summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/evaluate.c41
-rw-r--r--src/json.c2
-rw-r--r--src/statement.c4
-rw-r--r--tests/py/ip/snat.t2
-rw-r--r--tests/py/ip/snat.t.payload2
-rw-r--r--tests/shell/testcases/maps/dumps/0010concat_map_0.nft2
-rw-r--r--tests/shell/testcases/maps/dumps/nat_addr_port.nft24
7 files changed, 56 insertions, 21 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index 13888e5b..7d59e260 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1579,6 +1579,9 @@ static int expr_evaluate_map(struct eval_ctx *ctx, struct expr **expr)
return expr_error(ctx->msgs, map->mappings,
"Expression is not a map");
break;
+ case EXPR_SET_REF:
+ /* symbol has been already evaluated to set reference */
+ break;
default:
BUG("invalid mapping expression %s\n",
expr_name(map->mappings));
@@ -3172,6 +3175,40 @@ static int stmt_evaluate_nat_map(struct eval_ctx *ctx, struct stmt *stmt)
return err;
}
+static bool nat_concat_map(struct eval_ctx *ctx, struct stmt *stmt)
+{
+ struct expr *i;
+
+ if (stmt->nat.addr->etype != EXPR_MAP)
+ return false;
+
+ switch (stmt->nat.addr->mappings->etype) {
+ case EXPR_SET:
+ list_for_each_entry(i, &stmt->nat.addr->mappings->expressions, list) {
+ if (i->etype == EXPR_MAPPING &&
+ i->right->etype == EXPR_CONCAT) {
+ stmt->nat.type_flags |= STMT_NAT_F_CONCAT;
+ return true;
+ }
+ }
+ break;
+ case EXPR_SYMBOL:
+ /* expr_evaluate_map() see EXPR_SET_REF after this evaluation. */
+ if (expr_evaluate(ctx, &stmt->nat.addr->mappings))
+ return false;
+
+ if (stmt->nat.addr->mappings->set->data->etype == EXPR_CONCAT) {
+ stmt->nat.type_flags |= STMT_NAT_F_CONCAT;
+ return true;
+ }
+ break;
+ default:
+ break;
+ }
+
+ return false;
+}
+
static int stmt_evaluate_nat(struct eval_ctx *ctx, struct stmt *stmt)
{
int err;
@@ -3185,7 +3222,9 @@ static int stmt_evaluate_nat(struct eval_ctx *ctx, struct stmt *stmt)
if (err < 0)
return err;
- if (stmt->nat.type_flags & STMT_NAT_F_CONCAT) {
+ if (nat_concat_map(ctx, stmt) ||
+ stmt->nat.type_flags & STMT_NAT_F_CONCAT) {
+
err = stmt_evaluate_nat_map(ctx, stmt);
if (err < 0)
return err;
diff --git a/src/json.c b/src/json.c
index edc9d640..63b325af 100644
--- a/src/json.c
+++ b/src/json.c
@@ -1331,8 +1331,6 @@ static json_t *nat_type_flags_json(uint32_t type_flags)
if (type_flags & STMT_NAT_F_PREFIX)
json_array_append_new(array, json_string("prefix"));
- if (type_flags & STMT_NAT_F_CONCAT)
- json_array_append_new(array, json_string("concat"));
return array;
}
diff --git a/src/statement.c b/src/statement.c
index 6db7e397..06742c04 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -673,9 +673,7 @@ static void nat_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
break;
}
- if (stmt->nat.type_flags & STMT_NAT_F_CONCAT)
- nft_print(octx, " addr . port");
- else if (stmt->nat.type_flags & STMT_NAT_F_PREFIX)
+ if (stmt->nat.type_flags & STMT_NAT_F_PREFIX)
nft_print(octx, " prefix");
nft_print(octx, " to");
diff --git a/tests/py/ip/snat.t b/tests/py/ip/snat.t
index 56ab943e..8aa83111 100644
--- a/tests/py/ip/snat.t
+++ b/tests/py/ip/snat.t
@@ -9,6 +9,6 @@ iifname "eth0" tcp dport != {80, 90, 23} snat to 192.168.3.2;ok
iifname "eth0" tcp dport != 23-34 snat to 192.168.3.2;ok
-snat ip addr . port to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 };ok
+snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 };ok
snat ip to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 };ok
snat ip prefix to ip saddr map { 10.141.11.0/24 : 192.168.2.0/24 };ok
diff --git a/tests/py/ip/snat.t.payload b/tests/py/ip/snat.t.payload
index 2a03ff1f..15f737cd 100644
--- a/tests/py/ip/snat.t.payload
+++ b/tests/py/ip/snat.t.payload
@@ -60,7 +60,7 @@ ip test-ip4 postrouting
[ immediate reg 1 0x0203a8c0 ]
[ nat snat ip addr_min reg 1 ]
-# snat ip addr . port to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 }
+# snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 }
__map%d test-ip4 b size 1
__map%d test-ip4 0
element 040b8d0a : 0302a8c0 00005000 0 [end]
diff --git a/tests/shell/testcases/maps/dumps/0010concat_map_0.nft b/tests/shell/testcases/maps/dumps/0010concat_map_0.nft
index 328c653c..b6bc338c 100644
--- a/tests/shell/testcases/maps/dumps/0010concat_map_0.nft
+++ b/tests/shell/testcases/maps/dumps/0010concat_map_0.nft
@@ -6,6 +6,6 @@ table inet x {
chain y {
type nat hook prerouting priority dstnat; policy accept;
- meta nfproto ipv4 dnat ip addr . port to ip saddr . ip protocol . tcp dport map @z
+ meta nfproto ipv4 dnat ip to ip saddr . ip protocol . tcp dport map @z
}
}
diff --git a/tests/shell/testcases/maps/dumps/nat_addr_port.nft b/tests/shell/testcases/maps/dumps/nat_addr_port.nft
index 89c3bd14..cf6b957f 100644
--- a/tests/shell/testcases/maps/dumps/nat_addr_port.nft
+++ b/tests/shell/testcases/maps/dumps/nat_addr_port.nft
@@ -27,10 +27,10 @@ table ip ipfoo {
dnat to ip daddr map @x
ip saddr 10.1.1.1 dnat to 10.2.3.4
ip saddr 10.1.1.2 tcp dport 42 dnat to 10.2.3.4:4242
- meta l4proto tcp dnat ip addr . port to ip saddr map @y
- dnat ip addr . port to ip saddr . tcp dport map @z
+ meta l4proto tcp dnat ip to ip saddr map @y
+ dnat ip to ip saddr . tcp dport map @z
dnat to numgen inc mod 2 map @t1
- meta l4proto tcp dnat ip addr . port to numgen inc mod 2 map @t2
+ meta l4proto tcp dnat ip to numgen inc mod 2 map @t2
}
}
table ip6 ip6foo {
@@ -60,10 +60,10 @@ table ip6 ip6foo {
dnat to ip6 daddr map @x
ip6 saddr dead::1 dnat to feed::1
ip6 saddr dead::2 tcp dport 42 dnat to [c0::1a]:4242
- meta l4proto tcp dnat ip6 addr . port to ip6 saddr map @y
- dnat ip6 addr . port to ip6 saddr . tcp dport map @z
+ meta l4proto tcp dnat ip6 to ip6 saddr map @y
+ dnat ip6 to ip6 saddr . tcp dport map @z
dnat to numgen inc mod 2 map @t1
- meta l4proto tcp dnat ip6 addr . port to numgen inc mod 2 map @t2
+ meta l4proto tcp dnat ip6 to numgen inc mod 2 map @t2
}
}
table inet inetfoo {
@@ -114,16 +114,16 @@ table inet inetfoo {
dnat ip to ip daddr map @x4
ip saddr 10.1.1.1 dnat ip to 10.2.3.4
ip saddr 10.1.1.2 tcp dport 42 dnat ip to 10.2.3.4:4242
- meta l4proto tcp meta nfproto ipv4 dnat ip addr . port to ip saddr map @y4
- meta nfproto ipv4 dnat ip addr . port to ip saddr . tcp dport map @z4
+ meta l4proto tcp meta nfproto ipv4 dnat ip to ip saddr map @y4
+ meta nfproto ipv4 dnat ip to ip saddr . tcp dport map @z4
dnat ip to numgen inc mod 2 map @t1v4
- meta l4proto tcp dnat ip addr . port to numgen inc mod 2 map @t2v4
+ meta l4proto tcp dnat ip to numgen inc mod 2 map @t2v4
dnat ip6 to ip6 daddr map @x6
ip6 saddr dead::1 dnat ip6 to feed::1
ip6 saddr dead::2 tcp dport 42 dnat ip6 to [c0::1a]:4242
- meta l4proto tcp meta nfproto ipv6 dnat ip6 addr . port to ip6 saddr map @y6
- meta nfproto ipv6 dnat ip6 addr . port to ip6 saddr . tcp dport map @z6
+ meta l4proto tcp meta nfproto ipv6 dnat ip6 to ip6 saddr map @y6
+ meta nfproto ipv6 dnat ip6 to ip6 saddr . tcp dport map @z6
dnat ip6 to numgen inc mod 2 map @t1v6
- meta l4proto tcp dnat ip6 addr . port to numgen inc mod 2 map @t2v6
+ meta l4proto tcp dnat ip6 to numgen inc mod 2 map @t2v6
}
}