File: translation-test-fixes.patch

package info (click to toggle)
iptables 1.8.11-3
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 6,792 kB
  • sloc: ansic: 53,482; sh: 7,810; xml: 772; python: 755; makefile: 271
file content (59 lines) | stat: -rw-r--r-- 2,521 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
Author: Jeremy Sowden <jeremy@azazel.net>
Last-Update: 2024-11-20
Forwarded: https://lore.kernel.org/netfilter-devel/20241108173443.4146022-1-jeremy@azazel.net/
Applied-Upstream: e6e232d0ae252b0b86278455b18d9475b95db8f0
Description: fix translation test failures
 Protocol number 141 is assigned to a real protocol: Wrapped Encapsulating
 Security Payload.  This is listed in Debian's /etc/protocols, which leads to
 test failures:
   .
   ./extensions/generic.txlate: Fail
   src: iptables-translate -A FORWARD -p 141
   exp: nft 'add rule ip filter FORWARD ip protocol 141 counter'
   res: nft 'add rule ip filter FORWARD ip protocol wesp counter'
   .
   ./extensions/generic.txlate: Fail
   src: ip6tables-translate -A FORWARD -p 141
   exp: nft 'add rule ip6 filter FORWARD meta l4proto 141 counter'
   res: nft 'add rule ip6 filter FORWARD meta l4proto wesp counter'
   .
   ./extensions/generic.txlate: Fail
   src: iptables-translate -A FORWARD ! -p 141
   exp: nft 'add rule ip filter FORWARD ip protocol != 141 counter'
   res: nft 'add rule ip filter FORWARD ip protocol != wesp counter'
   .
   ./extensions/generic.txlate: Fail
   src: ip6tables-translate -A FORWARD ! -p 141
   exp: nft 'add rule ip6 filter FORWARD meta l4proto != 141 counter'
   res: nft 'add rule ip6 filter FORWARD meta l4proto != wesp counter'
   .
 Replace it with 253, which IANA reserves for testing and experimentation.

--- a/extensions/generic.txlate
+++ b/extensions/generic.txlate
@@ -76,17 +76,17 @@
 ip6tables-translate -A FORWARD ! -p 132
 nft 'add rule ip6 filter FORWARD meta l4proto != sctp counter'
 
-iptables-translate -A FORWARD -p 141
-nft 'add rule ip filter FORWARD ip protocol 141 counter'
+iptables-translate -A FORWARD -p 253
+nft 'add rule ip filter FORWARD ip protocol 253 counter'
 
-ip6tables-translate -A FORWARD -p 141
-nft 'add rule ip6 filter FORWARD meta l4proto 141 counter'
+ip6tables-translate -A FORWARD -p 253
+nft 'add rule ip6 filter FORWARD meta l4proto 253 counter'
 
-iptables-translate -A FORWARD ! -p 141
-nft 'add rule ip filter FORWARD ip protocol != 141 counter'
+iptables-translate -A FORWARD ! -p 253
+nft 'add rule ip filter FORWARD ip protocol != 253 counter'
 
-ip6tables-translate -A FORWARD ! -p 141
-nft 'add rule ip6 filter FORWARD meta l4proto != 141 counter'
+ip6tables-translate -A FORWARD ! -p 253
+nft 'add rule ip6 filter FORWARD meta l4proto != 253 counter'
 
 iptables-translate -A FORWARD -m tcp --dport 22 -p tcp
 nft 'add rule ip filter FORWARD tcp dport 22 counter'