hash:net,iface fixed to handle overlapping nets behind different interfaces

If overlapping networks with different interfaces was added to
the set, the type did not handle it properly. Example

	ipset create test hash:net,iface
	ipset add test 192.168.0.0/16,eth0
	ipset add test 192.168.0.0/24,eth1

Now, if a packet was sent from 192.168.0.0/24,eth0, the type returned
a match.

In the patch the algorithm is fixed in order to correctly handle
overlapping networks.

Limitation: the same network cannot be stored with more than 64 different
interfaces in a single set.

2 files changed, 81 insertions, 0 deletions

diff --git a/tests/hash:net,iface.t b/tests/hash:net,iface.t
index 7c73264..ca0ddea 100644
--- a/tests/hash:net,iface.t
+++ b/tests/hash:net,iface.t
@@ -54,4 +54,52 @@
 0 diff -u -I 'Size in memory.*' .foo hash:net,iface.t.list2
 # Delete test set
 0 ipset destroy test
+# Create test set
+0 ipset new test hash:net,iface
+# Add a /16 network with eth0
+0 ipset add test 10.0.0.0/16,eth0
+# Add an overlapping /24 network with eth1
+0 ipset add test 10.0.0.0/24,eth1
+# Add an overlapping /28 network with eth2
+0 ipset add test 10.0.0.0/28,eth2
+# Check matching element: from /28, with eth2
+0 ipset test test 10.0.0.1,eth2
+# Check non-matching element: from /28, with eth1
+1 ipset test test 10.0.0.2,eth1
+# Check non-matching element: from /28, with eth0
+1 ipset test test 10.0.0.3,eth0
+# Check matching element from: /24, with eth1
+0 ipset test test 10.0.0.16,eth1
+# Check non-matching element: from /24, with eth2
+1 ipset test test 10.0.0.17,eth2
+# Check non-matching element: from /24, with eth0
+1 ipset test test 10.0.0.18,eth0
+# Check matching element: from /16, with eth0
+0 ipset test test 10.0.1.1,eth0
+# Check non-matching element: from /16, with eth1
+1 ipset test test 10.0.1.2,eth1
+# Check non-matching element: from /16, with eth2
+1 ipset test test 10.0.1.3,eth2
+# Flush test set
+0 ipset flush test
+# Add overlapping networks from /4 to /30
+0 (set -e; for x in `seq 4 30`; do ipset add test 192.0.0.0/$x,eth$x; done)
+# List test set
+0 ipset -L test 2>/dev/null > .foo0 && ./sort.sh .foo0
+# Check listing
+0 diff -u -I 'Size in memory.*' .foo hash:net,iface.t.list1
+# Test matching elements in all added networks from /30 to /24
+0 (set -e; y=2; for x in `seq 24 30 | tac`; do ipset test test 192.0.0.$y,eth$x; y=$((y*2)); done)
+# Test non-matching elements in all added networks from /30 to /24
+0 (y=2; for x in `seq 24 30 | tac`; do z=$((x-1)); ipset test test 192.0.0.$y,eth$z; ret=$?; test $ret -eq 0 && exit 1; y=$((y*2)); done)
+# Delete test set
+0 ipset destroy test
+# Create test set with minimal hash size
+0 ipset create test hash:net,iface hashsize 64
+# Add clashing elements
+0 (set -e; for x in `seq 0 63`; do ipset add test 10.0.0.0/16,eth$x; done)
+# Check listing
+0 n=`ipset list test | wc -l` && test $n -eq 70
+# Delete test set
+0 ipset destroy test
 # eof
diff --git a/tests/hash:net,iface.t.list1 b/tests/hash:net,iface.t.list1
new file mode 100644
index 0000000..4a298e2
--- /dev/null
+++ b/tests/hash:net,iface.t.list1
@@ -0,0 +1,33 @@
+Name: test
+Type: hash:net,iface
+Header: family inet hashsize 1024 maxelem 65536 
+Size in memory: 18512
+References: 0
+Members:
+192.0.0.0/10,eth10
+192.0.0.0/11,eth11
+192.0.0.0/12,eth12
+192.0.0.0/13,eth13
+192.0.0.0/14,eth14
+192.0.0.0/15,eth15
+192.0.0.0/16,eth16
+192.0.0.0/17,eth17
+192.0.0.0/18,eth18
+192.0.0.0/19,eth19
+192.0.0.0/20,eth20
+192.0.0.0/21,eth21
+192.0.0.0/22,eth22
+192.0.0.0/23,eth23
+192.0.0.0/24,eth24
+192.0.0.0/25,eth25
+192.0.0.0/26,eth26
+192.0.0.0/27,eth27
+192.0.0.0/28,eth28
+192.0.0.0/29,eth29
+192.0.0.0/30,eth30
+192.0.0.0/4,eth4
+192.0.0.0/5,eth5
+192.0.0.0/6,eth6
+192.0.0.0/7,eth7
+192.0.0.0/8,eth8
+192.0.0.0/9,eth9