Context sensitive handling of "param-problem" and "redirect" is necessary
to allow usage of them as token or as string for icmp types.
Without this patch, e.g. the following fails:
nft add rule filter input icmp type redirect accept
nft add rule filter input icmpv6 type param-problem accept
Signed-off-by: Alexander Holler <holler@xxxxxxxxxxxxx>
---
src/parser_bison.y | 6 ++++--
src/scanner.l | 23 +++++++++++++++++++----
2 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index b86381d..36a71d0 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -34,6 +34,8 @@
#include "parser_bison.h"
+int icmp_flag;
+
void parser_init(struct parser_state *state, struct list_head *msgs)
{
memset(state, 0, sizeof(*state));
@@ -500,10 +502,10 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%destructor { expr_free($$); } arp_hdr_expr
%type <val> arp_hdr_field
%type <expr> ip_hdr_expr icmp_hdr_expr
-%destructor { expr_free($$); } ip_hdr_expr icmp_hdr_expr
+%destructor { expr_free($$); icmp_flag = 0; } ip_hdr_expr icmp_hdr_expr
%type <val> ip_hdr_field icmp_hdr_field
%type <expr> ip6_hdr_expr icmp6_hdr_expr
-%destructor { expr_free($$); } ip6_hdr_expr icmp6_hdr_expr
+%destructor { expr_free($$); icmp_flag = 0; } ip6_hdr_expr icmp6_hdr_expr
%type <val> ip6_hdr_field icmp6_hdr_field
%type <expr> auth_hdr_expr esp_hdr_expr comp_hdr_expr
%destructor { expr_free($$); } auth_hdr_expr esp_hdr_expr comp_hdr_expr
diff --git a/src/scanner.l b/src/scanner.l
index 73c4f8b..3468276 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -100,6 +100,7 @@ static void reset_pos(struct parser_state *state, struct location *loc)
/* avoid warnings with -Wmissing-prototypes */
extern int yyget_column(yyscan_t);
extern void yyset_column(int, yyscan_t);
+extern int icmp_flag;
%}
@@ -320,7 +321,14 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"snat" { return SNAT; }
"dnat" { return DNAT; }
"masquerade" { return MASQUERADE; }
-"redirect" { return REDIRECT; }
+"redirect" {
+ if (icmp_flag == 4) {
+ yylval->string = xstrdup(yytext);
+ return STRING;
+ } else
+ return REDIRECT;
+ }
+
"random" { return RANDOM; }
"fully-random" { return FULLY_RANDOM; }
"persistent" { return PERSISTENT; }
@@ -358,7 +366,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"protocol" { return PROTOCOL; }
"checksum" { return CHECKSUM; }
-"icmp" { return ICMP; }
+"icmp" { icmp_flag = 4; return ICMP; }
"code" { return CODE; }
"sequence" { return SEQUENCE; }
"gateway" { return GATEWAY; }
@@ -369,9 +377,16 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"flowlabel" { return FLOWLABEL; }
"nexthdr" { return NEXTHDR; }
"hoplimit" { return HOPLIMIT; }
+"icmpv6" { icmp_flag = 6; return ICMP6; }
+"param-problem" {
+ if (icmp_flag == 6) {
+ yylval->string = xstrdup(yytext);
+ return STRING;
+ } else
+ return PPTR;
+ }
+
-"icmpv6" { return ICMP6; }
-"param-problem" { return PPTR; }
"max-delay" { return MAXDELAY; }
"ah" { return AH; }
--
2.1.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
