On Fri, Feb 02, 2024 at 02:52:55PM +0100, Phil Sutter wrote:
> Discussion of commit ee87ad419e9a0 ("extensions: libebt_stp: fix range
> checking") motivated me to check parser behaviour with ranges, including
> some corner cases:
>
> * Negative ranges (e.g. 4:3) are supposed to be rejected
> * Ranges may be (half) open, e.g. ":10", "5:" or just ":"
> * Ranges may be single element size (e.g. "4:4")
> * Full ranges are NOPs aside from the constraints implied by invoking
> the match itself
> * Inverted full ranges never match and therefore must at least remain in
> place (code sometimes treated them like non-inverted ones)
>
> First patch in this series bulk-adds test cases to record the status
> quo, following patches fix behaviour either by implementing checks into
> libxtables (in patches 2, 3 and 12) or fixing up extensions. Patch 10 is
> an exception, it fixes for inverted full ranges when generating native
> payload matches for tcp/udp extensions.
>
> Phil Sutter (12):
> extensions: *.t/*.txlate: Test range corner-cases
> libxtables: xtoptions: Assert ranges are monotonic increasing
> libxtables: Reject negative port ranges
> extensions: ah: Save/xlate inverted full ranges
> extensions: frag: Save/xlate inverted full ranges
> extensions: mh: Save/xlate inverted full ranges
> extensions: rt: Save/xlate inverted full ranges
> extensions: esp: Save/xlate inverted full ranges
> extensions: ipcomp: Save inverted full ranges
> nft: Do not omit full ranges if inverted
> extensions: tcp/udp: Save/xlate inverted full ranges
> libxtables: xtoptions: Respect min/max values when completing ranges
Series applied.
