diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-10-09 01:40:36 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-10-09 14:12:04 +0200 |
commit | fd513de78bc0133f6ba61087be168e2a8d067107 (patch) | |
tree | 3466acbf9f966d902c599cdbe040578803b15a7a /src/scanner.l | |
parent | 22d2010109193e6ee201d7cd4e8aaf5cda4539a0 (diff) |
scanner: IPv4-Mapped IPv6 addresses support
The scanner rejects IPv4-Mapped IPv6 addresses, eg.
# cat test
#!/usr/sbin/nft -f
flush ruleset
table inet global {
set blackhole_ipv6 {
type ipv6_addr
flags interval
elements = { ::ffff:0.0.0.0/96 }
}
}
# nft -f test
test:8:30-38: Error: syntax error, unexpected string, expecting comma or '}'
elements = { ::ffff:0.0.0.0/96 }
^^^^^^^^^^
According to RFC4291, Sect. 2.5.5.2. IPv4-Mapped IPv6 Address:
| 80 bits | 16 | 32 bits |
+--------------------------------------+--------------------------+
|0000..............................0000|FFFF| IPv4 address |
+--------------------------------------+----+---------------------+
Update scanner bits to parse this.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1188
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/scanner.l')
-rw-r--r-- | src/scanner.l | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/scanner.l b/src/scanner.l index 186fb47e..59407366 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -160,7 +160,8 @@ v63 ({v630}|{v631}|{v632}|{v633}) v620 ((:)((:{hex4}){2})) v621 ((({hex4}:){1})((:{hex4}){1})) v622 ((({hex4}:){2})(:)) -v62 ({v620}|{v621}|{v622}) +v62_rfc4291 ((:)(:[fF]{4})(:{ip4addr})) +v62 ({v620}|{v621}|{v622}|{v62_rfc4291}) v610 ((:)(:{hex4}{1})) v611 ((({hex4}:){1})(:)) v61 ({v610}|{v611}) |