@@ -3243,7 +3243,8 @@ static bool nat_concat_map(struct eval_ctx *ctx, struct stmt *stmt)
if (expr_evaluate(ctx, &stmt->nat.addr->mappings))
return false;
- if (stmt->nat.addr->mappings->set->data->etype == EXPR_CONCAT) {
+ if (stmt->nat.addr->mappings->set->data->etype == EXPR_CONCAT ||
+ stmt->nat.addr->mappings->set->data->dtype->subtypes) {
stmt->nat.type_flags |= STMT_NAT_F_CONCAT;
return true;
}
@@ -31,3 +31,14 @@ EXPECTED="table ip nat {
}"
$NFT -f - <<< $EXPECTED
+
+EXPECTED="table ip nat {
+ map fwdtoip_th {
+ type ipv4_addr . inet_service : interval ipv4_addr . inet_service
+ flags interval
+ elements = { 1.2.3.4 . 10000-20000 : 192.168.3.4 . 30000-40000 }
+ }
+}"
+
+$NFT -f - <<< $EXPECTED
+$NFT add rule ip nat prerouting meta l4proto { tcp, udp } dnat to ip daddr . th dport map @fwdtoip_th
@@ -11,9 +11,16 @@ table ip nat {
elements = { 192.168.1.2 . 192.168.2.2 : 127.0.0.0/8 . 42-43 }
}
+ map fwdtoip_th {
+ type ipv4_addr . inet_service : interval ipv4_addr . inet_service
+ flags interval
+ elements = { 1.2.3.4 . 10000-20000 : 192.168.3.4 . 30000-40000 }
+ }
+
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
ip protocol tcp dnat ip to ip saddr map @ipportmap
ip protocol tcp dnat ip to ip saddr . ip daddr map @ipportmap2
+ meta l4proto { tcp, udp } dnat ip to ip daddr . th dport map @fwdtoip_th
}
}
When adding this rule with an existing map: add rule nat x y meta l4proto { tcp, udp } dnat ip to ip daddr . th dport map @fwdtoip_th reports a bogus: Error: datatype mismatch: expected IPv4 address, expression has type concatenation of (IPv4 address, internet network service) Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- src/evaluate.c | 3 ++- tests/shell/testcases/sets/0067nat_concat_interval_0 | 11 +++++++++++ .../sets/dumps/0067nat_concat_interval_0.nft | 7 +++++++ 3 files changed, 20 insertions(+), 1 deletion(-)