From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Alexander Holler <holler@ahsoftware.de>
Cc: netfilter-devel@vger.kernel.org,
Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>,
Eric Leblond <eric@regit.org>,
kaber@trash.net
Subject: Re: [PATCH v2] parser: add kludges for "param-problem" and "redirect"
Date: Sat, 4 Apr 2015 13:55:50 +0200 [thread overview]
Message-ID: <20150404115550.GA5832@salvia> (raw)
In-Reply-To: <1428145986-15421-1-git-send-email-holler@ahsoftware.de>
On Sat, Apr 04, 2015 at 01:13:06PM +0200, Alexander Holler wrote:
> Context sensitive handling of "param-problem" and "redirect" is necessary
> to allow usage of them as token or as string for icmp types.
[...]
I think we need some evaluation step at scanner level. This new
evaluation routine needs to understand the token semantics to set some
context information.
"redirect" { return scanner_evaluate(ctx, REDIRECT); }
We have to catch up more use cases such as sets and concatenations. I
started a patch here, a bit more generalized than this when you
reported this problem (we actually already knew about it).
@Patrick, any better idea?
> ---------------------
>
> Signed-off-by: Alexander Holler <holler@ahsoftware.de>
> ---
> src/parser_bison.y | 8 +++++---
> src/scanner.l | 30 ++++++++++++++++++++++++------
> 2 files changed, 29 insertions(+), 9 deletions(-)
>
> diff --git a/src/parser_bison.y b/src/parser_bison.y
> index b86381d..af40195 100644
> --- a/src/parser_bison.y
> +++ b/src/parser_bison.y
> @@ -34,6 +34,8 @@
>
> #include "parser_bison.h"
>
> +int icmp_flag;
> +
> void parser_init(struct parser_state *state, struct list_head *msgs)
> {
> memset(state, 0, sizeof(*state));
> @@ -445,7 +447,7 @@ static void location_update(struct location *loc, struct location *rhs, int n)
> %destructor { stmt_free($$); } limit_stmt
> %type <val> time_unit
> %type <stmt> reject_stmt reject_stmt_alloc
> -%destructor { stmt_free($$); } reject_stmt reject_stmt_alloc
> +%destructor { stmt_free($$); icmp_flag = 0; } reject_stmt reject_stmt_alloc
> %type <stmt> nat_stmt nat_stmt_alloc masq_stmt masq_stmt_alloc redir_stmt redir_stmt_alloc
> %destructor { stmt_free($$); } nat_stmt nat_stmt_alloc masq_stmt masq_stmt_alloc redir_stmt redir_stmt_alloc
> %type <val> nf_nat_flags nf_nat_flag
> @@ -500,10 +502,10 @@ static void location_update(struct location *loc, struct location *rhs, int n)
> %destructor { expr_free($$); } arp_hdr_expr
> %type <val> arp_hdr_field
> %type <expr> ip_hdr_expr icmp_hdr_expr
> -%destructor { expr_free($$); } ip_hdr_expr icmp_hdr_expr
> +%destructor { expr_free($$); icmp_flag = 0; } ip_hdr_expr icmp_hdr_expr
> %type <val> ip_hdr_field icmp_hdr_field
> %type <expr> ip6_hdr_expr icmp6_hdr_expr
> -%destructor { expr_free($$); } ip6_hdr_expr icmp6_hdr_expr
> +%destructor { expr_free($$); icmp_flag = 0; } ip6_hdr_expr icmp6_hdr_expr
> %type <val> ip6_hdr_field icmp6_hdr_field
> %type <expr> auth_hdr_expr esp_hdr_expr comp_hdr_expr
> %destructor { expr_free($$); } auth_hdr_expr esp_hdr_expr comp_hdr_expr
> diff --git a/src/scanner.l b/src/scanner.l
> index 73c4f8b..3a058ad 100644
> --- a/src/scanner.l
> +++ b/src/scanner.l
> @@ -100,6 +100,7 @@ static void reset_pos(struct parser_state *state, struct location *loc)
> /* avoid warnings with -Wmissing-prototypes */
> extern int yyget_column(yyscan_t);
> extern void yyset_column(int, yyscan_t);
> +extern int icmp_flag;
>
> %}
>
> @@ -320,7 +321,14 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
> "snat" { return SNAT; }
> "dnat" { return DNAT; }
> "masquerade" { return MASQUERADE; }
> -"redirect" { return REDIRECT; }
> +"redirect" {
> + if (icmp_flag == 4) {
> + yylval->string = xstrdup(yytext);
> + return STRING;
> + } else
> + return REDIRECT;
> + }
> +
> "random" { return RANDOM; }
> "fully-random" { return FULLY_RANDOM; }
> "persistent" { return PERSISTENT; }
> @@ -334,8 +342,11 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
> "ether" { return ETHER; }
> "saddr" { return SADDR; }
> "daddr" { return DADDR; }
> -"type" { return TYPE; }
> -
> +"type" {
> + if (icmp_flag)
> + ++icmp_flag;
> + return TYPE;
> + }
> "vlan" { return VLAN; }
> "id" { return ID; }
> "cfi" { return CFI; }
> @@ -358,7 +369,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
> "protocol" { return PROTOCOL; }
> "checksum" { return CHECKSUM; }
>
> -"icmp" { return ICMP; }
> +"icmp" { icmp_flag = 3; return ICMP; }
> "code" { return CODE; }
> "sequence" { return SEQUENCE; }
> "gateway" { return GATEWAY; }
> @@ -369,9 +380,16 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
> "flowlabel" { return FLOWLABEL; }
> "nexthdr" { return NEXTHDR; }
> "hoplimit" { return HOPLIMIT; }
> +"icmpv6" { icmp_flag = 5; return ICMP6; }
> +"param-problem" {
> + if (icmp_flag == 6) {
> + yylval->string = xstrdup(yytext);
> + return STRING;
> + } else
> + return PPTR;
> + }
> +
>
> -"icmpv6" { return ICMP6; }
> -"param-problem" { return PPTR; }
> "max-delay" { return MAXDELAY; }
>
> "ah" { return AH; }
> --
> 2.1.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2015-04-04 11:52 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-01 7:58 nft parser and problems with icmp type names (redirect and param-problem) Alexander Holler
2015-04-01 13:15 ` Alexander Holler
2015-04-03 17:50 ` [PATCH] parser: add kludges for "param-problem" and "redirect" Alexander Holler
2015-04-03 18:06 ` Alexander Holler
2015-04-04 10:50 ` Alexander Holler
2015-04-04 11:13 ` [PATCH v2] " Alexander Holler
2015-04-04 11:55 ` Pablo Neira Ayuso [this message]
2015-04-04 12:30 ` Alexander Holler
2015-04-05 11:42 ` Patrick McHardy
2015-04-05 11:32 ` Patrick McHardy
2015-04-05 12:11 ` Patrick McHardy
2015-04-05 19:07 ` Alexander Holler
2015-04-06 1:51 ` Patrick McHardy
2015-04-06 8:44 ` Alexander Holler
2015-04-06 9:01 ` Alexander Holler
2015-04-06 9:14 ` Alexander Holler
2015-04-06 11:25 ` Patrick McHardy
2015-04-06 20:41 ` Alexander Holler
2015-04-09 10:52 ` nft parser and names for constants (was [PATCH v2] parser: add kludges for "param-problem" and "redirect") Alexander Holler
2015-04-09 11:07 ` Patrick McHardy
2015-04-09 17:50 ` Alexander Holler
2015-04-09 19:15 ` Patrick McHardy
2015-04-10 5:38 ` Alexander Holler
2015-04-06 7:12 ` [PATCH v2] parser: add kludges for "param-problem" and "redirect" Arturo Borrero Gonzalez
2015-04-06 11:23 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150404115550.GA5832@salvia \
--to=pablo@netfilter.org \
--cc=arturo.borrero.glez@gmail.com \
--cc=eric@regit.org \
--cc=holler@ahsoftware.de \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.