summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2015-03-13 21:18:58 +0100
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2015-03-13 21:18:58 +0100
commit6fa394d59d91e6cfa3c107128ad1f7d6a6d70257 (patch)
treec1dc228398ac68ba2e7848e360adc00db724dc6e /tests
parentfee333d674a4c697c1f33952bbc060ee810d9307 (diff)
Fix cidr handling for hash:*net* types
Commit 092d67cda9ad4 broke the cidr handling for the hash:*net* types when the sets were used by the SET target: entries with invalid cidr values were added to the sets. Reported by Jonathan Johnson. Testsuite entry is added to verify the fix.
Diffstat (limited to 'tests')
-rwxr-xr-xtests/iptables.sh5
-rw-r--r--tests/match_target.t16
-rwxr-xr-xtests/resizet.sh2
3 files changed, 22 insertions, 1 deletions
diff --git a/tests/iptables.sh b/tests/iptables.sh
index c5b9bf7..7ea90e0 100755
--- a/tests/iptables.sh
+++ b/tests/iptables.sh
@@ -95,6 +95,11 @@ del)
$cmd -F INPUT
$cmd -A INPUT -j SET --del-set ipport src,src
;;
+add)
+ $ipset n test hash:net $family 2>/dev/null
+ $cmd -F INPUT
+ $cmd -A INPUT -j SET --add-set test src
+ ;;
timeout)
$ipset n test hash:ip,port timeout 2
$cmd -A INPUT -j SET --add-set test src,src --timeout 10 --exist
diff --git a/tests/match_target.t b/tests/match_target.t
index 1739fae..02a0ea3 100644
--- a/tests/match_target.t
+++ b/tests/match_target.t
@@ -88,4 +88,20 @@
0 ./check_klog.sh 10.255.255.64 udp 1025 mark
# Destroy sets and rules
0 ./iptables.sh inet stop
+# Create test set and iptables rules
+0 ./iptables.sh inet add
+# Send probe packet from 10.255.255.64,udp:1025
+0 sendip -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p udp -ud 80 -us 1025 127.0.0.1
+# Check that 10.255.255.64 is added to the set
+0 ipset t test 10.255.255.64
+# Flush set
+0 ipset f test
+# Add a /24 network to the set
+0 ipset a test 1.1.1.0/24
+# Send probe packet from 10.255.255.64,udp:1025 again
+0 sendip -p ipv4 -id 127.0.0.1 -is 10.255.255.64 -p udp -ud 80 -us 1025 127.0.0.1
+# Check that 10.255.255.0/24 is added to the set
+0 ipset t test 10.255.255.0/24
+# Destroy sets and rules
+0 ./iptables.sh inet stop
# eof
diff --git a/tests/resizet.sh b/tests/resizet.sh
index b5f7fdc..7dc309f 100755
--- a/tests/resizet.sh
+++ b/tests/resizet.sh
@@ -103,7 +103,7 @@ case "$2" in
;;
esac
$ipset l test | grep ^$ip | while read x y z; do
- if [ $z -lt 10 -o $z -gt 99 ]; then
+ if [ $z -lt 10 -o $z -gt 100 ]; then
exit 1
fi
done