Re: [nft PATCH RFC] scanner: nat: Move to own scope

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Mon, Aug 09, 2021 at 05:18:33PM +0200, Florian Westphal wrote:
> Phil Sutter <phil@xxxxxx> wrote:
> > Unify nat, masquerade and redirect statements, they widely share their
> > syntax.
> > This seemingly valid change breaks the parser with this rule:
> > 
> > | snat ip prefix to ip saddr map { : }
> Yes.
> > Problem is that 'prefix' is not in SC_IP and close_scope_ip called from
> > parser_bison.y:5067 is not sufficient. I assumed explicit scope closing
> > would eliminate this lookahead problem. Did I find a proof against the
> > concept or is there a bug in my patch?
> You have to keep 'prefix' in the global scope.
> What should work as well is to permit 'prefix' from SCANSTATE_IP(6).
> The problem is that the parser can't close the new 'IP' scope until
> it has enough tokens available to match a complete bison rule.
> So, it is in IP scope, sees 'prefix' (which will be STRING as the
> PREFIX scan rule is off) and that ends up in a parser error due to lack
> of a 'IP STRING' rule.

OK, thanks. So does this mean we won't ever be able to move keywords
opening a statement or expression out of INIT scope or is my case a
special one?

To clarify, what I have in mind is a sample rule 'ip id 1 tcp dport 1'
where 'tcp' must either be in INIT scope or part of SC_IP. 

Cheers, Phil

[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux