The 'reset' keyword can be used as dccp type, so don't qualify it as reserve keyword to avoid a conflict with this. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1055 Reported-by: Shivani Bhardwaj <shivanib134@xxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- src/parser_bison.y | 11 ++++++++--- src/scanner.l | 1 - 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/parser_bison.y b/src/parser_bison.y index d41fc0a..3f22639 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -380,7 +380,6 @@ static void location_update(struct location *loc, struct location *rhs, int n) %token WEEK "week" %token _REJECT "reject" -%token RESET "reset" %token WITH "with" %token ICMPX "icmpx" @@ -1573,9 +1572,15 @@ reject_opts : /* empty */ $4); $<stmt>0->reject.expr->dtype = &icmpx_code_type; } - | WITH TCP RESET + | WITH TCP STRING { - $<stmt>0->reject.type = NFT_REJECT_TCP_RST; + if (strcmp($3, "reset") == 0) { + $<stmt>0->reject.type = NFT_REJECT_TCP_RST; + } else { + erec_queue(error(&@2, "unsupported reject type", $3), + state->msgs); + YYERROR; + } } ; diff --git a/src/scanner.l b/src/scanner.l index a0dee47..60b61a5 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -326,7 +326,6 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "reject" { return _REJECT; } "with" { return WITH; } -"reset" { return RESET; } "icmpx" { return ICMPX; } "snat" { return SNAT; } -- 2.1.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
