From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sun, 8 Oct 2017 23:40:36 +0000 (+0200)
Subject: scanner: IPv4-Mapped IPv6 addresses support
X-Git-Tag: v0.8~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fd513de78bc0133f6ba61087be168e2a8d067107;p=thirdparty%2Fnftables.git

scanner: IPv4-Mapped IPv6 addresses support

The scanner rejects IPv4-Mapped IPv6 addresses, eg.

 # cat test
 #!/usr/sbin/nft -f
 flush ruleset
 table inet global {
    set blackhole_ipv6 {
        type ipv6_addr
        flags interval
        elements = { ::ffff:0.0.0.0/96 }
    }
 }

 # nft -f test
 test:8:30-38: Error: syntax error, unexpected string, expecting comma or '}'
        elements = { ::ffff:0.0.0.0/96 }
                            ^^^^^^^^^^

According to RFC4291, Sect. 2.5.5.2. IPv4-Mapped IPv6 Address:

   |                80 bits               | 16 |      32 bits        |
   +--------------------------------------+--------------------------+
   |0000..............................0000|FFFF|    IPv4 address     |
   +--------------------------------------+----+---------------------+

Update scanner bits to parse this.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1188
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/scanner.l b/src/scanner.l
index 186fb47eb..594073660 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -160,7 +160,8 @@ v63		({v630}|{v631}|{v632}|{v633})
 v620		((:)((:{hex4}){2}))
 v621		((({hex4}:){1})((:{hex4}){1}))
 v622		((({hex4}:){2})(:))
-v62		({v620}|{v621}|{v622})
+v62_rfc4291	((:)(:[fF]{4})(:{ip4addr}))
+v62		({v620}|{v621}|{v622}|{v62_rfc4291})
 v610		((:)(:{hex4}{1}))
 v611		((({hex4}:){1})(:))
 v61		({v610}|{v611})