summaryrefslogtreecommitdiffstats
path: root/extensions/iptables.t
Commit message (Collapse)AuthorAgeFilesLines
* xshared: Fix parsing of empty string arg in '-c' optionPhil Sutter2024-04-101-0/+5
| | | | | | | | | | | | | | Calling iptables with '-c ""' resulted in a call to strchr() with an invalid pointer as 'optarg + 1' points to past the buffer. The most simple fix is to drop the offset: The global optstring part specifies a single colon after 'c', so getopt() enforces a valid pointer in optarg. If it contains a comma at first position, packet counter value parsing will fail so all cases are covered. Reported-by: gorbanev.es@gmail.com Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1741 Fixes: 60a6073690a45 ("Make --set-counters (-c) accept comma separated counters") Signed-off-by: Phil Sutter <phil@nwl.cc>
* extensions: test protocol and interface negationFlorian Westphal2018-11-121-0/+2
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* xtables: Fix for matching rules with wildcard interfacesPhil Sutter2018-11-011-0/+4
Due to xtables_parse_interface() and parse_ifname() being misaligned regarding interface mask setting, rules containing a wildcard interface added with iptables-nft could neither be checked nor deleted. As suggested, introduce extensions/iptables.t to hold checks for built-in selectors. This file is picked up by iptables-test.py as-is. The only limitation is that iptables is being used for it, so no ip6tables-specific things can be tested with it (for now). Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>