summaryrefslogtreecommitdiffstats
path: root/extensions/libxt_udp.t
Commit message (Collapse)AuthorAgeFilesLines
* extensions: tcp/udp: Save/xlate inverted full rangesPhil Sutter2024-02-021-2/+2
| | | | | | | | Also translate a bare '-m tcp/udp' to 'meta l4proto' match. Fixes: 04f569ded54a7 ("extensions: libxt_udp: add translation to nft") Fixes: fb2593ebbf656 ("extensions: libxt_tcp: add translation to nft") Signed-off-by: Phil Sutter <phil@nwl.cc>
* nft: Do not omit full ranges if invertedPhil Sutter2024-02-021-2/+2
| | | | | | | Otherwise this turns a never matching rule into an always matching one. Fixes: c034cf31dd1a9 ("nft: prefer native expressions instead of udp match") Signed-off-by: Phil Sutter <phil@nwl.cc>
* libxtables: Reject negative port rangesPhil Sutter2024-02-021-2/+2
| | | | | | | Analogous to XTTYPE_UINT*RC value parsing, assert consecutive port values are not lower than previous ones. Signed-off-by: Phil Sutter <phil@nwl.cc>
* extensions: *.t/*.txlate: Test range corner-casesPhil Sutter2024-02-021-0/+12
| | | | | | | | | | | For every extension option accepting a range, test open and half-open as well as single element and invalid (negative) ranges. The added tests merely reflect the status quo, not the expected outcome. Following patches will fix results and the already existing test cases highlight the fixes' effects. Signed-off-by: Phil Sutter <phil@nwl.cc>
* nft: Reject tcp/udp extension without proper protocol matchPhil Sutter2022-12-221-0/+3
| | | | | | | | | Internally, 'th' expression is used, which works but matches both protocols. Since users won't expect '-m tcp --dport 1' to match UDP packets, catch missing/wrong '-p' argument. Fixes: c034cf31dd1a9 ("nft: prefer native expressions instead of udp match") Signed-off-by: Phil Sutter <phil@nwl.cc>
* extensions: libxt_udp: add unit testPablo Neira Ayuso2013-10-071-0/+22
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>