diff options
| author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-01-13 22:52:44 +0100 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-01-13 22:52:44 +0100 |
| commit | 24b35d0b8950407ce85eefef18576d54f1e2c20e (patch) | |
| tree | 8ecba4e1c02fb03cfab8ae0f37ab60b7455c137f /tests | |
| parent | dd71826fcfcfcc8c36f0508cc183dd222da40452 (diff) | |
Exceptions support added to hash:*net* types
The "nomatch" keyword and option is added to the hash:*net* types,
by which one can add exception entries to sets. Example:
ipset create test hash:net
ipset add test 192.168.0/24
ipset add test 192.168.0/30 nomatch
In this case the IP addresses from 192.168.0/24 except 192.168.0/30
match the elements of the set.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/hash:ip,port,net.t | 38 | ||||
| -rw-r--r-- | tests/hash:ip6,port,net6.t | 38 | ||||
| -rw-r--r-- | tests/hash:net,iface.t | 38 | ||||
| -rw-r--r-- | tests/hash:net,port.t | 38 | ||||
| -rw-r--r-- | tests/hash:net.t | 38 | ||||
| -rw-r--r-- | tests/hash:net6,port.t | 38 | ||||
| -rw-r--r-- | tests/hash:net6.t | 38 | ||||
| -rw-r--r-- | tests/ipportnethash.t | 28 | ||||
| -rw-r--r-- | tests/nethash.t | 26 |
9 files changed, 319 insertions, 1 deletions
diff --git a/tests/hash:ip,port,net.t b/tests/hash:ip,port,net.t index 26645ef..446c512 100644 --- a/tests/hash:ip,port,net.t +++ b/tests/hash:ip,port,net.t @@ -54,4 +54,42 @@ 0 n=`ipset list test|grep '^10.0'|wc -l` && test $n -eq 6144 # Destroy set 0 ipset -X test +# Create test set with timeout support +0 ipset create test hash:ip,port,net timeout 30 +# Add a non-matching IP address entry +0 ipset -A test 2.2.2.2,80,1.1.1.1 nomatch +# Add an overlapping matching small net +0 ipset -A test 2.2.2.2,80,1.1.1.0/30 +# Add an overlapping non-matching larger net +0 ipset -A test 2.2.2.2,80,1.1.1.0/28 nomatch +# Add an even larger matching net +0 ipset -A test 2.2.2.2,80,1.1.1.0/26 +# Check non-matching IP +1 ipset -T test 2.2.2.2,80,1.1.1.1 +# Check matching IP from non-matchin small net +0 ipset -T test 2.2.2.2,80,1.1.1.3 +# Check non-matching IP from larger net +1 ipset -T test 2.2.2.2,80,1.1.1.4 +# Check matching IP from even larger net +0 ipset -T test 2.2.2.2,80,1.1.1.16 +# Update non-matching IP to matching one +0 ipset -! -A test 2.2.2.2,80,1.1.1.1 +# Delete overlapping small net +0 ipset -D test 2.2.2.2,80,1.1.1.0/30 +# Check matching IP +0 ipset -T test 2.2.2.2,80,1.1.1.1 +# Add overlapping small net +0 ipset -A test 2.2.2.2,80,1.1.1.0/30 +# Update matching IP as a non-matching one, with shorter timeout +0 ipset -! -A test 2.2.2.2,80,1.1.1.1 nomatch timeout 2 +# Check non-matching IP +1 ipset -T test 2.2.2.2,80,1.1.1.1 +# Sleep 3s so that element can time out +0 sleep 3 +# Check non-matching IP +0 ipset -T test 2.2.2.2,80,1.1.1.1 +# Check matching IP +0 ipset -T test 2.2.2.2,80,1.1.1.3 +# Delete test set +0 ipset destroy test # eof diff --git a/tests/hash:ip6,port,net6.t b/tests/hash:ip6,port,net6.t index 71814cf..1955cad 100644 --- a/tests/hash:ip6,port,net6.t +++ b/tests/hash:ip6,port,net6.t @@ -50,4 +50,42 @@ 0 n=`ipset list test|grep 1::1|wc -l` && test $n -eq 1026 # Destroy set 0 ipset -X test +# Create test set with timeout support +0 ipset create test hash:ip,port,net family inet6 timeout 30 +# Add a non-matching IP address entry +0 ipset -A test 2:2:2::2,80,1:1:1::1 nomatch +# Add an overlapping matching small net +0 ipset -A test 2:2:2::2,80,1:1:1::/124 +# Add an overlapping non-matching larger net +0 ipset -A test 2:2:2::2,80,1:1:1::/120 nomatch +# Add an even larger matching net +0 ipset -A test 2:2:2::2,80,1:1:1::/116 +# Check non-matching IP +1 ipset -T test 2:2:2::2,80,1:1:1::1 +# Check matching IP from non-matchin small net +0 ipset -T test 2:2:2::2,80,1:1:1::F +# Check non-matching IP from larger net +1 ipset -T test 2:2:2::2,80,1:1:1::10 +# Check matching IP from even larger net +0 ipset -T test 2:2:2::2,80,1:1:1::100 +# Update non-matching IP to matching one +0 ipset -! -A test 2:2:2::2,80,1:1:1::1 +# Delete overlapping small net +0 ipset -D test 2:2:2::2,80,1:1:1::/124 +# Check matching IP +0 ipset -T test 2:2:2::2,80,1:1:1::1 +# Add overlapping small net +0 ipset -A test 2:2:2::2,80,1:1:1::/124 +# Update matching IP as a non-matching one, with shorter timeout +0 ipset -! -A test 2:2:2::2,80,1:1:1::1 nomatch timeout 2 +# Check non-matching IP +1 ipset -T test 2:2:2::2,80,1:1:1::1 +# Sleep 3s so that element can time out +0 sleep 3 +# Check non-matching IP +0 ipset -T test 2:2:2::2,80,1:1:1::1 +# Check matching IP +0 ipset -T test 2:2:2::2,80,1:1:1::F +# Delete test set +0 ipset destroy test # eof diff --git a/tests/hash:net,iface.t b/tests/hash:net,iface.t index ca0ddea..0ae4d4e 100644 --- a/tests/hash:net,iface.t +++ b/tests/hash:net,iface.t @@ -102,4 +102,42 @@ 0 n=`ipset list test | wc -l` && test $n -eq 70 # Delete test set 0 ipset destroy test +# Create test set with timeout support +0 ipset create test hash:net,iface timeout 30 +# Add a non-matching IP address entry +0 ipset -A test 1.1.1.1,eth0 nomatch +# Add an overlapping matching small net +0 ipset -A test 1.1.1.0/30,eth0 +# Add an overlapping non-matching larger net +0 ipset -A test 1.1.1.0/28,eth0 nomatch +# Add an even larger matching net +0 ipset -A test 1.1.1.0/26,eth0 +# Check non-matching IP +1 ipset -T test 1.1.1.1,eth0 +# Check matching IP from non-matchin small net +0 ipset -T test 1.1.1.3,eth0 +# Check non-matching IP from larger net +1 ipset -T test 1.1.1.4,eth0 +# Check matching IP from even larger net +0 ipset -T test 1.1.1.16,eth0 +# Update non-matching IP to matching one +0 ipset -! -A test 1.1.1.1,eth0 +# Delete overlapping small net +0 ipset -D test 1.1.1.0/30,eth0 +# Check matching IP +0 ipset -T test 1.1.1.1,eth0 +# Add overlapping small net +0 ipset -A test 1.1.1.0/30,eth0 +# Update matching IP as a non-matching one, with shorter timeout +0 ipset -! -A test 1.1.1.1,eth0 nomatch timeout 2 +# Check non-matching IP +1 ipset -T test 1.1.1.1,eth0 +# Sleep 3s so that element can time out +0 sleep 3 +# Check non-matching IP +0 ipset -T test 1.1.1.1,eth0 +# Check matching IP +0 ipset -T test 1.1.1.3,eth0 +# Delete test set +0 ipset destroy test # eof diff --git a/tests/hash:net,port.t b/tests/hash:net,port.t index 993893d..5b60476 100644 --- a/tests/hash:net,port.t +++ b/tests/hash:net,port.t @@ -76,4 +76,42 @@ 0 n=`ipset list test|grep '^10.0'|wc -l` && test $n -eq 2052 # Destroy set 0 ipset -X test +# Create test set with timeout support +0 ipset create test hash:net,port timeout 30 +# Add a non-matching IP address entry +0 ipset -A test 1.1.1.1,80 nomatch +# Add an overlapping matching small net +0 ipset -A test 1.1.1.0/30,80 +# Add an overlapping non-matching larger net +0 ipset -A test 1.1.1.0/28,80 nomatch +# Add an even larger matching net +0 ipset -A test 1.1.1.0/26,80 +# Check non-matching IP +1 ipset -T test 1.1.1.1,80 +# Check matching IP from non-matchin small net +0 ipset -T test 1.1.1.3,80 +# Check non-matching IP from larger net +1 ipset -T test 1.1.1.4,80 +# Check matching IP from even larger net +0 ipset -T test 1.1.1.16,80 +# Update non-matching IP to matching one +0 ipset -! -A test 1.1.1.1,80 +# Delete overlapping small net +0 ipset -D test 1.1.1.0/30,80 +# Check matching IP +0 ipset -T test 1.1.1.1,80 +# Add overlapping small net +0 ipset -A test 1.1.1.0/30,80 +# Update matching IP as a non-matching one, with shorter timeout +0 ipset -! -A test 1.1.1.1,80 nomatch timeout 2 +# Check non-matching IP +1 ipset -T test 1.1.1.1,80 +# Sleep 3s so that element can time out +0 sleep 3 +# Check non-matching IP +0 ipset -T test 1.1.1.1,80 +# Check matching IP +0 ipset -T test 1.1.1.3,80 +# Delete test set +0 ipset destroy test # eof diff --git a/tests/hash:net.t b/tests/hash:net.t index e51186f..10e75d9 100644 --- a/tests/hash:net.t +++ b/tests/hash:net.t @@ -60,6 +60,44 @@ 0 ./netgen.sh | ipset restore # List set and check the number of elements 0 n=`ipset -L test|grep '^10.'|wc -l` && test $n -eq 43520 +# Destroy test set +0 ipset destroy test +# Create test set with timeout support +0 ipset create test hash:net timeout 30 +# Add a non-matching IP address entry +0 ipset -A test 1.1.1.1 nomatch +# Add an overlapping matching small net +0 ipset -A test 1.1.1.0/30 +# Add an overlapping non-matching larger net +0 ipset -A test 1.1.1.0/28 nomatch +# Add an even larger matching net +0 ipset -A test 1.1.1.0/26 +# Check non-matching IP +1 ipset -T test 1.1.1.1 +# Check matching IP from non-matchin small net +0 ipset -T test 1.1.1.3 +# Check non-matching IP from larger net +1 ipset -T test 1.1.1.4 +# Check matching IP from even larger net +0 ipset -T test 1.1.1.16 +# Update non-matching IP to matching one +0 ipset -! -A test 1.1.1.1 +# Delete overlapping small net +0 ipset -D test 1.1.1.0/30 +# Check matching IP +0 ipset -T test 1.1.1.1 +# Add overlapping small net +0 ipset -A test 1.1.1.0/30 +# Update matching IP as a non-matching one, with shorter timeout +0 ipset -! -A test 1.1.1.1 nomatch timeout 2 +# Check non-matching IP +1 ipset -T test 1.1.1.1 +# Sleep 3s so that element can time out +0 sleep 3 +# Check non-matching IP +0 ipset -T test 1.1.1.1 +# Check matching IP +0 ipset -T test 1.1.1.3 # Delete test set 0 ipset destroy test # eof diff --git a/tests/hash:net6,port.t b/tests/hash:net6,port.t index 3b58523..063b4c9 100644 --- a/tests/hash:net6,port.t +++ b/tests/hash:net6,port.t @@ -78,4 +78,42 @@ 0 n=`ipset list test|grep 1::|wc -l` && test $n -eq 1026 # Destroy set 0 ipset -X test +# Create test set with timeout support +0 ipset create test hash:net,port family inet6 timeout 30 +# Add a non-matching IP address entry +0 ipset -A test 1:1:1::1,80 nomatch +# Add an overlapping matching small net +0 ipset -A test 1:1:1::/124,80 +# Add an overlapping non-matching larger net +0 ipset -A test 1:1:1::/120,80 nomatch +# Add an even larger matching net +0 ipset -A test 1:1:1::/116,80 +# Check non-matching IP +1 ipset -T test 1:1:1::1,80 +# Check matching IP from non-matchin small net +0 ipset -T test 1:1:1::F,80 +# Check non-matching IP from larger net +1 ipset -T test 1:1:1::10,80 +# Check matching IP from even larger net +0 ipset -T test 1:1:1::100,80 +# Update non-matching IP to matching one +0 ipset -! -A test 1:1:1::1,80 +# Delete overlapping small net +0 ipset -D test 1:1:1::/124,80 +# Check matching IP +0 ipset -T test 1:1:1::1,80 +# Add overlapping small net +0 ipset -A test 1:1:1::/124,80 +# Update matching IP as a non-matching one, with shorter timeout +0 ipset -! -A test 1:1:1::1,80 nomatch timeout 2 +# Check non-matching IP +1 ipset -T test 1:1:1::1,80 +# Sleep 3s so that element can time out +0 sleep 3 +# Check non-matching IP +0 ipset -T test 1:1:1::1,80 +# Check matching IP +0 ipset -T test 1:1:1::F,80 +# Delete test set +0 ipset destroy test # eof diff --git a/tests/hash:net6.t b/tests/hash:net6.t index 372ed39..2200362 100644 --- a/tests/hash:net6.t +++ b/tests/hash:net6.t @@ -46,4 +46,42 @@ 0 ipset flush test # Delete test set 0 ipset destroy test +# Create test set with timeout support +0 ipset create test hash:net family inet6 timeout 30 +# Add a non-matching IP address entry +0 ipset -A test 1:1:1::1 nomatch +# Add an overlapping matching small net +0 ipset -A test 1:1:1::/124 +# Add an overlapping non-matching larger net +0 ipset -A test 1:1:1::/120 nomatch +# Add an even larger matching net +0 ipset -A test 1:1:1::/116 +# Check non-matching IP +1 ipset -T test 1:1:1::1 +# Check matching IP from non-matchin small net +0 ipset -T test 1:1:1::F +# Check non-matching IP from larger net +1 ipset -T test 1:1:1::10 +# Check matching IP from even larger net +0 ipset -T test 1:1:1::100 +# Update non-matching IP to matching one +0 ipset -! -A test 1:1:1::1 +# Delete overlapping small net +0 ipset -D test 1:1:1::/124 +# Check matching IP +0 ipset -T test 1:1:1::1 +# Add overlapping small net +0 ipset -A test 1:1:1::/124 +# Update matching IP as a non-matching one, with shorter timeout +0 ipset -! -A test 1:1:1::1 nomatch timeout 2 +# Check non-matching IP +1 ipset -T test 1:1:1::1 +# Sleep 3s so that element can time out +0 sleep 3 +# Check non-matching IP +0 ipset -T test 1:1:1::1 +# Check matching IP +0 ipset -T test 1:1:1::F +# Delete test set +0 ipset destroy test # eof diff --git a/tests/ipportnethash.t b/tests/ipportnethash.t index 22ba63b..120ff88 100644 --- a/tests/ipportnethash.t +++ b/tests/ipportnethash.t @@ -70,6 +70,32 @@ 0 diff -u -I 'Size in memory.*' .foo ipportnethash.t.list1 # Network: Flush test set 0 ipset -F test -# Network: Delete test set +# Add a non-matching IP address entry +0 ipset -A test 2.1.0.0,80,1.1.1.1 nomatch +# Add an overlapping matching small net +0 ipset -A test 2.1.0.0,80,1.1.1.0/30 +# Add an overlapping non-matching larger net +0 ipset -A test 2.1.0.0,80,1.1.1.0/28 nomatch +# Add an even larger matching net +0 ipset -A test 2.1.0.0,80,1.1.1.0/26 +# Check non-matching IP +1 ipset -T test 2.1.0.0,80,1.1.1.1 +# Check matching IP from non-matchin small net +0 ipset -T test 2.1.0.0,80,1.1.1.3 +# Check non-matching IP from larger net +1 ipset -T test 2.1.0.0,80,1.1.1.4 +# Check matching IP from even larger net +0 ipset -T test 2.1.0.0,80,1.1.1.16 +# Update non-matching IP to matching one +0 ipset -! -A test 2.1.0.0,80,1.1.1.1 +# Delete overlapping small net +0 ipset -D test 2.1.0.0,80,1.1.1.0/30 +# Check matching IP +0 ipset -T test 2.1.0.0,80,1.1.1.1 +# Update matching IP as a non-matching one +0 ipset -! -A test 2.1.0.0,80,1.1.1.1 nomatch +# Check non-matching IP +1 ipset -T test 2.1.0.0,80,1.1.1.1 +# Delete test set 0 ipset -X test # eof diff --git a/tests/nethash.t b/tests/nethash.t index 706aaf4..40f79fe 100644 --- a/tests/nethash.t +++ b/tests/nethash.t @@ -38,6 +38,32 @@ 0 diff -u -I 'Size in memory.*' .foo nethash.t.list0 # Flush test set 0 ipset -F test +# Add a non-matching IP address entry +0 ipset -A test 1.1.1.1 nomatch +# Add an overlapping matching small net +0 ipset -A test 1.1.1.0/30 +# Add an overlapping non-matching larger net +0 ipset -A test 1.1.1.0/28 nomatch +# Add an even larger matching net +0 ipset -A test 1.1.1.0/26 +# Check non-matching IP +1 ipset -T test 1.1.1.1 +# Check matching IP from non-matchin small net +0 ipset -T test 1.1.1.3 +# Check non-matching IP from larger net +1 ipset -T test 1.1.1.4 +# Check matching IP from even larger net +0 ipset -T test 1.1.1.16 +# Update non-matching IP to matching one +0 ipset -! -A test 1.1.1.1 +# Delete overlapping small net +0 ipset -D test 1.1.1.0/30 +# Check matching IP +0 ipset -T test 1.1.1.1 +# Update matching IP as a non-matching one +0 ipset -! -A test 1.1.1.1 nomatch +# Check non-matching IP +1 ipset -T test 1.1.1.1 # Delete test set 0 ipset -X test # eof |