From 5ab0e10fc6e2c22363ad4428f9aaf8965ee71d51 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 16 Aug 2016 18:07:21 +0200 Subject: src: support for RFC2732 IPv6 address format with brackets The statement: dnat to 2001:838:35f:1:::80 is very confusing as it is not so easy to identify where address ends and the port starts. This even harder to read with ranges. So this patch adds squared brackets as RFC2732 to enclose the IPv6 address. Signed-off-by: Pablo Neira Ayuso --- tests/py/ip6/dnat.t | 5 +++-- tests/py/ip6/dnat.t.payload.ip6 | 14 ++++++++++++-- tests/py/ip6/snat.t | 4 ++-- tests/py/ip6/snat.t.payload.ip6 | 4 ++-- 4 files changed, 19 insertions(+), 8 deletions(-) (limited to 'tests/py/ip6') diff --git a/tests/py/ip6/dnat.t b/tests/py/ip6/dnat.t index b256e018..78d6d0ad 100644 --- a/tests/py/ip6/dnat.t +++ b/tests/py/ip6/dnat.t @@ -2,5 +2,6 @@ *ip6;test-ip6;prerouting -tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:::80-100;ok -tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:: :100;ok;tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:::100 +tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100;ok +tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:100;ok;tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:100 +tcp dport 80-90 dnat to [2001:838:35f:1::]:80;ok diff --git a/tests/py/ip6/dnat.t.payload.ip6 b/tests/py/ip6/dnat.t.payload.ip6 index 494ade39..8bd5819e 100644 --- a/tests/py/ip6/dnat.t.payload.ip6 +++ b/tests/py/ip6/dnat.t.payload.ip6 @@ -1,4 +1,4 @@ -# tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:::80-100 +# tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100 ip6 test-ip6 prerouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -11,7 +11,7 @@ ip6 test-ip6 prerouting [ immediate reg 4 0x00006400 ] [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ] -# tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:: :100 +# tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:100 ip6 test-ip6 prerouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -23,3 +23,13 @@ ip6 test-ip6 prerouting [ immediate reg 3 0x00006400 ] [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 0 ] +# tcp dport 80-90 dnat to [2001:838:35f:1::]:80 +ip6 test-ip6 prerouting + [ payload load 1b @ network header + 6 => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ payload load 2b @ transport header + 2 => reg 1 ] + [ cmp gte reg 1 0x00005000 ] + [ cmp lte reg 1 0x00005a00 ] + [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ] + [ immediate reg 2 0x00005000 ] + [ nat dnat ip6 addr_min reg 1 addr_max reg 0 proto_min reg 2 proto_max reg 0 ] diff --git a/tests/py/ip6/snat.t b/tests/py/ip6/snat.t index b85d9af9..c259f934 100644 --- a/tests/py/ip6/snat.t +++ b/tests/py/ip6/snat.t @@ -2,5 +2,5 @@ *ip6;test-ip6;postrouting -tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok;tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:::80-100 -tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:::100;ok +tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100;ok;tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100 +tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:100;ok diff --git a/tests/py/ip6/snat.t.payload.ip6 b/tests/py/ip6/snat.t.payload.ip6 index fbc99c1a..ea403638 100644 --- a/tests/py/ip6/snat.t.payload.ip6 +++ b/tests/py/ip6/snat.t.payload.ip6 @@ -1,4 +1,4 @@ -# tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:: :80-100 +# tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100 ip6 test-ip6 postrouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000006 ] @@ -11,7 +11,7 @@ ip6 test-ip6 postrouting [ immediate reg 4 0x00006400 ] [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ] -# tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:::100 +# tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:100 ip6 test-ip6 postrouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000006 ] -- cgit v1.2.3