summaryrefslogtreecommitdiffstats
path: root/extensions/libxt_tcp.txlate
Commit message (Collapse)AuthorAgeFilesLines
* extensions: tcp/udp: Save/xlate inverted full rangesPhil Sutter2024-02-021-2/+2
| | | | | | | | Also translate a bare '-m tcp/udp' to 'meta l4proto' match. Fixes: 04f569ded54a7 ("extensions: libxt_udp: add translation to nft") Fixes: fb2593ebbf656 ("extensions: libxt_tcp: add translation to nft") Signed-off-by: Phil Sutter <phil@nwl.cc>
* extensions: *.t/*.txlate: Test range corner-casesPhil Sutter2024-02-021-0/+6
| | | | | | | | | | | For every extension option accepting a range, test open and half-open as well as single element and invalid (negative) ranges. The added tests merely reflect the status quo, not the expected outcome. Following patches will fix results and the already existing test cases highlight the fixes' effects. Signed-off-by: Phil Sutter <phil@nwl.cc>
* extensions: change expected output for new formatFlorian Westphal2022-11-301-11/+11
| | | | | | | | Now that xtables-translate encloses the entire command line in ', update the test cases accordingly. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Phil Sutter <phil@nwl.cc>
* extensions: tcp: Translate TCP option matchPhil Sutter2022-11-241-0/+6
| | | | | | A simple task since 'tcp option' expression exists. Signed-off-by: Phil Sutter <phil@nwl.cc>
* extensions: libxt_tcp: rework translation to use flags match representationPablo Neira Ayuso2021-06-071-3/+3
| | | | | | | Use the new flags match representation available since nftables 0.9.9 to simplify the translation. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: add xlate test for ipables -fFlorian Westphal2018-05-051-0/+6
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* xt-translate: quote interface names in translated outputFlorian Westphal2018-04-191-2/+2
| | | | | | | it its good practice as interface names can be virtually any identifier and could clash with nft keywords. Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: add regression tests for xtables-translatePablo M. Bermudo Garay2017-04-071-0/+20
This test suite is intended to detect regressions in the translation infrastructure. The script checks if ip[6]tables-translate produces the expected output, otherwise it prints the wrong translation and the expected one. ** Arguments --all # Show also passed tests [test] # Run only the specified test file ** Test files structure Test files are located under extensions directory. Every file contains tests about specific extension translations. A test file name must end with ".txlate". Inside the files, every single test is defined by two consecutive lines: ip[6]tables-translate command and expected result. One blank line is left between tests by convention. e.g. $ cat extensions/libxt_cpu.txlate iptables-translate -A INPUT -p tcp --dport 80 -m cpu --cpu 0 -j ACCEPT nft add rule ip filter INPUT tcp dport 80 cpu 0 counter accept iptables-translate -A INPUT -p tcp --dport 80 -m cpu ! --cpu 1 -j ACCEPT nft add rule ip filter INPUT tcp dport 80 cpu != 1 counter accept Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>