On Thu, Nov 24, 2022 at 06:04:54PM +0100, Florian Westphal wrote: > Phil Sutter <phil@xxxxxx> wrote: > > diff --git a/src/scanner.l b/src/scanner.l > > index 1371cd044b65a..4edd729c80dab 100644 > > --- a/src/scanner.l > > +++ b/src/scanner.l > > @@ -214,6 +214,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) > > %s SCANSTATE_TCP > > %s SCANSTATE_TYPE > > %s SCANSTATE_VLAN > > +%s SCANSTATE_XT > > %s SCANSTATE_CMD_EXPORT > > %s SCANSTATE_CMD_IMPORT > > %s SCANSTATE_CMD_LIST > > @@ -799,6 +800,8 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) > > > > "secmark" { scanner_push_start_cond(yyscanner, SCANSTATE_SECMARK); return SECMARK; } > > > > +"xt" { scanner_push_start_cond(yyscanner, SCANSTATE_XT); return XT; } > > Why is there a new scanner state? It has no tokens, so it doesn't do > anything. > > Perhaps a leftover? Or did you plan to make match/target/watcher scoped > tokens? We want to accept two arbitrary strings after "xt" and just complain about the whole thing. Without the scope, something like "xt target exthdr" will make the parser complain about the unexpected keyword. Cheers, Phil