diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-08-16 18:07:21 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-08-18 03:14:57 +0200 |
| commit | 5ab0e10fc6e2c22363ad4428f9aaf8965ee71d51 (patch) | |
| tree | 760020f2fcc5c43d170786d15b5d4756a03ea006 /src | |
| parent | 850f0a56b6ad625d6c5d8ba28ec4f55ec02ff2a7 (diff) | |
src: support for RFC2732 IPv6 address format with brackets
The statement:
dnat to 2001:838:35f:1:::80
is very confusing as it is not so easy to identify where address ends
and the port starts. This even harder to read with ranges.
So this patch adds squared brackets as RFC2732 to enclose the IPv6
address.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/scanner.l | 7 | ||||
| -rw-r--r-- | src/statement.c | 22 |
2 files changed, 27 insertions, 2 deletions
diff --git a/src/scanner.l b/src/scanner.l index 613c3c9e..3ad4dd9c 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -169,6 +169,7 @@ v60 (::) macaddr (([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}) ip4addr (([[:digit:]]{1,3}"."){3}([[:digit:]]{1,3})) ip6addr ({v680}|{v67}|{v66}|{v65}|{v64}|{v63}|{v62}|{v61}|{v60}) +ip6addr_rfc2732 (\[{ip6addr}\]) addrstring ({macaddr}|{ip4addr}|{ip6addr}) @@ -475,6 +476,12 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) return STRING; } +{ip6addr_rfc2732} { + yytext[yyleng - 1] = '\0'; + yylval->string = xstrdup(yytext + 1); + return STRING; + } + {timestring} { yylval->string = xstrdup(yytext); return STRING; diff --git a/src/statement.c b/src/statement.c index ccc16bb7..fbe74a64 100644 --- a/src/statement.c +++ b/src/statement.c @@ -397,8 +397,26 @@ static void nat_stmt_print(const struct stmt *stmt) }; printf("%s to ", nat_types[stmt->nat.type]); - if (stmt->nat.addr) - expr_print(stmt->nat.addr); + if (stmt->nat.addr) { + if (stmt->nat.proto) { + if (stmt->nat.addr->ops->type == EXPR_VALUE && + stmt->nat.addr->dtype->type == TYPE_IP6ADDR) { + printf("["); + expr_print(stmt->nat.addr); + printf("]"); + } else if (stmt->nat.addr->ops->type == EXPR_RANGE && + stmt->nat.addr->left->dtype->type == TYPE_IP6ADDR) { + printf("["); + expr_print(stmt->nat.addr->left); + printf("]-["); + expr_print(stmt->nat.addr->right); + printf("]"); + } + } else { + expr_print(stmt->nat.addr); + } + } + if (stmt->nat.proto) { printf(":"); expr_print(stmt->nat.proto); |