Message ID | 20180206180330.24879-1-harshasharmaiitr@gmail.com |
---|---|
State | Accepted |
Delegated to: | Pablo Neira |
Headers | show |
Series | extensions: add tests for comp match options | expand |
On Tue, Feb 06, 2018 at 11:33:30PM +0530, Harsha Sharma wrote: > This patch adds test for ipcomp flow match specified by its SPI value > and move tests for ipcomp protocol to libxt_policy.t Applied, thanks Harsha. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, Feb 07, 2018 at 12:40:26AM +0100, Pablo Neira Ayuso wrote: > On Tue, Feb 06, 2018 at 11:33:30PM +0530, Harsha Sharma wrote: > > This patch adds test for ipcomp flow match specified by its SPI value > > and move tests for ipcomp protocol to libxt_policy.t > > Applied, thanks Harsha. Wait. These tests are failing: # python iptables-test.py extensions/libxt_ipcomp.t extensions/libxt_ipcomp.t: ERROR: line 2 (cannot find: iptables -I INPUT -p 108 -m ipcomp --ipcompspi 0x12 -j DROP) extensions/libxt_ipcomp.t: ERROR: line 3 (cannot find: iptables -I INPUT -p 108 -m ipcomp ! --ipcompspi 0x12 -j ACCEPT) Please, revisit and revamp. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, Feb 07, 2018 at 12:42:44AM +0100, Pablo Neira Ayuso wrote: > On Wed, Feb 07, 2018 at 12:40:26AM +0100, Pablo Neira Ayuso wrote: > > On Tue, Feb 06, 2018 at 11:33:30PM +0530, Harsha Sharma wrote: > > > This patch adds test for ipcomp flow match specified by its SPI value > > > and move tests for ipcomp protocol to libxt_policy.t > > > > Applied, thanks Harsha. > > Wait. > > These tests are failing: > > # python iptables-test.py extensions/libxt_ipcomp.t > extensions/libxt_ipcomp.t: ERROR: line 2 (cannot find: iptables -I INPUT -p 108 -m ipcomp --ipcompspi 0x12 -j DROP) > extensions/libxt_ipcomp.t: ERROR: line 3 (cannot find: iptables -I INPUT -p 108 -m ipcomp ! --ipcompspi 0x12 -j ACCEPT) > > Please, revisit and revamp. Thanks. Just fixed it here. Applied, thanks Harsha. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/extensions/libxt_ipcomp.t b/extensions/libxt_ipcomp.t index ce111142..4b989d4c 100644 --- a/extensions/libxt_ipcomp.t +++ b/extensions/libxt_ipcomp.t @@ -1,5 +1,3 @@ -:INPUT,FORWARD --m policy --dir in --pol ipsec --proto ipcomp;=;OK --m policy --dir in --pol none --proto ipcomp;;FAIL --m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp;=;OK --m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp --mode tunnel --tunnel-dst 10.0.0.0/8 --tunnel-src 10.0.0.0/8 --next --reqid 2;=;OK +:INPUT,OUTPUT +-p 108 -m ipcomp --ipcompspi 0x12 -j DROP;=;OK +-p 108 -m ipcomp ! --ipcompspi 0x12 -j ACCEPT;=;OK diff --git a/extensions/libxt_policy.t b/extensions/libxt_policy.t index 24a3e2f4..6524122b 100644 --- a/extensions/libxt_policy.t +++ b/extensions/libxt_policy.t @@ -1,5 +1,8 @@ :INPUT,FORWARD -m policy --dir in --pol ipsec;=;OK +-m policy --dir in --pol ipsec --proto ipcomp;=;OK -m policy --dir in --pol ipsec --strict;;FAIL +-m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp;=;OK -m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto esp --mode tunnel --tunnel-dst 10.0.0.0/8 --tunnel-src 10.0.0.0/8 --next --reqid 2;=;OK -m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto esp --tunnel-dst 10.0.0.0/8;;FAIL +-m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp --mode tunnel --tunnel-dst 10.0.0.0/8 --tunnel-src 10.0.0.0/8 --next --reqid 2;=;OK
This patch adds test for ipcomp flow match specified by its SPI value and move tests for ipcomp protocol to libxt_policy.t Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com> --- extensions/libxt_ipcomp.t | 8 +++----- extensions/libxt_policy.t | 3 +++ 2 files changed, 6 insertions(+), 5 deletions(-)