From 14ea38fca9e40df4f172a573c222591b5f3cc241 Mon Sep 17 00:00:00 2001 From: Vytas Dauksa Date: Tue, 17 Dec 2013 14:01:43 +0000 Subject: add hash:ip,mark data type to ipset Introduce packet mark support with new ip,mark hash set. This includes userspace and kernelspace code, hash:ip,mark set tests and man page updates. The intended use of ip,mark set is similar to the ip:port type, but for protocols which don't use a predictable port number. Instead of port number it matches a firewall mark determined by a layer 7 filtering program like opendpi. As well as allowing or blocking traffic it will also be used for accounting packets and bytes sent for each protocol. Signed-off-by: Jozsef Kadlecsik --- tests/ipmarkhash.t | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 tests/ipmarkhash.t (limited to 'tests/ipmarkhash.t') diff --git a/tests/ipmarkhash.t b/tests/ipmarkhash.t new file mode 100644 index 0000000..30301fb --- /dev/null +++ b/tests/ipmarkhash.t @@ -0,0 +1,71 @@ +# Create a set from a range (range ignored) +0 ipset -N test ipmarkhash --from 2.0.0.1 --to 2.1.0.0 +# Destroy set +0 ipset -X test +# Create a set +0 ipset -N test ipmarkhash +# Add partly zero valued element +0 ipset -A test 2.0.0.1,0 +# Test partly zero valued element +0 ipset -T test 2.0.0.1,0 +# Delete partly zero valued element +0 ipset -D test 2.0.0.1,0 +# Add first random value +0 ipset -A test 2.0.0.1,5 +# Add second random value +0 ipset -A test 2.1.0.0,128 +# Test first random value +0 ipset -T test 2.0.0.1,5 +# Test second random value +0 ipset -T test 2.1.0.0,128 +# Test value not added to the set +1 ipset -T test 2.0.0.1,4 +# Delete value not added to the set +1 ipset -D test 2.0.0.1,6 +# Test value before first random value +1 ipset -T test 2.0.0.0,5 +# Test value after second random value +1 ipset -T test 2.1.0.1,128 +# Try to add value before first random value +0 ipset -A test 2.0.0.0,5 +# Try to add value after second random value +0 ipset -A test 2.1.0.1,128 +# List set +0 ipset -L test | grep -v Revision: > .foo0 && ./sort.sh .foo0 +# Check listing +0 diff -u -I 'Size in memory.*' .foo ipmarkhash.t.list0 +# Flush test set +0 ipset -F test +# Delete test set +0 ipset -X test +# Create a set from a network (network ignored) +0 ipset -N test ipmarkhash --network 2.0.0.0/16 +# Add first random value +0 ipset -A test 2.0.0.0,5 +# Add second random value +0 ipset -A test 2.0.255.255,128 +# Test first random value +0 ipset -T test 2.0.0.0,5 +# Test second random value +0 ipset -T test 2.0.255.255,128 +# Test value not added to the set +1 ipset -T test 2.0.0.0,4 +# Delete value not added to the set +1 ipset -D test 2.0.0.0,6 +# Test value before first random value +1 ipset -T test 1.255.255.255,5 +# Test value after second random value +1 ipset -T test 2.1.0.0,128 +# Try to add value before first random value +0 ipset -A test 1.255.255.255,5 +# Try to add value after second random value +0 ipset -A test 2.1.0.0,128 +# List set +0 ipset -L test | grep -v Revision: > .foo0 && ./sort.sh .foo0 +# Check listing +0 diff -u -I 'Size in memory.*' .foo ipmarkhash.t.list1 +# Flush test set +0 ipset -F test +# Delete test set +0 ipset -X test +# eof -- cgit v1.2.3