summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2011-07-08 11:06:40 +0200
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2011-07-08 11:06:40 +0200
commit76f6727dd65d2c3c188b11100257277736e99817 (patch)
tree38d07edf0eb9e948b3089bc3d6d762e795d62125 /tests
parent21553f360f26843dcd044db689add4adadb60099 (diff)
hash:net,iface fixed to handle overlapping nets behind different interfaces
If overlapping networks with different interfaces was added to the set, the type did not handle it properly. Example ipset create test hash:net,iface ipset add test 192.168.0.0/16,eth0 ipset add test 192.168.0.0/24,eth1 Now, if a packet was sent from 192.168.0.0/24,eth0, the type returned a match. In the patch the algorithm is fixed in order to correctly handle overlapping networks. Limitation: the same network cannot be stored with more than 64 different interfaces in a single set.
Diffstat (limited to 'tests')
-rw-r--r--tests/hash:net,iface.t48
-rw-r--r--tests/hash:net,iface.t.list133
2 files changed, 81 insertions, 0 deletions
diff --git a/tests/hash:net,iface.t b/tests/hash:net,iface.t
index 7c73264..ca0ddea 100644
--- a/tests/hash:net,iface.t
+++ b/tests/hash:net,iface.t
@@ -54,4 +54,52 @@
0 diff -u -I 'Size in memory.*' .foo hash:net,iface.t.list2
# Delete test set
0 ipset destroy test
+# Create test set
+0 ipset new test hash:net,iface
+# Add a /16 network with eth0
+0 ipset add test 10.0.0.0/16,eth0
+# Add an overlapping /24 network with eth1
+0 ipset add test 10.0.0.0/24,eth1
+# Add an overlapping /28 network with eth2
+0 ipset add test 10.0.0.0/28,eth2
+# Check matching element: from /28, with eth2
+0 ipset test test 10.0.0.1,eth2
+# Check non-matching element: from /28, with eth1
+1 ipset test test 10.0.0.2,eth1
+# Check non-matching element: from /28, with eth0
+1 ipset test test 10.0.0.3,eth0
+# Check matching element from: /24, with eth1
+0 ipset test test 10.0.0.16,eth1
+# Check non-matching element: from /24, with eth2
+1 ipset test test 10.0.0.17,eth2
+# Check non-matching element: from /24, with eth0
+1 ipset test test 10.0.0.18,eth0
+# Check matching element: from /16, with eth0
+0 ipset test test 10.0.1.1,eth0
+# Check non-matching element: from /16, with eth1
+1 ipset test test 10.0.1.2,eth1
+# Check non-matching element: from /16, with eth2
+1 ipset test test 10.0.1.3,eth2
+# Flush test set
+0 ipset flush test
+# Add overlapping networks from /4 to /30
+0 (set -e; for x in `seq 4 30`; do ipset add test 192.0.0.0/$x,eth$x; done)
+# List test set
+0 ipset -L test 2>/dev/null > .foo0 && ./sort.sh .foo0
+# Check listing
+0 diff -u -I 'Size in memory.*' .foo hash:net,iface.t.list1
+# Test matching elements in all added networks from /30 to /24
+0 (set -e; y=2; for x in `seq 24 30 | tac`; do ipset test test 192.0.0.$y,eth$x; y=$((y*2)); done)
+# Test non-matching elements in all added networks from /30 to /24
+0 (y=2; for x in `seq 24 30 | tac`; do z=$((x-1)); ipset test test 192.0.0.$y,eth$z; ret=$?; test $ret -eq 0 && exit 1; y=$((y*2)); done)
+# Delete test set
+0 ipset destroy test
+# Create test set with minimal hash size
+0 ipset create test hash:net,iface hashsize 64
+# Add clashing elements
+0 (set -e; for x in `seq 0 63`; do ipset add test 10.0.0.0/16,eth$x; done)
+# Check listing
+0 n=`ipset list test | wc -l` && test $n -eq 70
+# Delete test set
+0 ipset destroy test
# eof
diff --git a/tests/hash:net,iface.t.list1 b/tests/hash:net,iface.t.list1
new file mode 100644
index 0000000..4a298e2
--- /dev/null
+++ b/tests/hash:net,iface.t.list1
@@ -0,0 +1,33 @@
+Name: test
+Type: hash:net,iface
+Header: family inet hashsize 1024 maxelem 65536
+Size in memory: 18512
+References: 0
+Members:
+192.0.0.0/10,eth10
+192.0.0.0/11,eth11
+192.0.0.0/12,eth12
+192.0.0.0/13,eth13
+192.0.0.0/14,eth14
+192.0.0.0/15,eth15
+192.0.0.0/16,eth16
+192.0.0.0/17,eth17
+192.0.0.0/18,eth18
+192.0.0.0/19,eth19
+192.0.0.0/20,eth20
+192.0.0.0/21,eth21
+192.0.0.0/22,eth22
+192.0.0.0/23,eth23
+192.0.0.0/24,eth24
+192.0.0.0/25,eth25
+192.0.0.0/26,eth26
+192.0.0.0/27,eth27
+192.0.0.0/28,eth28
+192.0.0.0/29,eth29
+192.0.0.0/30,eth30
+192.0.0.0/4,eth4
+192.0.0.0/5,eth5
+192.0.0.0/6,eth6
+192.0.0.0/7,eth7
+192.0.0.0/8,eth8
+192.0.0.0/9,eth9