From 0d32c5c070f817229110f92d7b31df9a3e4eeec5 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Sun, 24 Oct 2010 21:42:48 +0200 Subject: Fixes, cleanups, comments - More comments added to the code - ICMP and ICMPv6 support added to the hash:ip,port, hash:ip,port,ip and hash:ip,port,net types - hash:net and hash:ip,port,net types are reworked - hash:net,port type added - Wrong direction parameters fixed in hash:ip,port - Helps and manpage are updated - More tests added - Ugly macros are rewritten to functions in parse.c (Holger Eitzenberger) - resize related bug in hash types fixed (Holger Eitzenberger) - autoreconf patches by Jan Engelhardt applied - netlink patch minimalized: dumping can be initialized by a second parsing of the message (thanks to David and Patrick for the suggestion) - IPv4/IPv6 address attributes are introduced in order to fix the context (suggested by David) --- tests/hash:ip,port,ip.t.list0 | 8 +++---- tests/hash:ip,port.t | 4 ++-- tests/hash:ip,port.t.list0 | 8 +++---- tests/hash:ip,port.t.list2 | 4 ++-- tests/hash:ip.t | 2 ++ tests/hash:ip6,port,ip6.t.list0 | 8 +++---- tests/hash:ip6,port.t.list0 | 8 +++---- tests/hash:net,port.t | 51 +++++++++++++++++++++++++++++++++++++++++ tests/hash:net,port.t.list0 | 11 +++++++++ tests/hash:net,port.t.list1 | 7 ++++++ tests/hash:net6,port.t | 51 +++++++++++++++++++++++++++++++++++++++++ tests/hash:net6,port.t.list0 | 11 +++++++++ tests/hash:net6,port.t.list1 | 8 +++++++ tests/hash:net6.t | 2 +- tests/ipporthash.t.list0 | 8 +++---- tests/ipporthash.t.list1 | 8 +++---- tests/ipportiphash.t.list0 | 8 +++---- tests/ipportiphash.t.list1 | 4 ++-- tests/ipportnethash.t.list0 | 8 +++---- tests/ipportnethash.t.list1 | 8 +++---- tests/iptables.sh | 2 +- tests/resize.sh | 11 +++++++++ tests/runtest.sh | 6 +++-- 23 files changed, 200 insertions(+), 46 deletions(-) create mode 100644 tests/hash:net,port.t create mode 100644 tests/hash:net,port.t.list0 create mode 100644 tests/hash:net,port.t.list1 create mode 100644 tests/hash:net6,port.t create mode 100644 tests/hash:net6,port.t.list0 create mode 100644 tests/hash:net6,port.t.list1 create mode 100755 tests/resize.sh (limited to 'tests') diff --git a/tests/hash:ip,port,ip.t.list0 b/tests/hash:ip,port,ip.t.list0 index b20c8d8..daad2db 100644 --- a/tests/hash:ip,port,ip.t.list0 +++ b/tests/hash:ip,port,ip.t.list0 @@ -4,8 +4,8 @@ Header: family inet hashsize 1024 maxelem 65536 timeout x Size in memory: 8720 References: 0 Members: -2.0.0.0,5,1.1.1.1 timeout x -2.0.0.1,5,1.1.1.1 timeout x -2.1.0.0,128,2.2.2.2 timeout x -2.1.0.1,128,2.2.2.2 timeout x +2.0.0.0,tcp:5,1.1.1.1 timeout x +2.0.0.1,tcp:5,1.1.1.1 timeout x +2.1.0.0,tcp:128,2.2.2.2 timeout x +2.1.0.1,tcp:128,2.2.2.2 timeout x diff --git a/tests/hash:ip,port.t b/tests/hash:ip,port.t index e3b292b..6fe18ee 100644 --- a/tests/hash:ip,port.t +++ b/tests/hash:ip,port.t @@ -40,8 +40,8 @@ 0 ipset flush test # Delete test set 0 ipset destroy test -# Create a set with default TCP protocol -0 ipset create test hash:ip,port proto tcp +# Create a set +0 ipset create test hash:ip,port # Add element without specifying protocol 0 ipset add test 2.0.0.1,80 # Add "same" element but with UDP protocol diff --git a/tests/hash:ip,port.t.list0 b/tests/hash:ip,port.t.list0 index 25d8632..fb6a8ec 100644 --- a/tests/hash:ip,port.t.list0 +++ b/tests/hash:ip,port.t.list0 @@ -4,8 +4,8 @@ Header: family inet hashsize 1024 maxelem 65536 timeout x Size in memory: 8592 References: 0 Members: -2.0.0.0,5 timeout x -2.0.0.1,5 timeout x -2.1.0.0,128 timeout x -2.1.0.1,128 timeout x +2.0.0.0,tcp:5 timeout x +2.0.0.1,tcp:5 timeout x +2.1.0.0,tcp:128 timeout x +2.1.0.1,tcp:128 timeout x diff --git a/tests/hash:ip,port.t.list2 b/tests/hash:ip,port.t.list2 index e8a9db0..5686e43 100644 --- a/tests/hash:ip,port.t.list2 +++ b/tests/hash:ip,port.t.list2 @@ -1,7 +1,7 @@ Name: test Type: hash:ip,port -Header: family inet hashsize 1024 maxelem 65536 proto tcp -Size in memory: 8424 +Header: family inet hashsize 1024 maxelem 65536 +Size in memory: 8432 References: 0 Members: 2.0.0.1,ospf:0 diff --git a/tests/hash:ip.t b/tests/hash:ip.t index c7bddb8..c45bb2d 100644 --- a/tests/hash:ip.t +++ b/tests/hash:ip.t @@ -44,6 +44,8 @@ 0 ipset -F test # IP: Delete test set 0 ipset -X test +# IP: Stress test resizing +0 ./resize.sh # Network: Create a set with timeout 0 ipset -N test iphash --hashsize 128 --netmask 24 timeout 6 # Network: Add zero valued element diff --git a/tests/hash:ip6,port,ip6.t.list0 b/tests/hash:ip6,port,ip6.t.list0 index 84cdf5c..4e8f425 100644 --- a/tests/hash:ip6,port,ip6.t.list0 +++ b/tests/hash:ip6,port,ip6.t.list0 @@ -4,8 +4,8 @@ Header: family inet6 hashsize 1024 maxelem 65536 timeout x Size in memory: 9104 References: 0 Members: -2:1::1,128,2:2:2::2 timeout x -2:1::,128,2:2:2::2 timeout x -2::1,5,1:1:1::1 timeout x -2::,5,1:1:1::1 timeout x +2:1::1,tcp:128,2:2:2::2 timeout x +2:1::,tcp:128,2:2:2::2 timeout x +2::1,tcp:5,1:1:1::1 timeout x +2::,tcp:5,1:1:1::1 timeout x diff --git a/tests/hash:ip6,port.t.list0 b/tests/hash:ip6,port.t.list0 index defd377..140ea45 100644 --- a/tests/hash:ip6,port.t.list0 +++ b/tests/hash:ip6,port.t.list0 @@ -4,8 +4,8 @@ Header: family inet6 hashsize 1024 maxelem 65536 timeout x Size in memory: 8848 References: 0 Members: -2:1::1,128 timeout x -2:1::,128 timeout x -2::1,5 timeout x -2::,5 timeout x +2:1::1,tcp:128 timeout x +2:1::,tcp:128 timeout x +2::1,tcp:5 timeout x +2::,tcp:5 timeout x diff --git a/tests/hash:net,port.t b/tests/hash:net,port.t new file mode 100644 index 0000000..19f45d1 --- /dev/null +++ b/tests/hash:net,port.t @@ -0,0 +1,51 @@ +# Create a set with timeout +0 ipset create test hash:net,port hashsize 128 timeout 6 +# Add zero valued element +1 ipset add test 0.0.0.0/0,0 +# Test zero valued element +1 ipset test test 0.0.0.0/0,0 +# Delete zero valued element +1 ipset del test 0.0.0.0/0,0 +# Try to add /0 +1 ipset add test 1.1.1.1/0,0 +# Try to add /32 +0 ipset add test 1.1.1.1/32,tcp:5 +# Add almost zero valued element +0 ipset add test 0.0.0.0/1,tcp:8 +# Test almost zero valued element +0 ipset test test 0.0.0.0/1,tcp:8 +# Test almost zero valued element with UDP +1 ipset test test 0.0.0.0/1,udp:8 +# Delete almost zero valued element +0 ipset del test 0.0.0.0/1,tcp:8 +# Test deleted element +1 ipset test test 0.0.0.0/1,tcp:8 +# Delete element not added to the set +1 ipset del test 0.0.0.0/1,tcp:8 +# Add first random network +0 ipset add test 2.0.0.1/24,icmp:ping +# Add second random network +0 ipset add test 192.168.68.69/27,tcp:8 +# Test first random value +0 ipset test test 2.0.0.255,icmp:ping +# Test second random value +0 ipset test test 192.168.68.95,tcp:8 +# Test value not added to the set +1 ipset test test 2.0.1.0,icmp:ping +# Try to add IP address +0 ipset add test 2.0.0.1,icmp:ping timeout 3 +# List set +0 ipset list test | sed 's/timeout ./timeout x/' > .foo0 && ./sort.sh .foo0 +# Check listing +0 diff -I 'Size in memory.*' .foo hash:net,port.t.list0 +# Sleep 6s so that element can time out +0 sleep 6 +# IP: List set +0 ipset -L test 2>/dev/null > .foo0 && ./sort.sh .foo0 +# IP: Check listing +0 diff -I 'Size in memory.*' .foo hash:net,port.t.list1 && rm .foo +# Flush test set +0 ipset flush test +# Delete test set +0 ipset destroy test +# eof diff --git a/tests/hash:net,port.t.list0 b/tests/hash:net,port.t.list0 new file mode 100644 index 0000000..8194872 --- /dev/null +++ b/tests/hash:net,port.t.list0 @@ -0,0 +1,11 @@ +Name: test +Type: hash:net,port +Header: family inet hashsize 128 maxelem 65536 timeout x +Size in memory: 2072 +References: 0 +Members: +1.1.1.1,tcp:5 timeout x +192.168.68.64/27,tcp:8 timeout x +2.0.0.0/24,icmp:echo-request timeout x +2.0.0.1,icmp:echo-request timeout x + diff --git a/tests/hash:net,port.t.list1 b/tests/hash:net,port.t.list1 new file mode 100644 index 0000000..20d38a8 --- /dev/null +++ b/tests/hash:net,port.t.list1 @@ -0,0 +1,7 @@ +Name: test +Type: hash:net,port +Header: family inet hashsize 128 maxelem 65536 timeout 6 +Size in memory: 2000 +References: 0 +Members: + diff --git a/tests/hash:net6,port.t b/tests/hash:net6,port.t new file mode 100644 index 0000000..bfb6f27 --- /dev/null +++ b/tests/hash:net6,port.t @@ -0,0 +1,51 @@ +# Create a set with timeout +0 ipset create test hash:net,port family inet6 hashsize 128 timeout 6 +# Add zero valued element +1 ipset add test ::/0,tcp:8 +# Test zero valued element +1 ipset test test ::/0,tcp:8 +# Delete zero valued element +1 ipset del test ::/0,tcp:8 +# Try to add /0 +1 ipset add test 1:1:1::1/0,tcp:8 +# Try to add /128 +0 ipset add test 1:1:1::1/128,tcp:8 timeout 0 +# Add almost zero valued element +0 ipset add test 0:0:0::0/1,tcp:8 +# Test almost zero valued element +0 ipset test test 0:0:0::0/1,tcp:8 +# Test almost zero valued element with UDP +1 ipset test test 0:0:0::0/1,udp:8 +# Delete almost zero valued element +0 ipset del test 0:0:0::0/1,tcp:8 +# Test deleted element +1 ipset test test 0:0:0::0/1,tcp:8 +# Delete element not added to the set +1 ipset del test 0:0:0::0/1,tcp:8 +# Add first random network +0 ipset add test 2:0:0::1/24,tcp:8 +# Add second random network +0 ipset add test 192:168:68::69/27,icmpv6:ping +# Test first random value +0 ipset test test 2:0:0::255,tcp:8 +# Test second random value +0 ipset test test 192:168:68::95,icmpv6:ping +# Test value not added to the set +1 ipset test test 3:0:0::1,tcp:8 +# Try to add IP address +0 ipset add test 3:0:0::1,tcp:8 +# List set +0 ipset list test | sed 's/timeout ./timeout x/' > .foo0 && ./sort.sh .foo0 +# Check listing +0 diff -I 'Size in memory.*' .foo hash:net6,port.t.list0 && rm .foo +# Sleep 6s so that element can time out +0 sleep 6 +# IP: List set +0 ipset -L test 2>/dev/null > .foo0 && ./sort.sh .foo0 +# IP: Check listing +0 diff -I 'Size in memory.*' .foo hash:net6,port.t.list1 && rm .foo +# Flush test set +0 ipset flush test +# Delete test set +0 ipset destroy test +# eof diff --git a/tests/hash:net6,port.t.list0 b/tests/hash:net6,port.t.list0 new file mode 100644 index 0000000..0e26a6e --- /dev/null +++ b/tests/hash:net6,port.t.list0 @@ -0,0 +1,11 @@ +Name: test +Type: hash:net,port +Header: family inet6 hashsize 128 maxelem 65536 timeout x +Size in memory: 2328 +References: 0 +Members: +1:1:1::1,tcp:8 timeout x +192:160::/27,ipv6-icmp:echo-request timeout x +2::/24,tcp:8 timeout x +3::1,tcp:8 timeout x + diff --git a/tests/hash:net6,port.t.list1 b/tests/hash:net6,port.t.list1 new file mode 100644 index 0000000..873788e --- /dev/null +++ b/tests/hash:net6,port.t.list1 @@ -0,0 +1,8 @@ +Name: test +Type: hash:net,port +Header: family inet6 hashsize 128 maxelem 65536 timeout 6 +Size in memory: 2328 +References: 0 +Members: +1:1:1::1,tcp:8 timeout 0 + diff --git a/tests/hash:net6.t b/tests/hash:net6.t index 5a575d1..f1ae092 100644 --- a/tests/hash:net6.t +++ b/tests/hash:net6.t @@ -8,7 +8,7 @@ 1 ipset del test ::/0 # Try to add /0 1 ipset add test 1:1:1::1/0 -# Try to add /32 +# Try to add /128 0 ipset add test 1:1:1::1/128 # Add almost zero valued element 0 ipset add test 0:0:0::0/1 diff --git a/tests/ipporthash.t.list0 b/tests/ipporthash.t.list0 index 2e78ac4..e28593c 100644 --- a/tests/ipporthash.t.list0 +++ b/tests/ipporthash.t.list0 @@ -4,8 +4,8 @@ Header: family inet hashsize 1024 maxelem 65536 Size in memory: 8464 References: 0 Members: -2.0.0.0,5 -2.0.0.1,5 -2.1.0.0,128 -2.1.0.1,128 +2.0.0.0,tcp:5 +2.0.0.1,tcp:5 +2.1.0.0,tcp:128 +2.1.0.1,tcp:128 diff --git a/tests/ipporthash.t.list1 b/tests/ipporthash.t.list1 index e0f0da5..1fbfc9c 100644 --- a/tests/ipporthash.t.list1 +++ b/tests/ipporthash.t.list1 @@ -4,8 +4,8 @@ Header: family inet hashsize 1024 maxelem 65536 Size in memory: 8464 References: 0 Members: -1.255.255.255,5 -2.0.0.0,5 -2.0.255.255,128 -2.1.0.0,128 +1.255.255.255,tcp:5 +2.0.0.0,tcp:5 +2.0.255.255,tcp:128 +2.1.0.0,tcp:128 diff --git a/tests/ipportiphash.t.list0 b/tests/ipportiphash.t.list0 index ba20b14..623e683 100644 --- a/tests/ipportiphash.t.list0 +++ b/tests/ipportiphash.t.list0 @@ -4,8 +4,8 @@ Header: family inet hashsize 1024 maxelem 65536 Size in memory: 8528 References: 0 Members: -2.0.0.0,5,1.1.1.1 -2.0.0.1,5,1.1.1.1 -2.1.0.0,128,2.2.2.2 -2.1.0.1,128,2.2.2.2 +2.0.0.0,tcp:5,1.1.1.1 +2.0.0.1,tcp:5,1.1.1.1 +2.1.0.0,tcp:128,2.2.2.2 +2.1.0.1,tcp:128,2.2.2.2 diff --git a/tests/ipportiphash.t.list1 b/tests/ipportiphash.t.list1 index aca272a..104a94a 100644 --- a/tests/ipportiphash.t.list1 +++ b/tests/ipportiphash.t.list1 @@ -4,6 +4,6 @@ Header: family inet hashsize 1024 maxelem 65536 Size in memory: 8416 References: 0 Members: -2.0.0.0,5,1.1.1.1 -2.0.255.255,128,2.2.2.2 +2.0.0.0,tcp:5,1.1.1.1 +2.0.255.255,tcp:128,2.2.2.2 diff --git a/tests/ipportnethash.t.list0 b/tests/ipportnethash.t.list0 index 60a0242..ebc2ab6 100644 --- a/tests/ipportnethash.t.list0 +++ b/tests/ipportnethash.t.list0 @@ -4,8 +4,8 @@ Header: family inet hashsize 1024 maxelem 65536 Size in memory: 8776 References: 0 Members: -2.0.0.0,5,1.1.1.0/24 -2.0.0.1,5,1.1.1.0/24 -2.1.0.0,128,2.0.0.0/12 -2.1.0.1,128,2.0.0.0/12 +2.0.0.0,tcp:5,1.1.1.0/24 +2.0.0.1,tcp:5,1.1.1.0/24 +2.1.0.0,tcp:128,2.0.0.0/12 +2.1.0.1,tcp:128,2.0.0.0/12 diff --git a/tests/ipportnethash.t.list1 b/tests/ipportnethash.t.list1 index 5d74105..fc90f78 100644 --- a/tests/ipportnethash.t.list1 +++ b/tests/ipportnethash.t.list1 @@ -4,8 +4,8 @@ Header: family inet hashsize 1024 maxelem 65536 Size in memory: 8776 References: 0 Members: -1.255.255.255,5,1.1.1.0/24 -2.0.0.0,5,1.1.1.0/24 -2.0.255.255,128,2.0.0.0/12 -2.1.0.0,128,2.0.0.0/12 +1.255.255.255,tcp:5,1.1.1.0/24 +2.0.0.0,tcp:5,1.1.1.0/24 +2.0.255.255,tcp:128,2.0.0.0/12 +2.1.0.0,tcp:128,2.0.0.0/12 diff --git a/tests/iptables.sh b/tests/iptables.sh index 213e748..1bf96df 100755 --- a/tests/iptables.sh +++ b/tests/iptables.sh @@ -41,7 +41,7 @@ start) ../src/ipset a ip1 $IP1 2>/dev/null ../src/ipset n ip2 hash:ip $family 2>/dev/null ../src/ipset a ip2 $IP2 2>/dev/null - ../src/ipset n ipport hash:ip,port $family proto any 2>/dev/null + ../src/ipset n ipport hash:ip,port $family 2>/dev/null ../src/ipset n list list:set 2>/dev/null ../src/ipset a list ipport 2>/dev/null ../src/ipset a list ip1 2>/dev/null diff --git a/tests/resize.sh b/tests/resize.sh new file mode 100755 index 0000000..5d39f66 --- /dev/null +++ b/tests/resize.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +../src/ipset n resize-test hash:ip hashsize 64 +for x in `seq 1 20`; do + for y in `seq 1 255`; do + ../src/ipset a resize-test 192.168.$x.$y + done +done +../src/ipset x resize-test diff --git a/tests/runtest.sh b/tests/runtest.sh index cc6678a..6ce4477 100755 --- a/tests/runtest.sh +++ b/tests/runtest.sh @@ -1,12 +1,14 @@ #!/bin/bash +# set -x + tests="init" tests="$tests ipmap bitmap:ip" tests="$tests macipmap portmap" tests="$tests iphash hash:ip hash:ip6" tests="$tests ipporthash hash:ip,port hash:ip6,port" tests="$tests ipportiphash hash:ip,port,ip hash:ip6,port,ip6" -tests="$tests nethash hash:net hash:net6" +tests="$tests nethash hash:net hash:net6 hash:net,port hash:net6,port" tests="$tests setlist" tests="$tests iptree iptreemap" @@ -20,7 +22,7 @@ add_tests() { add=match_target6 fi line="`dmesg | tail -1 | cut -d " " -f 2-`" - if [ ! -e /var/log/kern.log -o -z "`grep \"$line\" /var/log/kern.log`" ]; then + if [ ! -e /var/log/kern.log -o -z "`grep -F \"$line\" /var/log/kern.log`" ]; then echo "The destination for kernel log is not /var/log/kern.log, skipping $1 match and target tests" return fi -- cgit v1.2.3