Skip to content

Commit

Permalink
icmpv6-type for -m icmp6
Browse files Browse the repository at this point in the history
  • Loading branch information
MEschenbacher committed Mar 30, 2024
1 parent 362ef4c commit 4bd1313
Show file tree
Hide file tree
Showing 2 changed files with 73 additions and 0 deletions.
53 changes: 53 additions & 0 deletions match_modules.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ func (p *Parser) parseMatch(ms *[]Match) (state, error) {
s, err = p.parseMultiport(&m.Flags)
case "icmp":
s, err = p.parseIcmp(&m.Flags)
case "icmp6":
s, err = p.parseIcmp6(&m.Flags)
default:
if _, ok := matchModules[lit]; ok {
return sError, fmt.Errorf("match modules %q is not implemented", lit)
Expand Down Expand Up @@ -582,3 +584,54 @@ func (p *Parser) parseIcmp(f *map[string]Flag) (state, error) {
}
return sStart, nil
}

func (p *Parser) parseIcmp6(f *map[string]Flag) (state, error) {
s := sStart
for tok, lit := p.scanIgnoreWhitespace(); tok != EOF; tok, lit = p.scanIgnoreWhitespace() {
for nextValue := false; !nextValue; {
nextValue = true
switch s {
case sStart:
switch tok {
case NOT:
s = sINotF
case FLAG:
s = sIF
nextValue = false
default:
return sError, fmt.Errorf("unexpected token %q, expected flag, or \"!\"", lit)
}
case sINotF:
switch {
case lit == "--icmpv6-type":
_, lit := p.scanIgnoreWhitespace()
(*f)["icmpv6-type"] = Flag{
Not: true,
Values: []string{lit},
}
s = sStart
default:
p.unscan(1)
return sNot, nil
}
case sIF:
switch {
case lit == "--icmpv6-type":
_, lit := p.scanIgnoreWhitespace()
(*f)["icmpv6-type"] = Flag{
Values: []string{lit},
}
s = sStart
default:
// The end of the match statement is reached.
p.unscan(1)
return sStart, nil
}

default:
return sStart, errors.New("unexpected error parsing match extension")
}
}
}
return sStart, nil
}
20 changes: 20 additions & 0 deletions parser_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -612,6 +612,26 @@ func TestParser_Parse(t *testing.T) {
},
err: nil,
},
{
name: "parse rule with icmp type",
s: "-A foo -p ipv6-icmp -m icmp6 --icmpv6-type 11",
r: Rule{
Chain: "foo",
Protocol: &StringPair{
Not: false,
Value: "ipv6-icmp",
},
Matches: []Match{
{
Type: "icmp6",
Flags: map[string]Flag{
"icmpv6-type": {Values: []string{"11"}},
},
},
},
},
err: nil,
},
{
name: "parse rule with match expression tcp and a lot of flags and overwriting",
s: "-A foo -m tcp --tcp-flags SYN,FIN ACK --sport 1010 ! --dport=1000:1010 --syn! --syn ! --tcp-option 1 ! -f ",
Expand Down

0 comments on commit 4bd1313

Please sign in to comment.