extensions: *.t/*.txlate: Test range corner-cases

For every extension option accepting a range, test open and half-open as well as single element and invalid (negative) ranges. The added tests merely reflect the status quo, not the expected outcome. Following patches will fix results and the already existing test cases highlight the fixes' effects. Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Phil Sutter <phil@nwl.cc> 2024-01-25 02:12:24 +0100
committer: Phil Sutter <phil@nwl.cc> 2024-02-02 18:26:14 +0100
commit: 285406b1d22e3ed0aec30ea0a534ea76211156a9 (patch)
tree: 95607347977110481518de17fac9e6f7e0631aa6 /extensions/libip6t_ah.txlate
parent: 11c77ed471f2d8a6dc60c17aef1e1a3b52ff3591 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/extensions/libip6t_ah.txlate b/extensions/libip6t_ah.txlate
index cc33ac27..fc7248ab 100644
--- a/extensions/libip6t_ah.txlate
+++ b/extensions/libip6t_ah.txlate
@@ -15,3 +15,9 @@ nft 'add rule ip6 filter INPUT ah spi 500 ah hdrlength != 120 counter drop'
 
 ip6tables-translate -A INPUT -m ah --ahspi 500 --ahlen 120 --ahres -j ACCEPT
 nft 'add rule ip6 filter INPUT ah spi 500 ah hdrlength 120 ah reserved 1 counter accept'
+
+ip6tables-translate -A INPUT -m ah --ahspi 0:4294967295
+nft 'add rule ip6 filter INPUT meta l4proto ah counter'
+
+ip6tables-translate -A INPUT -m ah ! --ahspi 0:4294967295
+nft 'add rule ip6 filter INPUT meta l4proto ah counter'
author	Phil Sutter <phil@nwl.cc>	2024-01-25 02:12:24 +0100
committer	Phil Sutter <phil@nwl.cc>	2024-02-02 18:26:14 +0100
commit	285406b1d22e3ed0aec30ea0a534ea76211156a9 (patch)
tree	95607347977110481518de17fac9e6f7e0631aa6 /extensions/libip6t_ah.txlate
parent	11c77ed471f2d8a6dc60c17aef1e1a3b52ff3591 (diff)