Testsuite added.
+2.3.1
+ - segfault on --unbind :all: :all: fixed (reported by bugzilla,
+ report and patch sent by Tom Eastep)
+ - User input parameters are sanitized everywhere
+ - Initial testsuite added and 'test' target to the Makefile
+ added: few bugs discovered and fixed
+ - typo in macipmap type prevented to use max size set of this type
+ - *map types are made sure to allow and use max size of sets
+
2.3.0
- jiffies rollover bug in iptree type fixed (reported by Lukasz Nierycho
and others)
KERNEL_DIR=/usr/src/linux
endif
-IPSET_VERSION:=2.3.0
+IPSET_VERSION:=2.3.1
PREFIX:=/usr/local
LIBDIR:=$(PREFIX)/lib
RELEASE_DIR:=/tmp
COPT_FLAGS:=-O2
-CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -I. -g -DIPSET_DEBUG #-pg # -DIPTC_DEBUG
+CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -I. # -g -DIPSET_DEBUG #-pg # -DIPTC_DEBUG
SH_CFLAGS:=$(CFLAGS) -fPIC
SETTYPES:=ipmap portmap macipmap iphash nethash iptree iptreemap ipporthash
all: $(PROGRAMS) $(SHARED_LIBS)
+.PHONY: tests
+
+tests:
+ cd tests; ./runtest.sh
+
install: all $(INSTALL)
clean: $(EXTRA_CLEANS)
parameter specified, network addresses will be
stored in the set instead of IP addresses.
.P
-The iphash type of sets can store up to 65535 entries. If a set is full,
+The iphash type of sets can store up to 65536 entries. If a set is full,
no new entries can be added to it.
.P
Sets created by zero valued resize parameter won't be resized at all.
Increase the hash size by this many percent (default 50) when adding
an IP to the hash could not be performed after
.P
-The nethash type of sets can store up to 65535 entries. If a set is full,
+The nethash type of sets can store up to 65536 entries. If a set is full,
no new entries can be added to it.
.P
An IP address will be in a nethash type of set if it is in any of the
parameter then one may add IP addresses to the set with a specific
timeout value using the syntax
.I IP:timeout-value.
-Similarly to the hash types, the iptree type of sets can store up to 65535
+Similarly to the hash types, the iptree type of sets can store up to 65536
entries.
.SS iptreemap
The iptreemap set type uses a tree to store IP addresses or networks,
Joakim Axelsson, Patrick Schaaf and Martin Josefsson.
.P
Sven Wegener wrote the iptreemap type.
+.SH LAST REMARK
+.BR "I stand on the shoulder of giants."
.\" .. and did I mention that we are incredibly cool people?
.\" .. sexy, too ..
.\" .. witty, charming, powerful ..
DP("(%s, %s) -> %s", set ? set->name : IPSET_TOKEN_ALL, adt, binding);
/* Ugly */
- if (strcmp(set->settype->typename, "iptreemap") == 0)
+ if (set && strcmp(set->settype->typename, "iptreemap") == 0)
exit_error(PARAMETER_PROBLEM,
"iptreemap type of sets cannot be used at binding operations\n");
/* Alloc memory for the data to send */
return bits;
}
-
+
void printheader(struct set *set, unsigned options)
{
struct ip_set_iphash *mysetdata =
map->resize = header->resize;
}
-unsigned int
-mask_to_bits(ip_set_ip_t mask)
-{
- unsigned int bits = 32;
- ip_set_ip_t maskaddr;
-
- if (mask == 0xFFFFFFFF)
- return bits;
-
- maskaddr = 0xFFFFFFFE;
- while (--bits >= 0 && maskaddr != mask)
- maskaddr <<= 1;
-
- return bits;
-}
-
void printheader(struct set *set, unsigned options)
{
struct ip_set_nethash *mysetdata =
--- /dev/null
+# Load in the ip_set kernel module
+0 modprobe ip_set
+# List our test set: the testsuite fails if it exists
+1 ipset -L test >/dev/null
+# Delete our test set: the testsuite fails if it exists
+1 ipset -X test
+# eof
--- /dev/null
+# IP: Create a set
+0 ipset -N test iphash --hashsize 128
+# IP: Add first random value
+0 ipset -A test 2.0.0.1
+# IP: Add second random value
+0 ipset -A test 192.168.68.69
+# IP: Test first random value
+0 ipset -T test 2.0.0.1
+# IP: Test second random value
+0 ipset -T test 192.168.68.69
+# IP: Test value not added to the set
+1 ipset -T test 2.0.0.2
+# IP: Delete test set
+0 ipset -X test
+# IP: Restore values so that rehashing is triggered
+0 ipset -R < iphash.t.restore
+# IP: Check that all values are restored
+0 (egrep -v '#|-N' iphash.t.restore | sort > .foo.1) && (ipset -S test | egrep -v '#|-N' | sort > .foo.2) && cmp .foo.1 .foo.2 && rm .foo.*
+# IP: Delete test set
+0 ipset -X test
+# Network: Create a set
+0 ipset -N test iphash --hashsize 128 --netmask 24
+# Network: Add first random network
+0 ipset -A test 2.0.0.1
+# Network: Add second random network
+0 ipset -A test 192.168.68.69
+# Network: Test first random value
+0 ipset -T test 2.0.0.255
+# Network: Test second random value
+0 ipset -T test 192.168.68.95
+# Network: Test value not added to the set
+1 ipset -T test 2.0.1.0
+# Network: Delete test set
+0 ipset -X test
+# eof
--- /dev/null
+-N test iphash --hashsize 128
+-A test 10.0.0.0
+-A test 10.0.0.1
+-A test 10.0.0.10
+-A test 10.0.0.100
+-A test 10.0.0.101
+-A test 10.0.0.102
+-A test 10.0.0.103
+-A test 10.0.0.104
+-A test 10.0.0.105
+-A test 10.0.0.106
+-A test 10.0.0.107
+-A test 10.0.0.108
+-A test 10.0.0.109
+-A test 10.0.0.11
+-A test 10.0.0.110
+-A test 10.0.0.111
+-A test 10.0.0.112
+-A test 10.0.0.113
+-A test 10.0.0.114
+-A test 10.0.0.115
+-A test 10.0.0.116
+-A test 10.0.0.117
+-A test 10.0.0.118
+-A test 10.0.0.119
+-A test 10.0.0.12
+-A test 10.0.0.120
+-A test 10.0.0.121
+-A test 10.0.0.122
+-A test 10.0.0.123
+-A test 10.0.0.124
+-A test 10.0.0.125
+-A test 10.0.0.126
+-A test 10.0.0.127
+-A test 10.0.0.128
+-A test 10.0.0.13
+-A test 10.0.0.14
+-A test 10.0.0.15
+-A test 10.0.0.16
+-A test 10.0.0.17
+-A test 10.0.0.18
+-A test 10.0.0.19
+-A test 10.0.0.2
+-A test 10.0.0.20
+-A test 10.0.0.21
+-A test 10.0.0.22
+-A test 10.0.0.23
+-A test 10.0.0.24
+-A test 10.0.0.25
+-A test 10.0.0.26
+-A test 10.0.0.27
+-A test 10.0.0.28
+-A test 10.0.0.29
+-A test 10.0.0.3
+-A test 10.0.0.30
+-A test 10.0.0.31
+-A test 10.0.0.32
+-A test 10.0.0.33
+-A test 10.0.0.34
+-A test 10.0.0.35
+-A test 10.0.0.36
+-A test 10.0.0.37
+-A test 10.0.0.38
+-A test 10.0.0.39
+-A test 10.0.0.4
+-A test 10.0.0.40
+-A test 10.0.0.41
+-A test 10.0.0.42
+-A test 10.0.0.43
+-A test 10.0.0.44
+-A test 10.0.0.45
+-A test 10.0.0.46
+-A test 10.0.0.47
+-A test 10.0.0.48
+-A test 10.0.0.49
+-A test 10.0.0.5
+-A test 10.0.0.50
+-A test 10.0.0.51
+-A test 10.0.0.52
+-A test 10.0.0.53
+-A test 10.0.0.54
+-A test 10.0.0.55
+-A test 10.0.0.56
+-A test 10.0.0.57
+-A test 10.0.0.58
+-A test 10.0.0.59
+-A test 10.0.0.6
+-A test 10.0.0.60
+-A test 10.0.0.61
+-A test 10.0.0.62
+-A test 10.0.0.63
+-A test 10.0.0.64
+-A test 10.0.0.65
+-A test 10.0.0.66
+-A test 10.0.0.67
+-A test 10.0.0.68
+-A test 10.0.0.69
+-A test 10.0.0.7
+-A test 10.0.0.70
+-A test 10.0.0.71
+-A test 10.0.0.72
+-A test 10.0.0.73
+-A test 10.0.0.74
+-A test 10.0.0.75
+-A test 10.0.0.76
+-A test 10.0.0.77
+-A test 10.0.0.78
+-A test 10.0.0.79
+-A test 10.0.0.8
+-A test 10.0.0.80
+-A test 10.0.0.81
+-A test 10.0.0.82
+-A test 10.0.0.83
+-A test 10.0.0.84
+-A test 10.0.0.85
+-A test 10.0.0.86
+-A test 10.0.0.87
+-A test 10.0.0.88
+-A test 10.0.0.89
+-A test 10.0.0.9
+-A test 10.0.0.90
+-A test 10.0.0.91
+-A test 10.0.0.92
+-A test 10.0.0.93
+-A test 10.0.0.94
+-A test 10.0.0.95
+-A test 10.0.0.96
+-A test 10.0.0.97
+-A test 10.0.0.98
+-A test 10.0.0.99
+COMMIT
--- /dev/null
+# Range: Try to create from an invalid range
+2 ipset -N test ipmap --from 2.0.0.1 --to 2.1.0.1
+# Range: Create a set from a valid range
+0 ipset -N test ipmap --from 2.0.0.1 --to 2.1.0.0
+# Range: Add lower boundary
+0 ipset -A test 2.0.0.1
+# Range: Add upper boundary
+0 ipset -A test 2.1.0.0
+# Range: Test lower boundary
+0 ipset -T test 2.0.0.1
+# Range: Test upper boundary
+0 ipset -T test 2.1.0.0
+# Range: Test value not added to the set
+1 ipset -T test 2.0.0.2
+# Range: Test value before lower boundary
+1 ipset -T test 2.0.0.0
+# Range: Test value after upper boundary
+1 ipset -T test 2.1.0.1
+# Range: Try to add value before lower boundary
+1 ipset -A test 2.0.0.0
+# Range: Try to add value after upper boundary
+1 ipset -A test 2.1.0.1
+# Range: Delete test test
+0 ipset -X test
+# Network: Try to create a set from an invalid network
+2 ipset -N test ipmap --network 2.0.0.0/15
+# Network: Create a set from a valid network
+0 ipset -N test ipmap --network 2.0.0.0/16
+# Network: Add lower boundary
+0 ipset -A test 2.0.0.0
+# Network: Add upper boundary
+0 ipset -A test 2.0.255.255
+# Network: Test lower boundary
+0 ipset -T test 2.0.0.0
+# Network: Test upper boundary
+0 ipset -T test 2.0.255.255
+# Network: Test value not added to the set
+1 ipset -T test 2.0.0.1
+# Network: Test value before lower boundary
+1 ipset -T test 1.255.255.255
+# Network: Test value after upper boundary
+1 ipset -T test 2.1.0.0
+# Network: Try to add value before lower boundary
+1 ipset -A test 1.255.255.255
+# Network: Try to add value after upper boundary
+1 ipset -A test 2.1.0.0
+# Network: Delete test test
+0 ipset -X test
+# Subnets: Create a set to store networks
+0 ipset -N test ipmap --network 10.0.0.0/8 --netmask 24
+# Subnets: Add lower boundary
+0 ipset -A test 10.0.0.0
+# Subnets: Add upper boundary
+0 ipset -A test 10.255.255.255
+# Subnets: Test lower boundary
+0 ipset -T test 10.0.0.255
+# Subnets: Test upper boundary
+0 ipset -T test 10.255.255.0
+# Subnets: Test value not added to the set
+1 ipset -T test 10.1.0.0
+# Subnets: Test value before lower boundary
+1 ipset -T test 9.255.255.255
+# Subnets: Test value after upper boundary
+1 ipset -T test 11.0.0.0
+# Subnets: Try to add value before lower boundary
+1 ipset -A test 9.255.255.255
+# Subnets: Try to add value after upper boundary
+1 ipset -A test 11.0.0.0
+# Subnets: Delete test test
+0 ipset -X test
+# Full: Create full IPv4 space with /16 networks
+0 ipset -N test ipmap --network 0.0.0.0/0 --netmask 16
+# Full: Add lower boundary
+0 ipset -A test 0.0.255.255
+# Full: Add upper boundary
+0 ipset -A test 255.255.0.0
+# Full: Test lower boundary
+0 ipset -T test 0.0.0.0
+# Full: Test upper boundary
+0 ipset -T test 255.255.255.255
+# Full: Test value not added to the set
+1 ipset -T test 0.1.0.0
+# Full: Delete test test
+0 ipset -X test
+# eof
--- /dev/null
+# Range: Try to create from an invalid range
+2 ipset -N test ipporthash --from 2.0.0.1 --to 2.1.0.1
+# Range: Create a set from a valid range
+0 ipset -N test ipporthash --from 2.0.0.1 --to 2.1.0.0
+# Range: Add lower boundary
+0 ipset -A test 2.0.0.1:5
+# Range: Add upper boundary
+0 ipset -A test 2.1.0.0:128
+# Range: Test lower boundary
+0 ipset -T test 2.0.0.1:5
+# Range: Test upper boundary
+0 ipset -T test 2.1.0.0:128
+# Range: Test value not added to the set
+1 ipset -T test 2.0.0.1:4
+# Range: Test value not added to the set
+1 ipset -T test 2.0.0.1:6
+# Range: Test value before lower boundary
+1 ipset -T test 2.0.0.0:5
+# Range: Test value after upper boundary
+1 ipset -T test 2.1.0.1:128
+# Range: Try to add value before lower boundary
+1 ipset -A test 2.0.0.0:5
+# Range: Try to add value after upper boundary
+1 ipset -A test 2.1.0.1:128
+# Range: Delete test test
+0 ipset -X test
+# Network: Try to create a set from an invalid network
+2 ipset -N test ipporthash --network 2.0.0.0/15
+# Network: Create a set from a valid network
+0 ipset -N test ipporthash --network 2.0.0.0/16
+# Network: Add lower boundary
+0 ipset -A test 2.0.0.0:5
+# Network: Add upper boundary
+0 ipset -A test 2.0.255.255:128
+# Network: Test lower boundary
+0 ipset -T test 2.0.0.0:5
+# Network: Test upper boundary
+0 ipset -T test 2.0.255.255:128
+# Network: Test value not added to the set
+1 ipset -T test 2.0.0.0:4
+# Network: Test value not added to the set
+1 ipset -T test 2.0.0.0:6
+# Network: Test value before lower boundary
+1 ipset -T test 1.255.255.255:5
+# Network: Test value after upper boundary
+1 ipset -T test 2.1.0.0:128
+# Network: Try to add value before lower boundary
+1 ipset -A test 1.255.255.255:5
+# Network: Try to add value after upper boundary
+1 ipset -A test 2.1.0.0:128
+# Network: Delete test test
+0 ipset -X test
+# eof
--- /dev/null
+# Static: Create a set without timeout
+0 ipset -N test iptree
+# Static: Add first random entry
+0 ipset -A test 2.0.0.1
+# Static: Add second random value
+0 ipset -A test 192.168.68.69
+# Static: Test first random value
+0 ipset -T test 2.0.0.1
+# Static: Test second random value
+0 ipset -T test 192.168.68.69
+# Static: Test value not added to the set
+1 ipset -T test 2.0.0.2
+# Static: Test value not added to the set
+1 ipset -T test 192.168.68.70
+# Static: Delete test test
+0 ipset -X test
+# Timeout: Create a set with a timeout parameter
+0 ipset -N test iptree --timeout 5
+# Timeout: Add first random entry
+0 ipset -A test 2.0.0.1
+# Timeout: Add second random value
+0 ipset -A test 192.168.68.69
+# Timeout: Test first random value
+0 ipset -T test 2.0.0.1
+# Timeout: Test second random value
+0 ipset -T test 192.168.68.69
+# Timeout: Test value not added to the set
+1 ipset -T test 2.0.0.2
+# Timeout: Test value not added to the set
+1 ipset -T test 192.168.68.70
+# Timeout: Sleep 5s so that entries can time out
+0 sleep 5
+# Timeout: Test first random value
+1 ipset -T test 2.0.0.1
+# Timeout: Test second random value
+1 ipset -T test 192.168.68.69
+# Timeout: Test value not added to the set
+1 ipset -T test 2.0.0.2
+# Timeout: Test value not added to the set
+1 ipset -T test 192.168.68.70
+# Timeout: Delete test test
+0 ipset -X test
+# eof
--- /dev/null
+# Create a set without timeout
+0 ipset -N test iptreemap
+# Add first random IP entry
+0 ipset -A test 2.0.0.1
+# Add second random IP entry
+0 ipset -A test 192.168.68.69
+# Test first random IP entry
+0 ipset -T test 2.0.0.1
+# Test second random IP entry
+0 ipset -T test 192.168.68.69
+# Test value not added to the set
+1 ipset -T test 2.0.0.2
+# Test value not added to the set
+1 ipset -T test 192.168.68.70
+# Add IP range
+0 ipset -A test 3.0.0.0:3.0.0.2
+# Test the three members of the range: first
+0 ipset -T test 3.0.0.0
+# Test the three members of the range: second
+0 ipset -T test 3.0.0.1
+# Test the three members of the range: third
+0 ipset -T test 3.0.0.2
+# Delete the middle of the range
+0 ipset -D test 3.0.0.1
+# Test the range: first
+0 ipset -T test 3.0.0.0
+# Test the range: second
+1 ipset -T test 3.0.0.1
+# Test the range: third
+0 ipset -T test 3.0.0.2
+# Add a network block
+0 ipset -A test 192.168.68.69/27
+# Test the lower bound of the network
+0 ipset -T test 192.168.68.64
+# Test the upper bound of the network
+0 ipset -T test 192.168.68.95
+# Test element from the middle
+0 ipset -T test 192.168.68.71
+# Delete a network from the middle
+0 ipset -D test 192.168.68.70/30
+# Test element from the middle
+1 ipset -T test 192.168.68.71
+# Delete test test
+0 ipset -X test
+# eof
--- /dev/null
+# Range: Try to create from an invalid range
+2 ipset -N test macipmap --from 2.0.0.1 --to 2.1.0.1
+# Range: Create a set from a valid range
+0 ipset -N test macipmap --from 2.0.0.1 --to 2.1.0.0
+# Range: Add lower boundary
+0 ipset -A test 2.0.0.1
+# Range: Add upper boundary
+0 ipset -A test 2.1.0.0
+# Range: Test lower boundary
+0 ipset -T test 2.0.0.1
+# Range: Test upper boundary
+0 ipset -T test 2.1.0.0
+# Range: Test value not added to the set
+1 ipset -T test 2.0.0.2
+# Range: Test value before lower boundary
+1 ipset -T test 2.0.0.0
+# Range: Test value after upper boundary
+1 ipset -T test 2.1.0.1
+# Range: Try to add value before lower boundary
+1 ipset -A test 2.0.0.0
+# Range: Try to add value after upper boundary
+1 ipset -A test 2.1.0.1
+# Range: Delete test test
+0 ipset -X test
+# Network: Try to create a set from an invalid network
+2 ipset -N test macipmap --network 2.0.0.0/15
+# Network: Create a set from a valid network
+0 ipset -N test macipmap --network 2.0.0.0/16
+# Network: Add lower boundary
+0 ipset -A test 2.0.0.0
+# Network: Add upper boundary
+0 ipset -A test 2.0.255.255
+# Network: Test lower boundary
+0 ipset -T test 2.0.0.0
+# Network: Test upper boundary
+0 ipset -T test 2.0.255.255
+# Network: Test value not added to the set
+1 ipset -T test 2.0.0.1
+# Network: Test value before lower boundary
+1 ipset -T test 1.255.255.255
+# Network: Test value after upper boundary
+1 ipset -T test 2.1.0.0
+# Network: Try to add value before lower boundary
+1 ipset -A test 1.255.255.255
+# Network: Try to add value after upper boundary
+1 ipset -A test 2.1.0.0
+# Network: Delete test test
+0 ipset -X test
+# eof
--- /dev/null
+# Create a set
+0 ipset -N test nethash --hashsize 128
+# Add first random network
+0 ipset -A test 2.0.0.1/24
+# Add second random network
+0 ipset -A test 192.168.68.69/27
+# Test first random value
+0 ipset -T test 2.0.0.255
+# Test second random value
+0 ipset -T test 192.168.68.95
+# Test value not added to the set
+1 ipset -T test 2.0.1.0
+# Delete test set
+0 ipset -X test
+# eof
--- /dev/null
+# Range: Create a set from a valid range
+0 ipset -N test portmap --from 1 --to 1024
+# Range: Add lower boundary
+0 ipset -A test 1
+# Range: Add upper boundary
+0 ipset -A test 1024
+# Range: Test lower boundary
+0 ipset -T test 1
+# Range: Test upper boundary
+0 ipset -T test 1024
+# Range: Test value not added to the set
+1 ipset -T test 1023
+# Range: Test value before lower boundary
+1 ipset -T test 0
+# Range: Test value after upper boundary
+1 ipset -T test 1025
+# Range: Try to add value before lower boundary
+1 ipset -A test 0
+# Range: Try to add value after upper boundary
+1 ipset -A test 1025
+# Range: Delete test test
+0 ipset -X test
+# Full: Create a full set of ports
+0 ipset -N test portmap --from 0 --to 65535
+# Full: Add lower boundary
+0 ipset -A test 0
+# Full: Add upper boundary
+0 ipset -A test 65535
+# Full: Test lower boundary
+0 ipset -T test 0
+# Full: Test upper boundary
+0 ipset -T test 65535
+# Full: Test value not added to the set
+1 ipset -T test 1
+# Full: Delete test test
+0 ipset -X test
+# eof
--- /dev/null
+#!/bin/sh
+
+tests="init"
+tests+=" ipmap macipmap portmap"
+tests+=" iphash nethash ipporthash"
+tests+=" iptree iptreemap"
+
+for types in $tests; do
+ ipset -X test >/dev/null 2>&1
+ while read ret cmd; do
+ case $ret in
+ \#)
+ if [ "$cmd" = "eof" ]; then
+ break
+ fi
+ what=$cmd
+ continue
+ ;;
+ *)
+ ;;
+ esac
+ echo -ne "$types: $what: "
+ eval $cmd >/dev/null 2>&1
+ r=$?
+ # echo $ret $r
+ if [ "$ret" = "$r" ]; then
+ echo "OK"
+ else
+ echo "FAILED"
+ echo "Failed test: $cmd"
+ exit 1
+ fi
+ # sleep 1
+ done < $types.t
+done
+for x in $tests; do
+ case $x in
+ init)
+ ;;
+ *)
+ rmmod ip_set_$x >/dev/null 2>&1
+ ;;
+ esac
+done
+rmmod ip_set >/dev/null 2>&1
+echo "All tests are OK"
+
projects / thirdparty / ipset.git / commitdiff
