src: add 'to' for snat and dnat

This is extra syntaxtic sugar to get this consistent with other
statements such as redirect, masquerade, dup and fwd that indicates
where to go.

Existing syntax is still preserved, but the listing shows the one
including 'to'.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/parser_bison.y b/src/parser_bison.y
index e16b8a326d4b5fdef524f491bcf88ff8e1eceb6d..ba2dba4131eccf4d98f676884911927d67c17fb0 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1649,18 +1649,18 @@ stmt_expr               :       map_stmt_expr
                        |       primary_rhs_expr
                        ;
 
-nat_stmt_args          :       stmt_expr
+nat_stmt_args          :       TO      stmt_expr
                        {
-                               $<stmt>0->nat.addr = $1;
+                               $<stmt>0->nat.addr = $2;
                        }
-                       |       stmt_expr       COLON   stmt_expr
+                       |       TO      stmt_expr       COLON   stmt_expr
                        {
-                               $<stmt>0->nat.addr = $1;
-                               $<stmt>0->nat.proto = $3;
+                               $<stmt>0->nat.addr = $2;
+                               $<stmt>0->nat.proto = $4;
                        }
-                       |       COLON           stmt_expr
+                       |       TO      COLON           stmt_expr
                        {
-                               $<stmt>0->nat.proto = $2;
+                               $<stmt>0->nat.proto = $3;
                        }
                        |       nat_stmt_args   nf_nat_flags
                        {

diff --git a/src/statement.c b/src/statement.c
index 7778a95587387ced281766d0148c7f41387eb7cb..ccc16bb75f81edc9d73a8af93eba8efc7b325212 100644 (file)
--- a/src/statement.c
+++ b/src/statement.c
@@ -396,7 +396,7 @@ static void nat_stmt_print(const struct stmt *stmt)
                [NFT_NAT_DNAT]  = "dnat",
        };
 
-       printf("%s ", nat_types[stmt->nat.type]);
+       printf("%s to ", nat_types[stmt->nat.type]);
        if (stmt->nat.addr)
                expr_print(stmt->nat.addr);
        if (stmt->nat.proto) {

diff --git a/tests/py/ip/dnat.t b/tests/py/ip/dnat.t
index 28e658d3ee2eb528f1aa0164e390daa5416cc8d5..d1ffdd71981ef9d07b91f2858a211494291bfe52 100644 (file)
--- a/tests/py/ip/dnat.t
+++ b/tests/py/ip/dnat.t
@@ -2,15 +2,15 @@
 
 *ip;test-ip4;prerouting
 
-iifname "eth0" tcp dport 80-90 dnat 192.168.3.2;ok
-iifname "eth0" tcp dport != 80-90 dnat 192.168.3.2;ok
-iifname "eth0" tcp dport {80, 90, 23} dnat 192.168.3.2;ok
-- iifname "eth0" tcp dport != {80, 90, 23} dnat 192.168.3.2;ok
-- iifname "eth0" tcp dport != {80, 90, 23} dnat 192.168.3.2;ok
+iifname "eth0" tcp dport 80-90 dnat to 192.168.3.2;ok
+iifname "eth0" tcp dport != 80-90 dnat to 192.168.3.2;ok
+iifname "eth0" tcp dport {80, 90, 23} dnat to 192.168.3.2;ok
+- iifname "eth0" tcp dport != {80, 90, 23} dnat to 192.168.3.2;ok
+- iifname "eth0" tcp dport != {80, 90, 23} dnat to 192.168.3.2;ok
 # BUG: invalid expression type set
 # nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed.
 
-iifname "eth0" tcp dport != 23-34 dnat 192.168.3.2;ok
+iifname "eth0" tcp dport != 23-34 dnat to 192.168.3.2;ok
 
-dnat ct mark map { 0x00000014 : 1.2.3.4};ok
-dnat ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4};ok
+dnat to ct mark map { 0x00000014 : 1.2.3.4};ok
+dnat to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4};ok

diff --git a/tests/py/ip/dnat.t.payload.ip b/tests/py/ip/dnat.t.payload.ip
index bf972c6c5889b2e0284439a3ce4bc1f63c78e7ff..be382da301151768bc162a2a361d9daa2a646ced 100644 (file)
--- a/tests/py/ip/dnat.t.payload.ip
+++ b/tests/py/ip/dnat.t.payload.ip
@@ -1,4 +1,4 @@
-# iifname "eth0" tcp dport 80-90 dnat 192.168.3.2
+# iifname "eth0" tcp dport 80-90 dnat to 192.168.3.2
 ip test-ip4 prerouting
   [ meta load iifname => reg 1 ]
   [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
@@ -10,7 +10,7 @@ ip test-ip4 prerouting
   [ immediate reg 1 0x0203a8c0 ]
   [ nat dnat ip addr_min reg 1 addr_max reg 0 ]
 
-# iifname "eth0" tcp dport != 80-90 dnat 192.168.3.2
+# iifname "eth0" tcp dport != 80-90 dnat to 192.168.3.2
 ip test-ip4 prerouting
   [ meta load iifname => reg 1 ]
   [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
@@ -22,7 +22,7 @@ ip test-ip4 prerouting
   [ immediate reg 1 0x0203a8c0 ]
   [ nat dnat ip addr_min reg 1 addr_max reg 0 ]
 
-# iifname "eth0" tcp dport {80, 90, 23} dnat 192.168.3.2
+# iifname "eth0" tcp dport {80, 90, 23} dnat to 192.168.3.2
 __set%d test-ip4 3
 __set%d test-ip4 0
        element 00005000  : 0 [end]     element 00005a00  : 0 [end]     element 00001700  : 0 [end]
@@ -36,7 +36,7 @@ ip test-ip4 prerouting
   [ immediate reg 1 0x0203a8c0 ]
   [ nat dnat ip addr_min reg 1 addr_max reg 0 ]
 
-# iifname "eth0" tcp dport != 23-34 dnat 192.168.3.2
+# iifname "eth0" tcp dport != 23-34 dnat to 192.168.3.2
 ip test-ip4 prerouting
   [ meta load iifname => reg 1 ]
   [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
@@ -48,7 +48,7 @@ ip test-ip4 prerouting
   [ immediate reg 1 0x0203a8c0 ]
   [ nat dnat ip addr_min reg 1 addr_max reg 0 ]
 
-# dnat ct mark map { 0x00000014 : 1.2.3.4}
+# dnat to ct mark map { 0x00000014 : 1.2.3.4}
 __map%d test-ip4 b
 __map%d test-ip4 0
        element 00000014  : 04030201 0 [end]
@@ -57,7 +57,7 @@ ip test-ip4 prerouting
   [ lookup reg 1 set __map%d dreg 1 ]
   [ nat dnat ip addr_min reg 1 addr_max reg 0 ]
 
-# dnat ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4}
+# dnat to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4}
 __map%d test-ip4 b
 __map%d test-ip4 0
        element 00000014 01010101  : 04030201 0 [end]

diff --git a/tests/py/ip/snat.t b/tests/py/ip/snat.t
index a8469a3535ead0f67ef1729c4eba2532104151a6..ec2df8c00958aed63640b6ecf2662e9ea8873518 100644 (file)
--- a/tests/py/ip/snat.t
+++ b/tests/py/ip/snat.t
@@ -2,12 +2,12 @@
 
 *ip;test-ip4;postrouting
 
-iifname "eth0" tcp dport 80-90 snat 192.168.3.2;ok
-iifname "eth0" tcp dport != 80-90 snat 192.168.3.2;ok
-iifname "eth0" tcp dport {80, 90, 23} snat 192.168.3.2;ok
-- iifname "eth0" tcp dport != {80, 90, 23} snat 192.168.3.2;ok
-- iifname "eth0" tcp dport != {80, 90, 23} snat 192.168.3.2;ok
+iifname "eth0" tcp dport 80-90 snat to 192.168.3.2;ok
+iifname "eth0" tcp dport != 80-90 snat to 192.168.3.2;ok
+iifname "eth0" tcp dport {80, 90, 23} snat to 192.168.3.2;ok
+- iifname "eth0" tcp dport != {80, 90, 23} snat to 192.168.3.2;ok
+- iifname "eth0" tcp dport != {80, 90, 23} snat to 192.168.3.2;ok
 # BUG: invalid expression type set
 # nft: src/evaluate.c:975: expr_evaluate_relational: Assertion '0' failed.
 
-iifname "eth0" tcp dport != 23-34 snat 192.168.3.2;ok
+iifname "eth0" tcp dport != 23-34 snat to 192.168.3.2;ok

diff --git a/tests/py/ip/snat.t.payload b/tests/py/ip/snat.t.payload
index cbea641f8bcac4fb4d0ae040baa94797ca14dde6..bef97a8570990fe88a21a67b06abe8460bceba5f 100644 (file)
--- a/tests/py/ip/snat.t.payload
+++ b/tests/py/ip/snat.t.payload
@@ -1,4 +1,4 @@
-# iifname "eth0" tcp dport 80-90 snat 192.168.3.2
+# iifname "eth0" tcp dport 80-90 snat to 192.168.3.2
 ip test-ip4 postrouting
   [ meta load iifname => reg 1 ]
   [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
@@ -10,7 +10,7 @@ ip test-ip4 postrouting
   [ immediate reg 1 0x0203a8c0 ]
   [ nat snat ip addr_min reg 1 addr_max reg 0 ]
 
-# iifname "eth0" tcp dport != 80-90 snat 192.168.3.2
+# iifname "eth0" tcp dport != 80-90 snat to 192.168.3.2
 ip test-ip4 postrouting
   [ meta load iifname => reg 1 ]
   [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]
@@ -22,7 +22,7 @@ ip test-ip4 postrouting
   [ immediate reg 1 0x0203a8c0 ]
   [ nat snat ip addr_min reg 1 addr_max reg 0 ]
 
-# iifname "eth0" tcp dport {80, 90, 23} snat 192.168.3.2
+# iifname "eth0" tcp dport {80, 90, 23} snat to 192.168.3.2
 __set%d test-ip4 3
 __set%d test-ip4 0
        element 00005000  : 0 [end]     element 00005a00  : 0 [end]     element 00001700  : 0 [end]
@@ -36,7 +36,7 @@ ip test-ip4 postrouting
   [ immediate reg 1 0x0203a8c0 ]
   [ nat snat ip addr_min reg 1 addr_max reg 0 ]
 
-# iifname "eth0" tcp dport != 23-34 snat 192.168.3.2
+# iifname "eth0" tcp dport != 23-34 snat to 192.168.3.2
 ip test-ip4 postrouting
   [ meta load iifname => reg 1 ]
   [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ]

diff --git a/tests/py/ip6/dnat.t b/tests/py/ip6/dnat.t
index b061f2f6e9218dcfab566e48b9bdc60c2ca699b8..b256e0182f0283745c6a66e871efd61cfd3329c4 100644 (file)
--- a/tests/py/ip6/dnat.t
+++ b/tests/py/ip6/dnat.t
@@ -2,5 +2,5 @@
 
 *ip6;test-ip6;prerouting
 
-tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::80-100;ok
-tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100;ok;tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::100
+tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:::80-100;ok
+tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:: :100;ok;tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:::100

diff --git a/tests/py/ip6/dnat.t.payload.ip6 b/tests/py/ip6/dnat.t.payload.ip6
index 13c7a0e381b5150d325246e8ca0e5cab67a39eac..494ade397f5f66045c6158296f76a980a83502e5 100644 (file)
--- a/tests/py/ip6/dnat.t.payload.ip6
+++ b/tests/py/ip6/dnat.t.payload.ip6
@@ -1,4 +1,4 @@
-# tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:::80-100
+# tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:::80-100
 ip6 test-ip6 prerouting
   [ payload load 1b @ network header + 6 => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
@@ -11,7 +11,7 @@ ip6 test-ip6 prerouting
   [ immediate reg 4 0x00006400 ]
   [ nat dnat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ]
 
-# tcp dport 80-90 dnat 2001:838:35f:1::-2001:838:35f:2:: :100
+# tcp dport 80-90 dnat to 2001:838:35f:1::-2001:838:35f:2:: :100
 ip6 test-ip6 prerouting
   [ payload load 1b @ network header + 6 => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]

diff --git a/tests/py/ip6/snat.t b/tests/py/ip6/snat.t
index dec8dffa81e4e5b9613a5f360de155462e756ac1..b85d9af9985920754c6cdb82693dff6684c97c4d 100644 (file)
--- a/tests/py/ip6/snat.t
+++ b/tests/py/ip6/snat.t
@@ -2,5 +2,5 @@
 
 *ip6;test-ip6;postrouting
 
-tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok;tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::80-100
-tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::100;ok
+tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:: :80-100;ok;tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:::80-100
+tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:::100;ok

diff --git a/tests/py/ip6/snat.t.payload.ip6 b/tests/py/ip6/snat.t.payload.ip6
index 486bbb8b24ecb0b5718e6a38b2397aa817799b66..fbc99c1af376e01c45c48035542cb6e300d67a6e 100644 (file)
--- a/tests/py/ip6/snat.t.payload.ip6
+++ b/tests/py/ip6/snat.t.payload.ip6
@@ -1,4 +1,4 @@
-# tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:: :80-100
+# tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:: :80-100
 ip6 test-ip6 postrouting
   [ payload load 1b @ network header + 6 => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]
@@ -11,7 +11,7 @@ ip6 test-ip6 postrouting
   [ immediate reg 4 0x00006400 ]
   [ nat snat ip6 addr_min reg 1 addr_max reg 2 proto_min reg 3 proto_max reg 4 ]
 
-# tcp dport 80-90 snat 2001:838:35f:1::-2001:838:35f:2:::100
+# tcp dport 80-90 snat to 2001:838:35f:1::-2001:838:35f:2:::100
 ip6 test-ip6 postrouting
   [ payload load 1b @ network header + 6 => reg 1 ]
   [ cmp eq reg 1 0x00000006 ]