macaddr (([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2})
ip4addr (([[:digit:]]{1,3}"."){3}([[:digit:]]{1,3}))
ip6addr ({v680}|{v67}|{v66}|{v65}|{v64}|{v63}|{v62}|{v61}|{v60})
+ip6addr_rfc2732 (\[{ip6addr}\])
addrstring ({macaddr}|{ip4addr}|{ip6addr})
return STRING;
}
+{ip6addr_rfc2732} {
+ yytext[yyleng - 1] = '\0';
+ yylval->string = xstrdup(yytext + 1);
+ return STRING;
+ }
+
{timestring} {
yylval->string = xstrdup(yytext);
return STRING;
};
printf("%s to ", nat_types[stmt->nat.type]);
- if (stmt->nat.addr)
- expr_print(stmt->nat.addr);
+ if (stmt->nat.addr) {
+ if (stmt->nat.proto) {
+ if (stmt->nat.addr->ops->type == EXPR_VALUE &&
+ stmt->nat.addr->dtype->type == TYPE_IP6ADDR) {
+ printf("[");
+ expr_print(stmt->nat.addr);
+ printf("]");
+ } else if (stmt->nat.addr->ops->type == EXPR_RANGE &&
+ stmt->nat.addr->left->dtype->type == TYPE_IP6ADDR) {
+ printf("[");
+ expr_print(stmt->nat.addr->left);
+ printf("]-[");
+ expr_print(stmt->nat.addr->right);
+ printf("]");
+ }
+ } else {
+ expr_print(stmt->nat.addr);
+ }
+ }
+
if (stmt->nat.proto) {
printf(":");
expr_print(stmt->nat.proto);
*ip6;test-ip6;prerouting
-tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:::80-100;ok
-tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:: :100;ok;tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:::100
+tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100;ok
+tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:100;ok;tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:100
+tcp dport 80-90 dnat to [2001:838:35f:1::]:80;ok
-# tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:::80-100
+# tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100
ip6 test-ip6 prerouting
[ payload load 1b @ network header + 6 => reg 1 ]
[ cmp eq reg 1 0x00000006 ]
[ immediate reg 4 0x00006400 ]
[ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ]
-# tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:: :100
+# tcp dport 80-90 dnat to [2001:838:35f:1::]-[2001:838:35f:2::]:100
ip6 test-ip6 prerouting
[ payload load 1b @ network header + 6 => reg 1 ]
[ cmp eq reg 1 0x00000006 ]
[ immediate reg 3 0x00006400 ]
[ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 0 ]
+# tcp dport 80-90 dnat to [2001:838:35f:1::]:80
+ip6 test-ip6 prerouting
+ [ payload load 1b @ network header + 6 => reg 1 ]
+ [ cmp eq reg 1 0x00000006 ]
+ [ payload load 2b @ transport header + 2 => reg 1 ]
+ [ cmp gte reg 1 0x00005000 ]
+ [ cmp lte reg 1 0x00005a00 ]
+ [ immediate reg 1 0x38080120 0x01005f03 0x00000000 0x00000000 ]
+ [ immediate reg 2 0x00005000 ]
+ [ nat dnat ip6 addr_min reg 1 addr_max reg 0 proto_min reg 2 proto_max reg 0 ]
*ip6;test-ip6;postrouting
-tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok;tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:::80-100
-tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:::100;ok
+tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100;ok;tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100
+tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:100;ok
-# tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:: :80-100
+# tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:80-100
ip6 test-ip6 postrouting
[ payload load 1b @ network header + 6 => reg 1 ]
[ cmp eq reg 1 0x00000006 ]
[ immediate reg 4 0x00006400 ]
[ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ]
-# tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:::100
+# tcp dport 80-90 snat to [2001:838:35f:1::]-[2001:838:35f:2::]:100
ip6 test-ip6 postrouting
[ payload load 1b @ network header + 6 => reg 1 ]
[ cmp eq reg 1 0x00000006 ]
projects / thirdparty / nftables.git / commitdiff
