summaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* libxt_hashlimit: add support for byte-based operationFlorian Westphal2012-07-141-0/+3
| | | | | | | | | | | | | | allows --hashlimit-(upto|above) Xb/s [ --hashlimit-burst Yb ] to make hashlimit match when X bytes/second are exceeded; optionally, Y bytes will not be matched (i.e. bursted). [ Pablo fixed minor compilation warning in this patch with gcc-4.6 and x86_64 ] libxt_hashlimit.c: In function ‘parse_bytes’: libxt_hashlimit.c:216:6: warning: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘uint64_t’ [-Wformat] Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: add rateest match rulesFlorian Westphal2012-05-231-16/+12
| | | | | | | also, -p mobility gets us EINVAL from kernel, use -p ipv6-mh instead. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libxt_NFQUEUE: fix --queue-bypass ipt-save outputFlorian Westphal2011-11-011-0/+2
| | | | | | | else, this will print "--queue-num 0--queue-bypass ". Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libxt_string: escape the escaping char tooJan Engelhardt2011-08-261-0/+4
| | | | | References: http://bugzilla.netfilter.org/show_bug.cgi?id=740 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_hashlimit: observe new default gc-expire time when savingJan Engelhardt2011-08-211-0/+1
| | | | | | | | Since a while, --htable-gc-expire defaults to the chosen time quantum instead of 10 fixed seconds, which leads the expiry value to be always printed, which is redundant. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* tests: add negation tests for libxt_statisticJan Engelhardt2011-08-211-0/+4
| | | | | | | Note: it is valid to check cb->invert before calling xtables_option_parse. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_physdev: restore inversion supportJan Engelhardt2011-08-211-0/+2
| | | | | | | | Bug origin is in commit v1.4.11~26^2~4. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_owner: restore inversion supportJan Engelhardt2011-08-211-0/+1
| | | | | | | | Bug origin is in commit v1.4.11~16^2~7. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libip6t_dst: restore setting IP6T_OPTS_LEN flagJan Engelhardt2011-08-211-0/+2
| | | | | | Bug origin is in commit v1.4.11~26^2~18. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libip6t_hbh: restore setting IP6T_OPTS_LEN flagJan Engelhardt2011-08-211-0/+2
| | | | | | Bug origin is in commit v1.4.11~26^2~17. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libip6t_frag: restore inversion supportJan Engelhardt2011-08-211-0/+2
| | | | | | | | --fraglen also was not printed since v1.4.11~26^2~22. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_dscp: restore inversion supportJan Engelhardt2011-08-211-2/+2
| | | | | | References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_dccp: restore missing XTOPT_INVERT tags for optionsJan Engelhardt2011-08-211-0/+1
| | | | | | | | This regression goes back to v1.4.11~19^2. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_string: fix space around argumentsDwight Davis2011-08-201-0/+1
| | | | | | | Fix oversight from commit v1.4.11~80. References: http://bugs.debian.org/637499 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_u32: fix missing allowance for inversionJan Engelhardt2011-08-201-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_hashlimit: use a more obvious expiry value by defaultJan Engelhardt2011-06-221-0/+5
| | | | | | | | | | Due to the previous default expiry of 10 sec, "--hashlimit 1/min" would allow matching up to 6/min if a properly timed. To do what the user expects, the minimum expiry must equal the selected time quantum however. Cc: Jan Rovner <jan.rovner@diadema.cz> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_state: fix regression about inversion of main optionJan Engelhardt2011-06-221-0/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libip6t_HL: fix option names from ttl -> hlJan Engelhardt2011-06-221-2/+14
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libipt_LOG: fix ignoring all but last flagsJan Engelhardt2011-06-211-0/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* option: fix ignored negation before implicit extension loadingJan Engelhardt2011-06-071-0/+2
| | | | | | | | | | | | `iptables -A INPUT -p tcp ! --syn` forgot the negation, i.e. it was not present in a subsequent `iptables -S`. Commit v1.4.11~77^2~9 missed the fact that after autoloading a proto extension, cs.invert must not be touched until the next getopt call. This is now fixed by having command_default return a value to indicate whether to jump or not. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* tests: add some sample rulesets to test save-restore cycleJan Engelhardt2011-06-072-0/+222
These rulesets use practically all options (I may have missed some) for verification that the new Guided Option Parser would take the same input as the old open-coded ones did. They might come in handy at some point. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>