summaryrefslogtreecommitdiffstats
path: root/tests/hash:net,iface.t
Commit message (Collapse)AuthorAgeFilesLines
* Add element count to hash headersEric B Munson2015-06-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | It would be useful for userspace to query the size of an ipset hash, however, this data is not exposed to userspace outside of counting the number of member entries. This patch uses the attribute IPSET_ATTR_ELEMENTS to indicate the size in the the header that is exported to userspace. This field is then printed by the userspace tool for hashes. Because it is only meaningful for hashes to report their size, the output is conditional on the set type. To do this checking the MATCH_TYPENAME macro was moved to utils.h. The bulk of this patch changes the expected test suite to account for the change in output. Signed-off-by: Eric B Munson <emunson@akamai.com> Cc: Pablo Neira Ayuso <pablo@netfilter.org> Cc: Josh Hunt <johunt@akamai.com> Cc: netfilter-devel@vger.kernel.org Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Add new testsuite entries to verify counters and the new type implementationsJozsef Kadlecsik2013-04-091-0/+52
| | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* The set type revision number is added to the header part of listingJozsef Kadlecsik2012-09-111-4/+4
| | | | | | | | | Incompatibility: if your script rely on the number of lines in the header of set listings, then the new line Revision: number can break your script.
* Add /0 network support to hash:net,iface typeJozsef Kadlecsik2012-09-101-5/+37
| | | | | Now it is possible to setup a single hash:net,iface type of set and a single ip6?tables match which covers all egress/ingress filtering.
* Exceptions support added to hash:*net* typesJozsef Kadlecsik2012-01-131-0/+38
| | | | | | | | | | | | The "nomatch" keyword and option is added to the hash:*net* types, by which one can add exception entries to sets. Example: ipset create test hash:net ipset add test 192.168.0/24 ipset add test 192.168.0/30 nomatch In this case the IP addresses from 192.168.0/24 except 192.168.0/30 match the elements of the set.
* hash:net,iface fixed to handle overlapping nets behind different interfacesJozsef Kadlecsik2011-07-081-0/+48
| | | | | | | | | | | | | | | | | | If overlapping networks with different interfaces was added to the set, the type did not handle it properly. Example ipset create test hash:net,iface ipset add test 192.168.0.0/16,eth0 ipset add test 192.168.0.0/24,eth1 Now, if a packet was sent from 192.168.0.0/24,eth0, the type returned a match. In the patch the algorithm is fixed in order to correctly handle overlapping networks. Limitation: the same network cannot be stored with more than 64 different interfaces in a single set.
* hash:net,iface type introducedJozsef Kadlecsik2011-05-301-0/+57
The hash:net,iface type makes possible to store network address and interface name pairs in a set. It's mostly suitable for egress and ingress filtering. Examples: # ipset create test hash:net,iface # ipset add test 192.168.0.0/16,eth0 # ipset add test 192.168.0.0/24,eth1