Context sensitive handling of "param-problem" and "redirect" is necessary to allow usage of them as token or as string for icmp types. Without this patch, e.g. the following fails: nft add rule filter input icmp type redirect accept nft add rule filter input icmpv6 type param-problem accept Signed-off-by: Alexander Holler <holler@xxxxxxxxxxxxx> --- src/parser_bison.y | 6 ++++-- src/scanner.l | 23 +++++++++++++++++++---- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/src/parser_bison.y b/src/parser_bison.y index b86381d..36a71d0 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -34,6 +34,8 @@ #include "parser_bison.h" +int icmp_flag; + void parser_init(struct parser_state *state, struct list_head *msgs) { memset(state, 0, sizeof(*state)); @@ -500,10 +502,10 @@ static void location_update(struct location *loc, struct location *rhs, int n) %destructor { expr_free($$); } arp_hdr_expr %type <val> arp_hdr_field %type <expr> ip_hdr_expr icmp_hdr_expr -%destructor { expr_free($$); } ip_hdr_expr icmp_hdr_expr +%destructor { expr_free($$); icmp_flag = 0; } ip_hdr_expr icmp_hdr_expr %type <val> ip_hdr_field icmp_hdr_field %type <expr> ip6_hdr_expr icmp6_hdr_expr -%destructor { expr_free($$); } ip6_hdr_expr icmp6_hdr_expr +%destructor { expr_free($$); icmp_flag = 0; } ip6_hdr_expr icmp6_hdr_expr %type <val> ip6_hdr_field icmp6_hdr_field %type <expr> auth_hdr_expr esp_hdr_expr comp_hdr_expr %destructor { expr_free($$); } auth_hdr_expr esp_hdr_expr comp_hdr_expr diff --git a/src/scanner.l b/src/scanner.l index 73c4f8b..3468276 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -100,6 +100,7 @@ static void reset_pos(struct parser_state *state, struct location *loc) /* avoid warnings with -Wmissing-prototypes */ extern int yyget_column(yyscan_t); extern void yyset_column(int, yyscan_t); +extern int icmp_flag; %} @@ -320,7 +321,14 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "snat" { return SNAT; } "dnat" { return DNAT; } "masquerade" { return MASQUERADE; } -"redirect" { return REDIRECT; } +"redirect" { + if (icmp_flag == 4) { + yylval->string = xstrdup(yytext); + return STRING; + } else + return REDIRECT; + } + "random" { return RANDOM; } "fully-random" { return FULLY_RANDOM; } "persistent" { return PERSISTENT; } @@ -358,7 +366,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "protocol" { return PROTOCOL; } "checksum" { return CHECKSUM; } -"icmp" { return ICMP; } +"icmp" { icmp_flag = 4; return ICMP; } "code" { return CODE; } "sequence" { return SEQUENCE; } "gateway" { return GATEWAY; } @@ -369,9 +377,16 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "flowlabel" { return FLOWLABEL; } "nexthdr" { return NEXTHDR; } "hoplimit" { return HOPLIMIT; } +"icmpv6" { icmp_flag = 6; return ICMP6; } +"param-problem" { + if (icmp_flag == 6) { + yylval->string = xstrdup(yytext); + return STRING; + } else + return PPTR; + } + -"icmpv6" { return ICMP6; } -"param-problem" { return PPTR; } "max-delay" { return MAXDELAY; } "ah" { return AH; } -- 2.1.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html