[PATCH nft] nat: transform range to prefix expression when possible

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Wed, 29 Apr 2020 14:13:45 +0200

This patch transform a range of IP addresses to prefix when listing the
ruleset.

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 include/expression.h      | 1 +
 src/netlink.c             | 4 ++--
 src/netlink_delinearize.c | 6 +++++-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/include/expression.h b/include/expression.h
index 359348275a04..8135a516cf3a 100644
--- a/include/expression.h
+++ b/include/expression.h
@@ -452,6 +452,7 @@ extern struct expr *prefix_expr_alloc(const struct location *loc,
 
 extern struct expr *range_expr_alloc(const struct location *loc,
 				     struct expr *low, struct expr *high);
+struct expr *range_expr_to_prefix(struct expr *range);
 
 extern struct expr *compound_expr_alloc(const struct location *loc,
 					enum expr_types etypes);
diff --git a/src/netlink.c b/src/netlink.c
index 10964720f5d4..bb014320ea6c 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -949,7 +949,7 @@ static uint32_t mpz_bitmask_to_prefix(mpz_t bitmask, uint32_t len)
 	return len - mpz_scan0(bitmask, 0);
 }
 
-static struct expr *expr_range_to_prefix(struct expr *range)
+struct expr *range_expr_to_prefix(struct expr *range)
 {
 	struct expr *left = range->left, *right = range->right, *prefix;
 	uint32_t len = left->len, prefix_len;
@@ -989,7 +989,7 @@ static struct expr *netlink_parse_interval_elem(const struct datatype *dtype,
 	range = range_expr_alloc(&expr->location, left, right);
 	expr_free(expr);
 
-	return expr_range_to_prefix(range);
+	return range_expr_to_prefix(range);
 }
 
 static struct expr *netlink_parse_concat_elem(const struct datatype *dtype,
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 772559c838f5..f721d15c330f 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1103,8 +1103,10 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx,
 		else
 			expr_set_type(addr, &ip6addr_type,
 				      BYTEORDER_BIG_ENDIAN);
-		if (stmt->nat.addr != NULL)
+		if (stmt->nat.addr != NULL) {
 			addr = range_expr_alloc(loc, stmt->nat.addr, addr);
+			addr = range_expr_to_prefix(addr);
+		}
 		stmt->nat.addr = addr;
 	}
 
@@ -2296,6 +2298,8 @@ static void expr_postprocess(struct rule_pp_ctx *ctx, struct expr **exprp)
 	case EXPR_RANGE:
 		expr_postprocess(ctx, &expr->left);
 		expr_postprocess(ctx, &expr->right);
+	case EXPR_PREFIX:
+		expr_postprocess(ctx, &expr->prefix);
 		break;
 	case EXPR_SET_ELEM:
 		expr_postprocess(ctx, &expr->key);
-- 
2.20.1







