From b991e7d1507b2e9db9a4cf181c61b1286e2df0ff Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu" Date: Thu, 12 Jun 2008 09:22:25 +0000 Subject: ipset -U segfault fix committed. Testsuite added. --- ChangeLog | 9 ++++ Makefile | 9 +++- ipset.8 | 8 +-- ipset.c | 2 +- ipset_iphash.c | 2 +- ipset_nethash.c | 16 ------ tests/init.t | 7 +++ tests/iphash.t | 35 +++++++++++++ tests/iphash.t.restore | 131 +++++++++++++++++++++++++++++++++++++++++++++++++ tests/ipmap.t | 85 ++++++++++++++++++++++++++++++++ tests/ipporthash.t | 53 ++++++++++++++++++++ tests/iptree.t | 43 ++++++++++++++++ tests/iptreemap.t | 45 +++++++++++++++++ tests/macipmap.t | 49 ++++++++++++++++++ tests/nethash.t | 15 ++++++ tests/portmap.t | 37 ++++++++++++++ tests/runtest.sh | 47 ++++++++++++++++++ 17 files changed, 570 insertions(+), 23 deletions(-) create mode 100644 tests/init.t create mode 100644 tests/iphash.t create mode 100644 tests/iphash.t.restore create mode 100644 tests/ipmap.t create mode 100644 tests/ipporthash.t create mode 100644 tests/iptree.t create mode 100644 tests/iptreemap.t create mode 100644 tests/macipmap.t create mode 100644 tests/nethash.t create mode 100644 tests/portmap.t create mode 100755 tests/runtest.sh diff --git a/ChangeLog b/ChangeLog index ee0154e..680af48 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2.3.1 + - segfault on --unbind :all: :all: fixed (reported by bugzilla, + report and patch sent by Tom Eastep) + - User input parameters are sanitized everywhere + - Initial testsuite added and 'test' target to the Makefile + added: few bugs discovered and fixed + - typo in macipmap type prevented to use max size set of this type + - *map types are made sure to allow and use max size of sets + 2.3.0 - jiffies rollover bug in iptree type fixed (reported by Lukasz Nierycho and others) diff --git a/Makefile b/Makefile index 5593e53..fe37596 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ ifndef KERNEL_DIR KERNEL_DIR=/usr/src/linux endif -IPSET_VERSION:=2.3.0 +IPSET_VERSION:=2.3.1 PREFIX:=/usr/local LIBDIR:=$(PREFIX)/lib @@ -21,7 +21,7 @@ IPSET_LIB_DIR:=$(LIBDIR)/ipset RELEASE_DIR:=/tmp COPT_FLAGS:=-O2 -CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -I. -g -DIPSET_DEBUG #-pg # -DIPTC_DEBUG +CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -I. # -g -DIPSET_DEBUG #-pg # -DIPTC_DEBUG SH_CFLAGS:=$(CFLAGS) -fPIC SETTYPES:=ipmap portmap macipmap iphash nethash iptree iptreemap ipporthash @@ -32,6 +32,11 @@ INSTALL+=$(foreach T, $(SETTYPES), $(DESTDIR)$(LIBDIR)/ipset/libipset_$(T).so) all: $(PROGRAMS) $(SHARED_LIBS) +.PHONY: tests + +tests: + cd tests; ./runtest.sh + install: all $(INSTALL) clean: $(EXTRA_CLEANS) diff --git a/ipset.8 b/ipset.8 index d2c8100..2c4edcb 100644 --- a/ipset.8 +++ b/ipset.8 @@ -308,7 +308,7 @@ When the optional parameter specified, network addresses will be stored in the set instead of IP addresses. .P -The iphash type of sets can store up to 65535 entries. If a set is full, +The iphash type of sets can store up to 65536 entries. If a set is full, no new entries can be added to it. .P Sets created by zero valued resize parameter won't be resized at all. @@ -346,7 +346,7 @@ by double-hashing (default 4). Increase the hash size by this many percent (default 50) when adding an IP to the hash could not be performed after .P -The nethash type of sets can store up to 65535 entries. If a set is full, +The nethash type of sets can store up to 65536 entries. If a set is full, no new entries can be added to it. .P An IP address will be in a nethash type of set if it is in any of the @@ -425,7 +425,7 @@ If a set was created with a nonzero valued parameter then one may add IP addresses to the set with a specific timeout value using the syntax .I IP:timeout-value. -Similarly to the hash types, the iptree type of sets can store up to 65535 +Similarly to the hash types, the iptree type of sets can store up to 65536 entries. .SS iptreemap The iptreemap set type uses a tree to store IP addresses or networks, @@ -462,6 +462,8 @@ Jozsef Kadlecsik wrote ipset, which is based on ippool by Joakim Axelsson, Patrick Schaaf and Martin Josefsson. .P Sven Wegener wrote the iptreemap type. +.SH LAST REMARK +.BR "I stand on the shoulder of giants." .\" .. and did I mention that we are incredibly cool people? .\" .. sexy, too .. .\" .. witty, charming, powerful .. diff --git a/ipset.c b/ipset.c index 9d7f78b..1857180 100644 --- a/ipset.c +++ b/ipset.c @@ -1638,7 +1638,7 @@ static int set_bind(struct set *set, const char *adt, DP("(%s, %s) -> %s", set ? set->name : IPSET_TOKEN_ALL, adt, binding); /* Ugly */ - if (strcmp(set->settype->typename, "iptreemap") == 0) + if (set && strcmp(set->settype->typename, "iptreemap") == 0) exit_error(PARAMETER_PROBLEM, "iptreemap type of sets cannot be used at binding operations\n"); /* Alloc memory for the data to send */ diff --git a/ipset_iphash.c b/ipset_iphash.c index 114cfad..b42cc21 100644 --- a/ipset_iphash.c +++ b/ipset_iphash.c @@ -191,7 +191,7 @@ mask_to_bits(ip_set_ip_t mask) return bits; } - + void printheader(struct set *set, unsigned options) { struct ip_set_iphash *mysetdata = diff --git a/ipset_nethash.c b/ipset_nethash.c index fed4a02..5fd6153 100644 --- a/ipset_nethash.c +++ b/ipset_nethash.c @@ -173,22 +173,6 @@ void initheader(struct set *set, const void *data) map->resize = header->resize; } -unsigned int -mask_to_bits(ip_set_ip_t mask) -{ - unsigned int bits = 32; - ip_set_ip_t maskaddr; - - if (mask == 0xFFFFFFFF) - return bits; - - maskaddr = 0xFFFFFFFE; - while (--bits >= 0 && maskaddr != mask) - maskaddr <<= 1; - - return bits; -} - void printheader(struct set *set, unsigned options) { struct ip_set_nethash *mysetdata = diff --git a/tests/init.t b/tests/init.t new file mode 100644 index 0000000..ac15311 --- /dev/null +++ b/tests/init.t @@ -0,0 +1,7 @@ +# Load in the ip_set kernel module +0 modprobe ip_set +# List our test set: the testsuite fails if it exists +1 ipset -L test >/dev/null +# Delete our test set: the testsuite fails if it exists +1 ipset -X test +# eof diff --git a/tests/iphash.t b/tests/iphash.t new file mode 100644 index 0000000..14c3395 --- /dev/null +++ b/tests/iphash.t @@ -0,0 +1,35 @@ +# IP: Create a set +0 ipset -N test iphash --hashsize 128 +# IP: Add first random value +0 ipset -A test 2.0.0.1 +# IP: Add second random value +0 ipset -A test 192.168.68.69 +# IP: Test first random value +0 ipset -T test 2.0.0.1 +# IP: Test second random value +0 ipset -T test 192.168.68.69 +# IP: Test value not added to the set +1 ipset -T test 2.0.0.2 +# IP: Delete test set +0 ipset -X test +# IP: Restore values so that rehashing is triggered +0 ipset -R < iphash.t.restore +# IP: Check that all values are restored +0 (egrep -v '#|-N' iphash.t.restore | sort > .foo.1) && (ipset -S test | egrep -v '#|-N' | sort > .foo.2) && cmp .foo.1 .foo.2 && rm .foo.* +# IP: Delete test set +0 ipset -X test +# Network: Create a set +0 ipset -N test iphash --hashsize 128 --netmask 24 +# Network: Add first random network +0 ipset -A test 2.0.0.1 +# Network: Add second random network +0 ipset -A test 192.168.68.69 +# Network: Test first random value +0 ipset -T test 2.0.0.255 +# Network: Test second random value +0 ipset -T test 192.168.68.95 +# Network: Test value not added to the set +1 ipset -T test 2.0.1.0 +# Network: Delete test set +0 ipset -X test +# eof diff --git a/tests/iphash.t.restore b/tests/iphash.t.restore new file mode 100644 index 0000000..fd915cc --- /dev/null +++ b/tests/iphash.t.restore @@ -0,0 +1,131 @@ +-N test iphash --hashsize 128 +-A test 10.0.0.0 +-A test 10.0.0.1 +-A test 10.0.0.10 +-A test 10.0.0.100 +-A test 10.0.0.101 +-A test 10.0.0.102 +-A test 10.0.0.103 +-A test 10.0.0.104 +-A test 10.0.0.105 +-A test 10.0.0.106 +-A test 10.0.0.107 +-A test 10.0.0.108 +-A test 10.0.0.109 +-A test 10.0.0.11 +-A test 10.0.0.110 +-A test 10.0.0.111 +-A test 10.0.0.112 +-A test 10.0.0.113 +-A test 10.0.0.114 +-A test 10.0.0.115 +-A test 10.0.0.116 +-A test 10.0.0.117 +-A test 10.0.0.118 +-A test 10.0.0.119 +-A test 10.0.0.12 +-A test 10.0.0.120 +-A test 10.0.0.121 +-A test 10.0.0.122 +-A test 10.0.0.123 +-A test 10.0.0.124 +-A test 10.0.0.125 +-A test 10.0.0.126 +-A test 10.0.0.127 +-A test 10.0.0.128 +-A test 10.0.0.13 +-A test 10.0.0.14 +-A test 10.0.0.15 +-A test 10.0.0.16 +-A test 10.0.0.17 +-A test 10.0.0.18 +-A test 10.0.0.19 +-A test 10.0.0.2 +-A test 10.0.0.20 +-A test 10.0.0.21 +-A test 10.0.0.22 +-A test 10.0.0.23 +-A test 10.0.0.24 +-A test 10.0.0.25 +-A test 10.0.0.26 +-A test 10.0.0.27 +-A test 10.0.0.28 +-A test 10.0.0.29 +-A test 10.0.0.3 +-A test 10.0.0.30 +-A test 10.0.0.31 +-A test 10.0.0.32 +-A test 10.0.0.33 +-A test 10.0.0.34 +-A test 10.0.0.35 +-A test 10.0.0.36 +-A test 10.0.0.37 +-A test 10.0.0.38 +-A test 10.0.0.39 +-A test 10.0.0.4 +-A test 10.0.0.40 +-A test 10.0.0.41 +-A test 10.0.0.42 +-A test 10.0.0.43 +-A test 10.0.0.44 +-A test 10.0.0.45 +-A test 10.0.0.46 +-A test 10.0.0.47 +-A test 10.0.0.48 +-A test 10.0.0.49 +-A test 10.0.0.5 +-A test 10.0.0.50 +-A test 10.0.0.51 +-A test 10.0.0.52 +-A test 10.0.0.53 +-A test 10.0.0.54 +-A test 10.0.0.55 +-A test 10.0.0.56 +-A test 10.0.0.57 +-A test 10.0.0.58 +-A test 10.0.0.59 +-A test 10.0.0.6 +-A test 10.0.0.60 +-A test 10.0.0.61 +-A test 10.0.0.62 +-A test 10.0.0.63 +-A test 10.0.0.64 +-A test 10.0.0.65 +-A test 10.0.0.66 +-A test 10.0.0.67 +-A test 10.0.0.68 +-A test 10.0.0.69 +-A test 10.0.0.7 +-A test 10.0.0.70 +-A test 10.0.0.71 +-A test 10.0.0.72 +-A test 10.0.0.73 +-A test 10.0.0.74 +-A test 10.0.0.75 +-A test 10.0.0.76 +-A test 10.0.0.77 +-A test 10.0.0.78 +-A test 10.0.0.79 +-A test 10.0.0.8 +-A test 10.0.0.80 +-A test 10.0.0.81 +-A test 10.0.0.82 +-A test 10.0.0.83 +-A test 10.0.0.84 +-A test 10.0.0.85 +-A test 10.0.0.86 +-A test 10.0.0.87 +-A test 10.0.0.88 +-A test 10.0.0.89 +-A test 10.0.0.9 +-A test 10.0.0.90 +-A test 10.0.0.91 +-A test 10.0.0.92 +-A test 10.0.0.93 +-A test 10.0.0.94 +-A test 10.0.0.95 +-A test 10.0.0.96 +-A test 10.0.0.97 +-A test 10.0.0.98 +-A test 10.0.0.99 +COMMIT diff --git a/tests/ipmap.t b/tests/ipmap.t new file mode 100644 index 0000000..81c4240 --- /dev/null +++ b/tests/ipmap.t @@ -0,0 +1,85 @@ +# Range: Try to create from an invalid range +2 ipset -N test ipmap --from 2.0.0.1 --to 2.1.0.1 +# Range: Create a set from a valid range +0 ipset -N test ipmap --from 2.0.0.1 --to 2.1.0.0 +# Range: Add lower boundary +0 ipset -A test 2.0.0.1 +# Range: Add upper boundary +0 ipset -A test 2.1.0.0 +# Range: Test lower boundary +0 ipset -T test 2.0.0.1 +# Range: Test upper boundary +0 ipset -T test 2.1.0.0 +# Range: Test value not added to the set +1 ipset -T test 2.0.0.2 +# Range: Test value before lower boundary +1 ipset -T test 2.0.0.0 +# Range: Test value after upper boundary +1 ipset -T test 2.1.0.1 +# Range: Try to add value before lower boundary +1 ipset -A test 2.0.0.0 +# Range: Try to add value after upper boundary +1 ipset -A test 2.1.0.1 +# Range: Delete test test +0 ipset -X test +# Network: Try to create a set from an invalid network +2 ipset -N test ipmap --network 2.0.0.0/15 +# Network: Create a set from a valid network +0 ipset -N test ipmap --network 2.0.0.0/16 +# Network: Add lower boundary +0 ipset -A test 2.0.0.0 +# Network: Add upper boundary +0 ipset -A test 2.0.255.255 +# Network: Test lower boundary +0 ipset -T test 2.0.0.0 +# Network: Test upper boundary +0 ipset -T test 2.0.255.255 +# Network: Test value not added to the set +1 ipset -T test 2.0.0.1 +# Network: Test value before lower boundary +1 ipset -T test 1.255.255.255 +# Network: Test value after upper boundary +1 ipset -T test 2.1.0.0 +# Network: Try to add value before lower boundary +1 ipset -A test 1.255.255.255 +# Network: Try to add value after upper boundary +1 ipset -A test 2.1.0.0 +# Network: Delete test test +0 ipset -X test +# Subnets: Create a set to store networks +0 ipset -N test ipmap --network 10.0.0.0/8 --netmask 24 +# Subnets: Add lower boundary +0 ipset -A test 10.0.0.0 +# Subnets: Add upper boundary +0 ipset -A test 10.255.255.255 +# Subnets: Test lower boundary +0 ipset -T test 10.0.0.255 +# Subnets: Test upper boundary +0 ipset -T test 10.255.255.0 +# Subnets: Test value not added to the set +1 ipset -T test 10.1.0.0 +# Subnets: Test value before lower boundary +1 ipset -T test 9.255.255.255 +# Subnets: Test value after upper boundary +1 ipset -T test 11.0.0.0 +# Subnets: Try to add value before lower boundary +1 ipset -A test 9.255.255.255 +# Subnets: Try to add value after upper boundary +1 ipset -A test 11.0.0.0 +# Subnets: Delete test test +0 ipset -X test +# Full: Create full IPv4 space with /16 networks +0 ipset -N test ipmap --network 0.0.0.0/0 --netmask 16 +# Full: Add lower boundary +0 ipset -A test 0.0.255.255 +# Full: Add upper boundary +0 ipset -A test 255.255.0.0 +# Full: Test lower boundary +0 ipset -T test 0.0.0.0 +# Full: Test upper boundary +0 ipset -T test 255.255.255.255 +# Full: Test value not added to the set +1 ipset -T test 0.1.0.0 +# Full: Delete test test +0 ipset -X test +# eof diff --git a/tests/ipporthash.t b/tests/ipporthash.t new file mode 100644 index 0000000..5cbeee8 --- /dev/null +++ b/tests/ipporthash.t @@ -0,0 +1,53 @@ +# Range: Try to create from an invalid range +2 ipset -N test ipporthash --from 2.0.0.1 --to 2.1.0.1 +# Range: Create a set from a valid range +0 ipset -N test ipporthash --from 2.0.0.1 --to 2.1.0.0 +# Range: Add lower boundary +0 ipset -A test 2.0.0.1:5 +# Range: Add upper boundary +0 ipset -A test 2.1.0.0:128 +# Range: Test lower boundary +0 ipset -T test 2.0.0.1:5 +# Range: Test upper boundary +0 ipset -T test 2.1.0.0:128 +# Range: Test value not added to the set +1 ipset -T test 2.0.0.1:4 +# Range: Test value not added to the set +1 ipset -T test 2.0.0.1:6 +# Range: Test value before lower boundary +1 ipset -T test 2.0.0.0:5 +# Range: Test value after upper boundary +1 ipset -T test 2.1.0.1:128 +# Range: Try to add value before lower boundary +1 ipset -A test 2.0.0.0:5 +# Range: Try to add value after upper boundary +1 ipset -A test 2.1.0.1:128 +# Range: Delete test test +0 ipset -X test +# Network: Try to create a set from an invalid network +2 ipset -N test ipporthash --network 2.0.0.0/15 +# Network: Create a set from a valid network +0 ipset -N test ipporthash --network 2.0.0.0/16 +# Network: Add lower boundary +0 ipset -A test 2.0.0.0:5 +# Network: Add upper boundary +0 ipset -A test 2.0.255.255:128 +# Network: Test lower boundary +0 ipset -T test 2.0.0.0:5 +# Network: Test upper boundary +0 ipset -T test 2.0.255.255:128 +# Network: Test value not added to the set +1 ipset -T test 2.0.0.0:4 +# Network: Test value not added to the set +1 ipset -T test 2.0.0.0:6 +# Network: Test value before lower boundary +1 ipset -T test 1.255.255.255:5 +# Network: Test value after upper boundary +1 ipset -T test 2.1.0.0:128 +# Network: Try to add value before lower boundary +1 ipset -A test 1.255.255.255:5 +# Network: Try to add value after upper boundary +1 ipset -A test 2.1.0.0:128 +# Network: Delete test test +0 ipset -X test +# eof diff --git a/tests/iptree.t b/tests/iptree.t new file mode 100644 index 0000000..ccd5fc7 --- /dev/null +++ b/tests/iptree.t @@ -0,0 +1,43 @@ +# Static: Create a set without timeout +0 ipset -N test iptree +# Static: Add first random entry +0 ipset -A test 2.0.0.1 +# Static: Add second random value +0 ipset -A test 192.168.68.69 +# Static: Test first random value +0 ipset -T test 2.0.0.1 +# Static: Test second random value +0 ipset -T test 192.168.68.69 +# Static: Test value not added to the set +1 ipset -T test 2.0.0.2 +# Static: Test value not added to the set +1 ipset -T test 192.168.68.70 +# Static: Delete test test +0 ipset -X test +# Timeout: Create a set with a timeout parameter +0 ipset -N test iptree --timeout 5 +# Timeout: Add first random entry +0 ipset -A test 2.0.0.1 +# Timeout: Add second random value +0 ipset -A test 192.168.68.69 +# Timeout: Test first random value +0 ipset -T test 2.0.0.1 +# Timeout: Test second random value +0 ipset -T test 192.168.68.69 +# Timeout: Test value not added to the set +1 ipset -T test 2.0.0.2 +# Timeout: Test value not added to the set +1 ipset -T test 192.168.68.70 +# Timeout: Sleep 5s so that entries can time out +0 sleep 5 +# Timeout: Test first random value +1 ipset -T test 2.0.0.1 +# Timeout: Test second random value +1 ipset -T test 192.168.68.69 +# Timeout: Test value not added to the set +1 ipset -T test 2.0.0.2 +# Timeout: Test value not added to the set +1 ipset -T test 192.168.68.70 +# Timeout: Delete test test +0 ipset -X test +# eof diff --git a/tests/iptreemap.t b/tests/iptreemap.t new file mode 100644 index 0000000..f0cb2c5 --- /dev/null +++ b/tests/iptreemap.t @@ -0,0 +1,45 @@ +# Create a set without timeout +0 ipset -N test iptreemap +# Add first random IP entry +0 ipset -A test 2.0.0.1 +# Add second random IP entry +0 ipset -A test 192.168.68.69 +# Test first random IP entry +0 ipset -T test 2.0.0.1 +# Test second random IP entry +0 ipset -T test 192.168.68.69 +# Test value not added to the set +1 ipset -T test 2.0.0.2 +# Test value not added to the set +1 ipset -T test 192.168.68.70 +# Add IP range +0 ipset -A test 3.0.0.0:3.0.0.2 +# Test the three members of the range: first +0 ipset -T test 3.0.0.0 +# Test the three members of the range: second +0 ipset -T test 3.0.0.1 +# Test the three members of the range: third +0 ipset -T test 3.0.0.2 +# Delete the middle of the range +0 ipset -D test 3.0.0.1 +# Test the range: first +0 ipset -T test 3.0.0.0 +# Test the range: second +1 ipset -T test 3.0.0.1 +# Test the range: third +0 ipset -T test 3.0.0.2 +# Add a network block +0 ipset -A test 192.168.68.69/27 +# Test the lower bound of the network +0 ipset -T test 192.168.68.64 +# Test the upper bound of the network +0 ipset -T test 192.168.68.95 +# Test element from the middle +0 ipset -T test 192.168.68.71 +# Delete a network from the middle +0 ipset -D test 192.168.68.70/30 +# Test element from the middle +1 ipset -T test 192.168.68.71 +# Delete test test +0 ipset -X test +# eof diff --git a/tests/macipmap.t b/tests/macipmap.t new file mode 100644 index 0000000..72d9b4d --- /dev/null +++ b/tests/macipmap.t @@ -0,0 +1,49 @@ +# Range: Try to create from an invalid range +2 ipset -N test macipmap --from 2.0.0.1 --to 2.1.0.1 +# Range: Create a set from a valid range +0 ipset -N test macipmap --from 2.0.0.1 --to 2.1.0.0 +# Range: Add lower boundary +0 ipset -A test 2.0.0.1 +# Range: Add upper boundary +0 ipset -A test 2.1.0.0 +# Range: Test lower boundary +0 ipset -T test 2.0.0.1 +# Range: Test upper boundary +0 ipset -T test 2.1.0.0 +# Range: Test value not added to the set +1 ipset -T test 2.0.0.2 +# Range: Test value before lower boundary +1 ipset -T test 2.0.0.0 +# Range: Test value after upper boundary +1 ipset -T test 2.1.0.1 +# Range: Try to add value before lower boundary +1 ipset -A test 2.0.0.0 +# Range: Try to add value after upper boundary +1 ipset -A test 2.1.0.1 +# Range: Delete test test +0 ipset -X test +# Network: Try to create a set from an invalid network +2 ipset -N test macipmap --network 2.0.0.0/15 +# Network: Create a set from a valid network +0 ipset -N test macipmap --network 2.0.0.0/16 +# Network: Add lower boundary +0 ipset -A test 2.0.0.0 +# Network: Add upper boundary +0 ipset -A test 2.0.255.255 +# Network: Test lower boundary +0 ipset -T test 2.0.0.0 +# Network: Test upper boundary +0 ipset -T test 2.0.255.255 +# Network: Test value not added to the set +1 ipset -T test 2.0.0.1 +# Network: Test value before lower boundary +1 ipset -T test 1.255.255.255 +# Network: Test value after upper boundary +1 ipset -T test 2.1.0.0 +# Network: Try to add value before lower boundary +1 ipset -A test 1.255.255.255 +# Network: Try to add value after upper boundary +1 ipset -A test 2.1.0.0 +# Network: Delete test test +0 ipset -X test +# eof diff --git a/tests/nethash.t b/tests/nethash.t new file mode 100644 index 0000000..4cd5867 --- /dev/null +++ b/tests/nethash.t @@ -0,0 +1,15 @@ +# Create a set +0 ipset -N test nethash --hashsize 128 +# Add first random network +0 ipset -A test 2.0.0.1/24 +# Add second random network +0 ipset -A test 192.168.68.69/27 +# Test first random value +0 ipset -T test 2.0.0.255 +# Test second random value +0 ipset -T test 192.168.68.95 +# Test value not added to the set +1 ipset -T test 2.0.1.0 +# Delete test set +0 ipset -X test +# eof diff --git a/tests/portmap.t b/tests/portmap.t new file mode 100644 index 0000000..53cf3ad --- /dev/null +++ b/tests/portmap.t @@ -0,0 +1,37 @@ +# Range: Create a set from a valid range +0 ipset -N test portmap --from 1 --to 1024 +# Range: Add lower boundary +0 ipset -A test 1 +# Range: Add upper boundary +0 ipset -A test 1024 +# Range: Test lower boundary +0 ipset -T test 1 +# Range: Test upper boundary +0 ipset -T test 1024 +# Range: Test value not added to the set +1 ipset -T test 1023 +# Range: Test value before lower boundary +1 ipset -T test 0 +# Range: Test value after upper boundary +1 ipset -T test 1025 +# Range: Try to add value before lower boundary +1 ipset -A test 0 +# Range: Try to add value after upper boundary +1 ipset -A test 1025 +# Range: Delete test test +0 ipset -X test +# Full: Create a full set of ports +0 ipset -N test portmap --from 0 --to 65535 +# Full: Add lower boundary +0 ipset -A test 0 +# Full: Add upper boundary +0 ipset -A test 65535 +# Full: Test lower boundary +0 ipset -T test 0 +# Full: Test upper boundary +0 ipset -T test 65535 +# Full: Test value not added to the set +1 ipset -T test 1 +# Full: Delete test test +0 ipset -X test +# eof diff --git a/tests/runtest.sh b/tests/runtest.sh new file mode 100755 index 0000000..028e968 --- /dev/null +++ b/tests/runtest.sh @@ -0,0 +1,47 @@ +#!/bin/sh + +tests="init" +tests+=" ipmap macipmap portmap" +tests+=" iphash nethash ipporthash" +tests+=" iptree iptreemap" + +for types in $tests; do + ipset -X test >/dev/null 2>&1 + while read ret cmd; do + case $ret in + \#) + if [ "$cmd" = "eof" ]; then + break + fi + what=$cmd + continue + ;; + *) + ;; + esac + echo -ne "$types: $what: " + eval $cmd >/dev/null 2>&1 + r=$? + # echo $ret $r + if [ "$ret" = "$r" ]; then + echo "OK" + else + echo "FAILED" + echo "Failed test: $cmd" + exit 1 + fi + # sleep 1 + done < $types.t +done +for x in $tests; do + case $x in + init) + ;; + *) + rmmod ip_set_$x >/dev/null 2>&1 + ;; + esac +done +rmmod ip_set >/dev/null 2>&1 +echo "All tests are OK" + -- cgit v1.2.3