summaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* Tests added to check ICMP/ICMPv6 type/code parsingJozsef Kadlecsik2011-11-244-0/+14
|
* hash:net,iface fixed to handle overlapping nets behind different interfacesJozsef Kadlecsik2011-07-082-0/+81
| | | | | | | | | | | | | | | | | | If overlapping networks with different interfaces was added to the set, the type did not handle it properly. Example ipset create test hash:net,iface ipset add test 192.168.0.0/16,eth0 ipset add test 192.168.0.0/24,eth1 Now, if a packet was sent from 192.168.0.0/24,eth0, the type returned a match. In the patch the algorithm is fixed in order to correctly handle overlapping networks. Limitation: the same network cannot be stored with more than 64 different interfaces in a single set.
* hash:net,iface type introducedJozsef Kadlecsik2011-05-304-0/+78
| | | | | | | | | | The hash:net,iface type makes possible to store network address and interface name pairs in a set. It's mostly suitable for egress and ingress filtering. Examples: # ipset create test hash:net,iface # ipset add test 192.168.0.0/16,eth0 # ipset add test 192.168.0.0/24,eth1
* hash:* tests may seem to fail due to the too wide grep pattern, fix themJozsef Kadlecsik2011-05-305-7/+7
|
* Remove iptree tests and compatibility element parsingJozsef Kadlecsik2011-05-271-1/+1
|
* hash:net test may seem to fail due to the too wide grep pattern, fix itJozsef Kadlecsik2011-05-271-1/+1
|
* Restore with bitmap:port and list:set types did not work, fixedJozsef Kadlecsik2011-05-244-1/+1069
|
* hash:net stress test in range notation addedJozsef Kadlecsik2011-05-232-0/+15
|
* Use unified from/to address masking and check the usageJozsef Kadlecsik2011-05-232-2/+2
|
* Support range for IPv4 at adding/deleting elements for hash:*net* typesJozsef Kadlecsik2011-05-154-2/+38
| | | | | | | | | | | | | | | | | | | The range internally is converted to the network(s) equal to the range. Example: # ipset new test hash:net # ipset add test 10.2.0.0-10.2.1.12 # ipset list test Name: test Type: hash:net Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16888 References: 0 Members: 10.2.1.12 10.2.1.0/29 10.2.0.0/24 10.2.1.8/30
* Fix adding ranges to hash typesJozsef Kadlecsik2011-05-069-0/+72
| | | | | | When ranges are added to hash types, the elements may trigger rehashing the set. However, the last successfully added element was not kept track so the adding started again with the first element after the rehashing. Bug reported by Mr Dash Four.
* Get rid of the trailing empty line at listing sets.Jozsef Kadlecsik2011-04-1966-66/+0
| | | | | | | Also, remove the empty "members" section when listing just the set headers. Testsuite is updated to reflect the changes in the output.
* Fix order of listing of setsJozsef Kadlecsik2011-04-183-0/+41
| | | | | | | | A restoreable saving of sets requires that list:set type of sets come last and the code part which should have taken into account the ordering was broken. The patch fixes the listing order. Testsuite entry added which checks the listing order.
* Options and flags support added to the kernel APIJozsef Kadlecsik2011-04-182-0/+26
| | | | | | The support makes possible to specify the timeout value for the SET target and a flag to reset the timeout for already existing entries.
* Sorting is dependent on the locale settings, use LC_ALL=CJozsef Kadlecsik2011-04-116-8/+12
|
* Use unified diff output in testsJozsef Kadlecsik2011-04-1124-66/+66
|
* Testsuite checks addedJozsef Kadlecsik2011-04-103-0/+40
| | | | | | - check iptables match/target extensions with invalid number of dir parameters - check SET target with --del-set option
* Testsuite changes: keep temporary filesJozsef Kadlecsik2011-04-0825-68/+68
| | | | | Keep temporary files in the tests and erase them only after successfully running the testsuite. This makes simpler to analyze failed tests.
* Timeout can be modified for already added elementsJozsef Kadlecsik2011-03-279-0/+108
| | | | | | | | | | When an element to a set with timeout added, one can change the timeout by "readding" the element with the "-exist" flag. That means the timeout value is reset to the specified one (or to the default from the set specification if the "timeout n" option is not used). Example ipset add foo 1.2.3.4 timeout 10 ipset add foo 1.2.3.4 timeout 600 -exist
* References are protected by rwlock instead of mutexJozsef Kadlecsik2011-03-251-0/+10
| | | | | | | The timeout variant of the list:set type must reference the member sets. However, its garbage collector runs at timer interrupt so the mutex protection of the references is a no go. Therefore the reference protection is converted to rwlock.
* list:set timeout variant fixesJozsef Kadlecsik2011-03-232-3/+37
| | | | | | | - the timeout value was actually not set - the garbage collector was broken The variant is fixed, the tests to the testsuite are added.
* SCTP, UDPLITE support addedJozsef Kadlecsik2011-03-181-0/+6
| | | | SCTP and UDPLITE port support added to the hash:*port* types.
* Testsuite compatibility with debugging enabledJozsef Kadlecsik2011-02-011-1/+1
| | | | | The error line checking would fail when debugging is enabled (and spit out junk lines), fixed.
* Constified attribute cannot be writtenJozsef Kadlecsik2011-01-261-0/+2
| | | | | | Attribute is const so a little bit more work is needed to return the error line number. A test is also added in order to check the functionality. (Patrick McHardy's review)
* Check ICMP and ICMPv6 with the set match and target in the testsuiteJozsef Kadlecsik2011-01-242-0/+44
| | | | "sendip" needs data otherwise ICMP/ICMPv6 gets truncated...
* Testsuite fix of ospf replaced with vrrp.Jozsef Kadlecsik2011-01-181-1/+1
| | | | | The testsuite failed incorrectly, because the order of the elements changed.
* Replace ospf with vrrp in the testsuiteJozsef Kadlecsik2011-01-132-5/+5
| | | | Some systems do not contain ospf in /etc/protocols but ospfigp only.
* build: remove autogenerated filesJan Engelhardt2010-12-312-900/+0
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Test cases for IPv6 restore and more complex restore sessions added.Jozsef Kadlecsik2010-12-226-0/+65
|
* Add tests to check hash:ip,port,net typeJozsef Kadlecsik2010-12-174-5/+58
|
* Add more test to check adding/deleting multiple entries.Jozsef Kadlecsik2010-12-178-0/+46
|
* Add test to check multi-message listing and swapping.Jozsef Kadlecsik2010-12-162-4/+11
|
* Fix outdated messages in the testsJozsef Kadlecsik2010-12-148-89/+89
|
* Speed up testing a little bitJozsef Kadlecsik2010-12-1321-65/+65
| | | | Lower timeout values to max 5s, so we can lower sleep values too.
* Test to list large hash sets added.Jozsef Kadlecsik2010-10-292-0/+1065
|
* Fixes, cleanups, commentsv5.0-pre8Jozsef Kadlecsik2010-10-2423-46/+200
| | | | | | | | | | | | | | | | | | | - More comments added to the code - ICMP and ICMPv6 support added to the hash:ip,port, hash:ip,port,ip and hash:ip,port,net types - hash:net and hash:ip,port,net types are reworked - hash:net,port type added - Wrong direction parameters fixed in hash:ip,port - Helps and manpage are updated - More tests added - Ugly macros are rewritten to functions in parse.c (Holger Eitzenberger) - resize related bug in hash types fixed (Holger Eitzenberger) - autoreconf patches by Jan Engelhardt applied - netlink patch minimalized: dumping can be initialized by a second parsing of the message (thanks to David and Patrick for the suggestion) - IPv4/IPv6 address attributes are introduced in order to fix the context (suggested by David)
* ipset 5: Sparc related and compatibility fixesv5.0-pre5Jozsef Kadlecsik2010-06-297-23/+29
| | | | | | | | ipset 5 is tested on Sparc, which revealed some compatibility issues and those are fixed. Kernels from 2.6.31 onward are supported. The testsuite checkings are completed to run match/target checks. The README file is updated to reflect the requirements to install and run ipset 5.
* ipset 5: IPv6 port related and manpage fixes, more testsv5.0-pre4Jozsef Kadlecsik2010-06-255-0/+192
| | | | | | - getting ports for family INET6 fixed - more manpage polishing - tests to check the iptables/ip6tables match and target added
* ipset 5: last new feature addedv5.0-pre3Jozsef Kadlecsik2010-06-2213-248/+300
| | | | | | | | | | | - the hash types can now store protocol together port, not only port - lots of fixes everywhere: parser, error reporting, manpage The last bits on the todo list before announcing ipset 5: - recheck all the error messages - add possibly more tests - polish manpage
* Use libmnl nest functions and fix size differences in iptree*.tJozsef Kadlecsik2010-06-152-2/+2
| | | | | | Use the libmnl mnl_attr_nest_star/mnl_attr_nest_end functions instead of the private ones. Ignore possible size differences in iptree*.t compatibility tests.
* ipset 5 in an almost ready state - milestonev5.0-pre1Jozsef Kadlecsik2010-06-1578-162/+2028
| | | | | | | | | | | | Reworked protocol and internal interfaces, missing set types added, backward compatibility verified, lots of tests added (and thanks to the tests, bugs fixed), even the manpage is rewritten ;-). Countless changes everywhere... The missing bits before announcing ipset 5: - net namespace support - new iptables/ip6tables extension library - iptables/ip6tables match and target tests (backward/forward compatibility) - tests on catching syntax errors
* Tenth stage to ipset-5Jozsef Kadlecsik2010-04-2212-0/+444
| | | | Add new test files and toplevel files.
* Nineth stage to ipset-5Jozsef Kadlecsik2010-04-2217-204/+639
| | | | Update tests.
* ipset 4.0 releasedv4.0Jozsef Kadlecsik2009-11-1032-9/+249
| | | | See ChangeLog files
* ipset 3.1 releasev3.1Jozsef Kadlecsik2009-08-181-0/+12
| | | | | | | | | | | | | | A few minor bugs fixed and cleanups: - Nonexistent sets were reported as existing sets when testing from userspace in setlist type of sets (bug reported by Victor A. Safronov) - When saving sets, setlist type of sets must come last in order to satisfy the dependency from the elements (bug reported by Marty B.) - Sparse insists that the flags argument to kmalloc() is gfp_t (Stephen Hemminger) - Correct format specifiers and change %i to %d (Jan Engelhardt) - Fix the definition of 'bool' for kernels <= 2.6.18 (Jan Engelhardt)
* ipset 3.0 releasev3.0Jozsef Kadlecsik2009-05-161-5/+5
| | | | | The main change is full bigendian and 64/32bit enviroment support - in consequence the kernel-userspace protocol version was bumped.
* 2.4.4/C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu2008-11-135-2/+38
| | | | | | | | - Premature checking prevents to add valid elements to hash types, fixed (bug reported by JC Janos). - Local variable shadows another variable, fixed (reported by Jan Engelhardt). - More compiler warning options added and warnings fixed.
* ipset 2.4.2:/C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu2008-10-2311-10/+52
| | | | | | | | - When flushing a nethash/ipportnethash type of set, it can lead to a kernel crash due to a wrong type declaration, bug reported by Krzysztof Oledzki. - iptree and iptreemap types require the header file linux/timer.h, also reported by Krzysztof Oledzki.
* As the manpage says, zero valued set entries cannot be used with /C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu2008-10-215-0/+20
| | | | hash type of sets. Enforce the restriction.
* ipset 2.4 release/C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu2008-10-209-25/+196
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | userspace changes: - Added KBUILD_OUTPUT support (Sven Wegener) - Fix memory leak in ipset_iptreemap (Sven Wegener) - Fix multiple compiler warnings (Sven Wegener) - ipportiphash, ipportnethash and setlist types added - binding marked as deprecated functionality - element separator token changed to ',' in anticipating IPv6 addresses, old separator tokens are still supported - unnecessary includes removed - ipset does not try to resolve IP addresses when listing the content of sets (default changed) - manpage updated - ChangeLog forked for kernel part kernel part changes: - ipportiphash, ipportnethash and setlist types added - set type modules reworked to avoid code duplication as much as possible, code unification macros - expand_macros Makefile target added to help debugging code unification macros - ip_set_addip_kernel and ip_set_delip_kernel changed from void to int, __ip_set_get_byname and __ip_set_put_byid added for the sake of setlist type - unnecessary includes removed - compatibility fix for kernels >= 2.6.27: semaphore.h was moved from asm/ to linux/ (James King) - ChangeLog forked for kernel part