From ed928a8302aa7a531987ff8120950c44bfcab700 Mon Sep 17 00:00:00 2001 From: Harsha Sharma Date: Tue, 6 Feb 2018 23:33:30 +0530 Subject: extensions: add tests for comp match options This patch adds test for ipcomp flow match specified by its SPI value and move tests for ipcomp protocol to libxt_policy.t Signed-off-by: Harsha Sharma Signed-off-by: Pablo Neira Ayuso --- extensions/libxt_ipcomp.t | 8 +++----- extensions/libxt_policy.t | 3 +++ 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/extensions/libxt_ipcomp.t b/extensions/libxt_ipcomp.t index ce111142..8546ba9c 100644 --- a/extensions/libxt_ipcomp.t +++ b/extensions/libxt_ipcomp.t @@ -1,5 +1,3 @@ -:INPUT,FORWARD --m policy --dir in --pol ipsec --proto ipcomp;=;OK --m policy --dir in --pol none --proto ipcomp;;FAIL --m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp;=;OK --m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp --mode tunnel --tunnel-dst 10.0.0.0/8 --tunnel-src 10.0.0.0/8 --next --reqid 2;=;OK +:INPUT,OUTPUT +-p ipcomp -m ipcomp --ipcompspi 18 -j DROP;=;OK +-p ipcomp -m ipcomp ! --ipcompspi 18 -j ACCEPT;=;OK diff --git a/extensions/libxt_policy.t b/extensions/libxt_policy.t index 24a3e2f4..6524122b 100644 --- a/extensions/libxt_policy.t +++ b/extensions/libxt_policy.t @@ -1,5 +1,8 @@ :INPUT,FORWARD -m policy --dir in --pol ipsec;=;OK +-m policy --dir in --pol ipsec --proto ipcomp;=;OK -m policy --dir in --pol ipsec --strict;;FAIL +-m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp;=;OK -m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto esp --mode tunnel --tunnel-dst 10.0.0.0/8 --tunnel-src 10.0.0.0/8 --next --reqid 2;=;OK -m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto esp --tunnel-dst 10.0.0.0/8;;FAIL +-m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp --mode tunnel --tunnel-dst 10.0.0.0/8 --tunnel-src 10.0.0.0/8 --next --reqid 2;=;OK -- cgit v1.2.3