The scanner rejects IPv4-Mapped IPv6 addresses, eg.
# cat test
#!/usr/sbin/nft -f
flush ruleset
table inet global {
set blackhole_ipv6 {
type ipv6_addr
flags interval
elements = { ::ffff:0.0.0.0/96 }
}
}
# nft -f test
test:8:30-38: Error: syntax error, unexpected string, expecting comma or '}'
elements = { ::ffff:0.0.0.0/96 }
^^^^^^^^^^
According to RFC4291, Sect. 2.5.5.2. IPv4-Mapped IPv6 Address:
| 80 bits | 16 | 32 bits |
+--------------------------------------+--------------------------+
|0000..............................0000|FFFF| IPv4 address |
+--------------------------------------+----+---------------------+
Update scanner bits to parse this.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/scanner.l | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/scanner.l b/src/scanner.l
index 186fb47eb763..594073660c6b 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -160,7 +160,8 @@ v63 ({v630}|{v631}|{v632}|{v633})
v620 ((:)((:{hex4}){2}))
v621 ((({hex4}:){1})((:{hex4}){1}))
v622 ((({hex4}:){2})(:))
-v62 ({v620}|{v621}|{v622})
+v62_rfc4291 ((:)(:[fF]{4})(:{ip4addr}))
+v62 ({v620}|{v621}|{v622}|{v62_rfc4291})
v610 ((:)(:{hex4}{1}))
v611 ((({hex4}:){1})(:))
v61 ({v610}|{v611})
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
