They share 'sequence' keyword with icmp and tcp expressions.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
include/parser.h | 2 ++
src/parser_bison.y | 10 ++++++----
src/scanner.l | 12 ++++++++----
3 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/include/parser.h b/include/parser.h
index 82402dbc54a70..7283a6e065289 100644
--- a/include/parser.h
+++ b/include/parser.h
@@ -45,8 +45,10 @@ enum startcond_type {
PARSER_SC_TCP,
PARSER_SC_VLAN,
PARSER_SC_CMD_LIST,
+ PARSER_SC_EXPR_AH,
PARSER_SC_EXPR_COMP,
PARSER_SC_EXPR_DCCP,
+ PARSER_SC_EXPR_ESP,
PARSER_SC_EXPR_FIB,
PARSER_SC_EXPR_HASH,
PARSER_SC_EXPR_IPSEC,
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 2deee99394999..71530591d3994 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -926,11 +926,13 @@ opt_newline : NEWLINE
| /* empty */
;
+close_scope_ah : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_AH); };
close_scope_arp : { scanner_pop_start_cond(nft->scanner, PARSER_SC_ARP); };
close_scope_comp : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_COMP); };
close_scope_ct : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CT); };
close_scope_counter : { scanner_pop_start_cond(nft->scanner, PARSER_SC_COUNTER); };
close_scope_dccp : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_DCCP); };
+close_scope_esp : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_ESP); };
close_scope_eth : { scanner_pop_start_cond(nft->scanner, PARSER_SC_ETH); };
close_scope_fib : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_FIB); };
close_scope_hash : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_HASH); };
@@ -4784,14 +4786,14 @@ primary_rhs_expr : symbol_expr { $$ = $1; }
BYTEORDER_HOST_ENDIAN,
sizeof(data) * BITS_PER_BYTE, &data);
}
- | ESP
+ | ESP close_scope_esp
{
uint8_t data = IPPROTO_ESP;
$$ = constant_expr_alloc(&@$, &inet_protocol_type,
BYTEORDER_HOST_ENDIAN,
sizeof(data) * BITS_PER_BYTE, &data);
}
- | AH
+ | AH close_scope_ah
{
uint8_t data = IPPROTO_AH;
$$ = constant_expr_alloc(&@$, &inet_protocol_type,
@@ -5447,7 +5449,7 @@ icmp6_hdr_field : TYPE { $$ = ICMP6HDR_TYPE; }
| MAXDELAY { $$ = ICMP6HDR_MAXDELAY; }
;
-auth_hdr_expr : AH auth_hdr_field
+auth_hdr_expr : AH auth_hdr_field close_scope_ah
{
$$ = payload_expr_alloc(&@$, &proto_ah, $2);
}
@@ -5460,7 +5462,7 @@ auth_hdr_field : NEXTHDR { $$ = AHHDR_NEXTHDR; }
| SEQUENCE { $$ = AHHDR_SEQUENCE; }
;
-esp_hdr_expr : ESP esp_hdr_field
+esp_hdr_expr : ESP esp_hdr_field close_scope_esp
{
$$ = payload_expr_alloc(&@$, &proto_esp, $2);
}
diff --git a/src/scanner.l b/src/scanner.l
index 65640ebbf40eb..7c4d8b7f904c4 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -211,8 +211,10 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
%s SCANSTATE_TCP
%s SCANSTATE_VLAN
%s SCANSTATE_CMD_LIST
+%s SCANSTATE_EXPR_AH
%s SCANSTATE_EXPR_COMP
%s SCANSTATE_EXPR_DCCP
+%s SCANSTATE_EXPR_ESP
%s SCANSTATE_EXPR_FIB
%s SCANSTATE_EXPR_HASH
%s SCANSTATE_EXPR_IPSEC
@@ -532,7 +534,9 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"max-delay" { return MAXDELAY; }
"mtu" { return MTU; }
}
-"sequence" { return SEQUENCE; }
+<SCANSTATE_EXPR_AH,SCANSTATE_EXPR_ESP,SCANSTATE_ICMP,SCANSTATE_TCP>{
+ "sequence" { return SEQUENCE; }
+}
"igmp" { scanner_push_start_cond(yyscanner, SCANSTATE_IGMP); return IGMP; }
<SCANSTATE_IGMP>{
@@ -548,11 +552,11 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
}
"nexthdr" { return NEXTHDR; }
-"ah" { return AH; }
+"ah" { scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_AH); return AH; }
"reserved" { return RESERVED; }
-"spi" { return SPI; }
+<SCANSTATE_EXPR_AH,SCANSTATE_EXPR_ESP,SCANSTATE_EXPR_IPSEC>"spi" { return SPI; }
-"esp" { return ESP; }
+"esp" { scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_ESP); return ESP; }
"comp" { scanner_push_start_cond(yyscanner, SCANSTATE_EXPR_COMP); return COMP; }
<SCANSTATE_EXPR_COMP>{
--
2.34.1
