diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-02-24 13:28:34 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-02-24 19:18:45 +0100 |
commit | 1f3974ce5c77fb66bc0be94a2e03286f73ac0b5b (patch) | |
tree | fd0d33966c73f9929fe43a5ecbc4826d6d53b08d /src/evaluate.c | |
parent | 875b56a306dbea6e8503a9135849fd0fd4b3b932 (diff) |
src: nat concatenation support with anonymous maps
This patch extends the parser to define the mapping datatypes, eg.
... dnat ip addr . port to ip saddr map { 1.1.1.1 : 2.2.2.2 . 30 }
... dnat ip addr . port to ip saddr map @y
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/evaluate.c')
-rw-r--r-- | src/evaluate.c | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 0afd0403..2d4985c0 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2853,15 +2853,32 @@ static int stmt_evaluate_nat_map(struct eval_ctx *ctx, struct stmt *stmt) { struct expr *one, *two, *data, *tmp; const struct datatype *dtype; - int err; + int addr_type, err; - dtype = get_addr_dtype(stmt->nat.family); + if (stmt->nat.ipportmap) { + switch (stmt->nat.family) { + case NFPROTO_IPV4: + addr_type = TYPE_IPADDR; + break; + case NFPROTO_IPV6: + addr_type = TYPE_IP6ADDR; + break; + default: + return -1; + } + dtype = concat_type_alloc((addr_type << TYPE_BITS) | + TYPE_INET_SERVICE); + } else { + dtype = get_addr_dtype(stmt->nat.family); + } expr_set_context(&ctx->ectx, dtype, dtype->size); if (expr_evaluate(ctx, &stmt->nat.addr)) return -1; data = stmt->nat.addr->mappings->set->data; + datatype_set(data, dtype); + if (expr_ops(data)->type != EXPR_CONCAT) return __stmt_evaluate_arg(ctx, stmt, dtype, dtype->size, BYTEORDER_BIG_ENDIAN, @@ -2875,6 +2892,7 @@ static int stmt_evaluate_nat_map(struct eval_ctx *ctx, struct stmt *stmt) BYTEORDER_BIG_ENDIAN, &stmt->nat.addr); + dtype = get_addr_dtype(stmt->nat.family); tmp = one; err = __stmt_evaluate_arg(ctx, stmt, dtype, dtype->size, BYTEORDER_BIG_ENDIAN, @@ -2891,7 +2909,6 @@ static int stmt_evaluate_nat_map(struct eval_ctx *ctx, struct stmt *stmt) if (tmp != two) BUG("Internal error: Unexpected alteration of l4 expression"); - stmt->nat.ipportmap = true; return err; } |