From: /C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu Date: Thu, 23 Oct 2008 17:24:30 +0000 (+0000) Subject: ipset 2.4.2: X-Git-Tag: v2.4.6~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=46fb717308d9d717439badd48c150e32a3508a90;p=thirdparty%2Fipset.git ipset 2.4.2: - When flushing a nethash/ipportnethash type of set, it can lead to a kernel crash due to a wrong type declaration, bug reported by Krzysztof Oledzki. - iptree and iptreemap types require the header file linux/timer.h, also reported by Krzysztof Oledzki. --- diff --git a/ChangeLog b/ChangeLog index 26bad258..278a4a09 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2.4.2 + - Only kernel part changes, see kernel/ChangeLoh + 2.4.1 - macipmap type reported misleading deprecated separator tokens and printed the old one at listing set elements diff --git a/Makefile b/Makefile index 6de0097e..37a241e1 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ ifndef V V=0 endif -IPSET_VERSION:=2.4.1 +IPSET_VERSION:=2.4.2 PREFIX:=/usr/local LIBDIR:=$(PREFIX)/lib @@ -72,7 +72,7 @@ modules_install: modules install: binaries_install modules_install clean: $(EXTRA_CLEANS) - rm -rf $(PROGRAMS) $(SHARED_LIBS) *.o *~ + rm -rf $(PROGRAMS) $(SHARED_LIBS) *.o *~ tests/*~ [ -f $(KERNEL_DIR)/net/ipv4/netfilter/Config.in ] || (cd kernel; make -C $(KERNEL_DIR) M=`pwd` clean) #The ipset(8) self diff --git a/ipset_iphash.c b/ipset_iphash.c index 6dbb84b5..9f020812 100644 --- a/ipset_iphash.c +++ b/ipset_iphash.c @@ -21,6 +21,7 @@ #include #include + #include "ipset.h" #define BUFLEN 30; diff --git a/ipset_nethash.c b/ipset_nethash.c index d1f3344e..3d2e6feb 100644 --- a/ipset_nethash.c +++ b/ipset_nethash.c @@ -21,7 +21,6 @@ #include #include -#include #include "ipset.h" diff --git a/kernel/ChangeLog b/kernel/ChangeLog index f7309277..25006bed 100644 --- a/kernel/ChangeLog +++ b/kernel/ChangeLog @@ -1,3 +1,10 @@ +2.4.2 + - When flushing a nethash/ipportnethash type of set, it can + lead to a kernel crash due to a wrong type declaration, + bug reported by Krzysztof Oledzki. + - iptree and iptreemap types require the header file linux/timer.h, + also reported by Krzysztof Oledzki. + 2.4.1 - Zero-valued element are not accepted by hash type of sets because we cannot make a difference between a zero-valued diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h b/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h index 916cb804..2e9293f4 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_bitmaps.h @@ -3,6 +3,7 @@ /* Macros to generate functions */ +#ifdef __KERNEL__ #define BITMAP_CREATE(type) \ static int \ type##_create(struct ip_set *set, const void *data, size_t size) \ @@ -115,5 +116,6 @@ struct ip_set_type ip_set_##type = { \ .list_members = &type##_list_members, \ .me = THIS_MODULE, \ }; +#endif /* __KERNEL */ #endif /* __IP_SET_BITMAPS_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h b/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h index 405784ab..46512b43 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_hashes.h @@ -1,6 +1,8 @@ #ifndef __IP_SET_HASHES_H #define __IP_SET_HASHES_H +#define initval_t uint32_t + /* Macros to generate functions */ #ifdef __KERNEL__ @@ -30,11 +32,11 @@ type##_retry(struct ip_set *set) \ set->name, map->hashsize, hashsize); \ \ tmp = kmalloc(sizeof(struct ip_set_##type) \ - + map->probes * sizeof(uint32_t), GFP_ATOMIC); \ + + map->probes * sizeof(initval_t), GFP_ATOMIC); \ if (!tmp) { \ DP("out of memory for %d bytes", \ sizeof(struct ip_set_##type) \ - + map->probes * sizeof(uint32_t)); \ + + map->probes * sizeof(initval_t)); \ return -ENOMEM; \ } \ tmp->members = harray_malloc(hashsize, sizeof(dtype), GFP_ATOMIC);\ @@ -47,7 +49,7 @@ type##_retry(struct ip_set *set) \ tmp->elements = 0; \ tmp->probes = map->probes; \ tmp->resize = map->resize; \ - memcpy(tmp->initval, map->initval, map->probes * sizeof(uint32_t));\ + memcpy(tmp->initval, map->initval, map->probes * sizeof(initval_t));\ __##type##_retry(tmp, map); \ \ write_lock_bh(&set->lock); \ @@ -103,15 +105,15 @@ type##_create(struct ip_set *set, const void *data, size_t size) \ } \ \ map = kmalloc(sizeof(struct ip_set_##type) \ - + req->probes * sizeof(uint32_t), GFP_KERNEL); \ + + req->probes * sizeof(initval_t), GFP_KERNEL); \ if (!map) { \ DP("out of memory for %d bytes", \ sizeof(struct ip_set_##type) \ - + req->probes * sizeof(uint32_t)); \ + + req->probes * sizeof(initval_t)); \ return -ENOMEM; \ } \ for (i = 0; i < req->probes; i++) \ - get_random_bytes(((uint32_t *) map->initval)+i, 4); \ + get_random_bytes(((initval_t *) map->initval)+i, 4); \ map->elements = 0; \ map->hashsize = req->hashsize; \ map->probes = req->probes; \ @@ -158,8 +160,8 @@ type##_flush(struct ip_set *set) \ { \ struct ip_set_##type *map = set->data; \ harray_flush(map->members, map->hashsize, sizeof(dtype)); \ - memset(map->cidr, 0, 30 * sizeof(uint8_t)); \ - memset(map->nets, 0, 30 * sizeof(uint32_t)); \ + memset(map->cidr, 0, sizeof(map->cidr)); \ + memset(map->nets, 0, sizeof(map->nets)); \ map->elements = 0; \ } diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h b/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h index 7551cb2e..277bc8c9 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_iphash.h @@ -2,6 +2,7 @@ #define __IP_SET_IPHASH_H #include +#include #define SETTYPE_NAME "iphash" @@ -12,7 +13,7 @@ struct ip_set_iphash { uint16_t probes; /* max number of probes */ uint16_t resize; /* resize factor in percent */ ip_set_ip_t netmask; /* netmask */ - uint32_t initval[0]; /* initvals for jhash_1word */ + initval_t initval[0]; /* initvals for jhash_1word */ }; struct ip_set_req_iphash_create { diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h index 2f409d97..3d800ef5 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h @@ -2,6 +2,7 @@ #define __IP_SET_IPMAP_H #include +#include #define SETTYPE_NAME "ipmap" diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h index ccec14e8..b5db5f50 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipporthash.h @@ -2,6 +2,7 @@ #define __IP_SET_IPPORTHASH_H #include +#include #define SETTYPE_NAME "ipporthash" @@ -13,7 +14,7 @@ struct ip_set_ipporthash { uint16_t resize; /* resize factor in percent */ ip_set_ip_t first_ip; /* host byte order, included in range */ ip_set_ip_t last_ip; /* host byte order, included in range */ - uint32_t initval[0]; /* initvals for jhash_1word */ + initval_t initval[0]; /* initvals for jhash_1word */ }; struct ip_set_req_ipporthash_create { diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h index 4d794bff..eb6cf558 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipportiphash.h @@ -2,6 +2,7 @@ #define __IP_SET_IPPORTIPHASH_H #include +#include #define SETTYPE_NAME "ipportiphash" @@ -18,7 +19,7 @@ struct ip_set_ipportiphash { uint16_t resize; /* resize factor in percent */ ip_set_ip_t first_ip; /* host byte order, included in range */ ip_set_ip_t last_ip; /* host byte order, included in range */ - uint32_t initval[0]; /* initvals for jhash_1word */ + initval_t initval[0]; /* initvals for jhash_1word */ }; struct ip_set_req_ipportiphash_create { diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h index 9c78a687..951da92f 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipportnethash.h @@ -2,6 +2,7 @@ #define __IP_SET_IPPORTNETHASH_H #include +#include #define SETTYPE_NAME "ipportnethash" @@ -20,7 +21,7 @@ struct ip_set_ipportnethash { ip_set_ip_t last_ip; /* host byte order, included in range */ uint8_t cidr[30]; /* CIDR sizes */ uint16_t nets[30]; /* nr of nets by CIDR sizes */ - uint32_t initval[0]; /* initvals for jhash_1word */ + initval_t initval[0]; /* initvals for jhash_1word */ }; struct ip_set_req_ipportnethash_create { diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h index 82ea96d6..c9832149 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_macipmap.h @@ -2,6 +2,7 @@ #define __IP_SET_MACIPMAP_H #include +#include #define SETTYPE_NAME "macipmap" diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h b/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h index eecd68b7..b2d006f3 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_nethash.h @@ -2,6 +2,7 @@ #define __IP_SET_NETHASH_H #include +#include #define SETTYPE_NAME "nethash" @@ -13,7 +14,7 @@ struct ip_set_nethash { uint16_t resize; /* resize factor in percent */ uint8_t cidr[30]; /* CIDR sizes */ uint16_t nets[30]; /* nr of nets by CIDR sizes */ - uint32_t initval[0]; /* initvals for jhash_1word */ + initval_t initval[0]; /* initvals for jhash_1word */ }; struct ip_set_req_nethash_create { diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h index 1a153805..e8783275 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_portmap.h @@ -2,6 +2,7 @@ #define __IP_SET_PORTMAP_H #include +#include #define SETTYPE_NAME "portmap" diff --git a/kernel/ip_set_iphash.c b/kernel/ip_set_iphash.c index 38b83ed5..976fcfc3 100644 --- a/kernel/ip_set_iphash.c +++ b/kernel/ip_set_iphash.c @@ -20,8 +20,6 @@ #include -#include -#include #include static int limit = MAX_RANGE; diff --git a/kernel/ip_set_ipmap.c b/kernel/ip_set_ipmap.c index e1a16637..442f0d3e 100644 --- a/kernel/ip_set_ipmap.c +++ b/kernel/ip_set_ipmap.c @@ -17,8 +17,6 @@ #include #include -#include -#include #include static inline ip_set_ip_t diff --git a/kernel/ip_set_ipporthash.c b/kernel/ip_set_ipporthash.c index 97b23238..2e2bfa58 100644 --- a/kernel/ip_set_ipporthash.c +++ b/kernel/ip_set_ipporthash.c @@ -22,8 +22,6 @@ #include -#include -#include #include #include diff --git a/kernel/ip_set_ipportiphash.c b/kernel/ip_set_ipportiphash.c index 74e8f7ea..21305089 100644 --- a/kernel/ip_set_ipportiphash.c +++ b/kernel/ip_set_ipportiphash.c @@ -22,8 +22,6 @@ #include -#include -#include #include #include diff --git a/kernel/ip_set_ipportnethash.c b/kernel/ip_set_ipportnethash.c index 0f08ba65..3c7f8594 100644 --- a/kernel/ip_set_ipportnethash.c +++ b/kernel/ip_set_ipportnethash.c @@ -22,8 +22,6 @@ #include -#include -#include #include #include @@ -223,8 +221,8 @@ __ipportnethash_retry(struct ip_set_ipportnethash *tmp, { tmp->first_ip = map->first_ip; tmp->last_ip = map->last_ip; - memcpy(tmp->cidr, map->cidr, 30 * sizeof(uint8_t)); - memcpy(tmp->nets, map->nets, 30 * sizeof(uint16_t)); + memcpy(tmp->cidr, map->cidr, sizeof(tmp->cidr)); + memcpy(tmp->nets, map->nets, sizeof(tmp->nets)); } HASH_RETRY2(ipportnethash, struct ipportip) @@ -273,8 +271,8 @@ __ipportnethash_create(const struct ip_set_req_ipportnethash_create *req, } map->first_ip = req->from; map->last_ip = req->to; - memset(map->cidr, 0, 30 * sizeof(uint8_t)); - memset(map->nets, 0, 30 * sizeof(uint16_t)); + memset(map->cidr, 0, sizeof(map->cidr)); + memset(map->nets, 0, sizeof(map->nets)); return 0; } diff --git a/kernel/ip_set_iptree.c b/kernel/ip_set_iptree.c index 22a94d12..f51dea18 100644 --- a/kernel/ip_set_iptree.c +++ b/kernel/ip_set_iptree.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include diff --git a/kernel/ip_set_iptreemap.c b/kernel/ip_set_iptreemap.c index 4a13e4fc..4bf70f71 100644 --- a/kernel/ip_set_iptreemap.c +++ b/kernel/ip_set_iptreemap.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include diff --git a/kernel/ip_set_macipmap.c b/kernel/ip_set_macipmap.c index 4b2b1de3..61ea6d5c 100644 --- a/kernel/ip_set_macipmap.c +++ b/kernel/ip_set_macipmap.c @@ -19,8 +19,6 @@ #include #include -#include -#include #include static int diff --git a/kernel/ip_set_nethash.c b/kernel/ip_set_nethash.c index a04857cd..9b3d8262 100644 --- a/kernel/ip_set_nethash.c +++ b/kernel/ip_set_nethash.c @@ -20,8 +20,6 @@ #include -#include -#include #include static int limit = MAX_RANGE; @@ -153,8 +151,8 @@ KADT(nethash, add, ipaddr, cidr) static inline void __nethash_retry(struct ip_set_nethash *tmp, struct ip_set_nethash *map) { - memcpy(tmp->cidr, map->cidr, 30 * sizeof(uint8_t)); - memcpy(tmp->nets, map->nets, 30 * sizeof(uint16_t)); + memcpy(tmp->cidr, map->cidr, sizeof(tmp->cidr)); + memcpy(tmp->nets, map->nets, sizeof(tmp->nets)); } HASH_RETRY(nethash, ip_set_ip_t) @@ -190,8 +188,8 @@ static inline int __nethash_create(const struct ip_set_req_nethash_create *req, struct ip_set_nethash *map) { - memset(map->cidr, 0, 30 * sizeof(uint8_t)); - memset(map->nets, 0, 30 * sizeof(uint16_t)); + memset(map->cidr, 0, sizeof(map->cidr)); + memset(map->nets, 0, sizeof(map->nets)); return 0; } diff --git a/kernel/ip_set_portmap.c b/kernel/ip_set_portmap.c index 79cc5114..8b0ec0a7 100644 --- a/kernel/ip_set_portmap.c +++ b/kernel/ip_set_portmap.c @@ -19,8 +19,6 @@ #include -#include -#include #include #include diff --git a/kernel/ipt_SET.c b/kernel/ipt_SET.c index f6afafdf..960e5570 100644 --- a/kernel/ipt_SET.c +++ b/kernel/ipt_SET.c @@ -10,17 +10,11 @@ /* ipt_SET.c - netfilter target to manipulate IP sets */ -#include -#include -#include #include -#include -#include -#include -#include +#include +#include #include -#include -#include + #include #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16) #include diff --git a/tests/iphash.t b/tests/iphash.t index 731457d9..46ce58b1 100644 --- a/tests/iphash.t +++ b/tests/iphash.t @@ -14,12 +14,16 @@ 0 ipset -T test 192.168.68.69 # IP: Test value not added to the set 1 ipset -T test 2.0.0.2 +# IP: Flush test set +0 ipset -F test # IP: Delete test set 0 ipset -X test # IP: Restore values so that rehashing is triggered 0 ipset -R < iphash.t.restore # IP: Check that all values are restored 0 (egrep -v '#|-N' iphash.t.restore | sort > .foo.1) && (ipset -S test | egrep -v '#|-N' | sort > .foo.2) && cmp .foo.1 .foo.2 && rm .foo.* +# IP: Flush test set +0 ipset -F test # IP: Delete test set 0 ipset -X test # Network: Create a set @@ -34,6 +38,8 @@ 0 ipset -T test 192.168.68.95 # Network: Test value not added to the set 1 ipset -T test 2.0.1.0 +# Network: Flush test set +0 ipset -F test # Network: Delete test set 0 ipset -X test # eof diff --git a/tests/ipmap.t b/tests/ipmap.t index fea83896..58b913ad 100644 --- a/tests/ipmap.t +++ b/tests/ipmap.t @@ -20,7 +20,9 @@ 1 ipset -A test 2.0.0.0 # Range: Try to add value after upper boundary 1 ipset -A test 2.1.0.1 -# Range: Delete test test +# Range: Flush test set +0 ipset -F test +# Range: Delete test set 0 ipset -X test # Network: Try to create a set from an invalid network 2 ipset -N test ipmap --network 2.0.0.0/15 @@ -44,7 +46,9 @@ 1 ipset -A test 1.255.255.255 # Network: Try to add value after upper boundary 1 ipset -A test 2.1.0.0 -# Network: Delete test test +# Network: Flush test set +0 ipset -F test +# Network: Delete test set 0 ipset -X test # Subnets: Create a set to store networks 0 ipset -N test ipmap --network 10.0.0.0/8 --netmask 24 @@ -66,7 +70,9 @@ 1 ipset -A test 9.255.255.255 # Subnets: Try to add value after upper boundary 1 ipset -A test 11.0.0.0 -# Subnets: Delete test test +# Subnets: FLush test set +0 ipset -F test +# Subnets: Delete test set 0 ipset -X test # Full: Create full IPv4 space with /16 networks 0 ipset -N test ipmap --network 0.0.0.0/0 --netmask 16 diff --git a/tests/ipporthash.t b/tests/ipporthash.t index fe246a35..4db4bf32 100644 --- a/tests/ipporthash.t +++ b/tests/ipporthash.t @@ -26,7 +26,9 @@ 1 ipset -A test 2.0.0.0,5 # Range: Try to add value after upper boundary 1 ipset -A test 2.1.0.1,128 -# Range: Delete test test +# Range: Flush test set +0 ipset -F test +# Range: Delete test set 0 ipset -X test # Network: Try to create a set from an invalid network 2 ipset -N test ipporthash --network 2.0.0.0/15 @@ -52,6 +54,8 @@ 1 ipset -A test 1.255.255.255,5 # Network: Try to add value after upper boundary 1 ipset -A test 2.1.0.0,128 +# Network: Flush test set +0 ipset -F test # Network: Delete test set 0 ipset -X test # eof diff --git a/tests/ipportiphash.t b/tests/ipportiphash.t index 058b7068..2b386678 100644 --- a/tests/ipportiphash.t +++ b/tests/ipportiphash.t @@ -28,7 +28,9 @@ 1 ipset -A test 2.0.0.0,5,1.1.1.1 # Range: Try to add value after upper boundary 1 ipset -A test 2.1.0.1,128,2.2.2.2 -# Range: Delete test test +# Range: Flush test set +0 ipset -F test +# Range: Delete test set 0 ipset -X test # Network: Try to create a set from an invalid network 2 ipset -N test ipportiphash --network 2.0.0.0/15 @@ -54,6 +56,8 @@ 1 ipset -A test 1.255.255.255,5,1.1.1.1 # Network: Try to add value after upper boundary 1 ipset -A test 2.1.0.0,128,2.2.2.2 +# Network: Flush test set +0 ipset -F test # Network: Delete test set 0 ipset -X test # eof diff --git a/tests/ipportnethash.t b/tests/ipportnethash.t index 18e89a1c..35cb9fc6 100644 --- a/tests/ipportnethash.t +++ b/tests/ipportnethash.t @@ -28,7 +28,9 @@ 1 ipset -A test 2.0.0.0,5,1.1.1.1/24 # Range: Try to add value after upper boundary 1 ipset -A test 2.1.0.1,128,2.2.2.2/12 -# Range: Delete test test +# Range: Flush test set +0 ipset -F test +# Range: Delete test set 0 ipset -X test # Network: Try to create a set from an invalid network 2 ipset -N test ipportnethash --network 2.0.0.0/15 @@ -54,6 +56,8 @@ 1 ipset -A test 1.255.255.255,5,1.1.1.1/24 # Network: Try to add value after upper boundary 1 ipset -A test 2.1.0.0,128,2.2.2.2/12 +# Network: Flush test set +0 ipset -F test # Network: Delete test set 0 ipset -X test # eof diff --git a/tests/iptree.t b/tests/iptree.t index 0e661ce7..746baed2 100644 --- a/tests/iptree.t +++ b/tests/iptree.t @@ -12,7 +12,9 @@ 1 ipset -T test 2.0.0.2 # Static: Test value not added to the set 1 ipset -T test 192.168.68.70 -# Static: Delete test test +# Static: Flush test set +0 ipset -F test +# Static: Delete test set 0 ipset -X test # Timeout: Create a set with a timeout parameter 0 ipset -N test iptree --timeout 5 @@ -46,6 +48,8 @@ 0 sleep 4 # Timeout: Test entry added with 3s timeout 1 ipset -T test 2.0.0.2 +# Timeout: Flush test set +0 ipset -F test # Timeout: Delete test set 0 ipset -X test # eof diff --git a/tests/iptreemap.t b/tests/iptreemap.t index 66ee3257..b563522f 100644 --- a/tests/iptreemap.t +++ b/tests/iptreemap.t @@ -46,6 +46,8 @@ 0 ipset -T test 192.168.68.67 # Test element after upper bound of deleted network 0 ipset -T test 192.168.68.72 +# Flush test set +0 ipset -F test # Delete test set 0 ipset -X test # eof diff --git a/tests/macipmap.t b/tests/macipmap.t index 049eaee7..a498a4f0 100644 --- a/tests/macipmap.t +++ b/tests/macipmap.t @@ -26,7 +26,9 @@ 1 ipset -T test 2.0.0.2,00:11:22:33:44:56 # Range: Test value with valid MAC 0 ipset -T test 2.0.0.2,00:11:22:33:44:55 -# Range: Delete test test +# Range: Flush test set +0 ipset -F test +# Range: Delete test set 0 ipset -X test # Network: Try to create a set from an invalid network 2 ipset -N test macipmap --network 2.0.0.0/15 @@ -50,6 +52,8 @@ 1 ipset -A test 1.255.255.255 # Network: Try to add value after upper boundary 1 ipset -A test 2.1.0.0 +# Network: Flush test set +0 ipset -F test # Network: Delete test set 0 ipset -X test # eof diff --git a/tests/nethash.t b/tests/nethash.t index bcb873b1..0011216b 100644 --- a/tests/nethash.t +++ b/tests/nethash.t @@ -16,6 +16,8 @@ 1 ipset -T test 2.0.1.0 # Try to add IP address 2 ipset -A test 2.0.0.1 +# Flush test set +0 ipset -F test # Delete test set 0 ipset -X test # eof diff --git a/tests/portmap.t b/tests/portmap.t index e616f159..299877a6 100644 --- a/tests/portmap.t +++ b/tests/portmap.t @@ -18,7 +18,9 @@ 1 ipset -A test 0 # Range: Try to add value after upper boundary 1 ipset -A test 1025 -# Range: Delete test test +# Range: Flush test set +0 ipset -F test +# Range: Delete test set 0 ipset -X test # Full: Create a full set of ports 0 ipset -N test portmap --from 0 --to 65535 @@ -32,6 +34,8 @@ 0 ipset -T test 65535 # Full: Test value not added to the set 1 ipset -T test 1 +# Full: Flush test set +0 ipset -F test # Full: Delete test set 0 ipset -X test # eof diff --git a/tests/setlist.t b/tests/setlist.t index 785dc13a..183a7ab3 100644 --- a/tests/setlist.t +++ b/tests/setlist.t @@ -26,6 +26,8 @@ 1 ipset -D test foo,after,bar # Setlist: Delete bar,after,foo 0 ipset -D test bar,after,foo -# Setlist: Delete test test +# Setlist: Flush test set +0 ipset -F test +# Setlist: Delete test set 0 ipset -X test # eof