| |
|
|
|
|
|
|
|
|
|
|
|
| |
When adding this rule with an existing map:
add rule nat x y meta l4proto { tcp, udp } dnat ip to ip daddr . th dport map @fwdtoip_th
reports a bogus:
Error: datatype mismatch: expected IPv4 address, expression has type
concatenation of (IPv4 address, internet network service)
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
This patch allows you to combine concatenation and interval in NAT
mappings, e.g.
add rule x y dnat to ip saddr . tcp dport map { 192.168.1.2 . 80 : 10.141.10.2-10.141.10.5 . 8888-8999 }
This generates the following NAT expression:
[ nat dnat ip addr_min reg 1 addr_max reg 10 proto_min reg 9 proto_max reg 11 ]
which expects to obtain the following tuple:
IP address (min), source port (min), IP address (max), source port (max)
to be obtained from the map. This representation simplifies the
delinearize path, since the datatype is specified as:
ipv4_addr . inet_service.
A few more notes on this update:
- alloc_nftnl_setelem() needs a variant netlink_gen_data() to deal with
the representation of the range on the rhs of the mapping. In contrast
to interval concatenation in the key side, where the range is expressed
as two netlink attributes, the data side of the set element mapping
stores the interval concatenation in a contiguos memory area, see
__netlink_gen_concat_expand() for reference.
- add range_expr_postprocess() to postprocess the data mapping range.
If either one single IP address or port is used, then the minimum and
maximum value in the range is the same value, e.g. to avoid listing
80-80, this round simplify the range. This also invokes the range
to prefix conversion routine.
- add concat_elem_expr() helper function to consolidate code to build
the concatenation expression on the rhs element data side.
This patch also adds tests/py and tests/shell.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
