diff options
author | Vytas Dauksa <vytas.dauksa@smoothwall.net> | 2013-12-17 14:01:43 +0000 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2014-01-08 21:02:54 +0100 |
commit | 14ea38fca9e40df4f172a573c222591b5f3cc241 (patch) | |
tree | 5f0e1cd46a19bbb6b54de73494971c35f4c329ae /tests/ipmarkhash.t | |
parent | 8a88bdf50b448e221a8b0b6a5c8446ebafcefa19 (diff) |
add hash:ip,mark data type to ipset
Introduce packet mark support with new ip,mark hash set. This includes
userspace and kernelspace code, hash:ip,mark set tests and man page
updates.
The intended use of ip,mark set is similar to the ip:port type, but for
protocols which don't use a predictable port number. Instead of port
number it matches a firewall mark determined by a layer 7 filtering
program like opendpi.
As well as allowing or blocking traffic it will also be used for
accounting packets and bytes sent for each protocol.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'tests/ipmarkhash.t')
-rw-r--r-- | tests/ipmarkhash.t | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/tests/ipmarkhash.t b/tests/ipmarkhash.t new file mode 100644 index 0000000..30301fb --- /dev/null +++ b/tests/ipmarkhash.t @@ -0,0 +1,71 @@ +# Create a set from a range (range ignored) +0 ipset -N test ipmarkhash --from 2.0.0.1 --to 2.1.0.0 +# Destroy set +0 ipset -X test +# Create a set +0 ipset -N test ipmarkhash +# Add partly zero valued element +0 ipset -A test 2.0.0.1,0 +# Test partly zero valued element +0 ipset -T test 2.0.0.1,0 +# Delete partly zero valued element +0 ipset -D test 2.0.0.1,0 +# Add first random value +0 ipset -A test 2.0.0.1,5 +# Add second random value +0 ipset -A test 2.1.0.0,128 +# Test first random value +0 ipset -T test 2.0.0.1,5 +# Test second random value +0 ipset -T test 2.1.0.0,128 +# Test value not added to the set +1 ipset -T test 2.0.0.1,4 +# Delete value not added to the set +1 ipset -D test 2.0.0.1,6 +# Test value before first random value +1 ipset -T test 2.0.0.0,5 +# Test value after second random value +1 ipset -T test 2.1.0.1,128 +# Try to add value before first random value +0 ipset -A test 2.0.0.0,5 +# Try to add value after second random value +0 ipset -A test 2.1.0.1,128 +# List set +0 ipset -L test | grep -v Revision: > .foo0 && ./sort.sh .foo0 +# Check listing +0 diff -u -I 'Size in memory.*' .foo ipmarkhash.t.list0 +# Flush test set +0 ipset -F test +# Delete test set +0 ipset -X test +# Create a set from a network (network ignored) +0 ipset -N test ipmarkhash --network 2.0.0.0/16 +# Add first random value +0 ipset -A test 2.0.0.0,5 +# Add second random value +0 ipset -A test 2.0.255.255,128 +# Test first random value +0 ipset -T test 2.0.0.0,5 +# Test second random value +0 ipset -T test 2.0.255.255,128 +# Test value not added to the set +1 ipset -T test 2.0.0.0,4 +# Delete value not added to the set +1 ipset -D test 2.0.0.0,6 +# Test value before first random value +1 ipset -T test 1.255.255.255,5 +# Test value after second random value +1 ipset -T test 2.1.0.0,128 +# Try to add value before first random value +0 ipset -A test 1.255.255.255,5 +# Try to add value after second random value +0 ipset -A test 2.1.0.0,128 +# List set +0 ipset -L test | grep -v Revision: > .foo0 && ./sort.sh .foo0 +# Check listing +0 diff -u -I 'Size in memory.*' .foo ipmarkhash.t.list1 +# Flush test set +0 ipset -F test +# Delete test set +0 ipset -X test +# eof |