rpms/ipset
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

...

No commits in common. "imports/c10s/ipset-7.21-2.el10" and "c8s" have entirely different histories.
imports/c1 ... c8s

16 changed files with 89 additions and 688 deletions

3
.gitignore vendored
View File

@ -1 +1,2 @@
ipset-*.tar.bz2
SOURCES/ipset-7.1.tar.bz2
/ipset-7.1.tar.bz2

31
0001-Fix-typo-in-ipset-translate-man-page.patch
View File

@ -1,31 +0,0 @@
From c74a420471fd693f89e0b0e19f93c88af22fb7de Mon Sep 17 00:00:00 2001
From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
Date: Wed, 29 Sep 2021 09:55:43 +0200
Subject: [PATCH] Fix typo in ipset-translate man page
originally reported in
https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/ZIXKNQHSSCQ4ZLEGYYKLAXQ4PQ5EYFGZ/
by Larry Len Rainey
Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/ipset-translate.8 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ipset-translate.8 b/src/ipset-translate.8
index bb4e737e1480..55ce2a99f2cf 100644
--- a/src/ipset-translate.8
+++ b/src/ipset-translate.8
@@ -33,7 +33,7 @@ to \fBnftables(8)\fP.
The only available command is:
.IP \[bu] 2
-ipset-translate restores < file.ipt
+ipset-translate restore < file.ipt
.SH USAGE
The \fBipset-translate\fP tool reads an IP sets file in the syntax produced by
--
2.37.2

28
0001-build-do-install-libipset-args.h.patch
View File

@ -1,28 +0,0 @@
From 39fde1381f0ba9101f65c08f2abda5426a46f8b1 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Mon, 22 Jan 2018 22:50:33 +0100
Subject: [PATCH] build: do install libipset/args.h
libipset/types.h includes args.h, therefore args.h must be installed
too.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---
include/libipset/Makefile.am | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/libipset/Makefile.am b/include/libipset/Makefile.am
index 3b47518..79a1357 100644
--- a/include/libipset/Makefile.am
+++ b/include/libipset/Makefile.am
@@ -1,5 +1,6 @@
pkgincludedir = ${includedir}/libipset
pkginclude_HEADERS = \
+ args.h \
data.h \
errcode.h \
linux_ip_set_bitmap.h \
--
2.11.0

91
0002-Fix-IPv6-sets-nftables-translation.patch
View File

@ -1,91 +0,0 @@
From be7f6099feb7b5d34715b06f9308877cdcdc404a Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 28 Feb 2022 19:52:57 +0100
Subject: [PATCH] Fix IPv6 sets nftables translation
The parser assumes the set is an IPv4 ipset because IPSET_OPT_FAMILY is
not set.
# ipset-translate restore < ./ipset-mwan3_set_connected_ipv6.dump
add table inet global
add set inet global mwan3_connected_v6 { type ipv6_addr; flags interval; }
flush set inet global mwan3_connected_v6
ipset v7.15: Error in line 4: Syntax error: '64' is out of range 0-32
Remove ipset_xlate_type_get(), call ipset_xlate_set_get() instead to
obtain the set type and family.
Reported-by: Florian Eckert <fe@dev.tdt.de>
Fixes: 325af556cd3a ("add ipset to nftables translation infrastructure")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
lib/ipset.c | 24 ++++++++++--------------
tests/xlate/xlate.t | 2 ++
tests/xlate/xlate.t.nft | 2 ++
3 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/lib/ipset.c b/lib/ipset.c
index 73e67db88e0d..50f86aee045b 100644
--- a/lib/ipset.c
+++ b/lib/ipset.c
@@ -949,18 +949,6 @@ ipset_xlate_set_get(struct ipset *ipset, const char *name)
return NULL;
}
-static const struct ipset_type *ipset_xlate_type_get(struct ipset *ipset,
- const char *name)
-{
- const struct ipset_xlate_set *set;
-
- set = ipset_xlate_set_get(ipset, name);
- if (!set)
- return NULL;
-
- return set->type;
-}
-
static int
ipset_parser(struct ipset *ipset, int oargc, char *oargv[])
{
@@ -1282,8 +1270,16 @@ ipset_parser(struct ipset *ipset, int oargc, char *oargv[])
if (!ipset->xlate) {
type = ipset_type_get(session, cmd);
} else {
- type = ipset_xlate_type_get(ipset, arg0);
- ipset_session_data_set(session, IPSET_OPT_TYPE, type);
+ const struct ipset_xlate_set *xlate_set;
+
+ xlate_set = ipset_xlate_set_get(ipset, arg0);
+ if (xlate_set) {
+ ipset_session_data_set(session, IPSET_OPT_TYPE,
+ xlate_set->type);
+ ipset_session_data_set(session, IPSET_OPT_FAMILY,
+ &xlate_set->family);
+ type = xlate_set->type;
+ }
}
if (type == NULL)
return ipset->standard_error(ipset, p);
diff --git a/tests/xlate/xlate.t b/tests/xlate/xlate.t
index b1e7d288e2a9..f09cb202bb6c 100644
--- a/tests/xlate/xlate.t
+++ b/tests/xlate/xlate.t
@@ -53,3 +53,5 @@ create bp1 bitmap:port range 1-1024
add bp1 22
create bim1 bitmap:ip,mac range 1.1.1.0/24
add bim1 1.1.1.1,aa:bb:cc:dd:ee:ff
+create hn6 hash:net family inet6
+add hn6 fe80::/64
diff --git a/tests/xlate/xlate.t.nft b/tests/xlate/xlate.t.nft
index 96eba3b0175e..0152a3081125 100644
--- a/tests/xlate/xlate.t.nft
+++ b/tests/xlate/xlate.t.nft
@@ -54,3 +54,5 @@ add set inet global bp1 { type inet_service; }
add element inet global bp1 { 22 }
add set inet global bim1 { type ipv4_addr . ether_addr; }
add element inet global bim1 { 1.1.1.1 . aa:bb:cc:dd:ee:ff }
+add set inet global hn6 { type ipv6_addr; flags interval; }
+add element inet global hn6 { fe80::/64 }
--
2.37.2

46
0003-ipset-translate-allow-invoking-with-a-path-name.patch
View File

@ -1,46 +0,0 @@
From e1b60b2a93356c313cccb2abfdae4b58d530e02b Mon Sep 17 00:00:00 2001
From: Quentin Armitage <quentin@armitage.org.uk>
Date: Thu, 11 Aug 2022 17:52:18 +0100
Subject: [PATCH] ipset-translate: allow invoking with a path name
Executing /usr/sbin/ipset-translate results in the ipset functionality being run, rather than the ipset-translate functionality.
# ipset-translate destroy fred
This command is not supported, use `ipset-translate restore < file'
# /usr/sbin/ipset-translate destroy fred
ipset v7.15: The set with the given name does not exist
use basename() to resolve the issue.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1626
Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/ipset.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/ipset.c b/src/ipset.c
index 6d42b60d2fe9..162f477d49cd 100644
--- a/src/ipset.c
+++ b/src/ipset.c
@@ -6,6 +6,7 @@
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
+#define _GNU_SOURCE
#include <assert.h> /* assert */
#include <stdio.h> /* fprintf */
#include <stdlib.h> /* exit */
@@ -31,7 +32,7 @@ main(int argc, char *argv[])
exit(1);
}
- if (!strcmp(argv[0], "ipset-translate")) {
+ if (!strcmp(basename(argv[0]), "ipset-translate")) {
ret = ipset_xlate_argv(ipset, argc, argv);
} else {
ret = ipset_parse_argv(ipset, argc, argv);
--
2.37.2

7
gating.yaml Normal file
View File

@ -0,0 +1,7 @@
--- !Policy
product_versions:
- rhel-8
decision_context: osci_compose_gate
rules:
# - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1-gating.functional}

2
ipset-config
View File

@ -1,5 +1,5 @@
# Save current ipsets on stop.
# Value: yes|no, default: no
# Saves all ipsets to /etc/sysconfig/ipset.d/ if service gets stopped
# Saves all ipsets to /etc/ipset/ipset if service gets stopped
# (e.g. on system shutdown).
IPSET_SAVE_ON_STOP="no"

2
ipset.save-legacy Normal file
View File

@ -0,0 +1,2 @@
#!/bin/bash
exec /usr/libexec/ipset/ipset.start-stop save

218
ipset.spec
View File

@ -1,21 +1,20 @@
# service legacy actions
%define legacy_actions %{_libexecdir}/initscripts/legacy-actions
Name: ipset
Version: 7.21
Release: 2%{?dist}
Version: 7.1
Release: 1%{?dist}
Summary: Manage Linux IP sets
License: GPL-2.0-only
License: GPLv2
URL: http://ipset.netfilter.org/
Source0: %{url}/%{name}-%{version}.tar.bz2
Source0: http://ipset.netfilter.org/%{name}-%{version}.tar.bz2
Source1: %{name}.service
Source2: %{name}.start-stop
Source3: %{name}-config
Source4: %{name}.save-legacy
BuildRequires: libmnl-devel
BuildRequires: automake
BuildRequires: autoconf
BuildRequires: make
BuildRequires: libtool
BuildRequires: libtool-ltdl-devel
# An explicit requirement is needed here, to avoid cases where a user would
# explicitly update only one of the two (e.g 'yum update ipset')
@ -48,7 +47,6 @@ This package contains the libraries which provide the IP sets funcionality.
%package devel
Summary: Development files for %{name}
Requires: %{name}-libs%{?_isa} == %{version}-%{release}
Requires: kernel-headers
%description devel
This package contains the files required to develop software using the %{name}
@ -71,11 +69,10 @@ out of the base package since it is not active by default.
%prep
%autosetup -p1
%setup -q
%build
./autogen.sh
%configure --enable-static=no --with-kmod=no
# Just to make absolutely sure we are not building the bundled kernel module
@ -86,11 +83,11 @@ rm -fr kernel
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
%make_build
make %{?_smp_mflags}
%install
%make_install
make install DESTDIR=%{buildroot}
find %{buildroot} -name '*.la' -exec rm -f '{}' \;
# install systemd unit file
@ -105,6 +102,10 @@ install -c -m 755 %{SOURCE2} %{buildroot}%{_libexecdir}/%{name}
install -d -m 755 %{buildroot}%{_sysconfdir}/sysconfig
install -c -m 600 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/%{name}-config
# install legacy actions for service command
install -d %{buildroot}/%{legacy_actions}/ipset
install -c -m 755 %{SOURCE4} %{buildroot}/%{legacy_actions}/ipset/save
# Create directory for configuration
mkdir -p %{buildroot}%{_sysconfdir}/%{name}
@ -116,23 +117,13 @@ if [[ $1 -eq 0 && -n $(lsmod | grep "^xt_set ") ]]; then
fi
%ldconfig_scriptlets libs
%post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
%post service
%systemd_post %{name}.service
if [[ -f /etc/ipset/ipset ]] && [[ ! -f /etc/sysconfig/ipset ]]; then
mv /etc/ipset/ipset /etc/sysconfig/ipset
ln -s /etc/sysconfig/ipset /etc/ipset/ipset
echo "Warning: ipset save location has moved to /etc/sysconfig"
fi
[[ -f /etc/sysconfig/iptables-config ]] && . /etc/sysconfig/iptables-config
[[ -f /etc/sysconfig/ip6tables-config ]] && . /etc/sysconfig/ip6tables-config
if [[ ${IPTABLES_SAVE_ON_STOP} == yes ]] || \
[[ ${IP6TABLES_SAVE_ON_STOP} == yes ]]; then
echo "Warning: ipset no longer saves automatically when iptables does"
echo " must enable explicitly in /etc/sysconfig/ipset-config"
fi
%preun service
if [[ $1 -eq 0 && -n $(lsmod | grep "^xt_set ") ]]; then
@ -144,23 +135,35 @@ fi
%postun service
%systemd_postun_with_restart %{name}.service
%triggerin service -- ipset-service < 6.38-1.el7
# Before 6.38-1, ipset.start-stop keeps a backup of previously saved sets, but
# doesn't touch the /etc/sysconfig/ipset.d/.saved flag. Remove the backup on
# upgrade, so that we use the current version of saved sets
rm -f /etc/sysconfig/ipset.save || :
exit 0
%triggerun service -- ipset-service < 6.38-1.el7
# Up to 6.29-1, ipset.start-stop uses a single data file
for f in /etc/sysconfig/ipset.d/*; do
[ "${f}" = "/etc/sysconfig/ipset.d/*" ] && break
cat ${f} >> /etc/sysconfig/ipset || :
done
exit 0
%files
%doc ChangeLog
%license COPYING
%{_mandir}/man8/%{name}*.8.*
%doc COPYING ChangeLog
%doc %{_mandir}/man8/%{name}.8.gz
%{_sbindir}/%{name}
%{_sbindir}/%{name}-translate
%files libs
%license COPYING
%doc COPYING
%{_libdir}/lib%{name}.so.13*
%doc %{_mandir}/man3/lib%{name}.3.gz
%files devel
%{_includedir}/lib%{name}
%{_libdir}/lib%{name}.so
%{_libdir}/pkgconfig/lib%{name}.pc
%{_mandir}/man3/libipset.3.*
%files service
%{_unitdir}/%{name}.service
@ -168,122 +171,51 @@ fi
%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/sysconfig/ipset-config
%ghost %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/sysconfig/ipset
%attr(0755,root,root) %{_libexecdir}/%{name}/%{name}.start-stop
%dir %{legacy_actions}/ipset
%{legacy_actions}/ipset/save
%changelog
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 7.21-2
- Bump release for June 2024 mass rebuild
* Sun May 26 2019 Stefano Brivio <sbrivio@redhat.com> - 7.1-1
- Rebase to 7.1 (RHBZ#1649090):
- Add compatibility support for strscpy()
- Correct the manpage about the sort option
- Add missing functions to libipset.map
- configure.ac: Fix build regression on RHEL/CentOS/SL (Serhey Popovych)
- Implement sorting for hash types in the ipset tool
- Fix to list/save into file specified by option (reported by Isaac Good)
- Introduction of new commands and protocol version 7, updated kernel include files
- Add compatibility support for async in pernet_operations
- Use more robust awk patterns to check for backward compatibility
- Prepare the ipset tool to handle multiple protocol version
- Fix warning message handlin
- Correct to test null valued entry in hash:net6,port,net6 test
- Library reworked to support embedding ipset completely
- Add compatibility to support kvcalloc()
- Validate string type attributes in attr2data() (Stefano Brivio)
- manpage: Add comment about matching on destination MAC address (Stefano Brivio)
(RHBZ#1649079)
- Add compatibility to support is_zero_ether_addr()
- Fix use-after-free in ipset_parse_name_compat() (Stefano Brivio) (RHBZ#1649085)
- Fix leak in build_argv() on line parsing error (Stefano Brivio) (RHBZ#1649085)
- Simplify return statement in ipset_mnl_query() (Stefano Brivio) (RHBZ#1649085)
- tests/check_klog.sh: Try dmesg too, don't let shell terminate script (Stefano Brivio)
- Fixes:
- Fix all shellcheck warnings in init script (RHBZ#1649085)
- Make error reporting consistent, introduce different severities (RHBZ#1683711)
- While restoring, on invalid entries, remove them and retry (RHBZ#1683713)
- Fix covscan SC2166 warning in init script (RHBZ#1649085)
* Mon Feb 12 2024 Nicolas Chauvet <kwizart@gmail.com> - 7.21-1
- Update to 7.21
* Tue Nov 13 2018 Stefano Brivio <sbrivio@redhat.com> - 6.38-3
- Fix loading of sets with dependencies on other sets (RHBZ#1647096), and
hardcode 6.38-1.el7 for ipset-service upgrade and downgrade triggers, so that
we don't run into issues with z-stream updates
* Thu Feb 01 2024 Nicolas Chauvet <kwizart@gmail.com> - 7.20-1
- Update to 7.20
* Mon Oct 08 2018 Stefano Brivio <sbrivio@redhat.com> - 6.38-2
- Drop ipset-devel dependency on kernel-devel (RHBZ#163175)
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7.19-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jan 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7.19-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Oct 23 2023 Nicolas Chauvet <kwizart@gmail.com> - 7.19-1
- Update to 7.19
* Fri Aug 11 2023 Phil Sutter <psutter@redhat.com> - 7.17-7
- Convert license to SPDX format
* Fri Aug 11 2023 Phil Sutter <psutter@redhat.com> - 7.17-6
- Convert license to SPDX format
* Fri Aug 11 2023 Phil Sutter <psutter@redhat.com> - 7.17-5
- Convert license to SPDX format
* Fri Aug 11 2023 Phil Sutter <psutter@redhat.com> - 7.17-4
- Convert license to SPDX format
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7.17-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7.17-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Jan 02 2023 Nicolas Chauvet <kwizart@gmail.com> - 7.17-1
- Update to 7.17
* Fri Dec 02 2022 Nicolas Chauvet <kwizart@gmail.com> - 7.16-1
- Update to 7.16
* Tue Aug 23 2022 Nicolas Chauvet <kwizart@gmail.com> - 7.15-5
- Backport upstream patches - rhbz#2117654
ipset-translate does not work with IPv6 sets
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.15-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Mar 15 2022 Phil Sutter <psutter@redhat.com> - 7.15-3
- Use the advanced init script from Centos9Stream
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Mon Aug 16 2021 Nicolas Chauvet <kwizart@gmail.com> - 7.15-1
- Update to 7.15
* Wed Jul 28 2021 Nicolas Chauvet <kwizart@gmail.com> - 7.14-1
- Update to 7.14
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 7.11-2
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Mon Mar 01 2021 Nicolas Chauvet <kwizart@gmail.com> - 7.11-1
- Update to 7.11
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Dec 21 2020 Nicolas Chauvet <kwizart@gmail.com> - 7.10-1
- Update to 7.10
* Wed Dec 16 2020 Nicolas Chauvet <kwizart@gmail.com> - 7.9-1
- Update to 7.9
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Feb 24 2020 Nicolas Chauvet <kwizart@gmail.com> - 7.6-1
- Update to 7.6
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jan 10 2020 Nicolas Chauvet <kwizart@gmail.com> - 7.5-1
- Update to 7.5
* Mon Nov 04 2019 Eric Garver <eric@garver.life> - 7.4-1
- Update to 7.4
* Mon Aug 19 2019 Nicolas Chauvet <kwizart@gmail.com> - 7.3-1
- Update to 7.3
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jul 11 2019 Nicolas Chauvet <kwizart@gmail.com> - 7.2-1
- Update to 7.2
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.38-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Aug 13 2018 Nicolas Chauvet <kwizart@gmail.com> - 6.38-1
- Update to 6.38
- Clean-up spec
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.35-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Aug 14 2018 Stefano Brivio <sbrivio@redhat.com> - 6.38-1
- Update to 6.38, source from RHEL7 6.38-2 (RHBZ#1615967)
* Mon Feb 12 2018 Eric Garver <egarver@redhat.com> - 6.35-3
- Patch for missing header file (RHBZ#1543596)

8
ipset.start-stop
View File

@ -257,13 +257,7 @@ load() {
CLEAN_FILES="${CLEAN_FILES} ${mangled}"
chmod 600 "${mangled}"
cat "${merged}" > "${mangled}"
IFS='|'
for set in ${conflicts}; do
new_name=$(echo "${salt}${set}" | md5sum | head -c31)
echo "s/^(add|create) $set /\1 $new_name /"
done | sed -i -r -f - "${mangled}"
unset IFS
awk '/^(add|create) ('"${conflicts}"')/ { printf "%s ",$1; system("echo '${salt}'" $2 " | md5sum | head -c31"); $1=""; $2=""; print; next} {print}' "${merged}" > "${mangled}"
if ! ipset_restore "${mangled}"; then
err "Failed to restore configured sets"
exit 1

2
sources
View File

@ -1 +1 @@
SHA512 (ipset-7.21.tar.bz2) = 175c6516c2091c57738a0324678d8d016e4d7f18fa03cb0dcc502391cac4caf4db1e757f61ad2fe312c1dbe431ec9cfabbc8e15a64a94ebd2fa903155b27c88f
SHA512 (ipset-7.1.tar.bz2) = eae9bd83f6675754af8ca443a82e0a1c9d47f60f6bf2a7a405a695223cc17063d5d4eb79428fe21a1f0a867109dfaf8ad8071b45e92191ec108b2cd2382fa854

36
tests/sanity-tests/Makefile
View File

@ -1,36 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1+
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/ipset
# Description: Test if ipset working ok
# Author: Susant Sahani<susant@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/ipset
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Susant Sahani<susant@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Test ipset sanity" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: ipset " >> $(METADATA)
@echo "Requires: ipset iperf3 python3 systemd python3-pyroute2 iptables" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Releases: -Fedora 29" >> $(METADATA)
rhts-lint $(METADATA)

10
tests/sanity-tests/iperf3d.service
View File

@ -1,10 +0,0 @@
[Unit]
Description=iperf3d tests for ipset
After=multi-user.target network.target
[Service]
Type=simple
ExecStart=/usr/bin/iperf3 -s -d --bind 192.168.225.32 --port 55555 -V
[Install]
WantedBy=multi-user.target

228
tests/sanity-tests/ipset-tests.py
View File

@ -1,228 +0,0 @@
#!/usr/bin/env python3
# SPDX-License-Identifier: LGPL-2.1+
# ~~~
# Description: Tests for ipset
#
# Author: Susant Sahani <susant@redhat.com>
# Copyright (c) 2018 Red Hat, Inc.
# ~~~
import errno
import os
import sys
import time
import unittest
import subprocess
import signal
import shutil
import socket
from pyroute2 import IPRoute
def setUpModule():
if shutil.which('ipset') is None:
raise OSError(errno.ENOENT, 'ipset not found')
if shutil.which('iperf3') is None:
raise OSError(errno.ENOENT, 'iperf3 not found')
def tearDownModule():
pass
class GenericUtilities():
def SetupVethInterface(self):
ip = IPRoute()
ip.link('add', ifname='veth-test', peer='veth-peer', kind='veth')
idx_veth_test = ip.link_lookup(ifname='veth-test')[0]
idx_veth_peer = ip.link_lookup(ifname='veth-peer')[0]
ip.link('set', index=idx_veth_test, address='02:01:02:03:04:08')
ip.link('set', index=idx_veth_peer, address='02:01:02:03:04:09')
ip.addr('add', index=idx_veth_test, address='192.168.225.32', mask=24)
ip.addr('add', index=idx_veth_peer, address='192.168.225.33', mask=24)
ip.link('set', index=idx_veth_test, state='up')
ip.link('set', index=idx_veth_peer, state='up')
ip.close()
def TearDownVethInterface(self):
ip = IPRoute()
ip.link('del', index=ip.link_lookup(ifname='veth-test')[0])
ip.close()
def AddAddress(self, interface, address):
ip = IPRoute()
idx_veth_peer = ip.link_lookup(ifname=interface)[0]
ip.close()
def IPSetAdd(self, hashset, address):
subprocess.check_output(['ipset', 'add', hashset, address])
def IPSetRemove(self, hashset, address):
subprocess.check_output(['ipset', 'del', hashset, address])
def IPSetCreateHashSet(self, hashset, hashtype):
subprocess.check_output(['ipset', 'create', hashset, hashtype])
def IPSetDestroyHashSet(self, hashset):
subprocess.check_output(['ipset', 'destroy', hashset])
class IpsetTests(unittest.TestCase, GenericUtilities):
def setUp(self):
self.SetupVethInterface()
def tearDown(self):
self.TearDownVethInterface()
def test_ipset_bitmap_ip_netfilter(self):
self.IPSetCreateHashSet('testnetiperf', 'hash:ip')
self.IPSetAdd('testnetiperf', '192.168.225.32')
self.IPSetAdd('testnetiperf', '192.168.225.33')
subprocess.check_output(['ipset', 'test','testnetiperf','192.168.225.32'])
subprocess.check_output(['ipset', 'test','testnetiperf','192.168.225.33'])
subprocess.check_output(['systemctl', 'start', 'iperf3d.service'])
time.sleep(5)
r = subprocess.call("iperf3" + " -c 192.168.225.32 -p 55555 --connect-timeout 5", shell=True)
self.assertEqual(r, 0)
r = subprocess.call("iptables" + " -I INPUT -m set --match-set testnetiperf src -j DROP", shell=True)
self.assertEqual(r, 0)
r = subprocess.call("iperf3" + " -c 192.168.225.32 -p 55555 --connect-timeout 5", shell=True)
self.assertNotEqual(r, 0)
subprocess.check_output(['systemctl', 'stop', 'iperf3d.service'])
subprocess.call("iptables" + " --delete INPUT -m set --match-set testnetiperf src -j DROP" , shell=True)
self.IPSetDestroyHashSet('testnetiperf')
def test_ipset_add_bitmap_ip(self):
self.IPSetCreateHashSet('testnet', 'hash:ip')
self.IPSetAdd('testnet', '192.168.11.12')
self.IPSetAdd('testnet', '192.168.11.13')
self.IPSetAdd('testnet', '192.168.11.14')
self.IPSetAdd('testnet', '192.168.11.15')
subprocess.check_output(['ipset', 'test','testnet','192.168.11.12'])
subprocess.check_output(['ipset', 'test','testnet','192.168.11.13'])
subprocess.check_output(['ipset', 'test','testnet','192.168.11.14'])
subprocess.check_output(['ipset', 'test','testnet','192.168.11.15'])
self.IPSetDestroyHashSet('testnet')
def test_ipset_delete_bitmap_ip(self):
self.IPSetCreateHashSet('testnet', 'hash:ip')
self.IPSetAdd('testnet', '192.168.11.12')
self.IPSetAdd('testnet', '192.168.11.13')
subprocess.check_output(['ipset', 'test','testnet','192.168.11.12'])
subprocess.check_output(['ipset', 'test','testnet','192.168.11.13'])
self.IPSetRemove('testnet', '192.168.11.12')
r = subprocess.call("ipset" + " test testnet 192.168.11.12", shell=True)
self.assertEqual(r, 1)
self.IPSetDestroyHashSet('testnet')
def test_ipset_hash_bitmap_mac(self):
self.IPSetCreateHashSet('testmac', 'hash:mac')
self.IPSetAdd('testmac', '02:01:02:03:04:09')
subprocess.check_output(['ipset', 'test','testmac','02:01:02:03:04:09'])
self.IPSetRemove('testmac', '02:01:02:03:04:09')
r = subprocess.call("ipset" + " test testmac 02:01:02:03:04:09", shell=True)
self.assertEqual(r, 1)
self.IPSetDestroyHashSet('testmac')
def test_ipset_hash_bitmap_ipport(self):
self.IPSetCreateHashSet('testipport', 'hash:ip,mac')
self.IPSetAdd('testipport', '1.1.1.1,02:01:02:03:04:09')
subprocess.check_output(['ipset', 'test','testipport','1.1.1.1,02:01:02:03:04:09'])
self.IPSetRemove('testipport', '1.1.1.1,02:01:02:03:04:09')
r = subprocess.call("ipset" + " test testipport 1.1.1.1,02:01:02:03:04:09", shell=True)
self.assertEqual(r, 1)
self.IPSetDestroyHashSet('testipport')
def test_ipset_hash_bitmap_ipport(self):
self.IPSetCreateHashSet('testipport', 'hash:ip,port')
self.IPSetAdd('testipport', '192.168.1.1,udp:53')
self.IPSetAdd('testipport', '192.168.1.1,5555')
subprocess.check_output(['ipset', 'test','testipport','192.168.1.1,udp:53'])
subprocess.check_output(['ipset', 'test','testipport','192.168.1.1,5555'])
self.IPSetRemove('testipport', '192.168.1.1,5555')
r = subprocess.call("ipset" + " test testipport 192.168.1.1,5555", shell=True)
self.assertEqual(r, 1)
self.IPSetDestroyHashSet('testipport')
def test_ipset_hash_bitmap_ipportip(self):
self.IPSetCreateHashSet('testipportip', 'hash:ip,port,ip')
self.IPSetAdd('testipportip', '192.168.1.1,80,10.0.0.1')
self.IPSetAdd('testipportip', '192.168.1.2,80,10.0.0.2')
subprocess.check_output(['ipset', 'test','testipportip','192.168.1.1,80,10.0.0.1'])
subprocess.check_output(['ipset', 'test','testipportip','192.168.1.1,80,10.0.0.1'])
self.IPSetRemove('testipportip', '192.168.1.1,80,10.0.0.1')
r = subprocess.call("ipset" + " test testipportip 192.168.1.1,80,10.0.0.1", shell=True)
self.assertEqual(r, 1)
self.IPSetDestroyHashSet('testipportip')
def test_ipset_hash_bitmap_netiface(self):
self.IPSetCreateHashSet('testnetiface', 'hash:net,iface')
self.IPSetAdd('testnetiface', '192.168.0/24,veth-test')
self.IPSetAdd('testnetiface', '192.167.0/24,veth-peer')
subprocess.check_output(['ipset', 'test','testnetiface','192.168.0/24,veth-test'])
subprocess.check_output(['ipset', 'test','testnetiface','192.167.0/24,veth-peer'])
self.IPSetRemove('testnetiface', '192.168.0/24,veth-test')
r = subprocess.call("ipset" + " test testnetiface 192.168.0/24,veth-test", shell=True)
self.assertEqual(r, 1)
self.IPSetDestroyHashSet('testnetiface')
if __name__ == '__main__':
unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout, verbosity=3))

50
tests/sanity-tests/runtest.sh
View File

@ -1,50 +0,0 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1+
# ~~~
# runtest.sh of ipset
# Description: ipset tests.
#
# Author: Susant Sahani <susant@redhat.com>
# Copyright (c) 2018 Red Hat, Inc.
# ~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="ipset"
SERVICE_UNITDIR="/var/run/systemd/system"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE
rlRun "systemctl stop firewalld" 0,5
rlRun "setenforce 0" 0,1
rlRun "[ -e /sys/class/net/veth-test ] && ip link del veth-test" 0,1
rlRun "cp iperf3d.service $SERVICE_UNITDIR"
rlRun "cp ipset-tests.py /usr/bin/"
rlRun "systemctl daemon-reload"
rlPhaseEnd
rlPhaseStartTest
rlLog "Starting ipset tests ..."
rlRun "/usr/bin/python3 /usr/bin/ipset-tests.py"
rlPhaseEnd
rlPhaseStartCleanup
rlRun "rm /usr/bin/ipset-tests.py"
rlRun "[ -e /sys/class/net/veth-test ] && ip link del veth-test" 0,1
rlRun "rm $SERVICE_UNITDIR/iperf3d.service"
rlRun "systemctl daemon-reload"
rlRun "setenforce 1" 0,1
rlLog "ipset tests done"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd
rlGetTestState

15
tests/tests.yml
View File

@ -1,15 +0,0 @@
- hosts: localhost
roles:
- role: standard-test-beakerlib
tags:
- classic
tests:
- sanity-tests
required_packages:
- ipset
- iptables
- python3
- systemd
- iproute
- iperf3
- python3-pyroute2