From 24b35d0b8950407ce85eefef18576d54f1e2c20e Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Fri, 13 Jan 2012 22:52:44 +0100
Subject: Exceptions support added to hash:*net* types

The "nomatch" keyword and option is added to the hash:*net* types,
by which one can add exception entries to sets. Example:

	ipset create test hash:net
	ipset add test 192.168.0/24
	ipset add test 192.168.0/30 nomatch

In this case the IP addresses from 192.168.0/24 except 192.168.0/30
match the elements of the set.
---
 tests/hash:ip,port,net.t   | 38 ++++++++++++++++++++++++++++++++++++++
 tests/hash:ip6,port,net6.t | 38 ++++++++++++++++++++++++++++++++++++++
 tests/hash:net,iface.t     | 38 ++++++++++++++++++++++++++++++++++++++
 tests/hash:net,port.t      | 38 ++++++++++++++++++++++++++++++++++++++
 tests/hash:net.t           | 38 ++++++++++++++++++++++++++++++++++++++
 tests/hash:net6,port.t     | 38 ++++++++++++++++++++++++++++++++++++++
 tests/hash:net6.t          | 38 ++++++++++++++++++++++++++++++++++++++
 tests/ipportnethash.t      | 28 +++++++++++++++++++++++++++-
 tests/nethash.t            | 26 ++++++++++++++++++++++++++
 9 files changed, 319 insertions(+), 1 deletion(-)

(limited to 'tests')

diff --git a/tests/hash:ip,port,net.t b/tests/hash:ip,port,net.t
index 26645ef..446c512 100644
--- a/tests/hash:ip,port,net.t
+++ b/tests/hash:ip,port,net.t
@@ -54,4 +54,42 @@
 0 n=`ipset list test|grep '^10.0'|wc -l` && test $n -eq 6144
 # Destroy set
 0 ipset -X test
+# Create test set with timeout support
+0 ipset create test hash:ip,port,net timeout 30
+# Add a non-matching IP address entry
+0 ipset -A test 2.2.2.2,80,1.1.1.1 nomatch
+# Add an overlapping matching small net
+0 ipset -A test 2.2.2.2,80,1.1.1.0/30 
+# Add an overlapping non-matching larger net
+0 ipset -A test 2.2.2.2,80,1.1.1.0/28 nomatch
+# Add an even larger matching net
+0 ipset -A test 2.2.2.2,80,1.1.1.0/26
+# Check non-matching IP
+1 ipset -T test 2.2.2.2,80,1.1.1.1
+# Check matching IP from non-matchin small net
+0 ipset -T test 2.2.2.2,80,1.1.1.3
+# Check non-matching IP from larger net
+1 ipset -T test 2.2.2.2,80,1.1.1.4
+# Check matching IP from even larger net
+0 ipset -T test 2.2.2.2,80,1.1.1.16
+# Update non-matching IP to matching one
+0 ipset -! -A test 2.2.2.2,80,1.1.1.1
+# Delete overlapping small net
+0 ipset -D test 2.2.2.2,80,1.1.1.0/30
+# Check matching IP
+0 ipset -T test 2.2.2.2,80,1.1.1.1
+# Add overlapping small net
+0 ipset -A test 2.2.2.2,80,1.1.1.0/30
+# Update matching IP as a non-matching one, with shorter timeout
+0 ipset -! -A test 2.2.2.2,80,1.1.1.1 nomatch timeout 2
+# Check non-matching IP
+1 ipset -T test 2.2.2.2,80,1.1.1.1
+# Sleep 3s so that element can time out
+0 sleep 3
+# Check non-matching IP
+0 ipset -T test 2.2.2.2,80,1.1.1.1
+# Check matching IP
+0 ipset -T test 2.2.2.2,80,1.1.1.3
+# Delete test set
+0 ipset destroy test
 # eof
diff --git a/tests/hash:ip6,port,net6.t b/tests/hash:ip6,port,net6.t
index 71814cf..1955cad 100644
--- a/tests/hash:ip6,port,net6.t
+++ b/tests/hash:ip6,port,net6.t
@@ -50,4 +50,42 @@
 0 n=`ipset list test|grep 1::1|wc -l` && test $n -eq 1026
 # Destroy set
 0 ipset -X test
+# Create test set with timeout support
+0 ipset create test hash:ip,port,net family inet6 timeout 30
+# Add a non-matching IP address entry
+0 ipset -A test 2:2:2::2,80,1:1:1::1 nomatch
+# Add an overlapping matching small net
+0 ipset -A test 2:2:2::2,80,1:1:1::/124 
+# Add an overlapping non-matching larger net
+0 ipset -A test 2:2:2::2,80,1:1:1::/120 nomatch
+# Add an even larger matching net
+0 ipset -A test 2:2:2::2,80,1:1:1::/116
+# Check non-matching IP
+1 ipset -T test 2:2:2::2,80,1:1:1::1
+# Check matching IP from non-matchin small net
+0 ipset -T test 2:2:2::2,80,1:1:1::F
+# Check non-matching IP from larger net
+1 ipset -T test 2:2:2::2,80,1:1:1::10
+# Check matching IP from even larger net
+0 ipset -T test 2:2:2::2,80,1:1:1::100
+# Update non-matching IP to matching one
+0 ipset -! -A test 2:2:2::2,80,1:1:1::1
+# Delete overlapping small net
+0 ipset -D test 2:2:2::2,80,1:1:1::/124
+# Check matching IP
+0 ipset -T test 2:2:2::2,80,1:1:1::1
+# Add overlapping small net
+0 ipset -A test 2:2:2::2,80,1:1:1::/124
+# Update matching IP as a non-matching one, with shorter timeout
+0 ipset -! -A test 2:2:2::2,80,1:1:1::1 nomatch timeout 2
+# Check non-matching IP
+1 ipset -T test 2:2:2::2,80,1:1:1::1
+# Sleep 3s so that element can time out
+0 sleep 3
+# Check non-matching IP
+0 ipset -T test 2:2:2::2,80,1:1:1::1
+# Check matching IP
+0 ipset -T test 2:2:2::2,80,1:1:1::F
+# Delete test set
+0 ipset destroy test
 # eof
diff --git a/tests/hash:net,iface.t b/tests/hash:net,iface.t
index ca0ddea..0ae4d4e 100644
--- a/tests/hash:net,iface.t
+++ b/tests/hash:net,iface.t
@@ -102,4 +102,42 @@
 0 n=`ipset list test | wc -l` && test $n -eq 70
 # Delete test set
 0 ipset destroy test
+# Create test set with timeout support
+0 ipset create test hash:net,iface timeout 30
+# Add a non-matching IP address entry
+0 ipset -A test 1.1.1.1,eth0 nomatch
+# Add an overlapping matching small net
+0 ipset -A test 1.1.1.0/30,eth0
+# Add an overlapping non-matching larger net
+0 ipset -A test 1.1.1.0/28,eth0 nomatch
+# Add an even larger matching net
+0 ipset -A test 1.1.1.0/26,eth0
+# Check non-matching IP
+1 ipset -T test 1.1.1.1,eth0
+# Check matching IP from non-matchin small net
+0 ipset -T test 1.1.1.3,eth0
+# Check non-matching IP from larger net
+1 ipset -T test 1.1.1.4,eth0
+# Check matching IP from even larger net
+0 ipset -T test 1.1.1.16,eth0
+# Update non-matching IP to matching one
+0 ipset -! -A test 1.1.1.1,eth0
+# Delete overlapping small net
+0 ipset -D test 1.1.1.0/30,eth0
+# Check matching IP
+0 ipset -T test 1.1.1.1,eth0
+# Add overlapping small net
+0 ipset -A test 1.1.1.0/30,eth0
+# Update matching IP as a non-matching one, with shorter timeout
+0 ipset -! -A test 1.1.1.1,eth0 nomatch timeout 2
+# Check non-matching IP
+1 ipset -T test 1.1.1.1,eth0
+# Sleep 3s so that element can time out
+0 sleep 3
+# Check non-matching IP
+0 ipset -T test 1.1.1.1,eth0
+# Check matching IP
+0 ipset -T test 1.1.1.3,eth0
+# Delete test set
+0 ipset destroy test
 # eof
diff --git a/tests/hash:net,port.t b/tests/hash:net,port.t
index 993893d..5b60476 100644
--- a/tests/hash:net,port.t
+++ b/tests/hash:net,port.t
@@ -76,4 +76,42 @@
 0 n=`ipset list test|grep '^10.0'|wc -l` && test $n -eq 2052
 # Destroy set
 0 ipset -X test
+# Create test set with timeout support
+0 ipset create test hash:net,port timeout 30
+# Add a non-matching IP address entry
+0 ipset -A test 1.1.1.1,80 nomatch
+# Add an overlapping matching small net
+0 ipset -A test 1.1.1.0/30,80 
+# Add an overlapping non-matching larger net
+0 ipset -A test 1.1.1.0/28,80 nomatch
+# Add an even larger matching net
+0 ipset -A test 1.1.1.0/26,80
+# Check non-matching IP
+1 ipset -T test 1.1.1.1,80
+# Check matching IP from non-matchin small net
+0 ipset -T test 1.1.1.3,80
+# Check non-matching IP from larger net
+1 ipset -T test 1.1.1.4,80
+# Check matching IP from even larger net
+0 ipset -T test 1.1.1.16,80
+# Update non-matching IP to matching one
+0 ipset -! -A test 1.1.1.1,80
+# Delete overlapping small net
+0 ipset -D test 1.1.1.0/30,80
+# Check matching IP
+0 ipset -T test 1.1.1.1,80
+# Add overlapping small net
+0 ipset -A test 1.1.1.0/30,80
+# Update matching IP as a non-matching one, with shorter timeout
+0 ipset -! -A test 1.1.1.1,80 nomatch timeout 2
+# Check non-matching IP
+1 ipset -T test 1.1.1.1,80
+# Sleep 3s so that element can time out
+0 sleep 3
+# Check non-matching IP
+0 ipset -T test 1.1.1.1,80
+# Check matching IP
+0 ipset -T test 1.1.1.3,80
+# Delete test set
+0 ipset destroy test
 # eof
diff --git a/tests/hash:net.t b/tests/hash:net.t
index e51186f..10e75d9 100644
--- a/tests/hash:net.t
+++ b/tests/hash:net.t
@@ -60,6 +60,44 @@
 0 ./netgen.sh | ipset restore
 # List set and check the number of elements
 0 n=`ipset -L test|grep '^10.'|wc -l` && test $n -eq 43520
+# Destroy test set
+0 ipset destroy test
+# Create test set with timeout support
+0 ipset create test hash:net timeout 30
+# Add a non-matching IP address entry
+0 ipset -A test 1.1.1.1 nomatch
+# Add an overlapping matching small net
+0 ipset -A test 1.1.1.0/30 
+# Add an overlapping non-matching larger net
+0 ipset -A test 1.1.1.0/28 nomatch
+# Add an even larger matching net
+0 ipset -A test 1.1.1.0/26
+# Check non-matching IP
+1 ipset -T test 1.1.1.1
+# Check matching IP from non-matchin small net
+0 ipset -T test 1.1.1.3
+# Check non-matching IP from larger net
+1 ipset -T test 1.1.1.4
+# Check matching IP from even larger net
+0 ipset -T test 1.1.1.16
+# Update non-matching IP to matching one
+0 ipset -! -A test 1.1.1.1
+# Delete overlapping small net
+0 ipset -D test 1.1.1.0/30
+# Check matching IP
+0 ipset -T test 1.1.1.1
+# Add overlapping small net
+0 ipset -A test 1.1.1.0/30
+# Update matching IP as a non-matching one, with shorter timeout
+0 ipset -! -A test 1.1.1.1 nomatch timeout 2
+# Check non-matching IP
+1 ipset -T test 1.1.1.1
+# Sleep 3s so that element can time out
+0 sleep 3
+# Check non-matching IP
+0 ipset -T test 1.1.1.1
+# Check matching IP
+0 ipset -T test 1.1.1.3
 # Delete test set
 0 ipset destroy test
 # eof
diff --git a/tests/hash:net6,port.t b/tests/hash:net6,port.t
index 3b58523..063b4c9 100644
--- a/tests/hash:net6,port.t
+++ b/tests/hash:net6,port.t
@@ -78,4 +78,42 @@
 0 n=`ipset list test|grep 1::|wc -l` && test $n -eq 1026
 # Destroy set
 0 ipset -X test
+# Create test set with timeout support
+0 ipset create test hash:net,port family inet6 timeout 30
+# Add a non-matching IP address entry
+0 ipset -A test 1:1:1::1,80 nomatch
+# Add an overlapping matching small net
+0 ipset -A test 1:1:1::/124,80 
+# Add an overlapping non-matching larger net
+0 ipset -A test 1:1:1::/120,80 nomatch
+# Add an even larger matching net
+0 ipset -A test 1:1:1::/116,80
+# Check non-matching IP
+1 ipset -T test 1:1:1::1,80
+# Check matching IP from non-matchin small net
+0 ipset -T test 1:1:1::F,80
+# Check non-matching IP from larger net
+1 ipset -T test 1:1:1::10,80
+# Check matching IP from even larger net
+0 ipset -T test 1:1:1::100,80
+# Update non-matching IP to matching one
+0 ipset -! -A test 1:1:1::1,80
+# Delete overlapping small net
+0 ipset -D test 1:1:1::/124,80
+# Check matching IP
+0 ipset -T test 1:1:1::1,80
+# Add overlapping small net
+0 ipset -A test 1:1:1::/124,80
+# Update matching IP as a non-matching one, with shorter timeout
+0 ipset -! -A test 1:1:1::1,80 nomatch timeout 2
+# Check non-matching IP
+1 ipset -T test 1:1:1::1,80
+# Sleep 3s so that element can time out
+0 sleep 3
+# Check non-matching IP
+0 ipset -T test 1:1:1::1,80
+# Check matching IP
+0 ipset -T test 1:1:1::F,80
+# Delete test set
+0 ipset destroy test
 # eof
diff --git a/tests/hash:net6.t b/tests/hash:net6.t
index 372ed39..2200362 100644
--- a/tests/hash:net6.t
+++ b/tests/hash:net6.t
@@ -46,4 +46,42 @@
 0 ipset flush test
 # Delete test set
 0 ipset destroy test
+# Create test set with timeout support
+0 ipset create test hash:net family inet6 timeout 30
+# Add a non-matching IP address entry
+0 ipset -A test 1:1:1::1 nomatch
+# Add an overlapping matching small net
+0 ipset -A test 1:1:1::/124 
+# Add an overlapping non-matching larger net
+0 ipset -A test 1:1:1::/120 nomatch
+# Add an even larger matching net
+0 ipset -A test 1:1:1::/116
+# Check non-matching IP
+1 ipset -T test 1:1:1::1
+# Check matching IP from non-matchin small net
+0 ipset -T test 1:1:1::F
+# Check non-matching IP from larger net
+1 ipset -T test 1:1:1::10
+# Check matching IP from even larger net
+0 ipset -T test 1:1:1::100
+# Update non-matching IP to matching one
+0 ipset -! -A test 1:1:1::1
+# Delete overlapping small net
+0 ipset -D test 1:1:1::/124
+# Check matching IP
+0 ipset -T test 1:1:1::1
+# Add overlapping small net
+0 ipset -A test 1:1:1::/124
+# Update matching IP as a non-matching one, with shorter timeout
+0 ipset -! -A test 1:1:1::1 nomatch timeout 2
+# Check non-matching IP
+1 ipset -T test 1:1:1::1
+# Sleep 3s so that element can time out
+0 sleep 3
+# Check non-matching IP
+0 ipset -T test 1:1:1::1
+# Check matching IP
+0 ipset -T test 1:1:1::F
+# Delete test set
+0 ipset destroy test
 # eof
diff --git a/tests/ipportnethash.t b/tests/ipportnethash.t
index 22ba63b..120ff88 100644
--- a/tests/ipportnethash.t
+++ b/tests/ipportnethash.t
@@ -70,6 +70,32 @@
 0 diff -u -I 'Size in memory.*' .foo ipportnethash.t.list1
 # Network: Flush test set
 0 ipset -F test
-# Network: Delete test set
+# Add a non-matching IP address entry
+0 ipset -A test 2.1.0.0,80,1.1.1.1 nomatch
+# Add an overlapping matching small net
+0 ipset -A test 2.1.0.0,80,1.1.1.0/30 
+# Add an overlapping non-matching larger net
+0 ipset -A test 2.1.0.0,80,1.1.1.0/28 nomatch
+# Add an even larger matching net
+0 ipset -A test 2.1.0.0,80,1.1.1.0/26
+# Check non-matching IP
+1 ipset -T test 2.1.0.0,80,1.1.1.1
+# Check matching IP from non-matchin small net
+0 ipset -T test 2.1.0.0,80,1.1.1.3
+# Check non-matching IP from larger net
+1 ipset -T test 2.1.0.0,80,1.1.1.4
+# Check matching IP from even larger net
+0 ipset -T test 2.1.0.0,80,1.1.1.16
+# Update non-matching IP to matching one
+0 ipset -! -A test 2.1.0.0,80,1.1.1.1
+# Delete overlapping small net
+0 ipset -D test 2.1.0.0,80,1.1.1.0/30
+# Check matching IP
+0 ipset -T test 2.1.0.0,80,1.1.1.1
+# Update matching IP as a non-matching one
+0 ipset -! -A test 2.1.0.0,80,1.1.1.1 nomatch
+# Check non-matching IP
+1 ipset -T test 2.1.0.0,80,1.1.1.1
+# Delete test set
 0 ipset -X test
 # eof
diff --git a/tests/nethash.t b/tests/nethash.t
index 706aaf4..40f79fe 100644
--- a/tests/nethash.t
+++ b/tests/nethash.t
@@ -38,6 +38,32 @@
 0 diff -u -I 'Size in memory.*' .foo nethash.t.list0
 # Flush test set
 0 ipset -F test
+# Add a non-matching IP address entry
+0 ipset -A test 1.1.1.1 nomatch
+# Add an overlapping matching small net
+0 ipset -A test 1.1.1.0/30 
+# Add an overlapping non-matching larger net
+0 ipset -A test 1.1.1.0/28 nomatch
+# Add an even larger matching net
+0 ipset -A test 1.1.1.0/26
+# Check non-matching IP
+1 ipset -T test 1.1.1.1
+# Check matching IP from non-matchin small net
+0 ipset -T test 1.1.1.3
+# Check non-matching IP from larger net
+1 ipset -T test 1.1.1.4
+# Check matching IP from even larger net
+0 ipset -T test 1.1.1.16
+# Update non-matching IP to matching one
+0 ipset -! -A test 1.1.1.1
+# Delete overlapping small net
+0 ipset -D test 1.1.1.0/30
+# Check matching IP
+0 ipset -T test 1.1.1.1
+# Update matching IP as a non-matching one
+0 ipset -! -A test 1.1.1.1 nomatch
+# Check non-matching IP
+1 ipset -T test 1.1.1.1
 # Delete test set
 0 ipset -X test
 # eof
-- 
cgit v1.2.3