git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Sun, 8 Oct 2017 23:40:36 +0000 (01:40 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 9 Oct 2017 12:12:04 +0000 (14:12 +0200)
commit	fd513de78bc0133f6ba61087be168e2a8d067107
tree	3466acbf9f966d902c599cdbe040578803b15a7a	tree
parent	22d2010109193e6ee201d7cd4e8aaf5cda4539a0	commit \| diff

scanner: IPv4-Mapped IPv6 addresses support

The scanner rejects IPv4-Mapped IPv6 addresses, eg.

# cat test
#!/usr/sbin/nft -f
flush ruleset
table inet global {
    set blackhole_ipv6 {
        type ipv6_addr
        flags interval
        elements = { ::ffff:0.0.0.0/96 }
    }
}

# nft -f test
test:8:30-38: Error: syntax error, unexpected string, expecting comma or '}'
        elements = { ::ffff:0.0.0.0/96 }
                            ^^^^^^^^^^

According to RFC4291, Sect. 2.5.5.2. IPv4-Mapped IPv6 Address:

   |                80 bits               | 16 |      32 bits        |
   +--------------------------------------+--------------------------+
   |0000..............................0000|FFFF|    IPv4 address     |
   +--------------------------------------+----+---------------------+

Update scanner bits to parse this.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1188
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>