STMT_NAT_F_INTERVAL is not useful, the keyword interval can be removed
to simplify the syntax, e.g.
snat to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 }
This patch reworks
9599d9d25a6b ("src: NAT support for intervals in
maps").
Do not remove STMT_NAT_F_INTERVAL yet since this flag is needed for
interval concatenations coming in a follow up patch.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
return err;
}
- if (stmt->nat.type_flags & STMT_NAT_F_INTERVAL) {
- switch (stmt->nat.addr->etype) {
- case EXPR_MAP:
- if (!(stmt->nat.addr->mappings->set->data->flags & EXPR_F_INTERVAL))
- return expr_error(ctx->msgs, stmt->nat.addr,
- "map is not defined as interval");
- break;
- case EXPR_RANGE:
- case EXPR_PREFIX:
- break;
- default:
- return expr_error(ctx->msgs, stmt->nat.addr,
- "neither prefix, range nor map expression");
- }
-
- stmt->flags |= STMT_F_TERMINAL;
-
- return 0;
- }
-
if (stmt->nat.proto != NULL) {
err = nat_evaluate_transport(ctx, stmt, &stmt->nat.proto);
if (err < 0)
{
json_t *array = json_array();
- if (type_flags & STMT_NAT_F_INTERVAL)
- json_array_append_new(array, json_string("interval"));
if (type_flags & STMT_NAT_F_PREFIX)
json_array_append_new(array, json_string("prefix"));
if (type_flags & STMT_NAT_F_CONCAT)
if (is_nat_addr_map(addr, family)) {
stmt->nat.family = family;
- stmt->nat.type_flags |= STMT_NAT_F_INTERVAL;
ctx->stmt = stmt;
return;
}
{
$<stmt>0->nat.family = $1;
$<stmt>0->nat.addr = $4;
- $<stmt>0->nat.type_flags = STMT_NAT_F_INTERVAL;
}
| INTERVAL TO stmt_expr
{
$<stmt>0->nat.addr = $3;
- $<stmt>0->nat.type_flags = STMT_NAT_F_INTERVAL;
}
| nf_key_proto PREFIX TO stmt_expr
{
$<stmt>0->nat.family = $1;
$<stmt>0->nat.addr = $4;
$<stmt>0->nat.type_flags =
- STMT_NAT_F_PREFIX |
- STMT_NAT_F_INTERVAL;
+ STMT_NAT_F_PREFIX;
$<stmt>0->nat.flags |= NF_NAT_RANGE_NETMAP;
}
| PREFIX TO stmt_expr
{
$<stmt>0->nat.addr = $3;
$<stmt>0->nat.type_flags =
- STMT_NAT_F_PREFIX |
- STMT_NAT_F_INTERVAL;
+ STMT_NAT_F_PREFIX;
$<stmt>0->nat.flags |= NF_NAT_RANGE_NETMAP;
}
;
nft_print(octx, " addr . port");
else if (stmt->nat.type_flags & STMT_NAT_F_PREFIX)
nft_print(octx, " prefix");
- else if (stmt->nat.type_flags & STMT_NAT_F_INTERVAL)
- nft_print(octx, " interval");
nft_print(octx, " to");
}
iifname "eth0" tcp dport != 23-34 snat to 192.168.3.2;ok
snat ip addr . port to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 };ok
-snat ip interval to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 };ok
+snat ip to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 };ok
snat ip prefix to ip saddr map { 10.141.11.0/24 : 192.168.2.0/24 };ok
[ lookup reg 1 set __map%d dreg 1 ]
[ nat snat ip addr_min reg 1 proto_min reg 9 ]
-# snat ip interval to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 }
+# snat ip to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 }
__map%d test-ip4 b size 1
__map%d test-ip4 0
element 040b8d0a : 0202a8c0 0402a8c0 0 [end]
chain y {
type nat hook postrouting priority srcnat; policy accept;
- snat ip interval to ip saddr map @y
+ snat to ip saddr map @y
}
}
"
chain y {
type nat hook postrouting priority srcnat; policy accept;
- snat ip interval to ip saddr map @y
+ snat ip to ip saddr map @y
}
}
projects / thirdparty / nftables.git / commitdiff
