From da13460f05eaee3b92c3b6d0ca2023c5377f4aca Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 1 Feb 2024 15:47:09 +0100
Subject: extensions: esp: Save/xlate inverted full ranges

Also add a translation for plain '-m esp' match which depends on the
address family: While ip6tables-translate may emit an exthdr exists
match, iptables-translate must stick to meta l4proto.

Fixes: 6cfa723a83d45 ("extensions: libxt_esp: Add translation to nft")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 extensions/libxt_esp.t | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'extensions/libxt_esp.t')

diff --git a/extensions/libxt_esp.t b/extensions/libxt_esp.t
index 686611f2..ece131c9 100644
--- a/extensions/libxt_esp.t
+++ b/extensions/libxt_esp.t
@@ -5,7 +5,7 @@
 -p esp -m esp ! --espspi 0:4294967294;=;OK
 -p esp -m esp --espspi -1;;FAIL
 -p esp -m esp --espspi :;-p esp -m esp;OK
--p esp -m esp ! --espspi :;-p esp -m esp;OK
+-p esp -m esp ! --espspi :;-p esp -m esp ! --espspi 0:4294967295;OK
 -p esp -m esp --espspi :4;-p esp -m esp --espspi 0:4;OK
 -p esp -m esp --espspi 4:;-p esp -m esp --espspi 4:4294967295;OK
 -p esp -m esp --espspi 3:4;=;OK
-- 
cgit v1.2.3