tests/hash:net,port.t - manifest_repos/ipset - Git at Google

 # Create a set with timeout
 0 ipset create test hash:net,port hashsize 128 timeout 5
 # Add zero valued element
 1 ipset add test 0.0.0.0/0,0
 # Test zero valued element
 1 ipset test test 0.0.0.0/0,0
 # Delete zero valued element
 1 ipset del test 0.0.0.0/0,0
 # Try to add /0
 1 ipset add test 1.1.1.1/0,0
 # Try to add /32
 0 ipset add test 1.1.1.1/32,tcp:5
 # Add almost zero valued element
 0 ipset add test 0.0.0.0/1,tcp:8
 # Test almost zero valued element
 0 ipset test test 0.0.0.0/1,tcp:8
 # Test almost zero valued element with UDP
 1 ipset test test 0.0.0.0/1,udp:8
 # Delete almost zero valued element
 0 ipset del test 0.0.0.0/1,tcp:8
 # Test deleted element
 1 ipset test test 0.0.0.0/1,tcp:8
 # Delete element not added to the set
 1 ipset del test 0.0.0.0/1,tcp:8
 # Add first random network
 0 ipset add test 2.0.0.1/24,icmp:ping
 # Add second random network
 0 ipset add test 192.168.68.69/27,tcp:8
 # Test first random value
 0 ipset test test 2.0.0.255,icmp:ping
 # Test second random value
 0 ipset test test 192.168.68.95,tcp:8
 # Test value not added to the set
 1 ipset test test 2.0.1.0,icmp:ping
 # Try to add IP address
 0 ipset add test 2.0.0.1,icmp:ping timeout 3
 # Add ICMP by type/code
 0 ipset add test 2.0.0.255,icmp:3/10
 # Test ICMP by type/code
 0 ipset test test 2.0.0.255,icmp:3/10
 # Test ICMP by name
 0 ipset test test 2.0.0.255,icmp:host-prohibited
 # List set
 0 ipset list test | grep -v Revision: | sed 's/timeout ./timeout x/' > .foo0 && ./sort.sh .foo0
 # Check listing
 0 diff -u -I 'Size in memory.*' .foo hash:net,port.t.list0
 # Sleep 5s so that element can time out
 0 sleep 5
 # IP: List set
 0 ipset -L test 2>/dev/null | grep -v Revision: > .foo0 && ./sort.sh .foo0
 # IP: Check listing
 0 diff -u -I 'Size in memory.*' .foo hash:net,port.t.list1
 # Flush test set
 0 ipset flush test
 # Add multiple elements in one step
 0 ipset add test 1.1.1.1/24,80-84 timeout 0
 # Delete multiple elements in one step
 0 ipset del test 1.1.1.2/24,tcp:81-82
 # Check number of elements after multi-add/multi-del
 0 n=`ipset save test|wc -l` && test $n -eq 4
 # Delete test set
 0 ipset destroy test
 # Create set to add a range
 0 ipset new test hash:net,port hashsize 64
 # Add a range which forces a resizing
 0 ipset add test 10.0.0.0/24,tcp:80-1105
 # Check that correct number of elements are added
 0 n=`ipset list test|grep '^10.0'|wc -l` && test $n -eq 1026
 # Destroy set
 0 ipset -X test
 # Create set to add a range and with range notation in the network
 0 ipset new test hash:net,port hashsize 64
 # Add a range which forces a resizing
 0 ipset add test 10.0.0.0-10.0.2.255,tcp:80-1105
 # Check that correct number of elements are added
 0 n=`ipset list test|grep '^10.0'|wc -l` && test $n -eq 2052
 # Destroy set
 0 ipset -X test
 # Create test set with timeout support
 0 ipset create test hash:net,port timeout 30
 # Add a non-matching IP address entry
 0 ipset -A test 1.1.1.1,80 nomatch
 # Add an overlapping matching small net
 0 ipset -A test 1.1.1.0/30,80
 # Add an overlapping non-matching larger net
 0 ipset -A test 1.1.1.0/28,80 nomatch
 # Add an even larger matching net
 0 ipset -A test 1.1.1.0/26,80
 # Check non-matching IP
 1 ipset -T test 1.1.1.1,80
 # Check matching IP from non-matchin small net
 0 ipset -T test 1.1.1.3,80
 # Check non-matching IP from larger net
 1 ipset -T test 1.1.1.4,80
 # Check matching IP from even larger net
 0 ipset -T test 1.1.1.16,80
 # Update non-matching IP to matching one
 0 ipset -! -A test 1.1.1.1,80
 # Delete overlapping small net
 0 ipset -D test 1.1.1.0/30,80
 # Check matching IP
 0 ipset -T test 1.1.1.1,80
 # Add overlapping small net
 0 ipset -A test 1.1.1.0/30,80
 # Update matching IP as a non-matching one, with shorter timeout
 0 ipset -! -A test 1.1.1.1,80 nomatch timeout 2
 # Check non-matching IP
 1 ipset -T test 1.1.1.1,80
 # Sleep 3s so that element can time out
 0 sleep 3
 # Check non-matching IP
 0 ipset -T test 1.1.1.1,80
 # Check matching IP
 0 ipset -T test 1.1.1.3,80
 # Delete test set
 0 ipset destroy test
 # Check all possible CIDR values
 0 ./cidr.sh net,port
 # Timeout: Check that resizing keeps timeout values
 0 ./resizet.sh -4 netport
 # Nomatch: Check that resizing keeps the nomatch flag
 0 ./resizen.sh -4 netport
 # Counters: create set
 0 ipset n test hash:net,port counters
 # Counters: add element with packet, byte counters
 0 ipset a test 2.0.0.1/24,80 packets 5 bytes 3456
 # Counters: check element
 0 ipset t test 2.0.0.1/24,80
 # Counters: check counters
 0 ./check_counters test 2.0.0.0/24 5 3456
 # Counters: delete element
 0 ipset d test 2.0.0.1/24,80
 # Counters: test deleted element
 1 ipset t test 2.0.0.1/24,80
 # Counters: add element with packet, byte counters
 0 ipset a test 2.0.0.20/25,453 packets 12 bytes 9876
 # Counters: check counters
 0 ./check_counters test 2.0.0.0/25 12 9876
 # Counters: update counters
 0 ipset -! a test 2.0.0.20/25,453 packets 13 bytes 12479
 # Counters: check counters
 0 ./check_counters test 2.0.0.0/25 13 12479
 # Counters: destroy set
 0 ipset x test
 # Counters and timeout: create set
 0 ipset n test hash:net,port counters timeout 600
 # Counters and timeout: add element with packet, byte counters
 0 ipset a test 2.0.0.1/24,80 packets 5 bytes 3456
 # Counters and timeout: check element
 0 ipset t test 2.0.0.1/24,80
 # Counters and timeout: check counters
 0 ./check_extensions test 2.0.0.0/24 600 5 3456
 # Counters and timeout: delete element
 0 ipset d test 2.0.0.1/24,80
 # Counters and timeout: test deleted element
 1 ipset t test 2.0.0.1/24,80
 # Counters and timeout: add element with packet, byte counters
 0 ipset a test 2.0.0.20/25,453 packets 12 bytes 9876
 # Counters and timeout: check counters
 0 ./check_extensions test 2.0.0.0/25 600 12 9876
 # Counters and timeout: update counters
 0 ipset -! a test 2.0.0.20/25,453 packets 13 bytes 12479
 # Counters and timeout: check counters
 0 ./check_extensions test 2.0.0.0/25 600 13 12479
 # Counters and timeout: update timeout
 0 ipset -! a test 2.0.0.20/25,453 timeout 700
 # Counters and timeout: check counters
 0 ./check_extensions test 2.0.0.0/25 700 13 12479
 # Counters and timeout: destroy set
 0 ipset x test
 # eof
	# Create a set with timeout
	0 ipset create test hash:net,port hashsize 128 timeout 5
	# Add zero valued element
	1 ipset add test 0.0.0.0/0,0
	# Test zero valued element
	1 ipset test test 0.0.0.0/0,0
	# Delete zero valued element
	1 ipset del test 0.0.0.0/0,0
	# Try to add /0
	1 ipset add test 1.1.1.1/0,0
	# Try to add /32
	0 ipset add test 1.1.1.1/32,tcp:5
	# Add almost zero valued element
	0 ipset add test 0.0.0.0/1,tcp:8
	# Test almost zero valued element
	0 ipset test test 0.0.0.0/1,tcp:8
	# Test almost zero valued element with UDP
	1 ipset test test 0.0.0.0/1,udp:8
	# Delete almost zero valued element
	0 ipset del test 0.0.0.0/1,tcp:8
	# Test deleted element
	1 ipset test test 0.0.0.0/1,tcp:8
	# Delete element not added to the set
	1 ipset del test 0.0.0.0/1,tcp:8
	# Add first random network
	0 ipset add test 2.0.0.1/24,icmp:ping
	# Add second random network
	0 ipset add test 192.168.68.69/27,tcp:8
	# Test first random value
	0 ipset test test 2.0.0.255,icmp:ping
	# Test second random value
	0 ipset test test 192.168.68.95,tcp:8
	# Test value not added to the set
	1 ipset test test 2.0.1.0,icmp:ping
	# Try to add IP address
	0 ipset add test 2.0.0.1,icmp:ping timeout 3
	# Add ICMP by type/code
	0 ipset add test 2.0.0.255,icmp:3/10
	# Test ICMP by type/code
	0 ipset test test 2.0.0.255,icmp:3/10
	# Test ICMP by name
	0 ipset test test 2.0.0.255,icmp:host-prohibited
	# List set
	0 ipset list test \| grep -v Revision: \| sed 's/timeout ./timeout x/' > .foo0 && ./sort.sh .foo0
	# Check listing
	0 diff -u -I 'Size in memory.*' .foo hash:net,port.t.list0
	# Sleep 5s so that element can time out
	0 sleep 5
	# IP: List set
	0 ipset -L test 2>/dev/null \| grep -v Revision: > .foo0 && ./sort.sh .foo0
	# IP: Check listing
	0 diff -u -I 'Size in memory.*' .foo hash:net,port.t.list1
	# Flush test set
	0 ipset flush test
	# Add multiple elements in one step
	0 ipset add test 1.1.1.1/24,80-84 timeout 0
	# Delete multiple elements in one step
	0 ipset del test 1.1.1.2/24,tcp:81-82
	# Check number of elements after multi-add/multi-del
	0 n=`ipset save test\|wc -l` && test $n -eq 4
	# Delete test set
	0 ipset destroy test
	# Create set to add a range
	0 ipset new test hash:net,port hashsize 64
	# Add a range which forces a resizing
	0 ipset add test 10.0.0.0/24,tcp:80-1105
	# Check that correct number of elements are added
	0 n=`ipset list test\|grep '^10.0'\|wc -l` && test $n -eq 1026
	# Destroy set
	0 ipset -X test
	# Create set to add a range and with range notation in the network
	0 ipset new test hash:net,port hashsize 64
	# Add a range which forces a resizing
	0 ipset add test 10.0.0.0-10.0.2.255,tcp:80-1105
	# Check that correct number of elements are added
	0 n=`ipset list test\|grep '^10.0'\|wc -l` && test $n -eq 2052
	# Destroy set
	0 ipset -X test
	# Create test set with timeout support
	0 ipset create test hash:net,port timeout 30
	# Add a non-matching IP address entry
	0 ipset -A test 1.1.1.1,80 nomatch
	# Add an overlapping matching small net
	0 ipset -A test 1.1.1.0/30,80
	# Add an overlapping non-matching larger net
	0 ipset -A test 1.1.1.0/28,80 nomatch
	# Add an even larger matching net
	0 ipset -A test 1.1.1.0/26,80
	# Check non-matching IP
	1 ipset -T test 1.1.1.1,80
	# Check matching IP from non-matchin small net
	0 ipset -T test 1.1.1.3,80
	# Check non-matching IP from larger net
	1 ipset -T test 1.1.1.4,80
	# Check matching IP from even larger net
	0 ipset -T test 1.1.1.16,80
	# Update non-matching IP to matching one
	0 ipset -! -A test 1.1.1.1,80
	# Delete overlapping small net
	0 ipset -D test 1.1.1.0/30,80
	# Check matching IP
	0 ipset -T test 1.1.1.1,80
	# Add overlapping small net
	0 ipset -A test 1.1.1.0/30,80
	# Update matching IP as a non-matching one, with shorter timeout
	0 ipset -! -A test 1.1.1.1,80 nomatch timeout 2
	# Check non-matching IP
	1 ipset -T test 1.1.1.1,80
	# Sleep 3s so that element can time out
	0 sleep 3
	# Check non-matching IP
	0 ipset -T test 1.1.1.1,80
	# Check matching IP
	0 ipset -T test 1.1.1.3,80
	# Delete test set
	0 ipset destroy test
	# Check all possible CIDR values
	0 ./cidr.sh net,port
	# Timeout: Check that resizing keeps timeout values
	0 ./resizet.sh -4 netport
	# Nomatch: Check that resizing keeps the nomatch flag
	0 ./resizen.sh -4 netport
	# Counters: create set
	0 ipset n test hash:net,port counters
	# Counters: add element with packet, byte counters
	0 ipset a test 2.0.0.1/24,80 packets 5 bytes 3456
	# Counters: check element
	0 ipset t test 2.0.0.1/24,80
	# Counters: check counters
	0 ./check_counters test 2.0.0.0/24 5 3456
	# Counters: delete element
	0 ipset d test 2.0.0.1/24,80
	# Counters: test deleted element
	1 ipset t test 2.0.0.1/24,80
	# Counters: add element with packet, byte counters
	0 ipset a test 2.0.0.20/25,453 packets 12 bytes 9876
	# Counters: check counters
	0 ./check_counters test 2.0.0.0/25 12 9876
	# Counters: update counters
	0 ipset -! a test 2.0.0.20/25,453 packets 13 bytes 12479
	# Counters: check counters
	0 ./check_counters test 2.0.0.0/25 13 12479
	# Counters: destroy set
	0 ipset x test
	# Counters and timeout: create set
	0 ipset n test hash:net,port counters timeout 600
	# Counters and timeout: add element with packet, byte counters
	0 ipset a test 2.0.0.1/24,80 packets 5 bytes 3456
	# Counters and timeout: check element
	0 ipset t test 2.0.0.1/24,80
	# Counters and timeout: check counters
	0 ./check_extensions test 2.0.0.0/24 600 5 3456
	# Counters and timeout: delete element
	0 ipset d test 2.0.0.1/24,80
	# Counters and timeout: test deleted element
	1 ipset t test 2.0.0.1/24,80
	# Counters and timeout: add element with packet, byte counters
	0 ipset a test 2.0.0.20/25,453 packets 12 bytes 9876
	# Counters and timeout: check counters
	0 ./check_extensions test 2.0.0.0/25 600 12 9876
	# Counters and timeout: update counters
	0 ipset -! a test 2.0.0.20/25,453 packets 13 bytes 12479
	# Counters and timeout: check counters
	0 ./check_extensions test 2.0.0.0/25 600 13 12479
	# Counters and timeout: update timeout
	0 ipset -! a test 2.0.0.20/25,453 timeout 700
	# Counters and timeout: check counters
	0 ./check_extensions test 2.0.0.0/25 700 13 12479
	# Counters and timeout: destroy set
	0 ipset x test
	# eof