From 285406b1d22e3ed0aec30ea0a534ea76211156a9 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 25 Jan 2024 02:12:24 +0100
Subject: extensions: *.t/*.txlate: Test range corner-cases

For every extension option accepting a range, test open and half-open as
well as single element and invalid (negative) ranges.

The added tests merely reflect the status quo, not the expected outcome.
Following patches will fix results and the already existing test cases
highlight the fixes' effects.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 extensions/libipt_ah.txlate | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'extensions/libipt_ah.txlate')

diff --git a/extensions/libipt_ah.txlate b/extensions/libipt_ah.txlate
index 897c82b5..e35ac17a 100644
--- a/extensions/libipt_ah.txlate
+++ b/extensions/libipt_ah.txlate
@@ -6,3 +6,9 @@ nft 'add rule ip filter INPUT ah spi 500-600 counter drop'
 
 iptables-translate -A INPUT -p 51 -m ah ! --ahspi 50 -j DROP
 nft 'add rule ip filter INPUT ah spi != 50 counter drop'
+
+iptables-translate -A INPUT -p 51 -m ah --ahspi 0:4294967295 -j DROP
+nft 'add rule ip filter INPUT counter drop'
+
+iptables-translate -A INPUT -p 51 -m ah ! --ahspi 0:4294967295 -j DROP
+nft 'add rule ip filter INPUT counter drop'
-- 
cgit v1.2.3