Fixes: 0bb8765cc28cf ("iptables: Add IPv4/6 IPcomp match support")
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
extensions/libxt_ipcomp.c | 7 ++++---
extensions/libxt_ipcomp.t | 2 +-
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/extensions/libxt_ipcomp.c b/extensions/libxt_ipcomp.c
index 4171c4a1c4eb7..961c17e584933 100644
--- a/extensions/libxt_ipcomp.c
+++ b/extensions/libxt_ipcomp.c
@@ -76,11 +76,12 @@ static void comp_print(const void *ip, const struct xt_entry_match *match,
static void comp_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_ipcomp *compinfo = (struct xt_ipcomp *)match->data;
+ bool inv_spi = compinfo->invflags & XT_IPCOMP_INV_SPI;
if (!(compinfo->spis[0] == 0
- && compinfo->spis[1] == 0xFFFFFFFF)) {
- printf("%s --ipcompspi ",
- (compinfo->invflags & XT_IPCOMP_INV_SPI) ? " !" : "");
+ && compinfo->spis[1] == UINT32_MAX
+ && !inv_spi)) {
+ printf("%s --ipcompspi ", inv_spi ? " !" : "");
if (compinfo->spis[0]
!= compinfo->spis[1])
printf("%u:%u",
diff --git a/extensions/libxt_ipcomp.t b/extensions/libxt_ipcomp.t
index 375f885a708d9..e25695c6912be 100644
--- a/extensions/libxt_ipcomp.t
+++ b/extensions/libxt_ipcomp.t
@@ -2,7 +2,7 @@
-p ipcomp -m ipcomp --ipcompspi 18 -j DROP;=;OK
-p ipcomp -m ipcomp ! --ipcompspi 18 -j ACCEPT;=;OK
-p ipcomp -m ipcomp --ipcompspi :;-p ipcomp -m ipcomp;OK
--p ipcomp -m ipcomp ! --ipcompspi :;-p ipcomp -m ipcomp;OK
+-p ipcomp -m ipcomp ! --ipcompspi :;-p ipcomp -m ipcomp ! --ipcompspi 0:4294967295;OK
-p ipcomp -m ipcomp --ipcompspi :4;-p ipcomp -m ipcomp --ipcompspi 0:4;OK
-p ipcomp -m ipcomp --ipcompspi 4:;-p ipcomp -m ipcomp --ipcompspi 4:4294967295;OK
-p ipcomp -m ipcomp --ipcompspi 3:4;=;OK
--
2.43.0
