From: Florian Westphal Date: Wed, 6 Jul 2022 21:49:21 +0000 (+0200) Subject: scanner: allow prefix in ip6 scope X-Git-Tag: v1.0.5~20 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=45c097c60b3a5a2151fad976a0006048afce869a;p=thirdparty%2Fnftables.git scanner: allow prefix in ip6 scope 'ip6 prefix' is valid syntax, so make sure scanner recognizes it also in ip6 context. Also add test case. Fixes: a67fce7ffe7e ("scanner: nat: Move to own scope") Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1619 Signed-off-by: Florian Westphal --- diff --git a/src/scanner.l b/src/scanner.l index 5741261a..1371cd04 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -403,7 +403,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) } "log" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_LOG); return LOG; } -"prefix" { return PREFIX; } +"prefix" { return PREFIX; } { "snaplen" { return SNAPLEN; } "queue-threshold" { return QUEUE_THRESHOLD; } diff --git a/tests/shell/testcases/sets/0046netmap_0 b/tests/shell/testcases/sets/0046netmap_0 index 2804a4a2..60bda401 100755 --- a/tests/shell/testcases/sets/0046netmap_0 +++ b/tests/shell/testcases/sets/0046netmap_0 @@ -8,6 +8,12 @@ EXPECTED="table ip x { 10.141.13.0/24 : 192.168.4.0/24 } } } + table ip6 x { + chain y { + type nat hook postrouting priority srcnat; policy accept; + snat ip6 prefix to ip6 saddr map { 2001:db8:1111::/64 : 2001:db8:2222::/64 } + } + } " set -e diff --git a/tests/shell/testcases/sets/dumps/0046netmap_0.nft b/tests/shell/testcases/sets/dumps/0046netmap_0.nft index e14c3395..5ac6b346 100644 --- a/tests/shell/testcases/sets/dumps/0046netmap_0.nft +++ b/tests/shell/testcases/sets/dumps/0046netmap_0.nft @@ -4,3 +4,9 @@ table ip x { snat ip prefix to ip saddr map { 10.141.11.0/24 : 192.168.2.0/24, 10.141.12.0/24 : 192.168.3.0/24, 10.141.13.0/24 : 192.168.4.0/24 } } } +table ip6 x { + chain y { + type nat hook postrouting priority srcnat; policy accept; + snat ip6 prefix to ip6 saddr map { 2001:db8:1111::/64 : 2001:db8:2222::/64 } + } +}