From 24b35d0b8950407ce85eefef18576d54f1e2c20e Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Fri, 13 Jan 2012 22:52:44 +0100
Subject: Exceptions support added to hash:*net* types

The "nomatch" keyword and option is added to the hash:*net* types,
by which one can add exception entries to sets. Example:

	ipset create test hash:net
	ipset add test 192.168.0/24
	ipset add test 192.168.0/30 nomatch

In this case the IP addresses from 192.168.0/24 except 192.168.0/30
match the elements of the set.
---
 tests/hash:net6,port.t | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

(limited to 'tests/hash:net6,port.t')

diff --git a/tests/hash:net6,port.t b/tests/hash:net6,port.t
index 3b58523..063b4c9 100644
--- a/tests/hash:net6,port.t
+++ b/tests/hash:net6,port.t
@@ -78,4 +78,42 @@
 0 n=`ipset list test|grep 1::|wc -l` && test $n -eq 1026
 # Destroy set
 0 ipset -X test
+# Create test set with timeout support
+0 ipset create test hash:net,port family inet6 timeout 30
+# Add a non-matching IP address entry
+0 ipset -A test 1:1:1::1,80 nomatch
+# Add an overlapping matching small net
+0 ipset -A test 1:1:1::/124,80 
+# Add an overlapping non-matching larger net
+0 ipset -A test 1:1:1::/120,80 nomatch
+# Add an even larger matching net
+0 ipset -A test 1:1:1::/116,80
+# Check non-matching IP
+1 ipset -T test 1:1:1::1,80
+# Check matching IP from non-matchin small net
+0 ipset -T test 1:1:1::F,80
+# Check non-matching IP from larger net
+1 ipset -T test 1:1:1::10,80
+# Check matching IP from even larger net
+0 ipset -T test 1:1:1::100,80
+# Update non-matching IP to matching one
+0 ipset -! -A test 1:1:1::1,80
+# Delete overlapping small net
+0 ipset -D test 1:1:1::/124,80
+# Check matching IP
+0 ipset -T test 1:1:1::1,80
+# Add overlapping small net
+0 ipset -A test 1:1:1::/124,80
+# Update matching IP as a non-matching one, with shorter timeout
+0 ipset -! -A test 1:1:1::1,80 nomatch timeout 2
+# Check non-matching IP
+1 ipset -T test 1:1:1::1,80
+# Sleep 3s so that element can time out
+0 sleep 3
+# Check non-matching IP
+0 ipset -T test 1:1:1::1,80
+# Check matching IP
+0 ipset -T test 1:1:1::F,80
+# Delete test set
+0 ipset destroy test
 # eof
-- 
cgit v1.2.3