diff options
author | Phil Sutter <phil@nwl.cc> | 2018-08-10 17:07:36 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-16 19:43:47 +0200 |
commit | 02b80972c43d21f899c845c7fcafa4e4fb183312 (patch) | |
tree | 0d977247aed39733663b267fd0667a35966c1028 /iptables/tests | |
parent | 5de8dcf75941c533f2dae8a40bf8b6128b8287f3 (diff) |
ebtables: Merge libebt_limit.c into libxt_limit.c
Both extensions were very similar already, but now that they both are
translated into native nftables code, their actual difference (i.e.
match size) doesn't matter anymore.
This change comes with one caveat: Since ebtables limit match is not in
its own file anymore, match preloading automatically also loads the
NFPROTO_UNSPEC limit match. This is not a problem per se since match
lookup will prefer the family-specific one, but when parsing unknown
options, a match without 'parse' callback is encountered. Therefore
do_commandeb() has to check existence of that callback prior to
dereferencing it.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/tests')
-rwxr-xr-x | iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 | 6 | ||||
-rwxr-xr-x | iptables/tests/shell/testcases/ebtables/0003-ebtables-restore-defaults_0 | 4 |
2 files changed, 5 insertions, 5 deletions
diff --git a/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 b/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 index 1de76840..eeb7d835 100755 --- a/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 +++ b/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 @@ -84,15 +84,15 @@ DUMP='*filter -A foo -p IPv6 --ip6-src feed:babe::1 -j ACCEPT -A foo -p IPv6 --ip6-dst feed:babe::/64 -j ACCEPT -A foo -p IPv6 --ip6-proto tcp -j ACCEPT --A foo --limit 100/second --limit-burst 42 -j ACCEPT +-A foo --limit 100/sec --limit-burst 42 -j ACCEPT -A foo --log-level notice --log-prefix "" -j CONTINUE -A foo -j mark --mark-set 0x23 --mark-target ACCEPT -A foo --nflog-group 1 -j CONTINUE -A foo --pkttype-type multicast -j ACCEPT -A foo --stp-type config -j ACCEPT --A foo --802_3-sap 0x23 --limit 100/second --limit-burst 5 -j ACCEPT +-A foo --802_3-sap 0x23 --limit 100/sec --limit-burst 5 -j ACCEPT -A foo --pkttype-type multicast --log-level notice --log-prefix "" -j CONTINUE --A foo --pkttype-type multicast --limit 100/second --limit-burst 5 -j ACCEPT +-A foo --pkttype-type multicast --limit 100/sec --limit-burst 5 -j ACCEPT *nat :PREROUTING ACCEPT diff --git a/iptables/tests/shell/testcases/ebtables/0003-ebtables-restore-defaults_0 b/iptables/tests/shell/testcases/ebtables/0003-ebtables-restore-defaults_0 index d82bae54..c8580547 100755 --- a/iptables/tests/shell/testcases/ebtables/0003-ebtables-restore-defaults_0 +++ b/iptables/tests/shell/testcases/ebtables/0003-ebtables-restore-defaults_0 @@ -22,8 +22,8 @@ EXPECT='*filter :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT --A FORWARD --limit 100/second --limit-burst 42 -j ACCEPT --A FORWARD --limit 1000/second --limit-burst 5 -j ACCEPT +-A FORWARD --limit 100/sec --limit-burst 42 -j ACCEPT +-A FORWARD --limit 1000/sec --limit-burst 5 -j ACCEPT -A FORWARD --log-level notice --log-prefix "foobar" -j CONTINUE -A FORWARD --log-level notice --log-prefix "" -j CONTINUE ' |