parser_bison: redirect to :port for consistency with nat/masq statement

Use the colon port syntax for consistency with other statements.
Existing syntax is still preserved but the output displays the colon.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/parser_bison.y b/src/parser_bison.y
index f4ce11d5aaa3e288bfcf9a13c914eeb95b827307..8025415c3e4e63c27d019f1de071c5bb40312eae 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1701,6 +1701,10 @@ redir_stmt_arg           :       TO      stmt_expr
                        {
                                $<stmt>0->redir.proto = $2;
                        }
+                       |       TO      COLON   stmt_expr
+                       {
+                               $<stmt>0->redir.proto = $3;
+                       }
                        |       nf_nat_flags
                        {
                                $<stmt>0->redir.flags = $1;
@@ -1710,6 +1714,11 @@ redir_stmt_arg           :       TO      stmt_expr
                                $<stmt>0->redir.proto = $2;
                                $<stmt>0->redir.flags = $3;
                        }
+                       |       TO      COLON   stmt_expr       nf_nat_flags
+                       {
+                               $<stmt>0->redir.proto = $3;
+                               $<stmt>0->redir.flags = $4;
+                       }
                        ;
 
 dup_stmt               :       DUP     TO      stmt_expr

diff --git a/tests/py/ip/redirect.t b/tests/py/ip/redirect.t
index 7e205a90ed4b4c53988f03450adb289c5def4549..f6ddfc05e4edbfbe44d06a9335a550a729624d12 100644 (file)
--- a/tests/py/ip/redirect.t
+++ b/tests/py/ip/redirect.t
@@ -18,19 +18,19 @@ udp dport 53 redirect persistent,fully-random;ok;udp dport 53 redirect fully-ran
 udp dport 53 redirect persistent,fully-random,random;ok;udp dport 53 redirect random,fully-random,persistent
 
 # port specification
-tcp dport 22 redirect to 22;ok
-udp dport 1234 redirect to 4321;ok
-ip daddr 172.16.0.1 udp dport 9998 redirect to 6515;ok
-tcp dport 39128 redirect to 993;ok
-ip protocol tcp redirect to 100-200;ok;ip protocol 6 redirect to 100-200
-redirect to 1234;fail
-redirect to 12341111;fail
+tcp dport 22 redirect to :22;ok
+udp dport 1234 redirect to :4321;ok
+ip daddr 172.16.0.1 udp dport 9998 redirect to :6515;ok
+tcp dport 39128 redirect to :993;ok
+ip protocol tcp redirect to :100-200;ok;ip protocol 6 redirect to :100-200
+redirect to :1234;fail
+redirect to :12341111;fail
 
 # both port and nf_nat flags
-tcp dport 9128 redirect to 993 random;ok
-tcp dport 9128 redirect to 993 fully-random;ok
-tcp dport 9128 redirect to 123 persistent;ok
-tcp dport 9128 redirect to 123 random,persistent;ok
+tcp dport 9128 redirect to :993 random;ok
+tcp dport 9128 redirect to :993 fully-random;ok
+tcp dport 9128 redirect to :123 persistent;ok
+tcp dport 9128 redirect to :123 random,persistent;ok
 
 # nf_nat flags is the last argument
 udp dport 1234 redirect random to 123;fail
@@ -47,5 +47,5 @@ ip daddr 10.0.0.0-10.2.3.4 udp dport 53 counter packets 0 bytes 0 redirect;ok
 iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect;ok
 
 # redirect with maps
-ip protocol 6 redirect to tcp dport map { 22 : 8000, 80 : 8080};ok
+ip protocol 6 redirect to : tcp dport map { 22 : 8000, 80 : 8080};ok
 

diff --git a/tests/py/ip/redirect.t.payload b/tests/py/ip/redirect.t.payload
index e02a26d0fb88672b6e7b723a61002dc1c4dc854e..dfb5a3bd86011ff7f0f29b01b141350941abc36b 100644 (file)
--- a/tests/py/ip/redirect.t.payload
+++ b/tests/py/ip/redirect.t.payload
@@ -86,7 +86,7 @@ ip test-ip4 output
   [ cmp eq reg 1 0x00003500 ]
   [ redir flags 0x1c ]
 
-# tcp dport 22 redirect to 22
+# tcp dport 22 redirect to :22
 ip test-ip4 output
   [ payload load 1b @ network header + 9 => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
@@ -95,7 +95,7 @@ ip test-ip4 output
   [ immediate reg 1 0x00001600 ]
   [ redir proto_min reg 1 ]
 
-# udp dport 1234 redirect to 4321
+# udp dport 1234 redirect to :4321
 ip test-ip4 output
   [ payload load 1b @ network header + 9 => reg 1 ]
   [ cmp eq reg 1 0x00000011 ]
@@ -104,7 +104,7 @@ ip test-ip4 output
   [ immediate reg 1 0x0000e110 ]
   [ redir proto_min reg 1 ]
 
-# ip daddr 172.16.0.1 udp dport 9998 redirect to 6515
+# ip daddr 172.16.0.1 udp dport 9998 redirect to :6515
 ip test-ip4 output
   [ payload load 4b @ network header + 16 => reg 1 ]
   [ cmp eq reg 1 0x010010ac ]
@@ -115,7 +115,7 @@ ip test-ip4 output
   [ immediate reg 1 0x00007319 ]
   [ redir proto_min reg 1 ]
 
-# tcp dport 39128 redirect to 993
+# tcp dport 39128 redirect to :993
 ip test-ip4 output
   [ payload load 1b @ network header + 9 => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
@@ -124,7 +124,7 @@ ip test-ip4 output
   [ immediate reg 1 0x0000e103 ]
   [ redir proto_min reg 1 ]
 
-# ip protocol tcp redirect to 100-200
+# ip protocol tcp redirect to :100-200
 ip test-ip4 output
   [ payload load 1b @ network header + 9 => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
@@ -132,7 +132,7 @@ ip test-ip4 output
   [ immediate reg 2 0x0000c800 ]
   [ redir proto_min reg 1 proto_max reg 2 ]
 
-# tcp dport 9128 redirect to 993 random
+# tcp dport 9128 redirect to :993 random
 ip test-ip4 output
   [ payload load 1b @ network header + 9 => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
@@ -141,7 +141,7 @@ ip test-ip4 output
   [ immediate reg 1 0x0000e103 ]
   [ redir proto_min reg 1 flags 0x4 ]
 
-# tcp dport 9128 redirect to 993 fully-random
+# tcp dport 9128 redirect to :993 fully-random
 ip test-ip4 output
   [ payload load 1b @ network header + 9 => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
@@ -150,7 +150,7 @@ ip test-ip4 output
   [ immediate reg 1 0x0000e103 ]
   [ redir proto_min reg 1 flags 0x10 ]
 
-# tcp dport 9128 redirect to 123 persistent
+# tcp dport 9128 redirect to :123 persistent
 ip test-ip4 output
   [ payload load 1b @ network header + 9 => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
@@ -159,7 +159,7 @@ ip test-ip4 output
   [ immediate reg 1 0x00007b00 ]
   [ redir proto_min reg 1 flags 0x8 ]
 
-# tcp dport 9128 redirect to 123 random,persistent
+# tcp dport 9128 redirect to :123 random,persistent
 ip test-ip4 output
   [ payload load 1b @ network header + 9 => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
@@ -207,7 +207,7 @@ ip test-ip4 output
   [ lookup reg 1 set __map%d dreg 0 ]
   [ redir ]
 
-# ip protocol 6 redirect to tcp dport map { 22 : 8000, 80 : 8080}
+# ip protocol 6 redirect to : tcp dport map { 22 : 8000, 80 : 8080}
 __map%d test-ip4 b
 __map%d test-ip4 0
         element 00001600  : 0000401f 0 [end]    element 00005000  : 0000901f 0 [end]

diff --git a/tests/py/ip6/redirect.t b/tests/py/ip6/redirect.t
index fca84e5bfaf8d523aa69f97d7121fe87a5a39b2d..c5d939c53d7cb12bdbbc8eb266718b258086dd14 100644 (file)
--- a/tests/py/ip6/redirect.t
+++ b/tests/py/ip6/redirect.t
@@ -20,16 +20,16 @@ udp dport 53 redirect persistent,fully-random;ok;udp dport 53 redirect fully-ran
 udp dport 53 redirect persistent,fully-random,random;ok;udp dport 53 redirect random,fully-random,persistent
 
 # port specification
-udp dport 1234 redirect to 1234;ok
-ip6 daddr fe00::cafe udp dport 9998 redirect to 6515;ok
-ip6 nexthdr tcp redirect to 100-200;ok;ip6 nexthdr 6 redirect to 100-200
-tcp dport 39128 redirect to 993;ok
-redirect to 1234;fail
-redirect to 12341111;fail
+udp dport 1234 redirect to :1234;ok
+ip6 daddr fe00::cafe udp dport 9998 redirect to :6515;ok
+ip6 nexthdr tcp redirect to :100-200;ok;ip6 nexthdr 6 redirect to :100-200
+tcp dport 39128 redirect to :993;ok
+redirect to :1234;fail
+redirect to :12341111;fail
 
 # both port and nf_nat flags
-tcp dport 9128 redirect to 993 random;ok
-tcp dport 9128 redirect to 993 fully-random,persistent;ok
+tcp dport 9128 redirect to :993 random;ok
+tcp dport 9128 redirect to :993 fully-random,persistent;ok
 
 # nf_nat flags are the last argument
 tcp dport 9128 redirect persistent to 123;fail
@@ -46,4 +46,4 @@ ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 redirect;ok
 iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } redirect;ok
 
 # redirect with maps
-ip6 nexthdr 6 redirect to tcp dport map { 22 : 8000, 80 : 8080};ok
+ip6 nexthdr 6 redirect to : tcp dport map { 22 : 8000, 80 : 8080};ok

diff --git a/tests/py/ip6/redirect.t.payload.ip6 b/tests/py/ip6/redirect.t.payload.ip6
index 80250caa5a6e1254eb02773298409618b4b627e9..420e1f3659643524c2ad03ade93303da13fe98f8 100644 (file)
--- a/tests/py/ip6/redirect.t.payload.ip6
+++ b/tests/py/ip6/redirect.t.payload.ip6
@@ -97,7 +97,7 @@ ip6 test-ip6 output
   [ cmp eq reg 1 0x00003500 ]
   [ redir flags 0x1c ]
 
-# udp dport 1234 redirect to 1234
+# udp dport 1234 redirect to :1234
 ip6 test-ip6 output
   [ payload load 1b @ network header + 6 => reg 1 ]
   [ cmp eq reg 1 0x00000011 ]
@@ -106,7 +106,7 @@ ip6 test-ip6 output
   [ immediate reg 1 0x0000d204 ]
   [ redir proto_min reg 1 ]
 
-# ip6 daddr fe00::cafe udp dport 9998 redirect to 6515
+# ip6 daddr fe00::cafe udp dport 9998 redirect to :6515
 ip6 test-ip6 output
   [ payload load 16b @ network header + 24 => reg 1 ]
   [ cmp eq reg 1 0x000000fe 0x00000000 0x00000000 0xfeca0000 ]
@@ -117,7 +117,7 @@ ip6 test-ip6 output
   [ immediate reg 1 0x00007319 ]
   [ redir proto_min reg 1 ]
 
-# ip6 nexthdr tcp redirect to 100-200
+# ip6 nexthdr tcp redirect to :100-200
 ip6 test-ip6 output
   [ payload load 1b @ network header + 6 => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
@@ -125,7 +125,7 @@ ip6 test-ip6 output
   [ immediate reg 2 0x0000c800 ]
   [ redir proto_min reg 1 proto_max reg 2 ]
 
-# tcp dport 39128 redirect to 993
+# tcp dport 39128 redirect to :993
 ip6 test-ip6 output
   [ payload load 1b @ network header + 6 => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
@@ -134,7 +134,7 @@ ip6 test-ip6 output
   [ immediate reg 1 0x0000e103 ]
   [ redir proto_min reg 1 ]
 
-# tcp dport 9128 redirect to 993 random
+# tcp dport 9128 redirect to :993 random
 ip6 test-ip6 output
   [ payload load 1b @ network header + 6 => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
@@ -143,7 +143,7 @@ ip6 test-ip6 output
   [ immediate reg 1 0x0000e103 ]
   [ redir proto_min reg 1 flags 0x4 ]
 
-# tcp dport 9128 redirect to 993 fully-random,persistent
+# tcp dport 9128 redirect to :993 fully-random,persistent
 ip6 test-ip6 output
   [ payload load 1b @ network header + 6 => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
@@ -191,7 +191,7 @@ ip6 test-ip6 output
   [ lookup reg 1 set __map%d dreg 0 ]
   [ redir ]
 
-# ip6 nexthdr 6 redirect to tcp dport map { 22 : 8000, 80 : 8080}
+# ip6 nexthdr 6 redirect to : tcp dport map { 22 : 8000, 80 : 8080}
 __map%d test-ip6 b
 __map%d test-ip6 0
        element 00001600  : 0000401f 0 [end]    element 00005000  : 0000901f 0 [end]