diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-01-13 22:52:44 +0100 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-01-13 22:52:44 +0100 |
commit | 24b35d0b8950407ce85eefef18576d54f1e2c20e (patch) | |
tree | 8ecba4e1c02fb03cfab8ae0f37ab60b7455c137f /tests/hash:ip6,port,net6.t | |
parent | dd71826fcfcfcc8c36f0508cc183dd222da40452 (diff) |
Exceptions support added to hash:*net* types
The "nomatch" keyword and option is added to the hash:*net* types,
by which one can add exception entries to sets. Example:
ipset create test hash:net
ipset add test 192.168.0/24
ipset add test 192.168.0/30 nomatch
In this case the IP addresses from 192.168.0/24 except 192.168.0/30
match the elements of the set.
Diffstat (limited to 'tests/hash:ip6,port,net6.t')
-rw-r--r-- | tests/hash:ip6,port,net6.t | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/tests/hash:ip6,port,net6.t b/tests/hash:ip6,port,net6.t index 71814cf..1955cad 100644 --- a/tests/hash:ip6,port,net6.t +++ b/tests/hash:ip6,port,net6.t @@ -50,4 +50,42 @@ 0 n=`ipset list test|grep 1::1|wc -l` && test $n -eq 1026 # Destroy set 0 ipset -X test +# Create test set with timeout support +0 ipset create test hash:ip,port,net family inet6 timeout 30 +# Add a non-matching IP address entry +0 ipset -A test 2:2:2::2,80,1:1:1::1 nomatch +# Add an overlapping matching small net +0 ipset -A test 2:2:2::2,80,1:1:1::/124 +# Add an overlapping non-matching larger net +0 ipset -A test 2:2:2::2,80,1:1:1::/120 nomatch +# Add an even larger matching net +0 ipset -A test 2:2:2::2,80,1:1:1::/116 +# Check non-matching IP +1 ipset -T test 2:2:2::2,80,1:1:1::1 +# Check matching IP from non-matchin small net +0 ipset -T test 2:2:2::2,80,1:1:1::F +# Check non-matching IP from larger net +1 ipset -T test 2:2:2::2,80,1:1:1::10 +# Check matching IP from even larger net +0 ipset -T test 2:2:2::2,80,1:1:1::100 +# Update non-matching IP to matching one +0 ipset -! -A test 2:2:2::2,80,1:1:1::1 +# Delete overlapping small net +0 ipset -D test 2:2:2::2,80,1:1:1::/124 +# Check matching IP +0 ipset -T test 2:2:2::2,80,1:1:1::1 +# Add overlapping small net +0 ipset -A test 2:2:2::2,80,1:1:1::/124 +# Update matching IP as a non-matching one, with shorter timeout +0 ipset -! -A test 2:2:2::2,80,1:1:1::1 nomatch timeout 2 +# Check non-matching IP +1 ipset -T test 2:2:2::2,80,1:1:1::1 +# Sleep 3s so that element can time out +0 sleep 3 +# Check non-matching IP +0 ipset -T test 2:2:2::2,80,1:1:1::1 +# Check matching IP +0 ipset -T test 2:2:2::2,80,1:1:1::F +# Delete test set +0 ipset destroy test # eof |