diff options
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/cidr.sh | 32 | ||||
-rw-r--r-- | tests/comment.t | 2 | ||||
-rw-r--r-- | tests/hash:ip,port.t | 126 | ||||
-rw-r--r-- | tests/hash:ip,port.t.list2 | 2 | ||||
-rw-r--r-- | tests/hash:ip,port.t.list3 | 11 | ||||
-rw-r--r-- | tests/hash:ip,port.t.list4 | 9 | ||||
-rw-r--r-- | tests/hash:ip,port.t.list5 | 11 | ||||
-rw-r--r-- | tests/hash:ip,port.t.list6 | 9 | ||||
-rw-r--r-- | tests/hash:ip,port.t.list7 | 9 | ||||
-rw-r--r-- | tests/hash:ip.t | 82 | ||||
-rw-r--r-- | tests/hash:ip.t.list4 | 11 | ||||
-rw-r--r-- | tests/hash:ip.t.list5 | 9 | ||||
-rw-r--r-- | tests/hash:ip.t.list6 | 9 | ||||
-rw-r--r-- | tests/hash:net,iface.t | 4 | ||||
-rw-r--r-- | tests/hash:net,net.t | 106 | ||||
-rw-r--r-- | tests/hash:net,net.t.list3 | 11 | ||||
-rw-r--r-- | tests/hash:net,net.t.list4 | 9 | ||||
-rw-r--r-- | tests/hash:net,net.t.list5 | 11 | ||||
-rw-r--r-- | tests/hash:net,net.t.list6 | 9 | ||||
-rw-r--r-- | tests/hash:net,net.t.list7 | 9 | ||||
-rw-r--r-- | tests/hash:net,port,net.t | 6 | ||||
-rwxr-xr-x | tests/netnetgen.sh | 2 | ||||
-rw-r--r-- | tests/restore.t | 24 | ||||
-rwxr-xr-x | tests/setlist_resize.sh | 6 | ||||
l--------- | tests/xlate/ipset-translate | 1 | ||||
-rwxr-xr-x | tests/xlate/runtest.sh | 35 | ||||
-rw-r--r-- | tests/xlate/xlate.t | 57 | ||||
-rw-r--r-- | tests/xlate/xlate.t.nft | 58 |
28 files changed, 655 insertions, 15 deletions
diff --git a/tests/cidr.sh b/tests/cidr.sh index b7d695a..2c4d939 100755 --- a/tests/cidr.sh +++ b/tests/cidr.sh @@ -37,6 +37,30 @@ NETS="0.0.0.0/1 ipset="../src/ipset" +if which netmask >/dev/null 2>&1; then + net_first_addr() { + netmask -r $1 | cut -d - -f 1 + } + net_last_addr() { + netmask -r $1 | cut -d - -f 2 | cut -d ' ' -f 1 + } +elif which ipcalc >/dev/null 2>&1; then + net_first_addr() { + ipcalc $1 | awk '/^Address:/{print $2}' + } + net_last_addr() { + # Netmask tool prints broadcast address as last one, so + # prefer that instead of HostMax. Also fix for /31 and /32 + # being recognized as special by ipcalc. + ipcalc $1 | awk '/^(Hostroute|HostMax):/{out=$2} + /^Broadcast:/{out=$2} + END{print out}' + } +else + echo "need either netmask or ipcalc tools" + exit 1 +fi + case "$1" in net) $ipset n test hash:net @@ -46,9 +70,9 @@ net) done <<<"$NETS" while IFS= read x; do - first=`netmask -r $x | cut -d - -f 1` + first=`net_first_addr $x` $ipset test test $first >/dev/null 2>&1 - last=`netmask -r $x | cut -d - -f 2 | cut -d ' ' -f 1` + last=`net_last_addr $x` $ipset test test $last >/dev/null 2>&1 done <<<"$NETS" @@ -67,9 +91,9 @@ net,port) n=1 while IFS= read x; do - first=`netmask -r $x | cut -d - -f 1` + first=`net_first_addr $x` $ipset test test $first,$n >/dev/null 2>&1 - last=`netmask -r $x | cut -d - -f 2 | cut -d ' ' -f 1` + last=`net_last_addr $x` $ipset test test $last,$n >/dev/null 2>&1 n=$((n+1)) done <<<"$NETS" diff --git a/tests/comment.t b/tests/comment.t index a4b9973..8f57919 100644 --- a/tests/comment.t +++ b/tests/comment.t @@ -113,7 +113,7 @@ # Hash comment: Stress test with comments and timeout 0 ./netnetgen.sh comment timeout | ipset restore # Hash comment: List set and check the number of elements -0 n=`ipset -L test|grep '^10.'|wc -l` && test $n -eq 87040 +0 n=`ipset save test|grep 'add test 10.'|wc -l` && test $n -eq 87040 # Hash comment: Destroy test set 0 ipset destroy test # Hash comment: create set with timeout diff --git a/tests/hash:ip,port.t b/tests/hash:ip,port.t index 7a0e821..f65fb59 100644 --- a/tests/hash:ip,port.t +++ b/tests/hash:ip,port.t @@ -62,10 +62,10 @@ 0 ipset test test 2.0.0.1,tcp:80 # Test element with UDP protocol 0 ipset test test 2.0.0.1,udp:80 -# Add element with vrrp -0 ipset add test 2.0.0.1,vrrp:0 -# Test element with vrrp -0 ipset test test 2.0.0.1,vrrp:0 +# Add element with GRE +0 ipset add test 2.0.0.1,gre:0 +# Test element with GRE +0 ipset test test 2.0.0.1,gre:0 # Add element with sctp 0 ipset add test 2.0.0.1,sctp:80 # Test element with sctp @@ -170,4 +170,122 @@ 0 ./check_extensions test 2.0.0.20 700 13 12479 # Counters and timeout: destroy set 0 ipset x test +# Network: Create a set with timeout and netmask +0 ipset -N test hash:ip,port --hashsize 128 --netmask 24 timeout 4 +# Network: Add zero valued element +1 ipset -A test 0.0.0.0,80 +# Network: Test zero valued element +1 ipset -T test 0.0.0.0,80 +# Network: Delete zero valued element +1 ipset -D test 0.0.0.0,80 +# Network: Add first random network +0 ipset -A test 2.0.0.1,8080 +# Network: Add second random network +0 ipset -A test 192.168.68.69,22 +# Network: Test first random value +0 ipset -T test 2.0.0.255,8080 +# Network: Test second random value +0 ipset -T test 192.168.68.95,22 +# Network: Test value not added to the set +1 ipset -T test 2.0.1.0,8080 +# Network: Add third element +0 ipset -A test 200.100.10.1,22 timeout 0 +# Network: Add third random network +0 ipset -A test 200.100.0.12,22 +# Network: Delete the same network +0 ipset -D test 200.100.0.12,22 +# Network: List set +0 ipset -L test > .foo0 && ./sort.sh .foo0 +# Network: Check listing +0 ./diff.sh .foo hash:ip,port.t.list3 +# Sleep 5s so that elements can time out +0 sleep 5 +# Network: List set +0 ipset -L test > .foo +# Network: Check listing +0 ./diff.sh .foo hash:ip,port.t.list4 +# Network: Flush test set +0 ipset -F test +# Network: add element with 1s timeout +0 ipset add test 200.100.0.12,80 timeout 1 +# Network: readd element with 3s timeout +0 ipset add test 200.100.0.12,80 timeout 3 -exist +# Network: sleep 2s +0 sleep 2s +# Network: check readded element +0 ipset test test 200.100.0.12,80 +# Network: Delete test set +0 ipset -X test +# Network: Create a set with timeout and bitmask +0 ipset -N test hash:ip,port --hashsize 128 --bitmask 255.255.255.0 timeout 4 +# Network: Add zero valued element +1 ipset -A test 0.0.0.0,80 +# Network: Test zero valued element +1 ipset -T test 0.0.0.0,80 +# Network: Delete zero valued element +1 ipset -D test 0.0.0.0,80 +# Network: Add first random network +0 ipset -A test 2.0.0.1,8080 +# Network: Add second random network +0 ipset -A test 192.168.68.69,22 +# Network: Test first random value +0 ipset -T test 2.0.0.255,8080 +# Network: Test second random value +0 ipset -T test 192.168.68.95,22 +# Network: Test value not added to the set +1 ipset -T test 2.0.1.0,8080 +# Network: Add third element +0 ipset -A test 200.100.10.1,22 timeout 0 +# Network: Add third random network +0 ipset -A test 200.100.0.12,22 +# Network: Delete the same network +0 ipset -D test 200.100.0.12,22 +# Network: List set +0 ipset -L test > .foo0 && ./sort.sh .foo0 +# Network: Check listing +0 ./diff.sh .foo hash:ip,port.t.list5 +# Sleep 5s so that elements can time out +0 sleep 5 +# Network: List set +0 ipset -L test > .foo +# Network: Check listing +0 ./diff.sh .foo hash:ip,port.t.list6 +# Network: Flush test set +0 ipset -F test +# Network: add element with 1s timeout +0 ipset add test 200.100.0.12,80 timeout 1 +# Network: readd element with 3s timeout +0 ipset add test 200.100.0.12,80 timeout 3 -exist +# Network: sleep 2s +0 sleep 2s +# Network: check readded element +0 ipset test test 200.100.0.12,80 +# Network: Delete test set +0 ipset -X test +# Network: Create a set with bitmask which is not a valid netmask +0 ipset -N test hash:ip,port --hashsize 128 --bitmask 255.255.0.255 +# Network: Add zero valued element +1 ipset -A test 0.0.0.0 +# Network: Test zero valued element +1 ipset -T test 0.0.0.0 +# Network: Delete zero valued element +1 ipset -D test 0.0.0.0 +# Network: Add first random network +0 ipset -A test 1.2.3.4,22 +# Network: Add second random network +0 ipset -A test 1.168.122.124,22 +# Network: Test first random value +0 ipset -T test 1.2.9.4,22 +# Network: Test second random value +0 ipset -T test 1.168.68.124,22 +# Network: Test value not added to the set +1 ipset -T test 2.0.1.0,23 +# Network: Test delete value +0 ipset -D test 1.168.0.124,22 +# Network: List set +0 ipset -L test > .foo +# Network: Check listing +0 ./diff.sh .foo hash:ip,port.t.list7 +# Network: Delete test set +0 ipset -X test # eof diff --git a/tests/hash:ip,port.t.list2 b/tests/hash:ip,port.t.list2 index ffaedb5..2550422 100644 --- a/tests/hash:ip,port.t.list2 +++ b/tests/hash:ip,port.t.list2 @@ -6,6 +6,6 @@ Size in memory: 480 References: 0 Number of entries: 3 Members: +2.0.0.1,gre:0 2.0.0.1,tcp:80 2.0.0.1,udp:80 -2.0.0.1,vrrp:0 diff --git a/tests/hash:ip,port.t.list3 b/tests/hash:ip,port.t.list3 new file mode 100644 index 0000000..b2cdc28 --- /dev/null +++ b/tests/hash:ip,port.t.list3 @@ -0,0 +1,11 @@ +Name: test +Type: hash:ip,port +Revision: 7 +Header: family inet hashsize 128 maxelem 65536 timeout 4 bucketsize 12 initval 0xf49ba001 netmask 24 +Size in memory: 408 +References: 0 +Number of entries: 3 +Members: +192.168.68.0,tcp:22 timeout 3 +2.0.0.0,tcp:8080 timeout 3 +200.100.10.0,tcp:22 timeout 0 diff --git a/tests/hash:ip,port.t.list4 b/tests/hash:ip,port.t.list4 new file mode 100644 index 0000000..c28987a --- /dev/null +++ b/tests/hash:ip,port.t.list4 @@ -0,0 +1,9 @@ +Name: test +Type: hash:ip,port +Revision: 7 +Header: family inet hashsize 128 maxelem 65536 timeout 4 bucketsize 12 initval 0x18b2277a netmask 24 +Size in memory: 408 +References: 0 +Number of entries: 1 +Members: +200.100.10.0,tcp:22 timeout 0 diff --git a/tests/hash:ip,port.t.list5 b/tests/hash:ip,port.t.list5 new file mode 100644 index 0000000..b5fa817 --- /dev/null +++ b/tests/hash:ip,port.t.list5 @@ -0,0 +1,11 @@ +Name: test +Type: hash:ip,port +Revision: 7 +Header: family inet hashsize 128 maxelem 65536 timeout 4 bucketsize 12 initval 0x6a0e903a bitmask 255.255.255.0 +Size in memory: 408 +References: 0 +Number of entries: 3 +Members: +192.168.68.0,tcp:22 timeout 3 +2.0.0.0,tcp:8080 timeout 3 +200.100.10.0,tcp:22 timeout 0 diff --git a/tests/hash:ip,port.t.list6 b/tests/hash:ip,port.t.list6 new file mode 100644 index 0000000..33969cf --- /dev/null +++ b/tests/hash:ip,port.t.list6 @@ -0,0 +1,9 @@ +Name: test +Type: hash:ip,port +Revision: 7 +Header: family inet hashsize 128 maxelem 65536 timeout 4 bucketsize 12 initval 0x2fcffdca bitmask 255.255.255.0 +Size in memory: 408 +References: 0 +Number of entries: 1 +Members: +200.100.10.0,tcp:22 timeout 0 diff --git a/tests/hash:ip,port.t.list7 b/tests/hash:ip,port.t.list7 new file mode 100644 index 0000000..f223657 --- /dev/null +++ b/tests/hash:ip,port.t.list7 @@ -0,0 +1,9 @@ +Name: test +Type: hash:ip,port +Revision: 7 +Header: family inet hashsize 128 maxelem 65536 bucketsize 12 initval 0x98bdfa72 bitmask 255.255.0.255 +Size in memory: 312 +References: 0 +Number of entries: 1 +Members: +1.2.0.4,tcp:22 diff --git a/tests/hash:ip.t b/tests/hash:ip.t index 3239701..3771437 100644 --- a/tests/hash:ip.t +++ b/tests/hash:ip.t @@ -72,7 +72,7 @@ 0 n=`ipset list test|grep '^10.0'|wc -l` && test $n -eq 1024 # IP: Destroy sets 0 ipset -X -# Network: Create a set with timeout +# Network: Create a set with timeout and netmask 0 ipset -N test iphash --hashsize 128 --netmask 24 timeout 4 # Network: Add zero valued element 1 ipset -A test 0.0.0.0 @@ -136,6 +136,12 @@ 0 ipset del test 10.0.0.1-10.0.0.10 # Range: Check number of elements 0 n=`ipset save test|wc -l` && test $n -eq 1 +# Range: Flush set +0 ipset flush test +# Range: Add elements in multiple internal batches +0 ipset add test 10.1.0.0-10.1.64.255 +# Range: Check number of elements +0 n=`ipset save test|grep '^add test 10.1' | wc -l` && test $n -eq 16640 # Range: Delete test set 0 ipset destroy test # Timeout: Check that resizing keeps timeout values @@ -210,4 +216,78 @@ skip which sendip 0 ./check_extensions test 10.255.255.64 600 6 $((6*40)) # Counters and timeout: destroy set 0 ipset x test +# Network: Create a set with timeout and bitmask +0 ipset -N test iphash --hashsize 128 --bitmask 255.255.255.0 timeout 4 +# Network: Add zero valued element +1 ipset -A test 0.0.0.0 +# Network: Test zero valued element +1 ipset -T test 0.0.0.0 +# Network: Delete zero valued element +1 ipset -D test 0.0.0.0 +# Network: Add first random network +0 ipset -A test 2.0.0.1 +# Network: Add second random network +0 ipset -A test 192.168.68.69 +# Network: Test first random value +0 ipset -T test 2.0.0.255 +# Network: Test second random value +0 ipset -T test 192.168.68.95 +# Network: Test value not added to the set +1 ipset -T test 2.0.1.0 +# Network: Add third element +0 ipset -A test 200.100.10.1 timeout 0 +# Network: Add third random network +0 ipset -A test 200.100.0.12 +# Network: Delete the same network +0 ipset -D test 200.100.0.12 +# Network: List set +0 ipset -L test > .foo0 && ./sort.sh .foo0 +# Network: Check listing +0 ./diff.sh .foo hash:ip.t.list4 +# Sleep 5s so that elements can time out +0 sleep 5 +# Network: List set +0 ipset -L test > .foo +# Network: Check listing +0 ./diff.sh .foo hash:ip.t.list5 +# Network: Flush test set +0 ipset -F test +# Network: add element with 1s timeout +0 ipset add test 200.100.0.12 timeout 1 +# Network: readd element with 3s timeout +0 ipset add test 200.100.0.12 timeout 3 -exist +# Network: sleep 2s +0 sleep 2s +# Network: check readded element +0 ipset test test 200.100.0.12 +# Network: Delete test set +0 ipset -X test +# Network: Create a set with both bitmask and netmask +1 ipset -N test iphash --hashsize 128 --bitmask 255.255.0.255 --netmask 24 +# Network: Create a set with bitmask which is not a valid netmask +0 ipset -N test iphash --hashsize 128 --bitmask 255.255.0.255 +# Network: Add zero valued element +1 ipset -A test 0.0.0.0 +# Network: Test zero valued element +1 ipset -T test 0.0.0.0 +# Network: Delete zero valued element +1 ipset -D test 0.0.0.0 +# Network: Add first random network +0 ipset -A test 1.2.3.4 +# Network: Add second random network +0 ipset -A test 1.2.4.5 +# Network: Test first random value +0 ipset -T test 1.2.9.4 +# Network: Test second random value +0 ipset -T test 1.2.9.5 +# Network: Test value not added to the set +1 ipset -T test 2.0.1.0 +# Network: Test delete value +0 ipset -D test 1.2.0.5 +# Network: List set +0 ipset -L test > .foo +# Network: Check listing +0 ./diff.sh .foo hash:ip.t.list6 +# Network: Delete test set +0 ipset -X test # eof diff --git a/tests/hash:ip.t.list4 b/tests/hash:ip.t.list4 new file mode 100644 index 0000000..5f92afa --- /dev/null +++ b/tests/hash:ip.t.list4 @@ -0,0 +1,11 @@ +Name: test +Type: hash:ip +Revision: 5 +Header: family inet hashsize 128 maxelem 65536 bitmask 255.255.255.0 timeout 4 bucketsize 12 initval 0xfe970e91 +Size in memory: 528 +References: 0 +Number of entries: 3 +Members: +192.168.68.0 timeout 3 +2.0.0.0 timeout 3 +200.100.10.0 timeout 0 diff --git a/tests/hash:ip.t.list5 b/tests/hash:ip.t.list5 new file mode 100644 index 0000000..9a29e75 --- /dev/null +++ b/tests/hash:ip.t.list5 @@ -0,0 +1,9 @@ +Name: test +Type: hash:ip +Revision: 5 +Header: family inet hashsize 128 maxelem 65536 bitmask 255.255.255.0 timeout 4 bucketsize 12 initval 0xbc66e38a +Size in memory: 528 +References: 0 +Number of entries: 1 +Members: +200.100.10.0 timeout 0 diff --git a/tests/hash:ip.t.list6 b/tests/hash:ip.t.list6 new file mode 100644 index 0000000..44c5a49 --- /dev/null +++ b/tests/hash:ip.t.list6 @@ -0,0 +1,9 @@ +Name: test +Type: hash:ip +Revision: 6 +Header: family inet hashsize 128 maxelem 65536 bitmask 255.255.0.255 bucketsize 12 initval 0xd7d821e1 +Size in memory: 296 +References: 0 +Number of entries: 1 +Members: +1.2.0.4 diff --git a/tests/hash:net,iface.t b/tests/hash:net,iface.t index e594cca..444f230 100644 --- a/tests/hash:net,iface.t +++ b/tests/hash:net,iface.t @@ -132,6 +132,10 @@ 0 (set -e; for x in `seq 0 63`; do ipset add test 10.0.0.0/16,eth$x; done) # Check listing 0 n=`ipset list test | grep -v Revision: | wc -l` && test $n -eq 71 +# Flush test set +0 ipset flush test +# Try to add more than 64 clashing entries +1 (set -e; for x in `seq 0 64`; do ipset add test 10.0.0.0/16,eth$x; done) # Delete test set 0 ipset destroy test # Check all possible CIDR values diff --git a/tests/hash:net,net.t b/tests/hash:net,net.t index feb13d9..41189b7 100644 --- a/tests/hash:net,net.t +++ b/tests/hash:net,net.t @@ -166,4 +166,110 @@ 0 ./check_extensions test 2.0.0.0/25,2.0.0.0/25 700 13 12479 # Counters and timeout: destroy set 0 ipset x test +# Network: Create a set with timeout and netmask +0 ipset -N test hash:net,net --hashsize 128 --netmask 24 timeout 4 +# Network: Add first random network +0 ipset -A test 2.0.10.1,2.10.10.254 +# Network: Add second random network +0 ipset -A test 192.168.68.1,192.168.68.254 +# Network: Test first random value +0 ipset -T test 2.0.10.11,2.10.10.25 +# Network: Test second random value +0 ipset -T test 192.168.68.11,192.168.68.5 +# Network: Test value not added to the set +1 ipset -T test 2.10.1.0,21.0.1.0 +# Network: Add third element +0 ipset -A test 200.100.10.1,200.100.10.100 timeout 0 +# Network: Add third random network +0 ipset -A test 200.100.0.12,200.100.0.13 +# Network: Delete the same network +0 ipset -D test 200.100.0.12,200.100.0.13 +# Network: List set +0 ipset -L test > .foo0 && ./sort.sh .foo0 +# Network: Check listing +0 ./diff.sh .foo hash:net,net.t.list3 +# Sleep 5s so that elements can time out +0 sleep 5 +# Network: List set +0 ipset -L test > .foo +# Network: Check listing +0 ./diff.sh .foo hash:net,net.t.list4 +# Network: Flush test set +0 ipset -F test +# Network: add element with 1s timeout +0 ipset add test 200.100.0.12,80.20.0.12 timeout 1 +# Network: readd element with 3s timeout +0 ipset add test 200.100.0.12,80.20.0.12 timeout 3 -exist +# Network: sleep 2s +0 sleep 2s +# Network: check readded element +0 ipset test test 200.100.0.12,80.20.0.12 +# Network: Delete test set +0 ipset -X test +# Network: Create a set with timeout and bitmask +0 ipset -N test hash:net,net --hashsize 128 --bitmask 255.255.255.0 timeout 4 +# Network: Add first random network +0 ipset -A test 2.0.10.1,2.10.10.254 +# Network: Add second random network +0 ipset -A test 192.168.68.1,192.168.68.254 +# Network: Test first random value +0 ipset -T test 2.0.10.11,2.10.10.25 +# Network: Test second random value +0 ipset -T test 192.168.68.11,192.168.68.5 +# Network: Test value not added to the set +1 ipset -T test 2.10.1.0,21.0.1.0 +# Network: Add third element +0 ipset -A test 200.100.10.1,200.100.10.100 timeout 0 +# Network: Add third random network +0 ipset -A test 200.100.0.12,200.100.0.13 +# Network: Delete the same network +0 ipset -D test 200.100.0.12,200.100.0.13 +# Network: List set +0 ipset -L test > .foo0 && ./sort.sh .foo0 +# Network: Check listing +0 ./diff.sh .foo hash:net,net.t.list5 +# Sleep 5s so that elements can time out +0 sleep 5 +# Network: List set +0 ipset -L test > .foo +# Network: Check listing +0 ./diff.sh .foo hash:net,net.t.list6 +# Network: Flush test set +0 ipset -F test +# Network: add element with 1s timeout +0 ipset add test 200.100.0.12,80.20.0.12 timeout 1 +# Network: readd element with 3s timeout +0 ipset add test 200.100.0.12,80.20.0.12 timeout 3 -exist +# Network: sleep 2s +0 sleep 2s +# Network: check readded element +0 ipset test test 200.100.0.12,80.20.0.12 +# Network: Delete test set +0 ipset -X test +# Network: Create a set with bitmask which is not a valid netmask +0 ipset -N test hash:net,net --hashsize 128 --bitmask 255.255.0.255 +# Network: Add zero valued element +1 ipset -A test 0.0.0.0 +# Network: Test zero valued element +1 ipset -T test 0.0.0.0 +# Network: Delete zero valued element +1 ipset -D test 0.0.0.0 +# Network: Add first random network +0 ipset -A test 1.2.3.4,22.23.24.25 +# Network: Add second random network +0 ipset -A test 1.168.122.124,122.23.45.50 +# Network: Test first random value +0 ipset -T test 1.2.43.4,22.23.2.25 +# Network: Test second random value +0 ipset -T test 1.168.12.124,122.23.4.50 +# Network: Test value not added to the set +1 ipset -T test 2.168.122.124,22.23.45.50 +# Network: Test delete value +0 ipset -D test 1.168.12.124,122.23.0.50 +# Network: List set +0 ipset -L test > .foo +# Network: Check listing +0 ./diff.sh .foo hash:net,net.t.list7 +# Network: Delete test set +0 ipset -X test # eof diff --git a/tests/hash:net,net.t.list3 b/tests/hash:net,net.t.list3 new file mode 100644 index 0000000..fc5b97a --- /dev/null +++ b/tests/hash:net,net.t.list3 @@ -0,0 +1,11 @@ +Name: test +Type: hash:net,net +Revision: 4 +Header: family inet hashsize 128 maxelem 65536 timeout 4 bucketsize 12 initval 0xe17e4732 netmask 24 +Size in memory: 848 +References: 0 +Number of entries: 3 +Members: +192.168.68.0,192.168.68.0 timeout 3 +2.0.10.0,2.10.10.0 timeout 3 +200.100.10.0,200.100.10.0 timeout 0 diff --git a/tests/hash:net,net.t.list4 b/tests/hash:net,net.t.list4 new file mode 100644 index 0000000..908cab6 --- /dev/null +++ b/tests/hash:net,net.t.list4 @@ -0,0 +1,9 @@ +Name: test +Type: hash:net,net +Revision: 4 +Header: family inet hashsize 128 maxelem 65536 timeout 4 bucketsize 12 initval 0xb69e293e netmask 24 +Size in memory: 848 +References: 0 +Number of entries: 1 +Members: +200.100.10.0,200.100.10.0 timeout 0 diff --git a/tests/hash:net,net.t.list5 b/tests/hash:net,net.t.list5 new file mode 100644 index 0000000..0ff37fb --- /dev/null +++ b/tests/hash:net,net.t.list5 @@ -0,0 +1,11 @@ +Name: test +Type: hash:net,net +Revision: 4 +Header: family inet hashsize 128 maxelem 65536 timeout 4 bucketsize 12 initval 0xe17e4732 bitmask 255.255.255.0 +Size in memory: 848 +References: 0 +Number of entries: 3 +Members: +192.168.68.0,192.168.68.0 timeout 3 +2.0.10.0,2.10.10.0 timeout 3 +200.100.10.0,200.100.10.0 timeout 0 diff --git a/tests/hash:net,net.t.list6 b/tests/hash:net,net.t.list6 new file mode 100644 index 0000000..84beb5b --- /dev/null +++ b/tests/hash:net,net.t.list6 @@ -0,0 +1,9 @@ +Name: test +Type: hash:net,net +Revision: 4 +Header: family inet hashsize 128 maxelem 65536 timeout 4 bucketsize 12 initval 0xb69e293e bitmask 255.255.255.0 +Size in memory: 848 +References: 0 +Number of entries: 1 +Members: +200.100.10.0,200.100.10.0 timeout 0 diff --git a/tests/hash:net,net.t.list7 b/tests/hash:net,net.t.list7 new file mode 100644 index 0000000..6601795 --- /dev/null +++ b/tests/hash:net,net.t.list7 @@ -0,0 +1,9 @@ +Name: test +Type: hash:net,net +Revision: 4 +Header: family inet hashsize 128 maxelem 65536 bucketsize 12 initval 0x6223fef7 bitmask 255.255.0.255 +Size in memory: 736 +References: 0 +Number of entries: 1 +Members: +1.2.0.4,22.23.0.25 diff --git a/tests/hash:net,port,net.t b/tests/hash:net,port,net.t index f5a578a..2c9516b 100644 --- a/tests/hash:net,port,net.t +++ b/tests/hash:net,port,net.t @@ -52,6 +52,12 @@ 0 ipset add test 10.0.0.0-10.0.3.255,tcp:80-82,192.168.0.0-192.168.2.255 # Check that correct number of elements are added 0 n=`ipset list test|grep '^10.0'|wc -l` && test $n -eq 6 +# Flush set +0 ipset flush test +# Add 0/0 networks +0 ipset add test 0.0.0.0/0,tcp:1-2,192.168.230.128/25 +# Check that correct number of elements are added +0 n=`ipset list test|grep '^0'|wc -l` && test $n -eq 2 # Destroy set 0 ipset -X test # Create test set with timeout support diff --git a/tests/netnetgen.sh b/tests/netnetgen.sh index f2a31cc..32aac18 100755 --- a/tests/netnetgen.sh +++ b/tests/netnetgen.sh @@ -6,7 +6,7 @@ while [ -n "$1" ]; do comment=" comment" ;; timeout) - timeout=" timeout 5" + timeout=" timeout 60" ;; *) ;; diff --git a/tests/restore.t b/tests/restore.t index ffde2d1..dda143f 100644 --- a/tests/restore.t +++ b/tests/restore.t @@ -6,4 +6,28 @@ 0 ipset x # Check auto-increasing maximal number of sets 0 ./setlist_resize.sh +# Create bitmap set with timeout +0 ipset create test1 bitmap:ip range 2.0.0.1-2.1.0.0 timeout 5 +# Add element to bitmap set +0 ipset add test1 2.0.0.2 timeout 30 +# Create hash set with timeout +0 ipset -N test2 iphash --hashsize 128 timeout 4 +# Add element to hash set +0 ipset add test2 2.0.0.3 timeout 30 +# Create list set with timeout +0 ipset -N test3 list:set timeout 3 +# Add bitmap set to list set +0 ipset a test3 test1 timeout 30 +# Add hash set to list set +0 ipset a test3 test2 timeout 30 +# Flush list set +0 ipset f test3 +# Destroy all sets +0 ipset x +# Remove the ip_set_list_set kernel module +0 rmmod ip_set_list_set +# Remove the ip_set_bitmap_ip kernel module +0 rmmod ip_set_bitmap_ip +# Remove the ip_set_hash_ip kernel module +0 rmmod ip_set_hash_ip # eof diff --git a/tests/setlist_resize.sh b/tests/setlist_resize.sh index 3255656..848f1d1 100755 --- a/tests/setlist_resize.sh +++ b/tests/setlist_resize.sh @@ -12,7 +12,7 @@ for x in ip_set_list_set ip_set_hash_netiface ip_set_hash_ipportnet \ ip_set_hash_netportnet ip_set_hash_ipmark ip_set_hash_mac \ ip_set_bitmap_port ip_set_bitmap_ipmac \ ip_set_bitmap_ip xt_set ip_set; do - rmmod $x + rmmod $x >/dev/null 2>&1 done create() { @@ -31,6 +31,6 @@ for x in `seq 1 $loop`; do test `$ipset l -n | wc -l` -eq 1024 || exit 1 $ipset x test `lsmod|grep -w ^ip_set_hash_ip | awk '{print $3}'` -eq 0 || exit 1 - rmmod ip_set_hash_ip - rmmod ip_set + rmmod ip_set_hash_ip >/dev/null 2>&1 + rmmod ip_set >/dev/null 2>&1 done diff --git a/tests/xlate/ipset-translate b/tests/xlate/ipset-translate new file mode 120000 index 0000000..91980c1 --- /dev/null +++ b/tests/xlate/ipset-translate @@ -0,0 +1 @@ +../../src/ipset
\ No newline at end of file diff --git a/tests/xlate/runtest.sh b/tests/xlate/runtest.sh new file mode 100755 index 0000000..8b42f0b --- /dev/null +++ b/tests/xlate/runtest.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +DIFF=$(which diff) +if [ ! -x "$DIFF" ] ; then + echo "ERROR: missing diff" + exit 1 +fi + +ipset=${IPSET_BIN:-../../src/ipset} +ipset_xlate=${IPSET_XLATE_BIN:-$(dirname $0)/ipset-translate} + +$ipset restore < xlate.t +rc=$? +$ipset destroy +if [ $rc -ne 0 ] +then + echo -e "[\033[0;31mERROR\033[0m] invalid test input" + exit 1 +fi + +TMP=$(mktemp) +$ipset_xlate restore < xlate.t &> $TMP +if [ $? -ne 0 ] +then + cat $TMP + echo -e "[\033[0;31mERROR\033[0m] failed to run ipset-translate" + exit 1 +fi +${DIFF} -u xlate.t.nft $TMP +if [ $? -eq 0 ] +then + echo -e "[\033[0;32mOK\033[0m] tests are fine!" +else + echo -e "[\033[0;31mERROR\033[0m] unexpected ipset to nftables translation" +fi diff --git a/tests/xlate/xlate.t b/tests/xlate/xlate.t new file mode 100644 index 0000000..38cbc78 --- /dev/null +++ b/tests/xlate/xlate.t @@ -0,0 +1,57 @@ +create hip1 hash:ip +add hip1 192.168.10.2 +add hip1 192.168.10.3 +create hip2 hash:ip hashsize 128 bucketsize 255 timeout 4 +add hip2 192.168.10.3 +add hip2 192.168.10.4 timeout 10 +create hip3 hash:ip counters +add hip3 192.168.10.3 packets 5 bytes 3456 +create hip4 hash:ip netmask 24 +add hip4 192.168.10.0 +create hip5 hash:ip maxelem 24 +add hip5 192.168.10.0 +create hip6 hash:ip comment +add hip6 192.168.10.1 +add hip6 192.168.10.2 comment "this is a comment" +create ipp1 hash:ip,port +add ipp1 192.168.10.1,0 +add ipp1 192.168.10.2,5 +create ipp2 hash:ip,port timeout 4 +add ipp2 192.168.10.1,0 timeout 12 +add ipp2 192.168.10.2,5 +create ipp3 hash:ip,port counters +add ipp3 192.168.10.3,20 packets 5 bytes 3456 +create ipp4 hash:ip,port timeout 4 counters +add ipp4 192.168.10.3,20 packets 5 bytes 3456 +create bip1 bitmap:ip range 2.0.0.1-2.0.1.1 timeout 5 +create bip2 bitmap:ip range 10.0.0.0/8 netmask 24 timeout 5 +add bip2 10.10.10.0 +add bip2 10.10.20.0 timeout 12 +create net1 hash:net +add net1 192.168.10.0/24 +create net2 hash:net,net +add net2 192.168.10.0/24,192.168.20.0/24 +create hm1 hash:mac +add hm1 aa:bb:cc:dd:ee:ff +create him1 hash:ip,mac +add him1 1.1.1.1,aa:bb:cc:dd:ee:ff +create ni1 hash:net,iface +add ni1 1.1.1.0/24,eth0 +create nip1 hash:net,port +add nip1 1.1.1.0/24,22 +create npn1 hash:net,port,net +add npn1 1.1.1.0/24,22,2.2.2.0/24 +create nn1 hash:net,net +add nn1 1.1.1.0/24,2.2.2.0/24 +create ipn1 hash:ip,port,net +add ipn1 1.1.1.1,22,2.2.2.0/24 +create ipi1 hash:ip,port,ip +add ipi1 1.1.1.1,22,2.2.2.2 +create im1 hash:ip,mark +add im1 1.1.1.1,0x123456 +create bp1 bitmap:port range 1-1024 +add bp1 22 +create bim1 bitmap:ip,mac range 1.1.1.0/24 +add bim1 1.1.1.1,aa:bb:cc:dd:ee:ff +create hn6 hash:net family inet6 +add hn6 fe80::/64 diff --git a/tests/xlate/xlate.t.nft b/tests/xlate/xlate.t.nft new file mode 100644 index 0000000..8fb2a29 --- /dev/null +++ b/tests/xlate/xlate.t.nft @@ -0,0 +1,58 @@ +add table inet global +add set inet global hip1 { type ipv4_addr; } +add element inet global hip1 { 192.168.10.2 } +add element inet global hip1 { 192.168.10.3 } +add set inet global hip2 { type ipv4_addr; timeout 4s; } +add element inet global hip2 { 192.168.10.3 } +add element inet global hip2 { 192.168.10.4 timeout 10s } +add set inet global hip3 { type ipv4_addr; counter; } +add element inet global hip3 { 192.168.10.3 counter packets 5 bytes 3456 } +add set inet global hip4 { type ipv4_addr; flags interval; } +add element inet global hip4 { 192.168.10.0/24 } +add set inet global hip5 { type ipv4_addr; size 24; } +add element inet global hip5 { 192.168.10.0 } +add set inet global hip6 { type ipv4_addr; } +add element inet global hip6 { 192.168.10.1 } +add element inet global hip6 { 192.168.10.2 comment "this is a comment" } +add set inet global ipp1 { type ipv4_addr . inet_proto . inet_service; } +add element inet global ipp1 { 192.168.10.1 . tcp . 0 } +add element inet global ipp1 { 192.168.10.2 . tcp . 5 } +add set inet global ipp2 { type ipv4_addr . inet_proto . inet_service; timeout 4s; } +add element inet global ipp2 { 192.168.10.1 . tcp . 0 timeout 12s } +add element inet global ipp2 { 192.168.10.2 . tcp . 5 } +add set inet global ipp3 { type ipv4_addr . inet_proto . inet_service; counter; } +add element inet global ipp3 { 192.168.10.3 . tcp . 20 counter packets 5 bytes 3456 } +add set inet global ipp4 { type ipv4_addr . inet_proto . inet_service; counter; timeout 4s; } +add element inet global ipp4 { 192.168.10.3 . tcp . 20 counter packets 5 bytes 3456 } +add set inet global bip1 { type ipv4_addr; timeout 5s; } +add set inet global bip2 { type ipv4_addr; timeout 5s; flags interval; } +add element inet global bip2 { 10.10.10.0/24 } +add element inet global bip2 { 10.10.20.0/24 timeout 12s } +add set inet global net1 { type ipv4_addr; flags interval; } +add element inet global net1 { 192.168.10.0/24 } +add set inet global net2 { type ipv4_addr . ipv4_addr; flags interval; } +add element inet global net2 { 192.168.10.0/24 . 192.168.20.0/24 } +add set inet global hm1 { type ether_addr; } +add element inet global hm1 { aa:bb:cc:dd:ee:ff } +add set inet global him1 { type ipv4_addr . ether_addr; } +add element inet global him1 { 1.1.1.1 . aa:bb:cc:dd:ee:ff } +add set inet global ni1 { type ipv4_addr . ifname; flags interval; } +add element inet global ni1 { 1.1.1.0/24 . eth0 } +add set inet global nip1 { type ipv4_addr . inet_proto . inet_service; flags interval; } +add element inet global nip1 { 1.1.1.0/24 . tcp . 22 } +add set inet global npn1 { type ipv4_addr . inet_proto . inet_service . ipv4_addr; flags interval; } +add element inet global npn1 { 1.1.1.0/24 . tcp . 22 . 2.2.2.0/24 } +add set inet global nn1 { type ipv4_addr . ipv4_addr; flags interval; } +add element inet global nn1 { 1.1.1.0/24 . 2.2.2.0/24 } +add set inet global ipn1 { type ipv4_addr . inet_proto . inet_service . ipv4_addr; flags interval; } +add element inet global ipn1 { 1.1.1.1 . tcp . 22 . 2.2.2.0/24 } +add set inet global ipi1 { type ipv4_addr . inet_proto . inet_service . ipv4_addr; } +add element inet global ipi1 { 1.1.1.1 . tcp . 22 . 2.2.2.2 } +add set inet global im1 { type ipv4_addr . mark; } +add element inet global im1 { 1.1.1.1 . 0x00123456 } +add set inet global bp1 { type inet_service; } +add element inet global bp1 { 22 } +add set inet global bim1 { type ipv4_addr . ether_addr; } +add element inet global bim1 { 1.1.1.1 . aa:bb:cc:dd:ee:ff } +add set inet global hn6 { type ipv6_addr; flags interval; } +add element inet global hn6 { fe80::/64 } |