Followup patch will add new 'hooks' keyword for nft list hooks Add a scope for list to avoid exposure of the new keyword in nft rulesets. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- No changes. include/parser.h | 1 + src/parser_bison.y | 3 ++- src/scanner.l | 15 +++++++++------ 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/include/parser.h b/include/parser.h index 1a272ee25b4c..e8635b4c0feb 100644 --- a/include/parser.h +++ b/include/parser.h @@ -41,6 +41,7 @@ enum startcond_type { PARSER_SC_SCTP, PARSER_SC_SECMARK, PARSER_SC_VLAN, + PARSER_SC_CMD_LIST, PARSER_SC_EXPR_FIB, PARSER_SC_EXPR_HASH, PARSER_SC_EXPR_IPSEC, diff --git a/src/parser_bison.y b/src/parser_bison.y index 3a11e6971177..f6c92feb7661 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -913,6 +913,7 @@ close_scope_ip : { scanner_pop_start_cond(nft->scanner, PARSER_SC_IP); }; close_scope_ip6 : { scanner_pop_start_cond(nft->scanner, PARSER_SC_IP6); }; close_scope_vlan : { scanner_pop_start_cond(nft->scanner, PARSER_SC_VLAN); }; close_scope_ipsec : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_IPSEC); }; +close_scope_list : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CMD_LIST); }; close_scope_limit : { scanner_pop_start_cond(nft->scanner, PARSER_SC_LIMIT); }; close_scope_numgen : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_NUMGEN); }; close_scope_quota : { scanner_pop_start_cond(nft->scanner, PARSER_SC_QUOTA); }; @@ -1004,7 +1005,7 @@ base_cmd : /* empty */ add_cmd { $$ = $1; } | INSERT insert_cmd { $$ = $2; } | DELETE delete_cmd { $$ = $2; } | GET get_cmd { $$ = $2; } - | LIST list_cmd { $$ = $2; } + | LIST list_cmd close_scope_list { $$ = $2; } | RESET reset_cmd { $$ = $2; } | FLUSH flush_cmd { $$ = $2; } | RENAME rename_cmd { $$ = $2; } diff --git a/src/scanner.l b/src/scanner.l index 5c493e390c2c..c1bc21aa7ecc 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -207,6 +207,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) %s SCANSTATE_SCTP %s SCANSTATE_SECMARK %s SCANSTATE_VLAN +%s SCANSTATE_CMD_LIST %s SCANSTATE_EXPR_FIB %s SCANSTATE_EXPR_HASH %s SCANSTATE_EXPR_IPSEC @@ -317,7 +318,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "insert" { return INSERT; } "delete" { return DELETE; } "get" { return GET; } -"list" { return LIST; } +"list" { scanner_push_start_cond(yyscanner, SCANSTATE_CMD_LIST); return LIST; } "reset" { return RESET; } "flush" { return FLUSH; } "rename" { return RENAME; } @@ -346,9 +347,14 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "flow" { return FLOW; } "offload" { return OFFLOAD; } "meter" { return METER; } -"meters" { return METERS; } -"flowtables" { return FLOWTABLES; } +<SCANSTATE_CMD_LIST>{ + "meters" { return METERS; } + "flowtables" { return FLOWTABLES; } + "limits" { return LIMITS; } + "secmarks" { return SECMARKS; } + "synproxys" { return SYNPROXYS; } +} "counter" { scanner_push_start_cond(yyscanner, SCANSTATE_COUNTER); return COUNTER; } "name" { return NAME; } @@ -357,8 +363,6 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "counters" { return COUNTERS; } "quotas" { return QUOTAS; } -"limits" { return LIMITS; } -"synproxys" { return SYNPROXYS; } "log" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_LOG); return LOG; } "prefix" { return PREFIX; } @@ -687,7 +691,6 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) } "secmark" { scanner_push_start_cond(yyscanner, SCANSTATE_SECMARK); return SECMARK; } -"secmarks" { return SECMARKS; } {addrstring} { yylval->string = xstrdup(yytext); -- 2.31.1