From: Harsha Sharma Date: Tue, 6 Feb 2018 18:03:30 +0000 (+0530) Subject: extensions: add tests for comp match options X-Git-Tag: v1.8.0~143 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ed928a8302aa7a531987ff8120950c44bfcab700;p=thirdparty%2Fiptables.git extensions: add tests for comp match options This patch adds test for ipcomp flow match specified by its SPI value and move tests for ipcomp protocol to libxt_policy.t Signed-off-by: Harsha Sharma Signed-off-by: Pablo Neira Ayuso --- diff --git a/extensions/libxt_ipcomp.t b/extensions/libxt_ipcomp.t index ce111142..8546ba9c 100644 --- a/extensions/libxt_ipcomp.t +++ b/extensions/libxt_ipcomp.t @@ -1,5 +1,3 @@ -:INPUT,FORWARD --m policy --dir in --pol ipsec --proto ipcomp;=;OK --m policy --dir in --pol none --proto ipcomp;;FAIL --m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp;=;OK --m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp --mode tunnel --tunnel-dst 10.0.0.0/8 --tunnel-src 10.0.0.0/8 --next --reqid 2;=;OK +:INPUT,OUTPUT +-p ipcomp -m ipcomp --ipcompspi 18 -j DROP;=;OK +-p ipcomp -m ipcomp ! --ipcompspi 18 -j ACCEPT;=;OK diff --git a/extensions/libxt_policy.t b/extensions/libxt_policy.t index 24a3e2f4..6524122b 100644 --- a/extensions/libxt_policy.t +++ b/extensions/libxt_policy.t @@ -1,5 +1,8 @@ :INPUT,FORWARD -m policy --dir in --pol ipsec;=;OK +-m policy --dir in --pol ipsec --proto ipcomp;=;OK -m policy --dir in --pol ipsec --strict;;FAIL +-m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp;=;OK -m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto esp --mode tunnel --tunnel-dst 10.0.0.0/8 --tunnel-src 10.0.0.0/8 --next --reqid 2;=;OK -m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto esp --tunnel-dst 10.0.0.0/8;;FAIL +-m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp --mode tunnel --tunnel-dst 10.0.0.0/8 --tunnel-src 10.0.0.0/8 --next --reqid 2;=;OK