Skip to content

Commit afdf454

Browse files
ClendeninClendenin
authored
Allow full CIDR range (1-128) for IPv6 literals in HRW4U grammar (#13077)
* Allow full CIDR range (1-128) for IPv6 literals in HRW4U grammar * Added AST test file
1 parent cb2b336 commit afdf454

4 files changed

Lines changed: 27 additions & 2 deletions

File tree

tools/hrw4u/grammar/hrw4u.g4

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -59,8 +59,8 @@ fragment IPV4_CIDR : [1-9]
5959
| '3'[0-2]
6060
;
6161
62-
fragment IPV6_CIDR : '3'[3-9]
63-
| [4-9][0-9]
62+
fragment IPV6_CIDR : [1-9]
63+
| [1-9][0-9]
6464
| '1'[0-1][0-9]
6565
| '12'[0-8]
6666
;

tools/hrw4u/tests/data/conds/ipv6-cidr.ast.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
(program (programItem (section REMAP { (sectionBody (conditional (ifStatement if (condition (expression (term (factor (comparison (comparable inbound.ip) in (iprange { (ip (ipv4 128.0.0.0/1)) , (ip (ipv4 10.0.0.0/8)) , (ip (ipv4 172.16.0.0/16)) , (ip (ipv4 192.168.1.0/24)) , (ip (ipv4 10.0.0.0/31)) , (ip (ipv4 10.0.0.1/32)) })))))) (block { (blockItem (statement inbound.req.X-V4 = (value "matched") ;)) })))) (sectionBody (conditional (ifStatement if (condition (expression (term (factor (comparison (comparable inbound.ip) in (iprange { (ip (ipv6 8000::/1)) , (ip (ipv6 2001:db8::/8)) , (ip (ipv6 fe80::/16)) , (ip (ipv6 2620:149::/31)) , (ip (ipv6 2620:149::/32)) , (ip (ipv6 2620:149:a00::/33)) , (ip (ipv6 2001:db8:abcd::/64)) , (ip (ipv6 ::1/128)) })))))) (block { (blockItem (statement inbound.req.X-V6 = (value "matched") ;)) })))) (sectionBody (conditional (ifStatement if (condition (expression (term (factor (comparison (comparable inbound.ip) ! in (iprange { (ip (ipv4 10.0.0.0/8)) , (ip (ipv6 2620:149::/32)) })))))) (block { (blockItem (statement inbound.status = (value 403) ;)) })))) })) <EOF>)

tools/hrw4u/tests/data/conds/ipv6-cidr.input.txt

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
REMAP {
2+
if inbound.ip in {128.0.0.0/1, 10.0.0.0/8, 172.16.0.0/16, 192.168.1.0/24, 10.0.0.0/31, 10.0.0.1/32} {
3+
inbound.req.X-V4 = "matched";
4+
}
5+
6+
if inbound.ip in {8000::/1, 2001:db8::/8, fe80::/16, 2620:149::/31, 2620:149::/32, 2620:149:a00::/33, 2001:db8:abcd::/64, ::1/128} {
7+
inbound.req.X-V6 = "matched";
8+
}
9+
10+
if inbound.ip !in {10.0.0.0/8, 2620:149::/32} {
11+
inbound.status = 403;
12+
}
13+
}

tools/hrw4u/tests/data/conds/ipv6-cidr.output.txt

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
cond %{REMAP_PSEUDO_HOOK} [AND]
2+
cond %{IP:CLIENT} {128.0.0.0/1,10.0.0.0/8,172.16.0.0/16,192.168.1.0/24,10.0.0.0/31,10.0.0.1/32}
3+
set-header X-V4 "matched"
4+
5+
cond %{REMAP_PSEUDO_HOOK} [AND]
6+
cond %{IP:CLIENT} {8000::/1,2001:db8::/8,fe80::/16,2620:149::/31,2620:149::/32,2620:149:a00::/33,2001:db8:abcd::/64,::1/128}
7+
set-header X-V6 "matched"
8+
9+
cond %{REMAP_PSEUDO_HOOK} [AND]
10+
cond %{IP:CLIENT} {10.0.0.0/8,2620:149::/32} [NOT]
11+
set-status 403

0 commit comments

Comments
 (0)