From 46fb717308d9d717439badd48c150e32a3508a90 Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu" Date: Thu, 23 Oct 2008 17:24:30 +0000 Subject: ipset 2.4.2: - When flushing a nethash/ipportnethash type of set, it can lead to a kernel crash due to a wrong type declaration, bug reported by Krzysztof Oledzki. - iptree and iptreemap types require the header file linux/timer.h, also reported by Krzysztof Oledzki. --- ChangeLog | 3 +++ Makefile | 4 ++-- ipset_iphash.c | 1 + ipset_nethash.c | 1 - kernel/ChangeLog | 7 +++++++ kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h | 2 ++ kernel/include/linux/netfilter_ipv4/ip_set_hashes.h | 18 ++++++++++-------- kernel/include/linux/netfilter_ipv4/ip_set_iphash.h | 3 ++- kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h | 1 + .../include/linux/netfilter_ipv4/ip_set_ipporthash.h | 3 ++- .../include/linux/netfilter_ipv4/ip_set_ipportiphash.h | 3 ++- .../linux/netfilter_ipv4/ip_set_ipportnethash.h | 3 ++- kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h | 1 + kernel/include/linux/netfilter_ipv4/ip_set_nethash.h | 3 ++- kernel/include/linux/netfilter_ipv4/ip_set_portmap.h | 1 + kernel/ip_set_iphash.c | 2 -- kernel/ip_set_ipmap.c | 2 -- kernel/ip_set_ipporthash.c | 2 -- kernel/ip_set_ipportiphash.c | 2 -- kernel/ip_set_ipportnethash.c | 10 ++++------ kernel/ip_set_iptree.c | 1 + kernel/ip_set_iptreemap.c | 1 + kernel/ip_set_macipmap.c | 2 -- kernel/ip_set_nethash.c | 10 ++++------ kernel/ip_set_portmap.c | 2 -- kernel/ipt_SET.c | 12 +++--------- tests/iphash.t | 6 ++++++ tests/ipmap.t | 12 +++++++++--- tests/ipporthash.t | 6 +++++- tests/ipportiphash.t | 6 +++++- tests/ipportnethash.t | 6 +++++- tests/iptree.t | 6 +++++- tests/iptreemap.t | 2 ++ tests/macipmap.t | 6 +++++- tests/nethash.t | 2 ++ tests/portmap.t | 6 +++++- tests/setlist.t | 4 +++- 37 files changed, 103 insertions(+), 59 deletions(-) diff --git a/ChangeLog b/ChangeLog index 26bad25..278a4a0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2.4.2 + - Only kernel part changes, see kernel/ChangeLoh + 2.4.1 - macipmap type reported misleading deprecated separator tokens and printed the old one at listing set elements diff --git a/Makefile b/Makefile index 6de0097..37a241e 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ ifndef V V=0 endif -IPSET_VERSION:=2.4.1 +IPSET_VERSION:=2.4.2 PREFIX:=/usr/local LIBDIR:=$(PREFIX)/lib @@ -72,7 +72,7 @@ modules_install: modules install: binaries_install modules_install clean: $(EXTRA_CLEANS) - rm -rf $(PROGRAMS) $(SHARED_LIBS) *.o *~ + rm -rf $(PROGRAMS) $(SHARED_LIBS) *.o *~ tests/*~ [ -f $(KERNEL_DIR)/net/ipv4/netfilter/Config.in ] || (cd kernel; make -C $(KERNEL_DIR) M=`pwd` clean) #The ipset(8) self diff --git a/ipset_iphash.c b/ipset_iphash.c index 6dbb84b..9f02081 100644 --- a/ipset_iphash.c +++ b/ipset_iphash.c @@ -21,6 +21,7 @@ #include #include + #include "ipset.h" #define BUFLEN 30; diff --git a/ipset_nethash.c b/ipset_nethash.c index d1f3344..3d2e6fe 100644 --- a/ipset_nethash.c +++ b/ipset_nethash.c @@ -21,7 +21,6 @@ #include #include -#include #include "ipset.h" diff --git a/kernel/ChangeLog b/kernel/ChangeLog index f730927..25006be 100644 --- a/kernel/ChangeLog +++ b/kernel/ChangeLog @@ -1,3 +1,10 @@ +2.4.2 + - When flushing a nethash/ipportnethash type of set, it can + lead to a kernel crash due to a wrong type declaration, + bug reported by Krzysztof Oledzki. + - iptree and iptreemap types require the header file linux/timer.h, + also reported by Krzysztof Oledzki. + 2.4.1 - Zero-valued element are not accepted by hash type of sets because we cannot make a difference between a zero-valued diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h b/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h index 916cb80..2e9293f 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h @@ -3,6 +3,7 @@ /* Macros to generate functions */ +#ifdef __KERNEL__ #define BITMAP_CREATE(type) \ static int \ type##_create(struct ip_set *set, const void *data, size_t size) \ @@ -115,5 +116,6 @@ struct ip_set_type ip_set_##type = { \ .list_members = &type##_list_members, \ .me = THIS_MODULE, \ }; +#endif /* __KERNEL */ #endif /* __IP_SET_BITMAPS_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h b/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h index 405784a..46512b4 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h @@ -1,6 +1,8 @@ #ifndef __IP_SET_HASHES_H #define __IP_SET_HASHES_H +#define initval_t uint32_t + /* Macros to generate functions */ #ifdef __KERNEL__ @@ -30,11 +32,11 @@ type##_retry(struct ip_set *set) \ set->name, map->hashsize, hashsize); \ \ tmp = kmalloc(sizeof(struct ip_set_##type) \ - + map->probes * sizeof(uint32_t), GFP_ATOMIC); \ + + map->probes * sizeof(initval_t), GFP_ATOMIC); \ if (!tmp) { \ DP("out of memory for %d bytes", \ sizeof(struct ip_set_##type) \ - + map->probes * sizeof(uint32_t)); \ + + map->probes * sizeof(initval_t)); \ return -ENOMEM; \ } \ tmp->members = harray_malloc(hashsize, sizeof(dtype), GFP_ATOMIC);\ @@ -47,7 +49,7 @@ type##_retry(struct ip_set *set) \ tmp->elements = 0; \ tmp->probes = map->probes; \ tmp->resize = map->resize; \ - memcpy(tmp->initval, map->initval, map->probes * sizeof(uint32_t));\ + memcpy(tmp->initval, map->initval, map->probes * sizeof(initval_t));\ __##type##_retry(tmp, map); \ \ write_lock_bh(&set->lock); \ @@ -103,15 +105,15 @@ type##_create(struct ip_set *set, const void *data, size_t size) \ } \ \ map = kmalloc(sizeof(struct ip_set_##type) \ - + req->probes * sizeof(uint32_t), GFP_KERNEL); \ + + req->probes * sizeof(initval_t), GFP_KERNEL); \ if (!map) { \ DP("out of memory for %d bytes", \ sizeof(struct ip_set_##type) \ - + req->probes * sizeof(uint32_t)); \ + + req->probes * sizeof(initval_t)); \ return -ENOMEM; \ } \ for (i = 0; i < req->probes; i++) \ - get_random_bytes(((uint32_t *) map->initval)+i, 4); \ + get_random_bytes(((initval_t *) map->initval)+i, 4); \ map->elements = 0; \ map->hashsize = req->hashsize; \ map->probes = req->probes; \ @@ -158,8 +160,8 @@ type##_flush(struct ip_set *set) \ { \ struct ip_set_##type *map = set->data; \ harray_flush(map->members, map->hashsize, sizeof(dtype)); \ - memset(map->cidr, 0, 30 * sizeof(uint8_t)); \ - memset(map->nets, 0, 30 * sizeof(uint32_t)); \ + memset(map->cidr, 0, sizeof(map->cidr)); \ + memset(map->nets, 0, sizeof(map->nets)); \ map->elements = 0; \ } diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h b/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h index 7551cb2..277bc8c 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h @@ -2,6 +2,7 @@ #define __IP_SET_IPHASH_H #include +#include #define SETTYPE_NAME "iphash" @@ -12,7 +13,7 @@ struct ip_set_iphash { uint16_t probes; /* max number of probes */ uint16_t resize; /* resize factor in percent */ ip_set_ip_t netmask; /* netmask */ - uint32_t initval[0]; /* initvals for jhash_1word */ + initval_t initval[0]; /* initvals for jhash_1word */ }; struct ip_set_req_iphash_create { diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h index 2f409d9..3d800ef 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h @@ -2,6 +2,7 @@ #define __IP_SET_IPMAP_H #include +#include #define SETTYPE_NAME "ipmap" diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h index ccec14e..b5db5f5 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h @@ -2,6 +2,7 @@ #define __IP_SET_IPPORTHASH_H #include +#include #define SETTYPE_NAME "ipporthash" @@ -13,7 +14,7 @@ struct ip_set_ipporthash { uint16_t resize; /* resize factor in percent */ ip_set_ip_t first_ip; /* host byte order, included in range */ ip_set_ip_t last_ip; /* host byte order, included in range */ - uint32_t initval[0]; /* initvals for jhash_1word */ + initval_t initval[0]; /* initvals for jhash_1word */ }; struct ip_set_req_ipporthash_create { diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h index 4d794bf..eb6cf55 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h @@ -2,6 +2,7 @@ #define __IP_SET_IPPORTIPHASH_H #include +#include #define SETTYPE_NAME "ipportiphash" @@ -18,7 +19,7 @@ struct ip_set_ipportiphash { uint16_t resize; /* resize factor in percent */ ip_set_ip_t first_ip; /* host byte order, included in range */ ip_set_ip_t last_ip; /* host byte order, included in range */ - uint32_t initval[0]; /* initvals for jhash_1word */ + initval_t initval[0]; /* initvals for jhash_1word */ }; struct ip_set_req_ipportiphash_create { diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h index 9c78a68..951da92 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h @@ -2,6 +2,7 @@ #define __IP_SET_IPPORTNETHASH_H #include +#include #define SETTYPE_NAME "ipportnethash" @@ -20,7 +21,7 @@ struct ip_set_ipportnethash { ip_set_ip_t last_ip; /* host byte order, included in range */ uint8_t cidr[30]; /* CIDR sizes */ uint16_t nets[30]; /* nr of nets by CIDR sizes */ - uint32_t initval[0]; /* initvals for jhash_1word */ + initval_t initval[0]; /* initvals for jhash_1word */ }; struct ip_set_req_ipportnethash_create { diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h index 82ea96d..c983214 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h @@ -2,6 +2,7 @@ #define __IP_SET_MACIPMAP_H #include +#include #define SETTYPE_NAME "macipmap" diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h b/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h index eecd68b..b2d006f 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h @@ -2,6 +2,7 @@ #define __IP_SET_NETHASH_H #include +#include #define SETTYPE_NAME "nethash" @@ -13,7 +14,7 @@ struct ip_set_nethash { uint16_t resize; /* resize factor in percent */ uint8_t cidr[30]; /* CIDR sizes */ uint16_t nets[30]; /* nr of nets by CIDR sizes */ - uint32_t initval[0]; /* initvals for jhash_1word */ + initval_t initval[0]; /* initvals for jhash_1word */ }; struct ip_set_req_nethash_create { diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h index 1a15380..e878327 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h @@ -2,6 +2,7 @@ #define __IP_SET_PORTMAP_H #include +#include #define SETTYPE_NAME "portmap" diff --git a/kernel/ip_set_iphash.c b/kernel/ip_set_iphash.c index 38b83ed..976fcfc 100644 --- a/kernel/ip_set_iphash.c +++ b/kernel/ip_set_iphash.c @@ -20,8 +20,6 @@ #include -#include -#include #include static int limit = MAX_RANGE; diff --git a/kernel/ip_set_ipmap.c b/kernel/ip_set_ipmap.c index e1a1663..442f0d3 100644 --- a/kernel/ip_set_ipmap.c +++ b/kernel/ip_set_ipmap.c @@ -17,8 +17,6 @@ #include #include -#include -#include #include static inline ip_set_ip_t diff --git a/kernel/ip_set_ipporthash.c b/kernel/ip_set_ipporthash.c index 97b2323..2e2bfa5 100644 --- a/kernel/ip_set_ipporthash.c +++ b/kernel/ip_set_ipporthash.c @@ -22,8 +22,6 @@ #include -#include -#include #include #include diff --git a/kernel/ip_set_ipportiphash.c b/kernel/ip_set_ipportiphash.c index 74e8f7e..2130508 100644 --- a/kernel/ip_set_ipportiphash.c +++ b/kernel/ip_set_ipportiphash.c @@ -22,8 +22,6 @@ #include -#include -#include #include #include diff --git a/kernel/ip_set_ipportnethash.c b/kernel/ip_set_ipportnethash.c index 0f08ba6..3c7f859 100644 --- a/kernel/ip_set_ipportnethash.c +++ b/kernel/ip_set_ipportnethash.c @@ -22,8 +22,6 @@ #include -#include -#include #include #include @@ -223,8 +221,8 @@ __ipportnethash_retry(struct ip_set_ipportnethash *tmp, { tmp->first_ip = map->first_ip; tmp->last_ip = map->last_ip; - memcpy(tmp->cidr, map->cidr, 30 * sizeof(uint8_t)); - memcpy(tmp->nets, map->nets, 30 * sizeof(uint16_t)); + memcpy(tmp->cidr, map->cidr, sizeof(tmp->cidr)); + memcpy(tmp->nets, map->nets, sizeof(tmp->nets)); } HASH_RETRY2(ipportnethash, struct ipportip) @@ -273,8 +271,8 @@ __ipportnethash_create(const struct ip_set_req_ipportnethash_create *req, } map->first_ip = req->from; map->last_ip = req->to; - memset(map->cidr, 0, 30 * sizeof(uint8_t)); - memset(map->nets, 0, 30 * sizeof(uint16_t)); + memset(map->cidr, 0, sizeof(map->cidr)); + memset(map->nets, 0, sizeof(map->nets)); return 0; } diff --git a/kernel/ip_set_iptree.c b/kernel/ip_set_iptree.c index 22a94d1..f51dea1 100644 --- a/kernel/ip_set_iptree.c +++ b/kernel/ip_set_iptree.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include diff --git a/kernel/ip_set_iptreemap.c b/kernel/ip_set_iptreemap.c index 4a13e4f..4bf70f7 100644 --- a/kernel/ip_set_iptreemap.c +++ b/kernel/ip_set_iptreemap.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include diff --git a/kernel/ip_set_macipmap.c b/kernel/ip_set_macipmap.c index 4b2b1de..61ea6d5 100644 --- a/kernel/ip_set_macipmap.c +++ b/kernel/ip_set_macipmap.c @@ -19,8 +19,6 @@ #include #include -#include -#include #include static int diff --git a/kernel/ip_set_nethash.c b/kernel/ip_set_nethash.c index a04857c..9b3d826 100644 --- a/kernel/ip_set_nethash.c +++ b/kernel/ip_set_nethash.c @@ -20,8 +20,6 @@ #include -#include -#include #include static int limit = MAX_RANGE; @@ -153,8 +151,8 @@ KADT(nethash, add, ipaddr, cidr) static inline void __nethash_retry(struct ip_set_nethash *tmp, struct ip_set_nethash *map) { - memcpy(tmp->cidr, map->cidr, 30 * sizeof(uint8_t)); - memcpy(tmp->nets, map->nets, 30 * sizeof(uint16_t)); + memcpy(tmp->cidr, map->cidr, sizeof(tmp->cidr)); + memcpy(tmp->nets, map->nets, sizeof(tmp->nets)); } HASH_RETRY(nethash, ip_set_ip_t) @@ -190,8 +188,8 @@ static inline int __nethash_create(const struct ip_set_req_nethash_create *req, struct ip_set_nethash *map) { - memset(map->cidr, 0, 30 * sizeof(uint8_t)); - memset(map->nets, 0, 30 * sizeof(uint16_t)); + memset(map->cidr, 0, sizeof(map->cidr)); + memset(map->nets, 0, sizeof(map->nets)); return 0; } diff --git a/kernel/ip_set_portmap.c b/kernel/ip_set_portmap.c index 79cc511..8b0ec0a 100644 --- a/kernel/ip_set_portmap.c +++ b/kernel/ip_set_portmap.c @@ -19,8 +19,6 @@ #include -#include -#include #include #include diff --git a/kernel/ipt_SET.c b/kernel/ipt_SET.c index f6afafd..960e557 100644 --- a/kernel/ipt_SET.c +++ b/kernel/ipt_SET.c @@ -10,17 +10,11 @@ /* ipt_SET.c - netfilter target to manipulate IP sets */ -#include -#include -#include #include -#include -#include -#include -#include +#include +#include #include -#include -#include + #include #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16) #include diff --git a/tests/iphash.t b/tests/iphash.t index 731457d..46ce58b 100644 --- a/tests/iphash.t +++ b/tests/iphash.t @@ -14,12 +14,16 @@ 0 ipset -T test 192.168.68.69 # IP: Test value not added to the set 1 ipset -T test 2.0.0.2 +# IP: Flush test set +0 ipset -F test # IP: Delete test set 0 ipset -X test # IP: Restore values so that rehashing is triggered 0 ipset -R < iphash.t.restore # IP: Check that all values are restored 0 (egrep -v '#|-N' iphash.t.restore | sort > .foo.1) && (ipset -S test | egrep -v '#|-N' | sort > .foo.2) && cmp .foo.1 .foo.2 && rm .foo.* +# IP: Flush test set +0 ipset -F test # IP: Delete test set 0 ipset -X test # Network: Create a set @@ -34,6 +38,8 @@ 0 ipset -T test 192.168.68.95 # Network: Test value not added to the set 1 ipset -T test 2.0.1.0 +# Network: Flush test set +0 ipset -F test # Network: Delete test set 0 ipset -X test # eof diff --git a/tests/ipmap.t b/tests/ipmap.t index fea8389..58b913a 100644 --- a/tests/ipmap.t +++ b/tests/ipmap.t @@ -20,7 +20,9 @@ 1 ipset -A test 2.0.0.0 # Range: Try to add value after upper boundary 1 ipset -A test 2.1.0.1 -# Range: Delete test test +# Range: Flush test set +0 ipset -F test +# Range: Delete test set 0 ipset -X test # Network: Try to create a set from an invalid network 2 ipset -N test ipmap --network 2.0.0.0/15 @@ -44,7 +46,9 @@ 1 ipset -A test 1.255.255.255 # Network: Try to add value after upper boundary 1 ipset -A test 2.1.0.0 -# Network: Delete test test +# Network: Flush test set +0 ipset -F test +# Network: Delete test set 0 ipset -X test # Subnets: Create a set to store networks 0 ipset -N test ipmap --network 10.0.0.0/8 --netmask 24 @@ -66,7 +70,9 @@ 1 ipset -A test 9.255.255.255 # Subnets: Try to add value after upper boundary 1 ipset -A test 11.0.0.0 -# Subnets: Delete test test +# Subnets: FLush test set +0 ipset -F test +# Subnets: Delete test set 0 ipset -X test # Full: Create full IPv4 space with /16 networks 0 ipset -N test ipmap --network 0.0.0.0/0 --netmask 16 diff --git a/tests/ipporthash.t b/tests/ipporthash.t index fe246a3..4db4bf3 100644 --- a/tests/ipporthash.t +++ b/tests/ipporthash.t @@ -26,7 +26,9 @@ 1 ipset -A test 2.0.0.0,5 # Range: Try to add value after upper boundary 1 ipset -A test 2.1.0.1,128 -# Range: Delete test test +# Range: Flush test set +0 ipset -F test +# Range: Delete test set 0 ipset -X test # Network: Try to create a set from an invalid network 2 ipset -N test ipporthash --network 2.0.0.0/15 @@ -52,6 +54,8 @@ 1 ipset -A test 1.255.255.255,5 # Network: Try to add value after upper boundary 1 ipset -A test 2.1.0.0,128 +# Network: Flush test set +0 ipset -F test # Network: Delete test set 0 ipset -X test # eof diff --git a/tests/ipportiphash.t b/tests/ipportiphash.t index 058b706..2b38667 100644 --- a/tests/ipportiphash.t +++ b/tests/ipportiphash.t @@ -28,7 +28,9 @@ 1 ipset -A test 2.0.0.0,5,1.1.1.1 # Range: Try to add value after upper boundary 1 ipset -A test 2.1.0.1,128,2.2.2.2 -# Range: Delete test test +# Range: Flush test set +0 ipset -F test +# Range: Delete test set 0 ipset -X test # Network: Try to create a set from an invalid network 2 ipset -N test ipportiphash --network 2.0.0.0/15 @@ -54,6 +56,8 @@ 1 ipset -A test 1.255.255.255,5,1.1.1.1 # Network: Try to add value after upper boundary 1 ipset -A test 2.1.0.0,128,2.2.2.2 +# Network: Flush test set +0 ipset -F test # Network: Delete test set 0 ipset -X test # eof diff --git a/tests/ipportnethash.t b/tests/ipportnethash.t index 18e89a1..35cb9fc 100644 --- a/tests/ipportnethash.t +++ b/tests/ipportnethash.t @@ -28,7 +28,9 @@ 1 ipset -A test 2.0.0.0,5,1.1.1.1/24 # Range: Try to add value after upper boundary 1 ipset -A test 2.1.0.1,128,2.2.2.2/12 -# Range: Delete test test +# Range: Flush test set +0 ipset -F test +# Range: Delete test set 0 ipset -X test # Network: Try to create a set from an invalid network 2 ipset -N test ipportnethash --network 2.0.0.0/15 @@ -54,6 +56,8 @@ 1 ipset -A test 1.255.255.255,5,1.1.1.1/24 # Network: Try to add value after upper boundary 1 ipset -A test 2.1.0.0,128,2.2.2.2/12 +# Network: Flush test set +0 ipset -F test # Network: Delete test set 0 ipset -X test # eof diff --git a/tests/iptree.t b/tests/iptree.t index 0e661ce..746baed 100644 --- a/tests/iptree.t +++ b/tests/iptree.t @@ -12,7 +12,9 @@ 1 ipset -T test 2.0.0.2 # Static: Test value not added to the set 1 ipset -T test 192.168.68.70 -# Static: Delete test test +# Static: Flush test set +0 ipset -F test +# Static: Delete test set 0 ipset -X test # Timeout: Create a set with a timeout parameter 0 ipset -N test iptree --timeout 5 @@ -46,6 +48,8 @@ 0 sleep 4 # Timeout: Test entry added with 3s timeout 1 ipset -T test 2.0.0.2 +# Timeout: Flush test set +0 ipset -F test # Timeout: Delete test set 0 ipset -X test # eof diff --git a/tests/iptreemap.t b/tests/iptreemap.t index 66ee325..b563522 100644 --- a/tests/iptreemap.t +++ b/tests/iptreemap.t @@ -46,6 +46,8 @@ 0 ipset -T test 192.168.68.67 # Test element after upper bound of deleted network 0 ipset -T test 192.168.68.72 +# Flush test set +0 ipset -F test # Delete test set 0 ipset -X test # eof diff --git a/tests/macipmap.t b/tests/macipmap.t index 049eaee..a498a4f 100644 --- a/tests/macipmap.t +++ b/tests/macipmap.t @@ -26,7 +26,9 @@ 1 ipset -T test 2.0.0.2,00:11:22:33:44:56 # Range: Test value with valid MAC 0 ipset -T test 2.0.0.2,00:11:22:33:44:55 -# Range: Delete test test +# Range: Flush test set +0 ipset -F test +# Range: Delete test set 0 ipset -X test # Network: Try to create a set from an invalid network 2 ipset -N test macipmap --network 2.0.0.0/15 @@ -50,6 +52,8 @@ 1 ipset -A test 1.255.255.255 # Network: Try to add value after upper boundary 1 ipset -A test 2.1.0.0 +# Network: Flush test set +0 ipset -F test # Network: Delete test set 0 ipset -X test # eof diff --git a/tests/nethash.t b/tests/nethash.t index bcb873b..0011216 100644 --- a/tests/nethash.t +++ b/tests/nethash.t @@ -16,6 +16,8 @@ 1 ipset -T test 2.0.1.0 # Try to add IP address 2 ipset -A test 2.0.0.1 +# Flush test set +0 ipset -F test # Delete test set 0 ipset -X test # eof diff --git a/tests/portmap.t b/tests/portmap.t index e616f15..299877a 100644 --- a/tests/portmap.t +++ b/tests/portmap.t @@ -18,7 +18,9 @@ 1 ipset -A test 0 # Range: Try to add value after upper boundary 1 ipset -A test 1025 -# Range: Delete test test +# Range: Flush test set +0 ipset -F test +# Range: Delete test set 0 ipset -X test # Full: Create a full set of ports 0 ipset -N test portmap --from 0 --to 65535 @@ -32,6 +34,8 @@ 0 ipset -T test 65535 # Full: Test value not added to the set 1 ipset -T test 1 +# Full: Flush test set +0 ipset -F test # Full: Delete test set 0 ipset -X test # eof diff --git a/tests/setlist.t b/tests/setlist.t index 785dc13..183a7ab 100644 --- a/tests/setlist.t +++ b/tests/setlist.t @@ -26,6 +26,8 @@ 1 ipset -D test foo,after,bar # Setlist: Delete bar,after,foo 0 ipset -D test bar,after,foo -# Setlist: Delete test test +# Setlist: Flush test set +0 ipset -F test +# Setlist: Delete test set 0 ipset -X test # eof -- cgit v1.2.3