Merge pull request #18 from kilo-io/ipv6-without-network-mask

parser.go: ipv6 address without network mask support
kilo-io · Apr 2, 2024 · 3d9e685 · 3d9e685
2 parents 8054380 + b996c88
commit 3d9e685
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 7 deletions.
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -8,15 +8,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@main
-      - uses: actions/setup-go@v1
+      - uses: actions/setup-go@v5
         with:
-          go-version: '1.16'
+          go-version: '1.18'
       - run: go test ./...
   fmt:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@main
-      - uses: actions/setup-go@v1
+      - uses: actions/setup-go@v5
         with:
-          go-version: '1.16'
+          go-version: '1.18'
       - run: '[ -z "$(gofmt -e -d ./)" ]'
diff --git a/go.mod b/go.mod
@@ -1,3 +1,3 @@
 module github.com/kilo-io/iptables_parser
 
-go 1.16
+go 1.18
diff --git a/parser.go b/parser.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io"
 	"net"
+	"net/netip"
 	"reflect"
 	"regexp"
 	"strconv"
@@ -123,7 +124,7 @@ func (r Rule) String() (s string) {
 
 // Spec returns the rule specifications of the rule.
 // The rulespec does not contain the chain name.
-// Different rule specs can descibe the same rule, so
+// Different rule specs can describe the same rule, so
 // don't use the rulespec to compare rules.
 // The rule spec can be used to append, insert or delete
 // rules with coreos' go-iptables module.
@@ -216,7 +217,13 @@ func (d *DNSOrIP) Set(s string) error {
 	sn := s
 	// TODO: this can probably be done in a nicer way.
 	if !strings.Contains(sn, "/") {
-		sn = sn + "/32"
+		if addr, err := netip.ParseAddr(sn); err == nil {
+			if addr.Is4() {
+				sn = sn + "/32"
+			} else {
+				sn = sn + "/128"
+			}
+		}
 	}
 	if _, ipnet, err := net.ParseCIDR(sn); err == nil {
 		d.iP = *ipnet

diff --git a/parser_test.go b/parser_test.go
@@ -2,6 +2,7 @@ package iptables_parser
 
 import (
 	"errors"
+	"fmt"
 	"io"
 	"net"
 	"reflect"
@@ -87,6 +88,39 @@ func TestStringPair_Spec(t *testing.T) {
 	}
 }
 
+func TestDNSOrIP_Set(t *testing.T) {
+	for i, tc := range []struct {
+		in  string
+		out []string
+	}{
+		{
+			in:  "10.10.0.0/16",
+			out: []string{"-s", "10.10.0.0/16"},
+		},
+		{
+			in:  "10.10.0.1",
+			out: []string{"-s", "10.10.0.1/32"},
+		},
+		{
+			in:  "10::/64",
+			out: []string{"-s", "10::/64"},
+		},
+		{
+			in:  "10::10",
+			out: []string{"-s", "10::10/128"},
+		},
+	} {
+		t.Run(fmt.Sprintf("test %d", i), func(t *testing.T) {
+			dnsOrIpPair := &DNSOrIPPair{}
+
+			dnsOrIpPair.Value.Set(tc.in)
+			if res := dnsOrIpPair.Spec("-s"); !reflect.DeepEqual(res, tc.out) {
+				t.Errorf("test %d:\n\texp=%q\n\tgot=%q\n", i, tc.out, res)
+			}
+		})
+	}
+}
+
 func TestFlag_String(t *testing.T) {
 	for i, tc := range []struct {
 		p Flag