extensions: *.t/*.txlate: Test range corner-cases

For every extension option accepting a range, test open and half-open as well as single element and invalid (negative) ranges. The added tests merely reflect the status quo, not the expected outcome. Following patches will fix results and the already existing test cases highlight the fixes' effects. Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Phil Sutter <phil@nwl.cc> 2024-01-25 02:12:24 +0100
committer: Phil Sutter <phil@nwl.cc> 2024-02-02 18:26:14 +0100
commit: 285406b1d22e3ed0aec30ea0a534ea76211156a9 (patch)
tree: 95607347977110481518de17fac9e6f7e0631aa6 /extensions/libxt_esp.txlate
parent: 11c77ed471f2d8a6dc60c17aef1e1a3b52ff3591 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/extensions/libxt_esp.txlate b/extensions/libxt_esp.txlate
index f6aba52f..3b1d5718 100644
--- a/extensions/libxt_esp.txlate
+++ b/extensions/libxt_esp.txlate
@@ -9,3 +9,15 @@ nft 'add rule ip filter INPUT esp spi 500 counter drop'
 
 iptables-translate -A INPUT -p 50 -m esp --espspi 500:600 -j DROP
 nft 'add rule ip filter INPUT esp spi 500-600 counter drop'
+
+iptables-translate -A INPUT -p 50 -m esp --espspi 0:4294967295 -j DROP
+nft 'add rule ip filter INPUT counter drop'
+
+iptables-translate -A INPUT -p 50 -m esp ! --espspi 0:4294967295 -j DROP
+nft 'add rule ip filter INPUT counter drop'
+
+ip6tables-translate -A INPUT -p 50 -m esp --espspi 0:4294967295 -j DROP
+nft 'add rule ip6 filter INPUT counter drop'
+
+ip6tables-translate -A INPUT -p 50 -m esp ! --espspi 0:4294967295 -j DROP
+nft 'add rule ip6 filter INPUT counter drop'
author	Phil Sutter <phil@nwl.cc>	2024-01-25 02:12:24 +0100
committer	Phil Sutter <phil@nwl.cc>	2024-02-02 18:26:14 +0100
commit	285406b1d22e3ed0aec30ea0a534ea76211156a9 (patch)
tree	95607347977110481518de17fac9e6f7e0631aa6 /extensions/libxt_esp.txlate
parent	11c77ed471f2d8a6dc60c17aef1e1a3b52ff3591 (diff)