diff mbox series

[nft,22/26] scanner: policy: move to own scope

Message ID 20220219132814.30823-23-phil@nwl.cc
State Accepted
Delegated to: Pablo Neira
Headers show
Series scanner: Some fixes, many new scopes | expand

Commit Message

Phil Sutter Feb. 19, 2022, 1:28 p.m. UTC 
Isolate 'performance' and 'memory' keywords.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 include/parser.h   | 1 +
 src/parser_bison.y | 7 ++++---
 src/scanner.l      | 9 ++++++---
 3 files changed, 11 insertions(+), 6 deletions(-)
diff mbox series

Patch

diff --git a/include/parser.h b/include/parser.h
index 57f1fcc56bd54..79eadc0d7e52f 100644
--- a/include/parser.h
+++ b/include/parser.h
@@ -40,6 +40,7 @@  enum startcond_type {
 	PARSER_SC_IP,
 	PARSER_SC_IP6,
 	PARSER_SC_LIMIT,
+	PARSER_SC_POLICY,
 	PARSER_SC_QUOTA,
 	PARSER_SC_SCTP,
 	PARSER_SC_SECMARK,
diff --git a/src/parser_bison.y b/src/parser_bison.y
index af31f72fd6c99..eca51617e1713 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -954,6 +954,7 @@  close_scope_mh		: { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_MH); };
 close_scope_monitor	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_CMD_MONITOR); };
 close_scope_numgen	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_NUMGEN); };
 close_scope_osf		: { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_OSF); };
+close_scope_policy	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_POLICY); };
 close_scope_quota	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_QUOTA); };
 close_scope_queue	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_QUEUE); };
 close_scope_reject	: { scanner_pop_start_cond(nft->scanner, PARSER_SC_STMT_REJECT); };
@@ -2098,7 +2099,7 @@  map_block		:	/* empty */	{ $$ = $<set>-1; }
 			|	map_block	set_mechanism	stmt_separator
 			;
 
-set_mechanism		:	POLICY		set_policy_spec
+set_mechanism		:	POLICY		set_policy_spec	close_scope_policy
 			{
 				$<set>0->policy = $2;
 			}
@@ -2516,7 +2517,7 @@  flags_spec		:	FLAGS		OFFLOAD	close_scope_flags
 			}
 			;
 
-policy_spec		:	POLICY		policy_expr
+policy_spec		:	POLICY		policy_expr	close_scope_policy
 			{
 				if ($<chain>0->policy) {
 					erec_queue(error(&@$, "you cannot set chain policy twice"),
@@ -4563,7 +4564,7 @@  ct_timeout_config	:	PROTOCOL	ct_l4protoname	stmt_separator
 				ct = &$<obj>0->ct_timeout;
 				ct->l4proto = l4proto;
 			}
-			|	POLICY 	'=' 	'{' 	timeout_states 	'}'	 stmt_separator
+			|	POLICY 	'=' 	'{' 	timeout_states 	'}'	 stmt_separator	close_scope_policy
 			{
 				struct ct_timeout *ct;
 
diff --git a/src/scanner.l b/src/scanner.l
index 608471b39898d..b885f84523b97 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -206,6 +206,7 @@  addrstring	({macaddr}|{ip4addr}|{ip6addr})
 %s SCANSTATE_IP
 %s SCANSTATE_IP6
 %s SCANSTATE_LIMIT
+%s SCANSTATE_POLICY
 %s SCANSTATE_QUOTA
 %s SCANSTATE_SCTP
 %s SCANSTATE_SECMARK
@@ -370,10 +371,12 @@  addrstring	({macaddr}|{ip4addr}|{ip6addr})
 "elements"		{ return ELEMENTS; }
 "expires"		{ return EXPIRES; }
 
-"policy"		{ return POLICY; }
+"policy"		{ scanner_push_start_cond(yyscanner, SCANSTATE_POLICY); return POLICY; }
 "size"			{ return SIZE; }
-"performance"		{ return PERFORMANCE; }
-"memory"		{ return MEMORY; }
+<SCANSTATE_POLICY>{
+	"performance"		{ return PERFORMANCE; }
+	"memory"		{ return MEMORY; }
+}
 
 "flow"			{ return FLOW; }
 "offload"		{ return OFFLOAD; }