summaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* ipset: Add userspace code to support hash:net,net kernel module.Oliver Smith2013-09-2012-2/+407
| | | | | | | | | This adds the userspace library, tests to validate correct operation of the module and also provides appropriate usage information in the man page. The library version has been bumped accordingly. Signed-off-by: Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Add test to verify CIDR trackingJozsef Kadlecsik2013-09-151-0/+12
|
* Make sure called test scripts can be executed (reported by Tomas Budai)Jozsef Kadlecsik2013-08-161-0/+3
|
* Update testsuite as the trailing space was eliminated at listingsJozsef Kadlecsik2013-05-0286-108/+108
|
* Add new testsuite entries to verify counters and the new type implementationsJozsef Kadlecsik2013-04-0924-8/+1156
| | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Remove all modules before testing resizeJozsef Kadlecsik2012-11-221-1/+2
|
* Increase the number of maximal sets automatically as neededJozsef Kadlecsik2012-11-192-0/+34
| | | | | The max number of sets was hardcoded at kernel cofiguration time. The patch adds the support to increase the max number of sets automatically.
* Make tests/check_cidrs.sh script executableJozsef Kadlecsik2012-11-051-0/+0
|
* Add tests to check completely ranges with hash typesJozsef Kadlecsik2012-11-054-0/+126
| | | | | Test all possible range variations with the hash types in order to catch bugs like the range bug in hash:ip,port,net.
* Add simple test to check cidr book-keepingJozsef Kadlecsik2012-09-222-0/+25
|
* Support to match elements marked with "nomatch" in hash:*net* setsJozsef Kadlecsik2012-09-213-1/+79
| | | | | | | | | | | | | | | Exceptions can now be matched and we can branch according to the possible cases: a. match in the set if the element is not flagged as "nomatch" b. match in the set if the element is flagged with "nomatch" c. no match i.e. iptables ... -m set --match-set ... -j ... iptables ... -m set --match-set ... --nomatch-entries -j ... ...
* The set type revision number is added to the header part of listingJozsef Kadlecsik2012-09-1125-72/+72
| | | | | | | | | Incompatibility: if your script rely on the number of lines in the header of set listings, then the new line Revision: number can break your script.
* Add /0 network support to hash:net,iface typeJozsef Kadlecsik2012-09-101-5/+37
| | | | | Now it is possible to setup a single hash:net,iface type of set and a single ip6?tables match which covers all egress/ingress filtering.
* The commandline parser was too permissive, make it more strictJozsef Kadlecsik2012-06-192-2/+2
| | | | | | The parser allowed more possible argument alternatives for command options than the documented one, which limited the possibility of other option names. The patch makes the parser more strict.
* Exceptions support added to hash:*net* typesJozsef Kadlecsik2012-01-139-1/+319
| | | | | | | | | | | | The "nomatch" keyword and option is added to the hash:*net* types, by which one can add exception entries to sets. Example: ipset create test hash:net ipset add test 192.168.0/24 ipset add test 192.168.0/30 nomatch In this case the IP addresses from 192.168.0/24 except 192.168.0/30 match the elements of the set.
* Tests added to check ICMP/ICMPv6 type/code parsingJozsef Kadlecsik2011-11-244-0/+14
|
* hash:net,iface fixed to handle overlapping nets behind different interfacesJozsef Kadlecsik2011-07-082-0/+81
| | | | | | | | | | | | | | | | | | If overlapping networks with different interfaces was added to the set, the type did not handle it properly. Example ipset create test hash:net,iface ipset add test 192.168.0.0/16,eth0 ipset add test 192.168.0.0/24,eth1 Now, if a packet was sent from 192.168.0.0/24,eth0, the type returned a match. In the patch the algorithm is fixed in order to correctly handle overlapping networks. Limitation: the same network cannot be stored with more than 64 different interfaces in a single set.
* hash:net,iface type introducedJozsef Kadlecsik2011-05-304-0/+78
| | | | | | | | | | The hash:net,iface type makes possible to store network address and interface name pairs in a set. It's mostly suitable for egress and ingress filtering. Examples: # ipset create test hash:net,iface # ipset add test 192.168.0.0/16,eth0 # ipset add test 192.168.0.0/24,eth1
* hash:* tests may seem to fail due to the too wide grep pattern, fix themJozsef Kadlecsik2011-05-305-7/+7
|
* Remove iptree tests and compatibility element parsingJozsef Kadlecsik2011-05-271-1/+1
|
* hash:net test may seem to fail due to the too wide grep pattern, fix itJozsef Kadlecsik2011-05-271-1/+1
|
* Restore with bitmap:port and list:set types did not work, fixedJozsef Kadlecsik2011-05-244-1/+1069
|
* hash:net stress test in range notation addedJozsef Kadlecsik2011-05-232-0/+15
|
* Use unified from/to address masking and check the usageJozsef Kadlecsik2011-05-232-2/+2
|
* Support range for IPv4 at adding/deleting elements for hash:*net* typesJozsef Kadlecsik2011-05-154-2/+38
| | | | | | | | | | | | | | | | | | | The range internally is converted to the network(s) equal to the range. Example: # ipset new test hash:net # ipset add test 10.2.0.0-10.2.1.12 # ipset list test Name: test Type: hash:net Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16888 References: 0 Members: 10.2.1.12 10.2.1.0/29 10.2.0.0/24 10.2.1.8/30
* Fix adding ranges to hash typesJozsef Kadlecsik2011-05-069-0/+72
| | | | | | When ranges are added to hash types, the elements may trigger rehashing the set. However, the last successfully added element was not kept track so the adding started again with the first element after the rehashing. Bug reported by Mr Dash Four.
* Get rid of the trailing empty line at listing sets.Jozsef Kadlecsik2011-04-1966-66/+0
| | | | | | | Also, remove the empty "members" section when listing just the set headers. Testsuite is updated to reflect the changes in the output.
* Fix order of listing of setsJozsef Kadlecsik2011-04-183-0/+41
| | | | | | | | A restoreable saving of sets requires that list:set type of sets come last and the code part which should have taken into account the ordering was broken. The patch fixes the listing order. Testsuite entry added which checks the listing order.
* Options and flags support added to the kernel APIJozsef Kadlecsik2011-04-182-0/+26
| | | | | | The support makes possible to specify the timeout value for the SET target and a flag to reset the timeout for already existing entries.
* Sorting is dependent on the locale settings, use LC_ALL=CJozsef Kadlecsik2011-04-116-8/+12
|
* Use unified diff output in testsJozsef Kadlecsik2011-04-1124-66/+66
|
* Testsuite checks addedJozsef Kadlecsik2011-04-103-0/+40
| | | | | | - check iptables match/target extensions with invalid number of dir parameters - check SET target with --del-set option
* Testsuite changes: keep temporary filesJozsef Kadlecsik2011-04-0825-68/+68
| | | | | Keep temporary files in the tests and erase them only after successfully running the testsuite. This makes simpler to analyze failed tests.
* Timeout can be modified for already added elementsJozsef Kadlecsik2011-03-279-0/+108
| | | | | | | | | | When an element to a set with timeout added, one can change the timeout by "readding" the element with the "-exist" flag. That means the timeout value is reset to the specified one (or to the default from the set specification if the "timeout n" option is not used). Example ipset add foo 1.2.3.4 timeout 10 ipset add foo 1.2.3.4 timeout 600 -exist
* References are protected by rwlock instead of mutexJozsef Kadlecsik2011-03-251-0/+10
| | | | | | | The timeout variant of the list:set type must reference the member sets. However, its garbage collector runs at timer interrupt so the mutex protection of the references is a no go. Therefore the reference protection is converted to rwlock.
* list:set timeout variant fixesJozsef Kadlecsik2011-03-232-3/+37
| | | | | | | - the timeout value was actually not set - the garbage collector was broken The variant is fixed, the tests to the testsuite are added.
* SCTP, UDPLITE support addedJozsef Kadlecsik2011-03-181-0/+6
| | | | SCTP and UDPLITE port support added to the hash:*port* types.
* Testsuite compatibility with debugging enabledJozsef Kadlecsik2011-02-011-1/+1
| | | | | The error line checking would fail when debugging is enabled (and spit out junk lines), fixed.
* Constified attribute cannot be writtenJozsef Kadlecsik2011-01-261-0/+2
| | | | | | Attribute is const so a little bit more work is needed to return the error line number. A test is also added in order to check the functionality. (Patrick McHardy's review)
* Check ICMP and ICMPv6 with the set match and target in the testsuiteJozsef Kadlecsik2011-01-242-0/+44
| | | | "sendip" needs data otherwise ICMP/ICMPv6 gets truncated...
* Testsuite fix of ospf replaced with vrrp.Jozsef Kadlecsik2011-01-181-1/+1
| | | | | The testsuite failed incorrectly, because the order of the elements changed.
* Replace ospf with vrrp in the testsuiteJozsef Kadlecsik2011-01-132-5/+5
| | | | Some systems do not contain ospf in /etc/protocols but ospfigp only.
* build: remove autogenerated filesJan Engelhardt2010-12-312-900/+0
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Test cases for IPv6 restore and more complex restore sessions added.Jozsef Kadlecsik2010-12-226-0/+65
|
* Add tests to check hash:ip,port,net typeJozsef Kadlecsik2010-12-174-5/+58
|
* Add more test to check adding/deleting multiple entries.Jozsef Kadlecsik2010-12-178-0/+46
|
* Add test to check multi-message listing and swapping.Jozsef Kadlecsik2010-12-162-4/+11
|
* Fix outdated messages in the testsJozsef Kadlecsik2010-12-148-89/+89
|
* Speed up testing a little bitJozsef Kadlecsik2010-12-1321-65/+65
| | | | Lower timeout values to max 5s, so we can lower sleep values too.
* Test to list large hash sets added.Jozsef Kadlecsik2010-10-292-0/+1065
|