extensions: add tests for comp match options

Message ID 20180206180330.24879-1-harshasharmaiitr@gmail.com
State Accepted
Delegated to: Pablo Neira
Headers show
Series
  • extensions: add tests for comp match options
Related show

Commit Message

Harsha Sharma Feb. 6, 2018, 6:03 p.m.
This patch adds test for ipcomp flow match specified by its SPI value
and move tests for ipcomp protocol to libxt_policy.t

Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com>
---
 extensions/libxt_ipcomp.t | 8 +++-----
 extensions/libxt_policy.t | 3 +++
 2 files changed, 6 insertions(+), 5 deletions(-)

Comments

Pablo Neira Ayuso Feb. 6, 2018, 11:40 p.m. | #1
On Tue, Feb 06, 2018 at 11:33:30PM +0530, Harsha Sharma wrote:
> This patch adds test for ipcomp flow match specified by its SPI value
> and move tests for ipcomp protocol to libxt_policy.t

Applied, thanks Harsha.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Pablo Neira Ayuso Feb. 6, 2018, 11:42 p.m. | #2
On Wed, Feb 07, 2018 at 12:40:26AM +0100, Pablo Neira Ayuso wrote:
> On Tue, Feb 06, 2018 at 11:33:30PM +0530, Harsha Sharma wrote:
> > This patch adds test for ipcomp flow match specified by its SPI value
> > and move tests for ipcomp protocol to libxt_policy.t
> 
> Applied, thanks Harsha.

Wait.

These tests are failing:

# python iptables-test.py extensions/libxt_ipcomp.t
extensions/libxt_ipcomp.t: ERROR: line 2 (cannot find: iptables -I INPUT -p 108 -m ipcomp --ipcompspi 0x12 -j DROP)
extensions/libxt_ipcomp.t: ERROR: line 3 (cannot find: iptables -I INPUT -p 108 -m ipcomp ! --ipcompspi 0x12 -j ACCEPT)

Please, revisit and revamp. Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Pablo Neira Ayuso Feb. 25, 2018, 7:20 p.m. | #3
On Wed, Feb 07, 2018 at 12:42:44AM +0100, Pablo Neira Ayuso wrote:
> On Wed, Feb 07, 2018 at 12:40:26AM +0100, Pablo Neira Ayuso wrote:
> > On Tue, Feb 06, 2018 at 11:33:30PM +0530, Harsha Sharma wrote:
> > > This patch adds test for ipcomp flow match specified by its SPI value
> > > and move tests for ipcomp protocol to libxt_policy.t
> > 
> > Applied, thanks Harsha.
> 
> Wait.
> 
> These tests are failing:
> 
> # python iptables-test.py extensions/libxt_ipcomp.t
> extensions/libxt_ipcomp.t: ERROR: line 2 (cannot find: iptables -I INPUT -p 108 -m ipcomp --ipcompspi 0x12 -j DROP)
> extensions/libxt_ipcomp.t: ERROR: line 3 (cannot find: iptables -I INPUT -p 108 -m ipcomp ! --ipcompspi 0x12 -j ACCEPT)
> 
> Please, revisit and revamp. Thanks.

Just fixed it here.

Applied, thanks Harsha.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/extensions/libxt_ipcomp.t b/extensions/libxt_ipcomp.t
index ce111142..4b989d4c 100644
--- a/extensions/libxt_ipcomp.t
+++ b/extensions/libxt_ipcomp.t
@@ -1,5 +1,3 @@ 
-:INPUT,FORWARD
--m policy --dir in --pol ipsec --proto ipcomp;=;OK
--m policy --dir in --pol none --proto ipcomp;;FAIL
--m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp;=;OK
--m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp --mode tunnel --tunnel-dst 10.0.0.0/8 --tunnel-src 10.0.0.0/8 --next --reqid 2;=;OK
+:INPUT,OUTPUT
+-p 108 -m ipcomp --ipcompspi 0x12 -j DROP;=;OK
+-p 108 -m ipcomp ! --ipcompspi 0x12 -j ACCEPT;=;OK
diff --git a/extensions/libxt_policy.t b/extensions/libxt_policy.t
index 24a3e2f4..6524122b 100644
--- a/extensions/libxt_policy.t
+++ b/extensions/libxt_policy.t
@@ -1,5 +1,8 @@ 
 :INPUT,FORWARD
 -m policy --dir in --pol ipsec;=;OK
+-m policy --dir in --pol ipsec --proto ipcomp;=;OK
 -m policy --dir in --pol ipsec --strict;;FAIL
+-m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp;=;OK
 -m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto esp --mode tunnel --tunnel-dst 10.0.0.0/8 --tunnel-src 10.0.0.0/8 --next --reqid 2;=;OK
 -m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto esp --tunnel-dst 10.0.0.0/8;;FAIL
+-m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp --mode tunnel --tunnel-dst 10.0.0.0/8 --tunnel-src 10.0.0.0/8 --next --reqid 2;=;OK