From ee4391d0ac1e7af57e4c707be81e83fc59002272 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 29 Apr 2020 14:11:13 +0200 Subject: nat: transform range to prefix expression when possible This patch transform a range of IP addresses to prefix when listing the ruleset. Signed-off-by: Pablo Neira Ayuso --- src/netlink.c | 4 ++-- src/netlink_delinearize.c | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/netlink.c b/src/netlink.c index 10964720..bb014320 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -949,7 +949,7 @@ static uint32_t mpz_bitmask_to_prefix(mpz_t bitmask, uint32_t len) return len - mpz_scan0(bitmask, 0); } -static struct expr *expr_range_to_prefix(struct expr *range) +struct expr *range_expr_to_prefix(struct expr *range) { struct expr *left = range->left, *right = range->right, *prefix; uint32_t len = left->len, prefix_len; @@ -989,7 +989,7 @@ static struct expr *netlink_parse_interval_elem(const struct datatype *dtype, range = range_expr_alloc(&expr->location, left, right); expr_free(expr); - return expr_range_to_prefix(range); + return range_expr_to_prefix(range); } static struct expr *netlink_parse_concat_elem(const struct datatype *dtype, diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 772559c8..f721d15c 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -1103,8 +1103,10 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx, else expr_set_type(addr, &ip6addr_type, BYTEORDER_BIG_ENDIAN); - if (stmt->nat.addr != NULL) + if (stmt->nat.addr != NULL) { addr = range_expr_alloc(loc, stmt->nat.addr, addr); + addr = range_expr_to_prefix(addr); + } stmt->nat.addr = addr; } @@ -2296,6 +2298,8 @@ static void expr_postprocess(struct rule_pp_ctx *ctx, struct expr **exprp) case EXPR_RANGE: expr_postprocess(ctx, &expr->left); expr_postprocess(ctx, &expr->right); + case EXPR_PREFIX: + expr_postprocess(ctx, &expr->prefix); break; case EXPR_SET_ELEM: expr_postprocess(ctx, &expr->key); -- cgit v1.2.3