From 4e92e6ba2c4411f0ea3ae503c42fe7029bcc4618 Mon Sep 17 00:00:00 2001
From: Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
Date: Sat, 28 Sep 2013 20:20:01 +0200
Subject: ipset: Add userspace code to support hash:net,port,net kernel module.

This adds the userspace library, tests to validate correct operation of
the module and also provides appropriate usage information in the man
page.

Signed-off-by: Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---
 tests/hash:net,port,net.t         | 183 ++++++++++++++++++++++++++++++++++++++
 tests/hash:net,port,net.t.list0   |  10 +++
 tests/hash:net6,port,net6.t       | 143 +++++++++++++++++++++++++++++
 tests/hash:net6,port,net6.t.list0 |  10 +++
 tests/resizen.sh                  |  13 +++
 tests/resizet.sh                  |   8 ++
 tests/runtest.sh                  |   1 +
 tests/setlist_resize.sh           |   1 +
 8 files changed, 369 insertions(+)
 create mode 100644 tests/hash:net,port,net.t
 create mode 100644 tests/hash:net,port,net.t.list0
 create mode 100644 tests/hash:net6,port,net6.t
 create mode 100644 tests/hash:net6,port,net6.t.list0

(limited to 'tests')

diff --git a/tests/hash:net,port,net.t b/tests/hash:net,port,net.t
new file mode 100644
index 0000000..4b55631
--- /dev/null
+++ b/tests/hash:net,port,net.t
@@ -0,0 +1,183 @@
+# Create a set with timeout
+0 ipset create test hash:net,port,net timeout 5
+# Add partly zero valued element
+0 ipset add test 2.0.0.1/24,0,192.168.0.0/24
+# Test partly zero valued element
+0 ipset test test 2.0.0.1/24,0,192.168.0.0/24
+# Delete partly zero valued element
+0 ipset del test 2.0.0.1/24,0,192.168.0.0/24
+# Add first random value
+0 ipset add test 2.0.0.1/24,5,192.168.0.0/24
+# Add second random value
+0 ipset add test 2.1.0.0/24,128,10.0.0.0/16
+# Test first random value
+0 ipset test test 2.0.0.1,5,192.168.0.1
+# Test second random value
+0 ipset test test 2.1.0.0,128,10.0.1.1
+# Test value not added to the set
+1 ipset test test 2.5.0.1,4,10.0.0.1
+# Delete value not added to the set
+1 ipset del test 2.0.0.1/8,6,10.0.0.0/16
+# Test value before first random value
+1 ipset test test 2.0.0.0/25,5,192.168.0.0/24
+# Test value after second random value
+1 ipset test test 2.4.0.1,128,10.0.0.100
+# Try to add value before first random value
+0 ipset add test 2.0.0.0/24,5,192.168.0.0/25
+# Try to add value after second random value
+0 ipset add test 2.1.0.1,128,10.0.0.0/17
+# List set
+0 ipset list test | grep -v Revision: | sed 's/timeout ./timeout x/' > .foo0 && ./sort.sh .foo0
+# Check listing
+0 diff -u -I 'Size in memory.*' .foo hash:net,port,net.t.list0
+# Sleep 5s so that elements can time out
+0 sleep 5
+# List set
+0 n=`ipset save test|wc -l` && test $n -eq 1
+# Flush test set
+0 ipset flush test
+# Delete set
+0 ipset destroy test
+# Create set to add a range
+0 ipset new test hash:net,port,net hashsize 64
+# Add a range
+0 ipset add test 10.0.0.0-10.0.3.255,tcp:80-82,192.168.0.1/24
+# Check that correct number of elements are added
+0 n=`ipset list test|grep '^10.0'|wc -l` && test $n -eq 3
+# Destroy set
+0 ipset -X test
+# Create set to add a range and with range notation in the network
+0 ipset new test hash:net,port,net hashsize 64
+# Add a range which forces a resizing
+0 ipset add test 10.0.0.0-10.0.3.255,tcp:80-82,192.168.0.0-192.168.2.255
+# Check that correct number of elements are added
+0 n=`ipset list test|grep '^10.0'|wc -l` && test $n -eq 6
+# Destroy set
+0 ipset -X test
+# Create test set with timeout support
+0 ipset create test hash:net,port,net timeout 30
+# Add a non-matching IP address entry
+0 ipset -A test 2.2.2.2,80,1.1.1.1 nomatch
+# Add an overlapping matching small net
+0 ipset -A test 2.2.2.2,80,1.1.1.0/30
+# Add an overlapping non-matching larger net
+0 ipset -A test 2.2.2.2,80,1.1.1.0/28 nomatch
+# Add an even larger matching net
+0 ipset -A test 2.2.2.2,80,1.1.1.0/26
+# Check non-matching IP
+1 ipset -T test 2.2.2.2,80,1.1.1.1
+# Check matching IP from non-matchin small net
+0 ipset -T test 2.2.2.2,80,1.1.1.3
+# Check non-matching IP from larger net
+1 ipset -T test 2.2.2.2,80,1.1.1.4
+# Check matching IP from even larger net
+0 ipset -T test 2.2.2.2,80,1.1.1.16
+# Update non-matching IP to matching one
+0 ipset -! -A test 2.2.2.2,80,1.1.1.1
+# Delete overlapping small net
+0 ipset -D test 2.2.2.2,80,1.1.1.0/30
+# Check matching IP
+0 ipset -T test 2.2.2.2,80,1.1.1.1
+# Add overlapping small net
+0 ipset -A test 2.2.2.2,80,1.1.1.0/30
+# Update matching IP as a non-matching one, with shorter timeout
+0 ipset -! -A test 2.2.2.2,80,1.1.1.1 nomatch timeout 2
+# Check non-matching IP
+1 ipset -T test 2.2.2.2,80,1.1.1.1
+# Sleep 3s so that element can time out
+0 sleep 3
+# Check non-matching IP
+0 ipset -T test 2.2.2.2,80,1.1.1.1
+# Check matching IP
+0 ipset -T test 2.2.2.2,80,1.1.1.3
+# Delete test set
+0 ipset destroy test
+# Create set
+0 ipset create test hash:net,port,net
+# Add a single element
+0 ipset add test 10.0.0.1,tcp:80,2.2.2.0/24
+# Check number of elements
+0 n=`ipset save test|wc -l` && test $n -eq 2
+# Delete the single element
+0 ipset del test 10.0.0.1,tcp:80,2.2.2.0/24
+# Check number of elements
+0 n=`ipset save test|wc -l` && test $n -eq 1
+# Add an IP range
+0 ipset add test 10.0.0.1-10.0.0.10,tcp:80,2.2.2.0/24
+# Check number of elements
+0 n=`ipset save test|wc -l` && test $n -eq 6
+# Delete the IP range
+0 ipset del test 10.0.0.1-10.0.0.10,tcp:80,2.2.2.0/24
+# Check number of elements
+0 n=`ipset save test|wc -l` && test $n -eq 1
+# Add a port range
+0 ipset add test 10.0.0.1,tcp:80-89,2.2.2.0/24
+# Check number of elements
+0 n=`ipset save test|wc -l` && test $n -eq 11
+# Delete the port range
+0 ipset del test 10.0.0.1,tcp:80-89,2.2.2.0/24
+# Check number of elements
+0 n=`ipset save test|wc -l` && test $n -eq 1
+# Add an IP and port range
+0 ipset add test 10.0.0.1-10.0.0.10,tcp:80-89,2.2.2.0/24
+# Check number of elements
+0 n=`ipset save test|wc -l` && test $n -eq 51
+# Delete the IP and port range
+0 ipset del test 10.0.0.1-10.0.0.10,tcp:80-89,2.2.2.0/24
+# Check number of elements
+0 n=`ipset save test|wc -l` && test $n -eq 1
+# Destroy set
+0 ipset -X test
+# Timeout: Check that resizing keeps timeout values
+0 ./resizet.sh -4 netportnet
+# Nomatch: Check that resizing keeps the nomatch flag
+0 ./resizen.sh -4 netportnet
+# Counters: create set
+0 ipset n test hash:net,port,net counters
+# Counters: add element with packet, byte counters
+0 ipset a test 2.0.0.1,80,192.168.199.200 packets 5 bytes 3456
+# Counters: check element
+0 ipset t test 2.0.0.1,80,192.168.199.200
+# Counters: check counters
+0 ./check_counters test 2.0.0.1 5 3456
+# Counters: delete element
+0 ipset d test 2.0.0.1,80,192.168.199.200
+# Counters: test deleted element
+1 ipset t test 2.0.0.1,80,192.168.199.200
+# Counters: add element with packet, byte counters
+0 ipset a test 2.0.0.20,453,10.0.0.1 packets 12 bytes 9876
+# Counters: check counters
+0 ./check_counters test 2.0.0.20 12 9876
+# Counters: update counters
+0 ipset -! a test 2.0.0.20,453,10.0.0.1 packets 13 bytes 12479
+# Counters: check counters
+0 ./check_counters test 2.0.0.20 13 12479
+# Counters: destroy set
+0 ipset x test
+# Counters and timeout: create set
+0 ipset n test hash:net,port,net counters timeout 600
+# Counters and timeout: add element with packet, byte counters
+0 ipset a test 2.0.0.1,80,192.168.199.200 packets 5 bytes 3456
+# Counters and timeout: check element
+0 ipset t test 2.0.0.1,80,192.168.199.200
+# Counters and timeout: check counters
+0 ./check_extensions test 2.0.0.1 600 5 3456
+# Counters and timeout: delete element
+0 ipset d test 2.0.0.1,80,192.168.199.200
+# Counters and timeout: test deleted element
+1 ipset t test 2.0.0.1,80,192.168.199.200
+# Counters and timeout: add element with packet, byte counters
+0 ipset a test 2.0.0.20,453,10.0.0.1 packets 12 bytes 9876
+# Counters and timeout: check counters
+0 ./check_extensions test 2.0.0.20 600 12 9876
+# Counters and timeout: update counters
+0 ipset -! a test 2.0.0.20,453,10.0.0.1 packets 13 bytes 12479
+# Counters and timeout: check counters
+0 ./check_extensions test 2.0.0.20 600 13 12479
+# Counters and timeout: update timeout
+0 ipset -! a test 2.0.0.20,453,10.0.0.1 timeout 700
+# Counters and timeout: check counters
+0 ./check_extensions test 2.0.0.20 700 13 12479
+# Counters and timeout: destroy set
+0 ipset x test
+# eof
diff --git a/tests/hash:net,port,net.t.list0 b/tests/hash:net,port,net.t.list0
new file mode 100644
index 0000000..0d90e62
--- /dev/null
+++ b/tests/hash:net,port,net.t.list0
@@ -0,0 +1,10 @@
+Name: test
+Type: hash:net,port,net
+Header: family inet hashsize 1024 maxelem 65536 timeout x
+Size in memory: 17672
+References: 0
+Members:
+2.0.0.0/24,tcp:5,192.168.0.0/24 timeout x
+2.0.0.0/24,tcp:5,192.168.0.0/25 timeout x
+2.1.0.0/24,tcp:128,10.0.0.0/16 timeout x
+2.1.0.1,tcp:128,10.0.0.0/17 timeout x
diff --git a/tests/hash:net6,port,net6.t b/tests/hash:net6,port,net6.t
new file mode 100644
index 0000000..63587e3
--- /dev/null
+++ b/tests/hash:net6,port,net6.t
@@ -0,0 +1,143 @@
+# Range: Create a set
+0 ipset -N test netportnethash -6
+# Range: Add zero valued element
+1 ipset -A test 2:0:0::1/24,0,0:0:0::0/0
+# Range: Test zero valued element
+1 ipset -T test 2:0:0::1/24,0,0:0:0::0/0
+# Range: Delete zero valued element
+1 ipset -D test 2:0:0::1,0,0:0:0::0/0
+# Range: Add almost zero valued element
+0 ipset -A test 2:0:0::1,0,0:0:0::0/24
+# Range: Test almost zero valued element
+0 ipset -T test 2:0:0::1,0,0:0:0::0/24
+# Range: Delete almost zero valued element
+0 ipset -D test 2:0:0::1,0,0:0:0::0/24
+# Range: Add first random value
+0 ipset -A test 2:0:0::1,5,1:1:1::1/24
+# Range: Add second random value
+0 ipset -A test 2:1:0::0,128,2:2:2::2/12
+# Range: Test first random value
+0 ipset -T test 2:0:0::1,5,1:1:1::2
+# Range: Test second random value
+0 ipset -T test 2:1:0::0,128,2:2:2::0
+# Range: Test value not added to the set
+1 ipset -T test 2:0:0::1,5,2:1:1::255
+# Range: Test value not added to the set
+1 ipset -T test 2:0:0::1,6,1:1:1::1
+# Range: Test value not added to the set
+1 ipset -T test 2:0:0::2,6,1:1:1::1
+# Range: Test value before first random value
+1 ipset -T test 2:0:0::0,5,1:1:1::1
+# Range: Test value after second random value
+1 ipset -T test 2:1:0::1,128,2:2:2::2
+# Range: Try to add value before first random value
+0 ipset -A test 2:0:0::0,5,1:1:1::1/24
+# Range: Try to add value after second random value
+0 ipset -A test 2:1:0::1,128,2:2:2::2/12
+# Range: List set
+0 ipset -L test | grep -v Revision: > .foo0 && ./sort.sh .foo0
+# Range: Check listing
+0 diff -u -I 'Size in memory.*' .foo hash:net6,port,net6.t.list0
+# Range: Flush test set
+0 ipset -F test
+# Range: Delete test set
+0 ipset -X test
+# Create set to add a range
+0 ipset new test hash:net,port,net -6 hashsize 64
+# Add a range which forces a resizing
+0 ipset add test 1::1,tcp:80-1105,2::2/12
+# Check that correct number of elements are added
+0 n=`ipset list test|grep 1::1|wc -l` && test $n -eq 1026
+# Destroy set
+0 ipset -X test
+# Create test set with timeout support
+0 ipset create test hash:net,port,net family inet6 timeout 30
+# Add a non-matching IP address entry
+0 ipset -A test 2:2:2::2,80,1:1:1::1 nomatch
+# Add an overlapping matching small net
+0 ipset -A test 2:2:2::2,80,1:1:1::/124
+# Add an overlapping non-matching larger net
+0 ipset -A test 2:2:2::2,80,1:1:1::/120 nomatch
+# Add an even larger matching net
+0 ipset -A test 2:2:2::2,80,1:1:1::/116
+# Check non-matching IP
+1 ipset -T test 2:2:2::2,80,1:1:1::1
+# Check matching IP from non-matchin small net
+0 ipset -T test 2:2:2::2,80,1:1:1::F
+# Check non-matching IP from larger net
+1 ipset -T test 2:2:2::2,80,1:1:1::10
+# Check matching IP from even larger net
+0 ipset -T test 2:2:2::2,80,1:1:1::100
+# Update non-matching IP to matching one
+0 ipset -! -A test 2:2:2::2,80,1:1:1::1
+# Delete overlapping small net
+0 ipset -D test 2:2:2::2,80,1:1:1::/124
+# Check matching IP
+0 ipset -T test 2:2:2::2,80,1:1:1::1
+# Add overlapping small net
+0 ipset -A test 2:2:2::2,80,1:1:1::/124
+# Update matching IP as a non-matching one, with shorter timeout
+0 ipset -! -A test 2:2:2::2,80,1:1:1::1 nomatch timeout 2
+# Check non-matching IP
+1 ipset -T test 2:2:2::2,80,1:1:1::1
+# Sleep 3s so that element can time out
+0 sleep 3
+# Check non-matching IP
+0 ipset -T test 2:2:2::2,80,1:1:1::1
+# Check matching IP
+0 ipset -T test 2:2:2::2,80,1:1:1::F
+# Delete test set
+0 ipset destroy test
+# Timeout: Check that resizing keeps timeout values
+0 ./resizet.sh -6 netportnet
+# Nomatch: Check that resizing keeps the nomatch flag
+0 ./resizen.sh -6 netportnet
+# Counters: create set
+0 ipset n test hash:net,port,net -6 counters
+# Counters: add element with packet, byte counters
+0 ipset a test 2:0:0::1,80,2002:24:ff::1/64 packets 5 bytes 3456
+# Counters: check element
+0 ipset t test 2:0:0::1,80,2002:24:ff::1/64
+# Counters: check counters
+0 ./check_counters test 2::1 5 3456
+# Counters: delete element
+0 ipset d test 2:0:0::1,80,2002:24:ff::1/64
+# Counters: test deleted element
+1 ipset t test 2:0:0::1,80,2002:24:ff::1/64
+# Counters: add element with packet, byte counters
+0 ipset a test 2:0:0::20,453,2002:ff:24::ab/54 packets 12 bytes 9876
+# Counters: check counters
+0 ./check_counters test 2::20 12 9876
+# Counters: update counters
+0 ipset -! a test 2:0:0::20,453,2002:ff:24::ab/54 packets 13 bytes 12479
+# Counters: check counters
+0 ./check_counters test 2::20 13 12479
+# Counters: destroy set
+0 ipset x test
+# Counters and timeout: create set
+0 ipset n test hash:net,port,net -6 counters timeout 600
+# Counters and timeout: add element with packet, byte counters
+0 ipset a test 2:0:0::1,80,2002:24:ff::1/64 packets 5 bytes 3456
+# Counters and timeout: check element
+0 ipset t test 2:0:0::1,80,2002:24:ff::1/64
+# Counters and timeout: check counters
+0 ./check_extensions test 2::1 600 5 3456
+# Counters and timeout: delete element
+0 ipset d test 2:0:0::1,80,2002:24:ff::1/64
+# Counters and timeout: test deleted element
+1 ipset t test 2:0:0::1,80,2002:24:ff::1/64
+# Counters and timeout: add element with packet, byte counters
+0 ipset a test 2:0:0::20,453,2002:ff:24::ab/54 packets 12 bytes 9876
+# Counters and timeout: check counters
+0 ./check_extensions test 2::20 600 12 9876
+# Counters and timeout: update counters
+0 ipset -! a test 2:0:0::20,453,2002:ff:24::ab/54 packets 13 bytes 12479
+# Counters and timeout: check counters
+0 ./check_extensions test 2::20 600 13 12479
+# Counters and timeout: update timeout
+0 ipset -! a test 2:0:0::20,453,2002:ff:24::ab/54 timeout 700
+# Counters and timeout: check counters
+0 ./check_extensions test 2::20 700 13 12479
+# Counters and timeout: destroy set
+0 ipset x test
+# eof
diff --git a/tests/hash:net6,port,net6.t.list0 b/tests/hash:net6,port,net6.t.list0
new file mode 100644
index 0000000..8a927ec
--- /dev/null
+++ b/tests/hash:net6,port,net6.t.list0
@@ -0,0 +1,10 @@
+Name: test
+Type: hash:net,port,net
+Header: family inet6 hashsize 1024 maxelem 65536
+Size in memory: 18824
+References: 0
+Members:
+2:1::,tcp:128,::/12
+2:1::1,tcp:128,::/12
+2::,tcp:5,1::/24
+2::1,tcp:5,1::/24
diff --git a/tests/resizen.sh b/tests/resizen.sh
index f473b0b..9ceee88 100644
--- a/tests/resizen.sh
+++ b/tests/resizen.sh
@@ -34,6 +34,19 @@ case "$2" in
     	    done
     	done
     	;;
+    netportnet)
+    	$ipset n test hash:net,port,net $1 hashsize 64
+    	for x in `seq 0 16`; do
+    	    for y in `seq 0 255`; do
+    	    	$ipset a test $ip$x$sep$y,1023,$ip2/$net nomatch
+    	    done
+    	done
+    	for x in `seq 0 16`; do
+    	    for y in `seq 0 255`; do
+    	    	$ipset t test $ip$x$sep$y,1023,$ip2/$net nomatch 2>/dev/null
+    	    done
+    	done
+    	;;
     net)
     	$ipset n test hash:net $1 hashsize 64
     	for x in `seq 0 16`; do
diff --git a/tests/resizet.sh b/tests/resizet.sh
index ff98d58..c121357 100644
--- a/tests/resizet.sh
+++ b/tests/resizet.sh
@@ -53,6 +53,14 @@ case "$2" in
     	    done
     	done
     	;;
+    netportnet)
+    	$ipset n test hash:net,port,net $1 hashsize 64 timeout 100
+    	for x in `seq 0 16`; do
+    	    for y in `seq 0 128`; do
+    	    	$ipset a test $ip$x$sep$y/$net,1023,$ip$y$sep$x/$net
+    	    done
+    	done
+    	;;
     net)
     	$ipset n test hash:net $1 hashsize 64 timeout 100
     	for x in `seq 0 16`; do
diff --git a/tests/runtest.sh b/tests/runtest.sh
index 64708ac..a82b802 100755
--- a/tests/runtest.sh
+++ b/tests/runtest.sh
@@ -10,6 +10,7 @@ tests="$tests ipporthash hash:ip,port hash:ip6,port"
 tests="$tests ipportiphash hash:ip,port,ip hash:ip6,port,ip6"
 tests="$tests nethash hash:net hash:net6 hash:net,port hash:net6,port"
 tests="$tests hash:ip,port,net hash:ip6,port,net6 hash:net,net hash:net6,net6"
+tests="$tests hash:net,port,net hash:net6,port,net6"
 tests="$tests hash:net,iface.t"
 tests="$tests comment setlist restore"
 # tests="$tests iptree iptreemap"
diff --git a/tests/setlist_resize.sh b/tests/setlist_resize.sh
index ee045f4..bdf762b 100755
--- a/tests/setlist_resize.sh
+++ b/tests/setlist_resize.sh
@@ -7,6 +7,7 @@ loop=8
 for x in ip_set_list_set ip_set_hash_netiface ip_set_hash_ipportnet \
 	 ip_set_hash_netport ip_set_hash_net ip_set_hash_ipportip \
 	 ip_set_hash_ipport ip_set_hash_ip ip_set_hash_netnet \
+	 ip_set_hash_netportnet \
 	 ip_set_bitmap_port ip_set_bitmap_ipmac \
 	 ip_set_bitmap_ip xt_set ip_set; do
     rmmod $x
-- 
cgit v1.2.3