diff options
author | Phil Sutter <phil@nwl.cc> | 2024-02-01 15:57:46 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2024-02-02 18:26:14 +0100 |
commit | 9d400db20cf9f1c4a57c0791e563f22bafcd841a (patch) | |
tree | 2ad6e5078ddd196f69bd9ab4a57816d45de30dea | |
parent | da13460f05eaee3b92c3b6d0ca2023c5377f4aca (diff) |
extensions: ipcomp: Save inverted full ranges
Fixes: 0bb8765cc28cf ("iptables: Add IPv4/6 IPcomp match support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
-rw-r--r-- | extensions/libxt_ipcomp.c | 7 | ||||
-rw-r--r-- | extensions/libxt_ipcomp.t | 2 |
2 files changed, 5 insertions, 4 deletions
diff --git a/extensions/libxt_ipcomp.c b/extensions/libxt_ipcomp.c index 4171c4a1..961c17e5 100644 --- a/extensions/libxt_ipcomp.c +++ b/extensions/libxt_ipcomp.c @@ -76,11 +76,12 @@ static void comp_print(const void *ip, const struct xt_entry_match *match, static void comp_save(const void *ip, const struct xt_entry_match *match) { const struct xt_ipcomp *compinfo = (struct xt_ipcomp *)match->data; + bool inv_spi = compinfo->invflags & XT_IPCOMP_INV_SPI; if (!(compinfo->spis[0] == 0 - && compinfo->spis[1] == 0xFFFFFFFF)) { - printf("%s --ipcompspi ", - (compinfo->invflags & XT_IPCOMP_INV_SPI) ? " !" : ""); + && compinfo->spis[1] == UINT32_MAX + && !inv_spi)) { + printf("%s --ipcompspi ", inv_spi ? " !" : ""); if (compinfo->spis[0] != compinfo->spis[1]) printf("%u:%u", diff --git a/extensions/libxt_ipcomp.t b/extensions/libxt_ipcomp.t index 375f885a..e25695c6 100644 --- a/extensions/libxt_ipcomp.t +++ b/extensions/libxt_ipcomp.t @@ -2,7 +2,7 @@ -p ipcomp -m ipcomp --ipcompspi 18 -j DROP;=;OK -p ipcomp -m ipcomp ! --ipcompspi 18 -j ACCEPT;=;OK -p ipcomp -m ipcomp --ipcompspi :;-p ipcomp -m ipcomp;OK --p ipcomp -m ipcomp ! --ipcompspi :;-p ipcomp -m ipcomp;OK +-p ipcomp -m ipcomp ! --ipcompspi :;-p ipcomp -m ipcomp ! --ipcompspi 0:4294967295;OK -p ipcomp -m ipcomp --ipcompspi :4;-p ipcomp -m ipcomp --ipcompspi 0:4;OK -p ipcomp -m ipcomp --ipcompspi 4:;-p ipcomp -m ipcomp --ipcompspi 4:4294967295;OK -p ipcomp -m ipcomp --ipcompspi 3:4;=;OK |