summaryrefslogtreecommitdiffstats
path: root/extensions/libip6t_ah.t
Commit message (Collapse)AuthorAgeFilesLines
* extensions: ah: Save/xlate inverted full rangesPhil Sutter2024-02-021-1/+1
| | | | | | | | | | | While at it, fix xlate output for plain '-m ah' matches: With ip6tables-translate, one should emit an extdhr exists match since ip6t_ah.c in kernel also uses ipv6_find_hdr(). With iptables-translate, a simple 'meta l4proto ah' was missing. Fixes: bb498c8ba7bb3 ("extensions: libip6t_ah: Fix translation of plain '-m ah'") Fixes: b9a46ee406165 ("extensions: libipt_ah: Add translation to nft") Signed-off-by: Phil Sutter <phil@nwl.cc>
* libxtables: xtoptions: Assert ranges are monotonic increasingPhil Sutter2024-02-021-1/+1
| | | | | | | | | | | Extensions commonly require the upper range value to be larger or equal to the lower one. Performing this check in the parser is easier and covers all extensions at once. One notable exception is NFQUEUE which requires strict monotonicity. Hence leave its checks in place. Signed-off-by: Phil Sutter <phil@nwl.cc>
* extensions: *.t/*.txlate: Test range corner-casesPhil Sutter2024-02-021-0/+6
| | | | | | | | | | | For every extension option accepting a range, test open and half-open as well as single element and invalid (negative) ranges. The added tests merely reflect the status quo, not the expected outcome. Following patches will fix results and the already existing test cases highlight the fixes' effects. Signed-off-by: Phil Sutter <phil@nwl.cc>
* extensions: fix several test errorsPablo Neira Ayuso2015-09-161-1/+1
| | | | | | | | | | extensions/libxt_esp.t: ERROR: line 7 (should fail: iptables -A INPUT -p esp -m esp) extensions/libip6t_rt.t: ERROR: line 5 (should fail: ip6tables -A INPUT -m rt) extensions/libip6t_ah.t: ERROR: line 15 (should fail: ip6tables -A INPUT -m ah) extensions/libipt_ah.t: ERROR: line 13 (should fail: iptables -A INPUT -p ah -m ah) Fixes: 4264de1f270a ("extensions: restore matching any SPI id by default") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: restore matching any SPI id by defaultJan Engelhardt2015-08-121-0/+1
| | | | | | | | | | | This is the same as commit v1.4.15-12-g8a988f6. If no id option is given, the extensions only match packets with a zero-valued identification field. This behavior deviates from what it used to do back in v1.4.10-273-g6944f2c^. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: libip6t_ah: add unit testPablo Neira Ayuso2013-10-071-0/+14
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>