diff options
| -rw-r--r-- | src/scanner.l | 7 | ||||
| -rw-r--r-- | src/statement.c | 22 | ||||
| -rw-r--r-- | tests/py/ip6/dnat.t | 5 | ||||
| -rw-r--r-- | tests/py/ip6/dnat.t.payload.ip6 | 14 | ||||
| -rw-r--r-- | tests/py/ip6/snat.t | 4 | ||||
| -rw-r--r-- | tests/py/ip6/snat.t.payload.ip6 | 4 |
6 files changed, 46 insertions, 10 deletions
diff --git a/src/scanner.l b/src/scanner.l index 613c3c9e..3ad4dd9c 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -169,6 +169,7 @@ v60 (::) macaddr (([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}) ip4addr (([[:digit:]]{1,3}"."){3}([[:digit:]]{1,3})) ip6addr ({v680}|{v67}|{v66}|{v65}|{v64}|{v63}|{v62}|{v61}|{v60}) +ip6addr_rfc2732 (\[{ip6addr}\]) addrstring ({macaddr}|{ip4addr}|{ip6addr}) @@ -475,6 +476,12 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) return STRING; } +{ip6addr_rfc2732} { + yytext[yyleng - 1] = '\0'; + yylval->string = xstrdup(yytext + 1); + return STRING; + } + {timestring} { yylval->string = xstrdup(yytext); return STRING; diff --git a/src/statement.c b/src/statement.c index ccc16bb7..fbe74a64 100644 --- a/src/statement.c +++ b/src/statement.c @@ -397,8 +397,26 @@ static void nat_stmt_print(const struct stmt *stmt) }; printf("%s to ", nat_types[stmt->nat.type]); - if (stmt->nat.addr) - expr_print(stmt->nat.addr); + if (stmt->nat.addr) { + if (stmt->nat.proto) { + if (stmt->nat.addr->ops->type == EXPR_VALUE && + stmt->nat.addr->dtype->type == TYPE_IP6ADDR) { + printf("["); + expr_print(stmt->nat.addr); + printf("]"); + } else if (stmt->nat.addr->ops->type == EXPR_RANGE && + stmt->nat.addr->left->dtype->type == TYPE_IP6ADDR) { + printf("["); + expr_print(stmt->nat.addr->left); + printf("]-["); + expr_print(stmt->nat.addr->right); + printf("]"); + } + } else { + expr_print(stmt->nat.addr); + } + } + if (stmt->nat.proto) { printf(":"); expr_print(stmt->nat.proto); diff --git a/tests/py/ip6/dnat.t b/tests/py/ip6/dnat.t index b256e018..78d6d0ad 100644 --- a/tests/py/ip6/dnat.t +++ b/tests/py/ip6/dnat.t @@ -2,5 +2,6 @@ *ip6;test-ip6;prerouting -tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:::80-100;ok -tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:: :100;ok;tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:::100 +tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100;ok +tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:100;ok;tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:100 +tcp dport 80-90 dnat to [2001:838:35f:1::]:80;ok diff --git a/tests/py/ip6/dnat.t.payload.ip6 b/tests/py/ip6/dnat.t.payload.ip6 index 494ade39..8bd5819e 100644 --- a/tests/py/ip6/dnat.t.payload.ip6 +++ b/tests/py/ip6/dnat.t.payload.ip6 @@ -1,4 +1,4 @@ -# tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:::80-100 +# tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100 ip6 test-ip6 prerouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -11,7 +11,7 @@ ip6 test-ip6 prerouting [ immediate reg 4 0x00006400 ] [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ] -# tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:: :100 +# tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:100 ip6 test-ip6 prerouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -23,3 +23,13 @@ ip6 test-ip6 prerouting [ immediate reg 3 0x00006400 ] [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 0 ] +# tcp dport 80-90 dnat to [2001:838:35f:1::]:80 +ip6 test-ip6 prerouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] + [ immediate reg 2 0x00005000 ] + [ nat dnat ip6 addr_min reg 1 addr_max reg 0 proto_min reg 2 proto_max reg 0 ] diff --git a/tests/py/ip6/snat.t b/tests/py/ip6/snat.t index b85d9af9..c259f934 100644 --- a/tests/py/ip6/snat.t +++ b/tests/py/ip6/snat.t @@ -2,5 +2,5 @@ *ip6;test-ip6;postrouting -tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok;tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:::80-100 -tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:::100;ok +tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100;ok;tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100 +tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:100;ok diff --git a/tests/py/ip6/snat.t.payload.ip6 b/tests/py/ip6/snat.t.payload.ip6 index fbc99c1a..ea403638 100644 --- a/tests/py/ip6/snat.t.payload.ip6 +++ b/tests/py/ip6/snat.t.payload.ip6 @@ -1,4 +1,4 @@ -# tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:: :80-100 +# tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100 ip6 test-ip6 postrouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -11,7 +11,7 @@ ip6 test-ip6 postrouting [ immediate reg 4 0x00006400 ] [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ] -# tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:::100 +# tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:100 ip6 test-ip6 postrouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000006 ] |