diff options
Diffstat (limited to 'grammar.y.in')
-rw-r--r-- | grammar.y.in | 92 |
1 files changed, 77 insertions, 15 deletions
diff --git a/grammar.y.in b/grammar.y.in index b8dabf7e..746f6ec2 100644 --- a/grammar.y.in +++ b/grammar.y.in @@ -446,25 +446,59 @@ id: nid | paren pid ')' { $$ = $2; } ; nid: ID { CHECK_PTR_VAL($1); CHECK_PTR_VAL(($$.b = gen_scode(cstate, $1, $$.q = $<blk>0.q))); } - | HID '/' NUM { CHECK_PTR_VAL($1); CHECK_PTR_VAL(($$.b = gen_mcode(cstate, $1, NULL, $3, - $$.q = $<blk>0.q))); } - | HID NETMASK HID { CHECK_PTR_VAL($1); CHECK_PTR_VAL(($$.b = gen_mcode(cstate, $1, $3, 0, - $$.q = $<blk>0.q))); } + | HID '/' NUM { + CHECK_PTR_VAL($1); + /* Check whether HID/NUM is being used when appropriate */ + $$.q = $<blk>0.q; + if ($$.q.addr == Q_PORT) { + bpf_set_error(cstate, "'port' modifier applied to <ipaddr>/<prefixlen>"); + YYABORT; + } else if ($$.q.addr == Q_PORTRANGE) { + bpf_set_error(cstate, "'portrange' modifier applied to <ipaddr>/<prefixlen>"); + YYABORT; + } else if ($$.q.addr == Q_PROTO) { + bpf_set_error(cstate, "'proto' modifier applied to <ipaddr>/<prefixlen>"); + YYABORT; + } else if ($$.q.addr == Q_PROTOCHAIN) { + bpf_set_error(cstate, "'protochain' modifier applied to <ipaddr>/<prefixlen>"); + YYABORT; + } + CHECK_PTR_VAL(($$.b = gen_mcode(cstate, $1, NULL, $3, $$.q))); + } + | HID NETMASK HID { + CHECK_PTR_VAL($1); + /* Check whether HID maesk HID is being used when appropriate */ + $$.q = $<blk>0.q; + if ($$.q.addr == Q_PORT) { + bpf_set_error(cstate, "'port' modifier applied to <ipnet> mask <netmask>"); + YYABORT; + } else if ($$.q.addr == Q_PORTRANGE) { + bpf_set_error(cstate, "'portrange' modifier applied to <ipnet> mask <netmask>"); + YYABORT; + } else if ($$.q.addr == Q_PROTO) { + bpf_set_error(cstate, "'proto' modifier applied to <ipnet> mask <netmask>"); + YYABORT; + } else if ($$.q.addr == Q_PROTOCHAIN) { + bpf_set_error(cstate, "'protochain' modifier applied to <ipnet> mask <netmask>"); + YYABORT; + } + CHECK_PTR_VAL(($$.b = gen_mcode(cstate, $1, $3, 0, $$.q))); + } | HID { CHECK_PTR_VAL($1); - /* Decide how to parse HID based on proto */ + /* Check whether HID is being used when appropriate */ $$.q = $<blk>0.q; if ($$.q.addr == Q_PORT) { - bpf_set_error(cstate, "'port' modifier applied to ip host"); + bpf_set_error(cstate, "'port' modifier applied to <ipaddr>"); YYABORT; } else if ($$.q.addr == Q_PORTRANGE) { - bpf_set_error(cstate, "'portrange' modifier applied to ip host"); + bpf_set_error(cstate, "'portrange' modifier applied to <ipaddr>"); YYABORT; } else if ($$.q.addr == Q_PROTO) { - bpf_set_error(cstate, "'proto' modifier applied to ip host"); + bpf_set_error(cstate, "'proto' modifier applied to <ipaddr>"); YYABORT; } else if ($$.q.addr == Q_PROTOCHAIN) { - bpf_set_error(cstate, "'protochain' modifier applied to ip host"); + bpf_set_error(cstate, "'protochain' modifier applied to <ipaddr>"); YYABORT; } CHECK_PTR_VAL(($$.b = gen_ncode(cstate, $1, 0, $$.q))); @@ -472,10 +506,24 @@ nid: ID { CHECK_PTR_VAL($1); CHECK_PTR_VAL(($$.b = gen_scode(cstate, $1, $$. | HID6 '/' NUM { CHECK_PTR_VAL($1); #ifdef INET6 - CHECK_PTR_VAL(($$.b = gen_mcode6(cstate, $1, $3, - $$.q = $<blk>0.q))); + /* Check whether HID6/NUM is being used when appropriate */ + $$.q = $<blk>0.q; + if ($$.q.addr == Q_PORT) { + bpf_set_error(cstate, "'port' modifier applied to <ip6addr>/<prefixlen>"); + YYABORT; + } else if ($$.q.addr == Q_PORTRANGE) { + bpf_set_error(cstate, "'portrange' modifier applied to <ip6addr>/<prefixlen>"); + YYABORT; + } else if ($$.q.addr == Q_PROTO) { + bpf_set_error(cstate, "'proto' modifier applied to 'ip6addr/prefixlen"); + YYABORT; + } else if ($$.q.addr == Q_PROTOCHAIN) { + bpf_set_error(cstate, "'protochain' modifier applied to <ip6addr>/<prefixlen>"); + YYABORT; + } + CHECK_PTR_VAL(($$.b = gen_mcode6(cstate, $1, $3, $$.q))); #else - bpf_set_error(cstate, "'ip6addr/prefixlen' not supported " + bpf_set_error(cstate, "<ip6addr>/<prefixlen> not supported " "in this configuration"); YYABORT; #endif /*INET6*/ @@ -483,10 +531,24 @@ nid: ID { CHECK_PTR_VAL($1); CHECK_PTR_VAL(($$.b = gen_scode(cstate, $1, $$. | HID6 { CHECK_PTR_VAL($1); #ifdef INET6 - CHECK_PTR_VAL(($$.b = gen_mcode6(cstate, $1, 128, - $$.q = $<blk>0.q))); + /* Check whether HID6 is being used when appropriate */ + $$.q = $<blk>0.q; + if ($$.q.addr == Q_PORT) { + bpf_set_error(cstate, "'port' modifier applied to <ip6addr>"); + YYABORT; + } else if ($$.q.addr == Q_PORTRANGE) { + bpf_set_error(cstate, "'portrange' modifier applied to <ip6addr>"); + YYABORT; + } else if ($$.q.addr == Q_PROTO) { + bpf_set_error(cstate, "'proto' modifier applied to 'ip6addr/prefixlen"); + YYABORT; + } else if ($$.q.addr == Q_PROTOCHAIN) { + bpf_set_error(cstate, "'protochain' modifier applied to <ip6addr>"); + YYABORT; + } + CHECK_PTR_VAL(($$.b = gen_mcode6(cstate, $1, 128, $$.q))); #else - bpf_set_error(cstate, "'ip6addr' not supported " + bpf_set_error(cstate, "<ip6addr> not supported " "in this configuration"); YYABORT; #endif /*INET6*/ |