summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ChangeLog3
-rw-r--r--Makefile4
-rw-r--r--ipset_iphash.c1
-rw-r--r--ipset_nethash.c1
-rw-r--r--kernel/ChangeLog7
-rw-r--r--kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h2
-rw-r--r--kernel/include/linux/netfilter_ipv4/ip_set_hashes.h18
-rw-r--r--kernel/include/linux/netfilter_ipv4/ip_set_iphash.h3
-rw-r--r--kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h1
-rw-r--r--kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h3
-rw-r--r--kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h3
-rw-r--r--kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h3
-rw-r--r--kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h1
-rw-r--r--kernel/include/linux/netfilter_ipv4/ip_set_nethash.h3
-rw-r--r--kernel/include/linux/netfilter_ipv4/ip_set_portmap.h1
-rw-r--r--kernel/ip_set_iphash.c2
-rw-r--r--kernel/ip_set_ipmap.c2
-rw-r--r--kernel/ip_set_ipporthash.c2
-rw-r--r--kernel/ip_set_ipportiphash.c2
-rw-r--r--kernel/ip_set_ipportnethash.c10
-rw-r--r--kernel/ip_set_iptree.c1
-rw-r--r--kernel/ip_set_iptreemap.c1
-rw-r--r--kernel/ip_set_macipmap.c2
-rw-r--r--kernel/ip_set_nethash.c10
-rw-r--r--kernel/ip_set_portmap.c2
-rw-r--r--kernel/ipt_SET.c12
-rw-r--r--tests/iphash.t6
-rw-r--r--tests/ipmap.t12
-rw-r--r--tests/ipporthash.t6
-rw-r--r--tests/ipportiphash.t6
-rw-r--r--tests/ipportnethash.t6
-rw-r--r--tests/iptree.t6
-rw-r--r--tests/iptreemap.t2
-rw-r--r--tests/macipmap.t6
-rw-r--r--tests/nethash.t2
-rw-r--r--tests/portmap.t6
-rw-r--r--tests/setlist.t4
37 files changed, 103 insertions, 59 deletions
diff --git a/ChangeLog b/ChangeLog
index 26bad25..278a4a0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+2.4.2
+ - Only kernel part changes, see kernel/ChangeLoh
+
2.4.1
- macipmap type reported misleading deprecated separator
tokens and printed the old one at listing set elements
diff --git a/Makefile b/Makefile
index 6de0097..37a241e 100644
--- a/Makefile
+++ b/Makefile
@@ -20,7 +20,7 @@ ifndef V
V=0
endif
-IPSET_VERSION:=2.4.1
+IPSET_VERSION:=2.4.2
PREFIX:=/usr/local
LIBDIR:=$(PREFIX)/lib
@@ -72,7 +72,7 @@ modules_install: modules
install: binaries_install modules_install
clean: $(EXTRA_CLEANS)
- rm -rf $(PROGRAMS) $(SHARED_LIBS) *.o *~
+ rm -rf $(PROGRAMS) $(SHARED_LIBS) *.o *~ tests/*~
[ -f $(KERNEL_DIR)/net/ipv4/netfilter/Config.in ] || (cd kernel; make -C $(KERNEL_DIR) M=`pwd` clean)
#The ipset(8) self
diff --git a/ipset_iphash.c b/ipset_iphash.c
index 6dbb84b..9f02081 100644
--- a/ipset_iphash.c
+++ b/ipset_iphash.c
@@ -21,6 +21,7 @@
#include <arpa/inet.h>
#include <linux/netfilter_ipv4/ip_set_iphash.h>
+
#include "ipset.h"
#define BUFLEN 30;
diff --git a/ipset_nethash.c b/ipset_nethash.c
index d1f3344..3d2e6fe 100644
--- a/ipset_nethash.c
+++ b/ipset_nethash.c
@@ -21,7 +21,6 @@
#include <arpa/inet.h>
#include <linux/netfilter_ipv4/ip_set_nethash.h>
-#include <linux/netfilter_ipv4/ip_set_hashes.h>
#include "ipset.h"
diff --git a/kernel/ChangeLog b/kernel/ChangeLog
index f730927..25006be 100644
--- a/kernel/ChangeLog
+++ b/kernel/ChangeLog
@@ -1,3 +1,10 @@
+2.4.2
+ - When flushing a nethash/ipportnethash type of set, it can
+ lead to a kernel crash due to a wrong type declaration,
+ bug reported by Krzysztof Oledzki.
+ - iptree and iptreemap types require the header file linux/timer.h,
+ also reported by Krzysztof Oledzki.
+
2.4.1
- Zero-valued element are not accepted by hash type of sets
because we cannot make a difference between a zero-valued
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h b/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h
index 916cb80..2e9293f 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h
@@ -3,6 +3,7 @@
/* Macros to generate functions */
+#ifdef __KERNEL__
#define BITMAP_CREATE(type) \
static int \
type##_create(struct ip_set *set, const void *data, size_t size) \
@@ -115,5 +116,6 @@ struct ip_set_type ip_set_##type = { \
.list_members = &type##_list_members, \
.me = THIS_MODULE, \
};
+#endif /* __KERNEL */
#endif /* __IP_SET_BITMAPS_H */
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h b/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h
index 405784a..46512b4 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h
@@ -1,6 +1,8 @@
#ifndef __IP_SET_HASHES_H
#define __IP_SET_HASHES_H
+#define initval_t uint32_t
+
/* Macros to generate functions */
#ifdef __KERNEL__
@@ -30,11 +32,11 @@ type##_retry(struct ip_set *set) \
set->name, map->hashsize, hashsize); \
\
tmp = kmalloc(sizeof(struct ip_set_##type) \
- + map->probes * sizeof(uint32_t), GFP_ATOMIC); \
+ + map->probes * sizeof(initval_t), GFP_ATOMIC); \
if (!tmp) { \
DP("out of memory for %d bytes", \
sizeof(struct ip_set_##type) \
- + map->probes * sizeof(uint32_t)); \
+ + map->probes * sizeof(initval_t)); \
return -ENOMEM; \
} \
tmp->members = harray_malloc(hashsize, sizeof(dtype), GFP_ATOMIC);\
@@ -47,7 +49,7 @@ type##_retry(struct ip_set *set) \
tmp->elements = 0; \
tmp->probes = map->probes; \
tmp->resize = map->resize; \
- memcpy(tmp->initval, map->initval, map->probes * sizeof(uint32_t));\
+ memcpy(tmp->initval, map->initval, map->probes * sizeof(initval_t));\
__##type##_retry(tmp, map); \
\
write_lock_bh(&set->lock); \
@@ -103,15 +105,15 @@ type##_create(struct ip_set *set, const void *data, size_t size) \
} \
\
map = kmalloc(sizeof(struct ip_set_##type) \
- + req->probes * sizeof(uint32_t), GFP_KERNEL); \
+ + req->probes * sizeof(initval_t), GFP_KERNEL); \
if (!map) { \
DP("out of memory for %d bytes", \
sizeof(struct ip_set_##type) \
- + req->probes * sizeof(uint32_t)); \
+ + req->probes * sizeof(initval_t)); \
return -ENOMEM; \
} \
for (i = 0; i < req->probes; i++) \
- get_random_bytes(((uint32_t *) map->initval)+i, 4); \
+ get_random_bytes(((initval_t *) map->initval)+i, 4); \
map->elements = 0; \
map->hashsize = req->hashsize; \
map->probes = req->probes; \
@@ -158,8 +160,8 @@ type##_flush(struct ip_set *set) \
{ \
struct ip_set_##type *map = set->data; \
harray_flush(map->members, map->hashsize, sizeof(dtype)); \
- memset(map->cidr, 0, 30 * sizeof(uint8_t)); \
- memset(map->nets, 0, 30 * sizeof(uint32_t)); \
+ memset(map->cidr, 0, sizeof(map->cidr)); \
+ memset(map->nets, 0, sizeof(map->nets)); \
map->elements = 0; \
}
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h b/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h
index 7551cb2..277bc8c 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h
@@ -2,6 +2,7 @@
#define __IP_SET_IPHASH_H
#include <linux/netfilter_ipv4/ip_set.h>
+#include <linux/netfilter_ipv4/ip_set_hashes.h>
#define SETTYPE_NAME "iphash"
@@ -12,7 +13,7 @@ struct ip_set_iphash {
uint16_t probes; /* max number of probes */
uint16_t resize; /* resize factor in percent */
ip_set_ip_t netmask; /* netmask */
- uint32_t initval[0]; /* initvals for jhash_1word */
+ initval_t initval[0]; /* initvals for jhash_1word */
};
struct ip_set_req_iphash_create {
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h
index 2f409d9..3d800ef 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h
@@ -2,6 +2,7 @@
#define __IP_SET_IPMAP_H
#include <linux/netfilter_ipv4/ip_set.h>
+#include <linux/netfilter_ipv4/ip_set_bitmaps.h>
#define SETTYPE_NAME "ipmap"
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h
index ccec14e..b5db5f5 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h
@@ -2,6 +2,7 @@
#define __IP_SET_IPPORTHASH_H
#include <linux/netfilter_ipv4/ip_set.h>
+#include <linux/netfilter_ipv4/ip_set_hashes.h>
#define SETTYPE_NAME "ipporthash"
@@ -13,7 +14,7 @@ struct ip_set_ipporthash {
uint16_t resize; /* resize factor in percent */
ip_set_ip_t first_ip; /* host byte order, included in range */
ip_set_ip_t last_ip; /* host byte order, included in range */
- uint32_t initval[0]; /* initvals for jhash_1word */
+ initval_t initval[0]; /* initvals for jhash_1word */
};
struct ip_set_req_ipporthash_create {
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h
index 4d794bf..eb6cf55 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h
@@ -2,6 +2,7 @@
#define __IP_SET_IPPORTIPHASH_H
#include <linux/netfilter_ipv4/ip_set.h>
+#include <linux/netfilter_ipv4/ip_set_hashes.h>
#define SETTYPE_NAME "ipportiphash"
@@ -18,7 +19,7 @@ struct ip_set_ipportiphash {
uint16_t resize; /* resize factor in percent */
ip_set_ip_t first_ip; /* host byte order, included in range */
ip_set_ip_t last_ip; /* host byte order, included in range */
- uint32_t initval[0]; /* initvals for jhash_1word */
+ initval_t initval[0]; /* initvals for jhash_1word */
};
struct ip_set_req_ipportiphash_create {
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h
index 9c78a68..951da92 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h
@@ -2,6 +2,7 @@
#define __IP_SET_IPPORTNETHASH_H
#include <linux/netfilter_ipv4/ip_set.h>
+#include <linux/netfilter_ipv4/ip_set_hashes.h>
#define SETTYPE_NAME "ipportnethash"
@@ -20,7 +21,7 @@ struct ip_set_ipportnethash {
ip_set_ip_t last_ip; /* host byte order, included in range */
uint8_t cidr[30]; /* CIDR sizes */
uint16_t nets[30]; /* nr of nets by CIDR sizes */
- uint32_t initval[0]; /* initvals for jhash_1word */
+ initval_t initval[0]; /* initvals for jhash_1word */
};
struct ip_set_req_ipportnethash_create {
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h
index 82ea96d..c983214 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h
@@ -2,6 +2,7 @@
#define __IP_SET_MACIPMAP_H
#include <linux/netfilter_ipv4/ip_set.h>
+#include <linux/netfilter_ipv4/ip_set_bitmaps.h>
#define SETTYPE_NAME "macipmap"
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h b/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h
index eecd68b..b2d006f 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h
@@ -2,6 +2,7 @@
#define __IP_SET_NETHASH_H
#include <linux/netfilter_ipv4/ip_set.h>
+#include <linux/netfilter_ipv4/ip_set_hashes.h>
#define SETTYPE_NAME "nethash"
@@ -13,7 +14,7 @@ struct ip_set_nethash {
uint16_t resize; /* resize factor in percent */
uint8_t cidr[30]; /* CIDR sizes */
uint16_t nets[30]; /* nr of nets by CIDR sizes */
- uint32_t initval[0]; /* initvals for jhash_1word */
+ initval_t initval[0]; /* initvals for jhash_1word */
};
struct ip_set_req_nethash_create {
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h
index 1a15380..e878327 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h
@@ -2,6 +2,7 @@
#define __IP_SET_PORTMAP_H
#include <linux/netfilter_ipv4/ip_set.h>
+#include <linux/netfilter_ipv4/ip_set_bitmaps.h>
#define SETTYPE_NAME "portmap"
diff --git a/kernel/ip_set_iphash.c b/kernel/ip_set_iphash.c
index 38b83ed..976fcfc 100644
--- a/kernel/ip_set_iphash.c
+++ b/kernel/ip_set_iphash.c
@@ -20,8 +20,6 @@
#include <net/ip.h>
-#include <linux/netfilter_ipv4/ip_set.h>
-#include <linux/netfilter_ipv4/ip_set_hashes.h>
#include <linux/netfilter_ipv4/ip_set_iphash.h>
static int limit = MAX_RANGE;
diff --git a/kernel/ip_set_ipmap.c b/kernel/ip_set_ipmap.c
index e1a1663..442f0d3 100644
--- a/kernel/ip_set_ipmap.c
+++ b/kernel/ip_set_ipmap.c
@@ -17,8 +17,6 @@
#include <asm/bitops.h>
#include <linux/spinlock.h>
-#include <linux/netfilter_ipv4/ip_set.h>
-#include <linux/netfilter_ipv4/ip_set_bitmaps.h>
#include <linux/netfilter_ipv4/ip_set_ipmap.h>
static inline ip_set_ip_t
diff --git a/kernel/ip_set_ipporthash.c b/kernel/ip_set_ipporthash.c
index 97b2323..2e2bfa5 100644
--- a/kernel/ip_set_ipporthash.c
+++ b/kernel/ip_set_ipporthash.c
@@ -22,8 +22,6 @@
#include <net/ip.h>
-#include <linux/netfilter_ipv4/ip_set.h>
-#include <linux/netfilter_ipv4/ip_set_hashes.h>
#include <linux/netfilter_ipv4/ip_set_ipporthash.h>
#include <linux/netfilter_ipv4/ip_set_getport.h>
diff --git a/kernel/ip_set_ipportiphash.c b/kernel/ip_set_ipportiphash.c
index 74e8f7e..2130508 100644
--- a/kernel/ip_set_ipportiphash.c
+++ b/kernel/ip_set_ipportiphash.c
@@ -22,8 +22,6 @@
#include <net/ip.h>
-#include <linux/netfilter_ipv4/ip_set.h>
-#include <linux/netfilter_ipv4/ip_set_hashes.h>
#include <linux/netfilter_ipv4/ip_set_ipportiphash.h>
#include <linux/netfilter_ipv4/ip_set_getport.h>
diff --git a/kernel/ip_set_ipportnethash.c b/kernel/ip_set_ipportnethash.c
index 0f08ba6..3c7f859 100644
--- a/kernel/ip_set_ipportnethash.c
+++ b/kernel/ip_set_ipportnethash.c
@@ -22,8 +22,6 @@
#include <net/ip.h>
-#include <linux/netfilter_ipv4/ip_set.h>
-#include <linux/netfilter_ipv4/ip_set_hashes.h>
#include <linux/netfilter_ipv4/ip_set_ipportnethash.h>
#include <linux/netfilter_ipv4/ip_set_getport.h>
@@ -223,8 +221,8 @@ __ipportnethash_retry(struct ip_set_ipportnethash *tmp,
{
tmp->first_ip = map->first_ip;
tmp->last_ip = map->last_ip;
- memcpy(tmp->cidr, map->cidr, 30 * sizeof(uint8_t));
- memcpy(tmp->nets, map->nets, 30 * sizeof(uint16_t));
+ memcpy(tmp->cidr, map->cidr, sizeof(tmp->cidr));
+ memcpy(tmp->nets, map->nets, sizeof(tmp->nets));
}
HASH_RETRY2(ipportnethash, struct ipportip)
@@ -273,8 +271,8 @@ __ipportnethash_create(const struct ip_set_req_ipportnethash_create *req,
}
map->first_ip = req->from;
map->last_ip = req->to;
- memset(map->cidr, 0, 30 * sizeof(uint8_t));
- memset(map->nets, 0, 30 * sizeof(uint16_t));
+ memset(map->cidr, 0, sizeof(map->cidr));
+ memset(map->nets, 0, sizeof(map->nets));
return 0;
}
diff --git a/kernel/ip_set_iptree.c b/kernel/ip_set_iptree.c
index 22a94d1..f51dea1 100644
--- a/kernel/ip_set_iptree.c
+++ b/kernel/ip_set_iptree.c
@@ -17,6 +17,7 @@
#include <asm/uaccess.h>
#include <asm/bitops.h>
#include <linux/spinlock.h>
+#include <linux/timer.h>
#include <linux/netfilter_ipv4/ip_set.h>
#include <linux/netfilter_ipv4/ip_set_bitmaps.h>
diff --git a/kernel/ip_set_iptreemap.c b/kernel/ip_set_iptreemap.c
index 4a13e4f..4bf70f7 100644
--- a/kernel/ip_set_iptreemap.c
+++ b/kernel/ip_set_iptreemap.c
@@ -21,6 +21,7 @@
#include <asm/uaccess.h>
#include <asm/bitops.h>
#include <linux/spinlock.h>
+#include <linux/timer.h>
#include <linux/netfilter_ipv4/ip_set.h>
#include <linux/netfilter_ipv4/ip_set_bitmaps.h>
diff --git a/kernel/ip_set_macipmap.c b/kernel/ip_set_macipmap.c
index 4b2b1de..61ea6d5 100644
--- a/kernel/ip_set_macipmap.c
+++ b/kernel/ip_set_macipmap.c
@@ -19,8 +19,6 @@
#include <linux/spinlock.h>
#include <linux/if_ether.h>
-#include <linux/netfilter_ipv4/ip_set.h>
-#include <linux/netfilter_ipv4/ip_set_bitmaps.h>
#include <linux/netfilter_ipv4/ip_set_macipmap.h>
static int
diff --git a/kernel/ip_set_nethash.c b/kernel/ip_set_nethash.c
index a04857c..9b3d826 100644
--- a/kernel/ip_set_nethash.c
+++ b/kernel/ip_set_nethash.c
@@ -20,8 +20,6 @@
#include <net/ip.h>
-#include <linux/netfilter_ipv4/ip_set.h>
-#include <linux/netfilter_ipv4/ip_set_hashes.h>
#include <linux/netfilter_ipv4/ip_set_nethash.h>
static int limit = MAX_RANGE;
@@ -153,8 +151,8 @@ KADT(nethash, add, ipaddr, cidr)
static inline void
__nethash_retry(struct ip_set_nethash *tmp, struct ip_set_nethash *map)
{
- memcpy(tmp->cidr, map->cidr, 30 * sizeof(uint8_t));
- memcpy(tmp->nets, map->nets, 30 * sizeof(uint16_t));
+ memcpy(tmp->cidr, map->cidr, sizeof(tmp->cidr));
+ memcpy(tmp->nets, map->nets, sizeof(tmp->nets));
}
HASH_RETRY(nethash, ip_set_ip_t)
@@ -190,8 +188,8 @@ static inline int
__nethash_create(const struct ip_set_req_nethash_create *req,
struct ip_set_nethash *map)
{
- memset(map->cidr, 0, 30 * sizeof(uint8_t));
- memset(map->nets, 0, 30 * sizeof(uint16_t));
+ memset(map->cidr, 0, sizeof(map->cidr));
+ memset(map->nets, 0, sizeof(map->nets));
return 0;
}
diff --git a/kernel/ip_set_portmap.c b/kernel/ip_set_portmap.c
index 79cc511..8b0ec0a 100644
--- a/kernel/ip_set_portmap.c
+++ b/kernel/ip_set_portmap.c
@@ -19,8 +19,6 @@
#include <net/ip.h>
-#include <linux/netfilter_ipv4/ip_set.h>
-#include <linux/netfilter_ipv4/ip_set_bitmaps.h>
#include <linux/netfilter_ipv4/ip_set_portmap.h>
#include <linux/netfilter_ipv4/ip_set_getport.h>
diff --git a/kernel/ipt_SET.c b/kernel/ipt_SET.c
index f6afafd..960e557 100644
--- a/kernel/ipt_SET.c
+++ b/kernel/ipt_SET.c
@@ -10,17 +10,11 @@
/* ipt_SET.c - netfilter target to manipulate IP sets */
-#include <linux/types.h>
-#include <linux/ip.h>
-#include <linux/timer.h>
#include <linux/module.h>
-#include <linux/netfilter.h>
-#include <linux/netdevice.h>
-#include <linux/if.h>
-#include <linux/inetdevice.h>
+#include <linux/ip.h>
+#include <linux/skbuff.h>
#include <linux/version.h>
-#include <net/protocol.h>
-#include <net/checksum.h>
+
#include <linux/netfilter_ipv4.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
#include <linux/netfilter_ipv4/ip_tables.h>
diff --git a/tests/iphash.t b/tests/iphash.t
index 731457d..46ce58b 100644
--- a/tests/iphash.t
+++ b/tests/iphash.t
@@ -14,12 +14,16 @@
0 ipset -T test 192.168.68.69
# IP: Test value not added to the set
1 ipset -T test 2.0.0.2
+# IP: Flush test set
+0 ipset -F test
# IP: Delete test set
0 ipset -X test
# IP: Restore values so that rehashing is triggered
0 ipset -R < iphash.t.restore
# IP: Check that all values are restored
0 (egrep -v '#|-N' iphash.t.restore | sort > .foo.1) && (ipset -S test | egrep -v '#|-N' | sort > .foo.2) && cmp .foo.1 .foo.2 && rm .foo.*
+# IP: Flush test set
+0 ipset -F test
# IP: Delete test set
0 ipset -X test
# Network: Create a set
@@ -34,6 +38,8 @@
0 ipset -T test 192.168.68.95
# Network: Test value not added to the set
1 ipset -T test 2.0.1.0
+# Network: Flush test set
+0 ipset -F test
# Network: Delete test set
0 ipset -X test
# eof
diff --git a/tests/ipmap.t b/tests/ipmap.t
index fea8389..58b913a 100644
--- a/tests/ipmap.t
+++ b/tests/ipmap.t
@@ -20,7 +20,9 @@
1 ipset -A test 2.0.0.0
# Range: Try to add value after upper boundary
1 ipset -A test 2.1.0.1
-# Range: Delete test test
+# Range: Flush test set
+0 ipset -F test
+# Range: Delete test set
0 ipset -X test
# Network: Try to create a set from an invalid network
2 ipset -N test ipmap --network 2.0.0.0/15
@@ -44,7 +46,9 @@
1 ipset -A test 1.255.255.255
# Network: Try to add value after upper boundary
1 ipset -A test 2.1.0.0
-# Network: Delete test test
+# Network: Flush test set
+0 ipset -F test
+# Network: Delete test set
0 ipset -X test
# Subnets: Create a set to store networks
0 ipset -N test ipmap --network 10.0.0.0/8 --netmask 24
@@ -66,7 +70,9 @@
1 ipset -A test 9.255.255.255
# Subnets: Try to add value after upper boundary
1 ipset -A test 11.0.0.0
-# Subnets: Delete test test
+# Subnets: FLush test set
+0 ipset -F test
+# Subnets: Delete test set
0 ipset -X test
# Full: Create full IPv4 space with /16 networks
0 ipset -N test ipmap --network 0.0.0.0/0 --netmask 16
diff --git a/tests/ipporthash.t b/tests/ipporthash.t
index fe246a3..4db4bf3 100644
--- a/tests/ipporthash.t
+++ b/tests/ipporthash.t
@@ -26,7 +26,9 @@
1 ipset -A test 2.0.0.0,5
# Range: Try to add value after upper boundary
1 ipset -A test 2.1.0.1,128
-# Range: Delete test test
+# Range: Flush test set
+0 ipset -F test
+# Range: Delete test set
0 ipset -X test
# Network: Try to create a set from an invalid network
2 ipset -N test ipporthash --network 2.0.0.0/15
@@ -52,6 +54,8 @@
1 ipset -A test 1.255.255.255,5
# Network: Try to add value after upper boundary
1 ipset -A test 2.1.0.0,128
+# Network: Flush test set
+0 ipset -F test
# Network: Delete test set
0 ipset -X test
# eof
diff --git a/tests/ipportiphash.t b/tests/ipportiphash.t
index 058b706..2b38667 100644
--- a/tests/ipportiphash.t
+++ b/tests/ipportiphash.t
@@ -28,7 +28,9 @@
1 ipset -A test 2.0.0.0,5,1.1.1.1
# Range: Try to add value after upper boundary
1 ipset -A test 2.1.0.1,128,2.2.2.2
-# Range: Delete test test
+# Range: Flush test set
+0 ipset -F test
+# Range: Delete test set
0 ipset -X test
# Network: Try to create a set from an invalid network
2 ipset -N test ipportiphash --network 2.0.0.0/15
@@ -54,6 +56,8 @@
1 ipset -A test 1.255.255.255,5,1.1.1.1
# Network: Try to add value after upper boundary
1 ipset -A test 2.1.0.0,128,2.2.2.2
+# Network: Flush test set
+0 ipset -F test
# Network: Delete test set
0 ipset -X test
# eof
diff --git a/tests/ipportnethash.t b/tests/ipportnethash.t
index 18e89a1..35cb9fc 100644
--- a/tests/ipportnethash.t
+++ b/tests/ipportnethash.t
@@ -28,7 +28,9 @@
1 ipset -A test 2.0.0.0,5,1.1.1.1/24
# Range: Try to add value after upper boundary
1 ipset -A test 2.1.0.1,128,2.2.2.2/12
-# Range: Delete test test
+# Range: Flush test set
+0 ipset -F test
+# Range: Delete test set
0 ipset -X test
# Network: Try to create a set from an invalid network
2 ipset -N test ipportnethash --network 2.0.0.0/15
@@ -54,6 +56,8 @@
1 ipset -A test 1.255.255.255,5,1.1.1.1/24
# Network: Try to add value after upper boundary
1 ipset -A test 2.1.0.0,128,2.2.2.2/12
+# Network: Flush test set
+0 ipset -F test
# Network: Delete test set
0 ipset -X test
# eof
diff --git a/tests/iptree.t b/tests/iptree.t
index 0e661ce..746baed 100644
--- a/tests/iptree.t
+++ b/tests/iptree.t
@@ -12,7 +12,9 @@
1 ipset -T test 2.0.0.2
# Static: Test value not added to the set
1 ipset -T test 192.168.68.70
-# Static: Delete test test
+# Static: Flush test set
+0 ipset -F test
+# Static: Delete test set
0 ipset -X test
# Timeout: Create a set with a timeout parameter
0 ipset -N test iptree --timeout 5
@@ -46,6 +48,8 @@
0 sleep 4
# Timeout: Test entry added with 3s timeout
1 ipset -T test 2.0.0.2
+# Timeout: Flush test set
+0 ipset -F test
# Timeout: Delete test set
0 ipset -X test
# eof
diff --git a/tests/iptreemap.t b/tests/iptreemap.t
index 66ee325..b563522 100644
--- a/tests/iptreemap.t
+++ b/tests/iptreemap.t
@@ -46,6 +46,8 @@
0 ipset -T test 192.168.68.67
# Test element after upper bound of deleted network
0 ipset -T test 192.168.68.72
+# Flush test set
+0 ipset -F test
# Delete test set
0 ipset -X test
# eof
diff --git a/tests/macipmap.t b/tests/macipmap.t
index 049eaee..a498a4f 100644
--- a/tests/macipmap.t
+++ b/tests/macipmap.t
@@ -26,7 +26,9 @@
1 ipset -T test 2.0.0.2,00:11:22:33:44:56
# Range: Test value with valid MAC
0 ipset -T test 2.0.0.2,00:11:22:33:44:55
-# Range: Delete test test
+# Range: Flush test set
+0 ipset -F test
+# Range: Delete test set
0 ipset -X test
# Network: Try to create a set from an invalid network
2 ipset -N test macipmap --network 2.0.0.0/15
@@ -50,6 +52,8 @@
1 ipset -A test 1.255.255.255
# Network: Try to add value after upper boundary
1 ipset -A test 2.1.0.0
+# Network: Flush test set
+0 ipset -F test
# Network: Delete test set
0 ipset -X test
# eof
diff --git a/tests/nethash.t b/tests/nethash.t
index bcb873b..0011216 100644
--- a/tests/nethash.t
+++ b/tests/nethash.t
@@ -16,6 +16,8 @@
1 ipset -T test 2.0.1.0
# Try to add IP address
2 ipset -A test 2.0.0.1
+# Flush test set
+0 ipset -F test
# Delete test set
0 ipset -X test
# eof
diff --git a/tests/portmap.t b/tests/portmap.t
index e616f15..299877a 100644
--- a/tests/portmap.t
+++ b/tests/portmap.t
@@ -18,7 +18,9 @@
1 ipset -A test 0
# Range: Try to add value after upper boundary
1 ipset -A test 1025
-# Range: Delete test test
+# Range: Flush test set
+0 ipset -F test
+# Range: Delete test set
0 ipset -X test
# Full: Create a full set of ports
0 ipset -N test portmap --from 0 --to 65535
@@ -32,6 +34,8 @@
0 ipset -T test 65535
# Full: Test value not added to the set
1 ipset -T test 1
+# Full: Flush test set
+0 ipset -F test
# Full: Delete test set
0 ipset -X test
# eof
diff --git a/tests/setlist.t b/tests/setlist.t
index 785dc13..183a7ab 100644
--- a/tests/setlist.t
+++ b/tests/setlist.t
@@ -26,6 +26,8 @@
1 ipset -D test foo,after,bar
# Setlist: Delete bar,after,foo
0 ipset -D test bar,after,foo
-# Setlist: Delete test test
+# Setlist: Flush test set
+0 ipset -F test
+# Setlist: Delete test set
0 ipset -X test
# eof