On Sat, Apr 04, 2015 at 01:13:06PM +0200, Alexander Holler wrote: > Context sensitive handling of "param-problem" and "redirect" is necessary > to allow usage of them as token or as string for icmp types. [...] I think we need some evaluation step at scanner level. This new evaluation routine needs to understand the token semantics to set some context information. "redirect" { return scanner_evaluate(ctx, REDIRECT); } We have to catch up more use cases such as sets and concatenations. I started a patch here, a bit more generalized than this when you reported this problem (we actually already knew about it). @Patrick, any better idea? > --------------------- > > Signed-off-by: Alexander Holler <holler@xxxxxxxxxxxxx> > --- > src/parser_bison.y | 8 +++++--- > src/scanner.l | 30 ++++++++++++++++++++++++------ > 2 files changed, 29 insertions(+), 9 deletions(-) > > diff --git a/src/parser_bison.y b/src/parser_bison.y > index b86381d..af40195 100644 > --- a/src/parser_bison.y > +++ b/src/parser_bison.y > @@ -34,6 +34,8 @@ > > #include "parser_bison.h" > > +int icmp_flag; > + > void parser_init(struct parser_state *state, struct list_head *msgs) > { > memset(state, 0, sizeof(*state)); > @@ -445,7 +447,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) > %destructor { stmt_free($$); } limit_stmt > %type <val> time_unit > %type <stmt> reject_stmt reject_stmt_alloc > -%destructor { stmt_free($$); } reject_stmt reject_stmt_alloc > +%destructor { stmt_free($$); icmp_flag = 0; } reject_stmt reject_stmt_alloc > %type <stmt> nat_stmt nat_stmt_alloc masq_stmt masq_stmt_alloc redir_stmt redir_stmt_alloc > %destructor { stmt_free($$); } nat_stmt nat_stmt_alloc masq_stmt masq_stmt_alloc redir_stmt redir_stmt_alloc > %type <val> nf_nat_flags nf_nat_flag > @@ -500,10 +502,10 @@ static void location_update(struct location *loc, struct location *rhs, int n) > %destructor { expr_free($$); } arp_hdr_expr > %type <val> arp_hdr_field > %type <expr> ip_hdr_expr icmp_hdr_expr > -%destructor { expr_free($$); } ip_hdr_expr icmp_hdr_expr > +%destructor { expr_free($$); icmp_flag = 0; } ip_hdr_expr icmp_hdr_expr > %type <val> ip_hdr_field icmp_hdr_field > %type <expr> ip6_hdr_expr icmp6_hdr_expr > -%destructor { expr_free($$); } ip6_hdr_expr icmp6_hdr_expr > +%destructor { expr_free($$); icmp_flag = 0; } ip6_hdr_expr icmp6_hdr_expr > %type <val> ip6_hdr_field icmp6_hdr_field > %type <expr> auth_hdr_expr esp_hdr_expr comp_hdr_expr > %destructor { expr_free($$); } auth_hdr_expr esp_hdr_expr comp_hdr_expr > diff --git a/src/scanner.l b/src/scanner.l > index 73c4f8b..3a058ad 100644 > --- a/src/scanner.l > +++ b/src/scanner.l > @@ -100,6 +100,7 @@ static void reset_pos(struct parser_state *state, struct location *loc) > /* avoid warnings with -Wmissing-prototypes */ > extern int yyget_column(yyscan_t); > extern void yyset_column(int, yyscan_t); > +extern int icmp_flag; > > %} > > @@ -320,7 +321,14 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) > "snat" { return SNAT; } > "dnat" { return DNAT; } > "masquerade" { return MASQUERADE; } > -"redirect" { return REDIRECT; } > +"redirect" { > + if (icmp_flag == 4) { > + yylval->string = xstrdup(yytext); > + return STRING; > + } else > + return REDIRECT; > + } > + > "random" { return RANDOM; } > "fully-random" { return FULLY_RANDOM; } > "persistent" { return PERSISTENT; } > @@ -334,8 +342,11 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) > "ether" { return ETHER; } > "saddr" { return SADDR; } > "daddr" { return DADDR; } > -"type" { return TYPE; } > - > +"type" { > + if (icmp_flag) > + ++icmp_flag; > + return TYPE; > + } > "vlan" { return VLAN; } > "id" { return ID; } > "cfi" { return CFI; } > @@ -358,7 +369,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) > "protocol" { return PROTOCOL; } > "checksum" { return CHECKSUM; } > > -"icmp" { return ICMP; } > +"icmp" { icmp_flag = 3; return ICMP; } > "code" { return CODE; } > "sequence" { return SEQUENCE; } > "gateway" { return GATEWAY; } > @@ -369,9 +380,16 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) > "flowlabel" { return FLOWLABEL; } > "nexthdr" { return NEXTHDR; } > "hoplimit" { return HOPLIMIT; } > +"icmpv6" { icmp_flag = 5; return ICMP6; } > +"param-problem" { > + if (icmp_flag == 6) { > + yylval->string = xstrdup(yytext); > + return STRING; > + } else > + return PPTR; > + } > + > > -"icmpv6" { return ICMP6; } > -"param-problem" { return PPTR; } > "max-delay" { return MAXDELAY; } > > "ah" { return AH; } > -- > 2.1.0 > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html