ipset -U segfault fix committed.

Testsuite added.

17 files changed, 570 insertions, 23 deletions

diff --git a/ChangeLog b/ChangeLog
index ee0154e..680af48 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2.3.1
+ - segfault on --unbind :all: :all: fixed (reported by bugzilla,
+   report and patch sent by Tom Eastep)
+ - User input parameters are sanitized everywhere
+ - Initial testsuite added and 'test' target to the Makefile
+   added: few bugs discovered and fixed
+   - typo in macipmap type prevented to use max size set of this type
+   - *map types are made sure to allow and use max size of sets
+
 2.3.0
  - jiffies rollover bug in iptree type fixed (reported by Lukasz Nierycho
    and others)
diff --git a/Makefile b/Makefile
index 5593e53..fe37596 100644
--- a/Makefile
+++ b/Makefile
@@ -8,7 +8,7 @@ ifndef KERNEL_DIR
 KERNEL_DIR=/usr/src/linux
 endif
 
-IPSET_VERSION:=2.3.0
+IPSET_VERSION:=2.3.1
 
 PREFIX:=/usr/local
 LIBDIR:=$(PREFIX)/lib
@@ -21,7 +21,7 @@ IPSET_LIB_DIR:=$(LIBDIR)/ipset
 RELEASE_DIR:=/tmp
 
 COPT_FLAGS:=-O2
-CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -I. -g -DIPSET_DEBUG #-pg # -DIPTC_DEBUG
+CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -I. # -g -DIPSET_DEBUG #-pg # -DIPTC_DEBUG
 SH_CFLAGS:=$(CFLAGS) -fPIC
 SETTYPES:=ipmap portmap macipmap iphash nethash iptree iptreemap ipporthash
 
@@ -32,6 +32,11 @@ INSTALL+=$(foreach T, $(SETTYPES), $(DESTDIR)$(LIBDIR)/ipset/libipset_$(T).so)
 
 all: $(PROGRAMS) $(SHARED_LIBS)
 
+.PHONY: tests
+
+tests:
+	cd tests; ./runtest.sh
+
 install: all $(INSTALL)
 
 clean: $(EXTRA_CLEANS)
diff --git a/ipset.8 b/ipset.8
index d2c8100..2c4edcb 100644
--- a/ipset.8
+++ b/ipset.8
@@ -308,7 +308,7 @@ When the optional
 parameter specified, network addresses will be 
 stored in the set instead of IP addresses.
 .P
-The iphash type of sets can store up to 65535 entries. If a set is full,
+The iphash type of sets can store up to 65536 entries. If a set is full,
 no new entries can be added to it.
 .P
 Sets created by zero valued resize parameter won't be resized at all.
@@ -346,7 +346,7 @@ by double-hashing (default 4).
 Increase the hash size by this many percent (default 50) when adding
 an IP to the hash could not be performed after
 .P
-The nethash type of sets can store up to 65535 entries. If a set is full,
+The nethash type of sets can store up to 65536 entries. If a set is full,
 no new entries can be added to it.
 .P
 An IP address will be in a nethash type of set if it is in any of the
@@ -425,7 +425,7 @@ If a set was created with a nonzero valued
 parameter then one may add IP addresses to the set with a specific 
 timeout value using the syntax 
 .I IP:timeout-value.
-Similarly to the hash types, the iptree type of sets can store up to 65535
+Similarly to the hash types, the iptree type of sets can store up to 65536
 entries.
 .SS iptreemap
 The iptreemap set type uses a tree to store IP addresses or networks, 
@@ -462,6 +462,8 @@ Jozsef Kadlecsik wrote ipset, which is based on ippool by
 Joakim Axelsson, Patrick Schaaf and Martin Josefsson.
 .P
 Sven Wegener wrote the iptreemap type.
+.SH LAST REMARK
+.BR "I stand on the shoulder of giants."
 .\" .. and did I mention that we are incredibly cool people?
 .\" .. sexy, too ..
 .\" .. witty, charming, powerful ..
diff --git a/ipset.c b/ipset.c
index 9d7f78b..1857180 100644
--- a/ipset.c
+++ b/ipset.c
@@ -1638,7 +1638,7 @@ static int set_bind(struct set *set, const char *adt,
 	DP("(%s, %s) -> %s", set ? set->name : IPSET_TOKEN_ALL, adt, binding);
 
 	/* Ugly */
-	if (strcmp(set->settype->typename, "iptreemap") == 0)
+	if (set && strcmp(set->settype->typename, "iptreemap") == 0)
 		exit_error(PARAMETER_PROBLEM,
 			"iptreemap type of sets cannot be used at binding operations\n");
 	/* Alloc memory for the data to send */
diff --git a/ipset_iphash.c b/ipset_iphash.c
index 114cfad..b42cc21 100644
--- a/ipset_iphash.c
+++ b/ipset_iphash.c
@@ -191,7 +191,7 @@ mask_to_bits(ip_set_ip_t mask)
 	
 	return bits;
 }
-	
+
 void printheader(struct set *set, unsigned options)
 {
 	struct ip_set_iphash *mysetdata =
diff --git a/ipset_nethash.c b/ipset_nethash.c
index fed4a02..5fd6153 100644
--- a/ipset_nethash.c
+++ b/ipset_nethash.c
@@ -173,22 +173,6 @@ void initheader(struct set *set, const void *data)
 	map->resize = header->resize;
 }
 
-unsigned int
-mask_to_bits(ip_set_ip_t mask)
-{
-	unsigned int bits = 32;
-	ip_set_ip_t maskaddr;
-	
-	if (mask == 0xFFFFFFFF)
-		return bits;
-	
-	maskaddr = 0xFFFFFFFE;
-	while (--bits >= 0 && maskaddr != mask)
-		maskaddr <<= 1;
-	
-	return bits;
-}
-	
 void printheader(struct set *set, unsigned options)
 {
 	struct ip_set_nethash *mysetdata =
diff --git a/tests/init.t b/tests/init.t
new file mode 100644
index 0000000..ac15311
--- /dev/null
+++ b/tests/init.t
@@ -0,0 +1,7 @@
+# Load in the ip_set kernel module
+0 modprobe ip_set
+# List our test set: the testsuite fails if it exists
+1 ipset -L test >/dev/null
+# Delete our test set: the testsuite fails if it exists
+1 ipset -X test
+# eof
diff --git a/tests/iphash.t b/tests/iphash.t
new file mode 100644
index 0000000..14c3395
--- /dev/null
+++ b/tests/iphash.t
@@ -0,0 +1,35 @@
+# IP: Create a set 
+0 ipset -N test iphash --hashsize 128 
+# IP: Add first random value
+0 ipset -A test 2.0.0.1
+# IP: Add second random value
+0 ipset -A test 192.168.68.69
+# IP: Test first random value
+0 ipset -T test 2.0.0.1
+# IP: Test second random value
+0 ipset -T test 192.168.68.69
+# IP: Test value not added to the set
+1 ipset -T test 2.0.0.2
+# IP: Delete test set
+0 ipset -X test
+# IP: Restore values so that rehashing is triggered
+0 ipset -R < iphash.t.restore
+# IP: Check that all values are restored
+0 (egrep -v '#|-N' iphash.t.restore | sort > .foo.1) && (ipset -S test | egrep -v '#|-N' | sort > .foo.2) && cmp .foo.1 .foo.2 && rm .foo.*
+# IP: Delete test set
+0 ipset -X test
+# Network: Create a set 
+0 ipset -N test iphash --hashsize 128 --netmask 24
+# Network: Add first random network
+0 ipset -A test 2.0.0.1
+# Network: Add second random network
+0 ipset -A test 192.168.68.69
+# Network: Test first random value
+0 ipset -T test 2.0.0.255
+# Network: Test second random value
+0 ipset -T test 192.168.68.95
+# Network: Test value not added to the set
+1 ipset -T test 2.0.1.0
+# Network: Delete test set
+0 ipset -X test
+# eof
diff --git a/tests/iphash.t.restore b/tests/iphash.t.restore
new file mode 100644
index 0000000..fd915cc
--- /dev/null
+++ b/tests/iphash.t.restore
@@ -0,0 +1,131 @@
+-N test iphash --hashsize 128
+-A test 10.0.0.0
+-A test 10.0.0.1
+-A test 10.0.0.10
+-A test 10.0.0.100
+-A test 10.0.0.101
+-A test 10.0.0.102
+-A test 10.0.0.103
+-A test 10.0.0.104
+-A test 10.0.0.105
+-A test 10.0.0.106
+-A test 10.0.0.107
+-A test 10.0.0.108
+-A test 10.0.0.109
+-A test 10.0.0.11
+-A test 10.0.0.110
+-A test 10.0.0.111
+-A test 10.0.0.112
+-A test 10.0.0.113
+-A test 10.0.0.114
+-A test 10.0.0.115
+-A test 10.0.0.116
+-A test 10.0.0.117
+-A test 10.0.0.118
+-A test 10.0.0.119
+-A test 10.0.0.12
+-A test 10.0.0.120
+-A test 10.0.0.121
+-A test 10.0.0.122
+-A test 10.0.0.123
+-A test 10.0.0.124
+-A test 10.0.0.125
+-A test 10.0.0.126
+-A test 10.0.0.127
+-A test 10.0.0.128
+-A test 10.0.0.13
+-A test 10.0.0.14
+-A test 10.0.0.15
+-A test 10.0.0.16
+-A test 10.0.0.17
+-A test 10.0.0.18
+-A test 10.0.0.19
+-A test 10.0.0.2
+-A test 10.0.0.20
+-A test 10.0.0.21
+-A test 10.0.0.22
+-A test 10.0.0.23
+-A test 10.0.0.24
+-A test 10.0.0.25
+-A test 10.0.0.26
+-A test 10.0.0.27
+-A test 10.0.0.28
+-A test 10.0.0.29
+-A test 10.0.0.3
+-A test 10.0.0.30
+-A test 10.0.0.31
+-A test 10.0.0.32
+-A test 10.0.0.33
+-A test 10.0.0.34
+-A test 10.0.0.35
+-A test 10.0.0.36
+-A test 10.0.0.37
+-A test 10.0.0.38
+-A test 10.0.0.39
+-A test 10.0.0.4
+-A test 10.0.0.40
+-A test 10.0.0.41
+-A test 10.0.0.42
+-A test 10.0.0.43
+-A test 10.0.0.44
+-A test 10.0.0.45
+-A test 10.0.0.46
+-A test 10.0.0.47
+-A test 10.0.0.48
+-A test 10.0.0.49
+-A test 10.0.0.5
+-A test 10.0.0.50
+-A test 10.0.0.51
+-A test 10.0.0.52
+-A test 10.0.0.53
+-A test 10.0.0.54
+-A test 10.0.0.55
+-A test 10.0.0.56
+-A test 10.0.0.57
+-A test 10.0.0.58
+-A test 10.0.0.59
+-A test 10.0.0.6
+-A test 10.0.0.60
+-A test 10.0.0.61
+-A test 10.0.0.62
+-A test 10.0.0.63
+-A test 10.0.0.64
+-A test 10.0.0.65
+-A test 10.0.0.66
+-A test 10.0.0.67
+-A test 10.0.0.68
+-A test 10.0.0.69
+-A test 10.0.0.7
+-A test 10.0.0.70
+-A test 10.0.0.71
+-A test 10.0.0.72
+-A test 10.0.0.73
+-A test 10.0.0.74
+-A test 10.0.0.75
+-A test 10.0.0.76
+-A test 10.0.0.77
+-A test 10.0.0.78
+-A test 10.0.0.79
+-A test 10.0.0.8
+-A test 10.0.0.80
+-A test 10.0.0.81
+-A test 10.0.0.82
+-A test 10.0.0.83
+-A test 10.0.0.84
+-A test 10.0.0.85
+-A test 10.0.0.86
+-A test 10.0.0.87
+-A test 10.0.0.88
+-A test 10.0.0.89
+-A test 10.0.0.9
+-A test 10.0.0.90
+-A test 10.0.0.91
+-A test 10.0.0.92
+-A test 10.0.0.93
+-A test 10.0.0.94
+-A test 10.0.0.95
+-A test 10.0.0.96
+-A test 10.0.0.97
+-A test 10.0.0.98
+-A test 10.0.0.99
+COMMIT
diff --git a/tests/ipmap.t b/tests/ipmap.t
new file mode 100644
index 0000000..81c4240
--- /dev/null
+++ b/tests/ipmap.t
@@ -0,0 +1,85 @@
+# Range: Try to create from an invalid range
+2 ipset -N test ipmap --from 2.0.0.1 --to 2.1.0.1
+# Range: Create a set from a valid range
+0 ipset -N test ipmap --from 2.0.0.1 --to 2.1.0.0
+# Range: Add lower boundary
+0 ipset -A test 2.0.0.1
+# Range: Add upper boundary
+0 ipset -A test 2.1.0.0
+# Range: Test lower boundary
+0 ipset -T test 2.0.0.1
+# Range: Test upper boundary
+0 ipset -T test 2.1.0.0
+# Range: Test value not added to the set
+1 ipset -T test 2.0.0.2
+# Range: Test value before lower boundary
+1 ipset -T test 2.0.0.0
+# Range: Test value after upper boundary
+1 ipset -T test 2.1.0.1
+# Range: Try to add value before lower boundary
+1 ipset -A test 2.0.0.0
+# Range: Try to add value after upper boundary
+1 ipset -A test 2.1.0.1
+# Range: Delete test test
+0 ipset -X test
+# Network: Try to create a set from an invalid network
+2 ipset -N test ipmap --network 2.0.0.0/15
+# Network: Create a set from a valid network
+0 ipset -N test ipmap --network 2.0.0.0/16
+# Network: Add lower boundary
+0 ipset -A test 2.0.0.0
+# Network: Add upper boundary
+0 ipset -A test 2.0.255.255
+# Network: Test lower boundary
+0 ipset -T test 2.0.0.0
+# Network: Test upper boundary
+0 ipset -T test 2.0.255.255
+# Network: Test value not added to the set
+1 ipset -T test 2.0.0.1
+# Network: Test value before lower boundary
+1 ipset -T test 1.255.255.255
+# Network: Test value after upper boundary
+1 ipset -T test 2.1.0.0
+# Network: Try to add value before lower boundary
+1 ipset -A test 1.255.255.255
+# Network: Try to add value after upper boundary
+1 ipset -A test 2.1.0.0
+# Network: Delete test test
+0 ipset -X test
+# Subnets: Create a set to store networks
+0 ipset -N test ipmap --network 10.0.0.0/8 --netmask 24
+# Subnets: Add lower boundary
+0 ipset -A test 10.0.0.0
+# Subnets: Add upper boundary
+0 ipset -A test 10.255.255.255
+# Subnets: Test lower boundary
+0 ipset -T test 10.0.0.255
+# Subnets: Test upper boundary
+0 ipset -T test 10.255.255.0
+# Subnets: Test value not added to the set
+1 ipset -T test 10.1.0.0
+# Subnets: Test value before lower boundary
+1 ipset -T test 9.255.255.255
+# Subnets: Test value after upper boundary
+1 ipset -T test 11.0.0.0
+# Subnets: Try to add value before lower boundary
+1 ipset -A test 9.255.255.255
+# Subnets: Try to add value after upper boundary
+1 ipset -A test 11.0.0.0
+# Subnets: Delete test test
+0 ipset -X test
+# Full: Create full IPv4 space with /16 networks
+0 ipset -N test ipmap --network 0.0.0.0/0 --netmask 16
+# Full: Add lower boundary
+0 ipset -A test 0.0.255.255
+# Full: Add upper boundary
+0 ipset -A test 255.255.0.0
+# Full: Test lower boundary
+0 ipset -T test 0.0.0.0
+# Full: Test upper boundary
+0 ipset -T test 255.255.255.255
+# Full: Test value not added to the set
+1 ipset -T test 0.1.0.0
+# Full: Delete test test
+0 ipset -X test
+# eof
diff --git a/tests/ipporthash.t b/tests/ipporthash.t
new file mode 100644
index 0000000..5cbeee8
--- /dev/null
+++ b/tests/ipporthash.t
@@ -0,0 +1,53 @@
+# Range: Try to create from an invalid range
+2 ipset -N test ipporthash --from 2.0.0.1 --to 2.1.0.1
+# Range: Create a set from a valid range
+0 ipset -N test ipporthash --from 2.0.0.1 --to 2.1.0.0
+# Range: Add lower boundary
+0 ipset -A test 2.0.0.1:5
+# Range: Add upper boundary
+0 ipset -A test 2.1.0.0:128
+# Range: Test lower boundary
+0 ipset -T test 2.0.0.1:5
+# Range: Test upper boundary
+0 ipset -T test 2.1.0.0:128
+# Range: Test value not added to the set
+1 ipset -T test 2.0.0.1:4
+# Range: Test value not added to the set
+1 ipset -T test 2.0.0.1:6
+# Range: Test value before lower boundary
+1 ipset -T test 2.0.0.0:5
+# Range: Test value after upper boundary
+1 ipset -T test 2.1.0.1:128
+# Range: Try to add value before lower boundary
+1 ipset -A test 2.0.0.0:5
+# Range: Try to add value after upper boundary
+1 ipset -A test 2.1.0.1:128
+# Range: Delete test test
+0 ipset -X test
+# Network: Try to create a set from an invalid network
+2 ipset -N test ipporthash --network 2.0.0.0/15
+# Network: Create a set from a valid network
+0 ipset -N test ipporthash --network 2.0.0.0/16
+# Network: Add lower boundary
+0 ipset -A test 2.0.0.0:5
+# Network: Add upper boundary
+0 ipset -A test 2.0.255.255:128
+# Network: Test lower boundary
+0 ipset -T test 2.0.0.0:5
+# Network: Test upper boundary
+0 ipset -T test 2.0.255.255:128
+# Network: Test value not added to the set
+1 ipset -T test 2.0.0.0:4
+# Network: Test value not added to the set
+1 ipset -T test 2.0.0.0:6
+# Network: Test value before lower boundary
+1 ipset -T test 1.255.255.255:5
+# Network: Test value after upper boundary
+1 ipset -T test 2.1.0.0:128
+# Network: Try to add value before lower boundary
+1 ipset -A test 1.255.255.255:5
+# Network: Try to add value after upper boundary
+1 ipset -A test 2.1.0.0:128
+# Network: Delete test test
+0 ipset -X test
+# eof
diff --git a/tests/iptree.t b/tests/iptree.t
new file mode 100644
index 0000000..ccd5fc7
--- /dev/null
+++ b/tests/iptree.t
@@ -0,0 +1,43 @@
+# Static: Create a set without timeout
+0 ipset -N test iptree
+# Static: Add first random entry
+0 ipset -A test 2.0.0.1
+# Static: Add second random value
+0 ipset -A test 192.168.68.69
+# Static: Test first random value
+0 ipset -T test 2.0.0.1
+# Static: Test second random value
+0 ipset -T test 192.168.68.69
+# Static: Test value not added to the set
+1 ipset -T test 2.0.0.2
+# Static: Test value not added to the set
+1 ipset -T test 192.168.68.70
+# Static: Delete test test
+0 ipset -X test
+# Timeout: Create a set with a timeout parameter
+0 ipset -N test iptree --timeout 5
+# Timeout: Add first random entry
+0 ipset -A test 2.0.0.1
+# Timeout: Add second random value
+0 ipset -A test 192.168.68.69
+# Timeout: Test first random value
+0 ipset -T test 2.0.0.1
+# Timeout: Test second random value
+0 ipset -T test 192.168.68.69
+# Timeout: Test value not added to the set
+1 ipset -T test 2.0.0.2
+# Timeout: Test value not added to the set
+1 ipset -T test 192.168.68.70
+# Timeout: Sleep 5s so that entries can time out
+0 sleep 5
+# Timeout: Test first random value
+1 ipset -T test 2.0.0.1
+# Timeout: Test second random value
+1 ipset -T test 192.168.68.69
+# Timeout: Test value not added to the set
+1 ipset -T test 2.0.0.2
+# Timeout: Test value not added to the set
+1 ipset -T test 192.168.68.70
+# Timeout: Delete test test
+0 ipset -X test
+# eof
diff --git a/tests/iptreemap.t b/tests/iptreemap.t
new file mode 100644
index 0000000..f0cb2c5
--- /dev/null
+++ b/tests/iptreemap.t
@@ -0,0 +1,45 @@
+# Create a set without timeout
+0 ipset -N test iptreemap
+# Add first random IP entry
+0 ipset -A test 2.0.0.1
+# Add second random IP entry
+0 ipset -A test 192.168.68.69
+# Test first random IP entry
+0 ipset -T test 2.0.0.1
+# Test second random IP entry
+0 ipset -T test 192.168.68.69
+# Test value not added to the set
+1 ipset -T test 2.0.0.2
+# Test value not added to the set
+1 ipset -T test 192.168.68.70
+# Add IP range
+0 ipset -A test 3.0.0.0:3.0.0.2
+# Test the three members of the range: first
+0 ipset -T test 3.0.0.0
+# Test the three members of the range: second
+0 ipset -T test 3.0.0.1
+# Test the three members of the range: third
+0 ipset -T test 3.0.0.2
+# Delete the middle of the range
+0 ipset -D test 3.0.0.1
+# Test the range: first
+0 ipset -T test 3.0.0.0
+# Test the range: second
+1 ipset -T test 3.0.0.1
+# Test the range: third
+0 ipset -T test 3.0.0.2
+# Add a network block
+0 ipset -A test 192.168.68.69/27
+# Test the lower bound of the network
+0 ipset -T test 192.168.68.64
+# Test the upper bound of the network
+0 ipset -T test 192.168.68.95
+# Test element from the middle
+0 ipset -T test 192.168.68.71
+# Delete a network from the middle
+0 ipset -D test 192.168.68.70/30
+# Test element from the middle
+1 ipset -T test 192.168.68.71
+# Delete test test
+0 ipset -X test
+# eof
diff --git a/tests/macipmap.t b/tests/macipmap.t
new file mode 100644
index 0000000..72d9b4d
--- /dev/null
+++ b/tests/macipmap.t
@@ -0,0 +1,49 @@
+# Range: Try to create from an invalid range
+2 ipset -N test macipmap --from 2.0.0.1 --to 2.1.0.1
+# Range: Create a set from a valid range
+0 ipset -N test macipmap --from 2.0.0.1 --to 2.1.0.0
+# Range: Add lower boundary
+0 ipset -A test 2.0.0.1
+# Range: Add upper boundary
+0 ipset -A test 2.1.0.0
+# Range: Test lower boundary
+0 ipset -T test 2.0.0.1
+# Range: Test upper boundary
+0 ipset -T test 2.1.0.0
+# Range: Test value not added to the set
+1 ipset -T test 2.0.0.2
+# Range: Test value before lower boundary
+1 ipset -T test 2.0.0.0
+# Range: Test value after upper boundary
+1 ipset -T test 2.1.0.1
+# Range: Try to add value before lower boundary
+1 ipset -A test 2.0.0.0
+# Range: Try to add value after upper boundary
+1 ipset -A test 2.1.0.1
+# Range: Delete test test
+0 ipset -X test
+# Network: Try to create a set from an invalid network
+2 ipset -N test macipmap --network 2.0.0.0/15
+# Network: Create a set from a valid network
+0 ipset -N test macipmap --network 2.0.0.0/16
+# Network: Add lower boundary
+0 ipset -A test 2.0.0.0
+# Network: Add upper boundary
+0 ipset -A test 2.0.255.255
+# Network: Test lower boundary
+0 ipset -T test 2.0.0.0
+# Network: Test upper boundary
+0 ipset -T test 2.0.255.255
+# Network: Test value not added to the set
+1 ipset -T test 2.0.0.1
+# Network: Test value before lower boundary
+1 ipset -T test 1.255.255.255
+# Network: Test value after upper boundary
+1 ipset -T test 2.1.0.0
+# Network: Try to add value before lower boundary
+1 ipset -A test 1.255.255.255
+# Network: Try to add value after upper boundary
+1 ipset -A test 2.1.0.0
+# Network: Delete test test
+0 ipset -X test
+# eof
diff --git a/tests/nethash.t b/tests/nethash.t
new file mode 100644
index 0000000..4cd5867
--- /dev/null
+++ b/tests/nethash.t
@@ -0,0 +1,15 @@
+# Create a set 
+0 ipset -N test nethash --hashsize 128 
+# Add first random network
+0 ipset -A test 2.0.0.1/24
+# Add second random network
+0 ipset -A test 192.168.68.69/27
+# Test first random value
+0 ipset -T test 2.0.0.255
+# Test second random value
+0 ipset -T test 192.168.68.95
+# Test value not added to the set
+1 ipset -T test 2.0.1.0
+# Delete test set
+0 ipset -X test
+# eof
diff --git a/tests/portmap.t b/tests/portmap.t
new file mode 100644
index 0000000..53cf3ad
--- /dev/null
+++ b/tests/portmap.t
@@ -0,0 +1,37 @@
+# Range: Create a set from a valid range
+0 ipset -N test portmap --from 1 --to 1024
+# Range: Add lower boundary
+0 ipset -A test 1
+# Range: Add upper boundary
+0 ipset -A test 1024
+# Range: Test lower boundary
+0 ipset -T test 1
+# Range: Test upper boundary
+0 ipset -T test 1024
+# Range: Test value not added to the set
+1 ipset -T test 1023
+# Range: Test value before lower boundary
+1 ipset -T test 0
+# Range: Test value after upper boundary
+1 ipset -T test 1025
+# Range: Try to add value before lower boundary
+1 ipset -A test 0
+# Range: Try to add value after upper boundary
+1 ipset -A test 1025
+# Range: Delete test test
+0 ipset -X test
+# Full: Create a full set of ports
+0 ipset -N test portmap --from 0 --to 65535
+# Full: Add lower boundary
+0 ipset -A test 0
+# Full: Add upper boundary
+0 ipset -A test 65535
+# Full: Test lower boundary
+0 ipset -T test 0
+# Full: Test upper boundary
+0 ipset -T test 65535
+# Full: Test value not added to the set
+1 ipset -T test 1
+# Full: Delete test test
+0 ipset -X test
+# eof
diff --git a/tests/runtest.sh b/tests/runtest.sh
new file mode 100755
index 0000000..028e968
--- /dev/null
+++ b/tests/runtest.sh
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+tests="init"
+tests+=" ipmap macipmap portmap"
+tests+=" iphash nethash ipporthash"
+tests+=" iptree iptreemap"
+
+for types in $tests; do
+    ipset -X test >/dev/null 2>&1
+    while read ret cmd; do
+	case $ret in
+	    \#)
+	    	if [ "$cmd" = "eof" ]; then
+	    		break
+	    	fi
+	    	what=$cmd
+		continue
+		;;
+	    *)
+		;;
+	esac
+	echo -ne "$types: $what: "
+	eval $cmd >/dev/null 2>&1
+	r=$?
+	# echo $ret $r
+	if [ "$ret" = "$r" ]; then
+		echo "OK"
+	else
+		echo "FAILED"
+		echo "Failed test: $cmd"
+		exit 1
+	fi
+	# sleep 1
+    done < $types.t
+done
+for x in $tests; do
+	case $x in
+	init)
+		;;
+	*)
+		rmmod ip_set_$x >/dev/null 2>&1
+		;;
+	esac
+done
+rmmod ip_set >/dev/null 2>&1
+echo "All tests are OK"
+