This patch adds test for ipcomp flow match specified by its SPI value and move tests for ipcomp protocol to libxt_policy.t Signed-off-by: Harsha Sharma <harshasharmaiitr@xxxxxxxxx> --- extensions/libxt_ipcomp.t | 8 +++----- extensions/libxt_policy.t | 3 +++ 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/extensions/libxt_ipcomp.t b/extensions/libxt_ipcomp.t index ce111142..4b989d4c 100644 --- a/extensions/libxt_ipcomp.t +++ b/extensions/libxt_ipcomp.t @@ -1,5 +1,3 @@ -:INPUT,FORWARD --m policy --dir in --pol ipsec --proto ipcomp;=;OK --m policy --dir in --pol none --proto ipcomp;;FAIL --m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp;=;OK --m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp --mode tunnel --tunnel-dst 10.0.0.0/8 --tunnel-src 10.0.0.0/8 --next --reqid 2;=;OK +:INPUT,OUTPUT +-p 108 -m ipcomp --ipcompspi 0x12 -j DROP;=;OK +-p 108 -m ipcomp ! --ipcompspi 0x12 -j ACCEPT;=;OK diff --git a/extensions/libxt_policy.t b/extensions/libxt_policy.t index 24a3e2f4..6524122b 100644 --- a/extensions/libxt_policy.t +++ b/extensions/libxt_policy.t @@ -1,5 +1,8 @@ :INPUT,FORWARD -m policy --dir in --pol ipsec;=;OK +-m policy --dir in --pol ipsec --proto ipcomp;=;OK -m policy --dir in --pol ipsec --strict;;FAIL +-m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp;=;OK -m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto esp --mode tunnel --tunnel-dst 10.0.0.0/8 --tunnel-src 10.0.0.0/8 --next --reqid 2;=;OK -m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto esp --tunnel-dst 10.0.0.0/8;;FAIL +-m policy --dir in --pol ipsec --strict --reqid 1 --spi 0x1 --proto ipcomp --mode tunnel --tunnel-dst 10.0.0.0/8 --tunnel-src 10.0.0.0/8 --next --reqid 2;=;OK -- 2.14.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
