summaryrefslogtreecommitdiffstats
path: root/include/linux/netfilter/ipset
diff options
context:
space:
mode:
authorJeremy Sowden <jeremy@azazel.net>2024-11-08 17:34:43 +0000
committerPhil Sutter <phil@nwl.cc>2024-11-12 14:53:52 +0100
commite6e232d0ae252b0b86278455b18d9475b95db8f0 (patch)
treea978c58a44ad7fa61a16fed48b6f386aa1a1b6d1 /include/linux/netfilter/ipset
parent0506bea1dcc8f12d94e7c32bf2fb04abb3fdd269 (diff)
ip[6]tables-translate: fix test failures when WESP is definedHEADmaster
Protocol number 141 is assigned to a real protocol: Wrapped Encapsulating Security Payload. This is listed in Debian's /etc/protocols, which leads to test failures: ./extensions/generic.txlate: Fail src: iptables-translate -A FORWARD -p 141 exp: nft 'add rule ip filter FORWARD ip protocol 141 counter' res: nft 'add rule ip filter FORWARD ip protocol wesp counter' ./extensions/generic.txlate: Fail src: ip6tables-translate -A FORWARD -p 141 exp: nft 'add rule ip6 filter FORWARD meta l4proto 141 counter' res: nft 'add rule ip6 filter FORWARD meta l4proto wesp counter' ./extensions/generic.txlate: Fail src: iptables-translate -A FORWARD ! -p 141 exp: nft 'add rule ip filter FORWARD ip protocol != 141 counter' res: nft 'add rule ip filter FORWARD ip protocol != wesp counter' ./extensions/generic.txlate: Fail src: ip6tables-translate -A FORWARD ! -p 141 exp: nft 'add rule ip6 filter FORWARD meta l4proto != 141 counter' res: nft 'add rule ip6 filter FORWARD meta l4proto != wesp counter' Replace it with 253, which IANA reserves for testing and experimentation. Fixes: fcaa99ca9e3c ("xtables-translate: Leverage stored protocol names") Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'include/linux/netfilter/ipset')
0 files changed, 0 insertions, 0 deletions