +625,8 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "vxlan" { return VXLAN; } "vni" { return VNI; } +"gre" { scanner_push_start_cond(yyscanner, SCANSTATE_GRE); return GRE; } + "tcp" { scanner_push_start_cond(yyscanner, SCANSTATE_TCP); return TCP; } "dccp" { scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_DCCP); return DCCP; } -- cgit v1.2.3