extensions: ah: Save/xlate inverted full ranges

While at it, fix xlate output for plain '-m ah' matches: With ip6tables-translate, one should emit an extdhr exists match since ip6t_ah.c in kernel also uses ipv6_find_hdr(). With iptables-translate, a simple 'meta l4proto ah' was missing. Fixes: bb498c8ba7bb3 ("extensions: libip6t_ah: Fix translation of plain '-m ah'") Fixes: b9a46ee406165 ("extensions: libipt_ah: Add translation to nft") Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Phil Sutter <phil@nwl.cc> 2024-02-01 15:27:03 +0100
committer: Phil Sutter <phil@nwl.cc> 2024-02-02 18:26:14 +0100
commit: c5d75387131e8cb1fc4d22b2e2e264297baf4622 (patch)
tree: af94e429f7c1309aed9afb934ae6a4caee0260e0 /extensions/libipt_ah.t
parent: 9d41421a887f4bc4b3ba10174cf43ee2c6b76956 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/extensions/libipt_ah.t b/extensions/libipt_ah.t
index d86ede60..60593660 100644
--- a/extensions/libipt_ah.t
+++ b/extensions/libipt_ah.t
@@ -12,7 +12,7 @@
 -m ah;;FAIL
 -p ah -m ah;=;OK
 -p ah -m ah --ahspi :;-p ah -m ah;OK
--p ah -m ah ! --ahspi :;-p ah -m ah;OK
+-p ah -m ah ! --ahspi :;-p ah -m ah ! --ahspi 0:4294967295;OK
 -p ah -m ah --ahspi :3;-p ah -m ah --ahspi 0:3;OK
 -p ah -m ah --ahspi 3:;-p ah -m ah --ahspi 3:4294967295;OK
 -p ah -m ah --ahspi 3:3;-p ah -m ah --ahspi 3;OK
author	Phil Sutter <phil@nwl.cc>	2024-02-01 15:27:03 +0100
committer	Phil Sutter <phil@nwl.cc>	2024-02-02 18:26:14 +0100
commit	c5d75387131e8cb1fc4d22b2e2e264297baf4622 (patch)
tree	af94e429f7c1309aed9afb934ae6a4caee0260e0 /extensions/libipt_ah.t
parent	9d41421a887f4bc4b3ba10174cf43ee2c6b76956 (diff)