diff options
| author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-01-13 22:52:44 +0100 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-01-13 22:52:44 +0100 |
| commit | 24b35d0b8950407ce85eefef18576d54f1e2c20e (patch) | |
| tree | 8ecba4e1c02fb03cfab8ae0f37ab60b7455c137f /tests/hash:ip,port,net.t | |
| parent | dd71826fcfcfcc8c36f0508cc183dd222da40452 (diff) | |
Exceptions support added to hash:*net* types
The "nomatch" keyword and option is added to the hash:*net* types,
by which one can add exception entries to sets. Example:
ipset create test hash:net
ipset add test 192.168.0/24
ipset add test 192.168.0/30 nomatch
In this case the IP addresses from 192.168.0/24 except 192.168.0/30
match the elements of the set.
Diffstat (limited to 'tests/hash:ip,port,net.t')
| -rw-r--r-- | tests/hash:ip,port,net.t | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/tests/hash:ip,port,net.t b/tests/hash:ip,port,net.t index 26645ef..446c512 100644 --- a/tests/hash:ip,port,net.t +++ b/tests/hash:ip,port,net.t @@ -54,4 +54,42 @@ 0 n=`ipset list test|grep '^10.0'|wc -l` && test $n -eq 6144 # Destroy set 0 ipset -X test +# Create test set with timeout support +0 ipset create test hash:ip,port,net timeout 30 +# Add a non-matching IP address entry +0 ipset -A test 2.2.2.2,80,1.1.1.1 nomatch +# Add an overlapping matching small net +0 ipset -A test 2.2.2.2,80,1.1.1.0/30 +# Add an overlapping non-matching larger net +0 ipset -A test 2.2.2.2,80,1.1.1.0/28 nomatch +# Add an even larger matching net +0 ipset -A test 2.2.2.2,80,1.1.1.0/26 +# Check non-matching IP +1 ipset -T test 2.2.2.2,80,1.1.1.1 +# Check matching IP from non-matchin small net +0 ipset -T test 2.2.2.2,80,1.1.1.3 +# Check non-matching IP from larger net +1 ipset -T test 2.2.2.2,80,1.1.1.4 +# Check matching IP from even larger net +0 ipset -T test 2.2.2.2,80,1.1.1.16 +# Update non-matching IP to matching one +0 ipset -! -A test 2.2.2.2,80,1.1.1.1 +# Delete overlapping small net +0 ipset -D test 2.2.2.2,80,1.1.1.0/30 +# Check matching IP +0 ipset -T test 2.2.2.2,80,1.1.1.1 +# Add overlapping small net +0 ipset -A test 2.2.2.2,80,1.1.1.0/30 +# Update matching IP as a non-matching one, with shorter timeout +0 ipset -! -A test 2.2.2.2,80,1.1.1.1 nomatch timeout 2 +# Check non-matching IP +1 ipset -T test 2.2.2.2,80,1.1.1.1 +# Sleep 3s so that element can time out +0 sleep 3 +# Check non-matching IP +0 ipset -T test 2.2.2.2,80,1.1.1.1 +# Check matching IP +0 ipset -T test 2.2.2.2,80,1.1.1.3 +# Delete test set +0 ipset destroy test # eof |