Test added to check 0.0.0.0/0,iface to be matched in hash:net,iface type

diff --git a/tests/iptables.sh b/tests/iptables.sh
index 7ea90e025b6f539963348a7d32e78a2343e0fb97..490d42d2798801e1decf9072746ba61605677326 100755 (executable)
--- a/tests/iptables.sh
+++ b/tests/iptables.sh
@@ -111,6 +111,12 @@ mangle)
        $cmd -t mangle -A INPUT -m mark --mark 0x1234 -j LOG --log-prefix "in set mark: "
        $cmd -t mangle -A INPUT -s 10.255.0.0/16 -j DROP
        ;;
+netiface)
+       $ipset n test hash:net,iface
+       $ipset a test 0.0.0.0/0,eth0
+       $cmd -A OUTPUT -m set --match-set test dst,dst -j LOG --log-prefix "in set netiface: "
+       $cmd -A OUTPUT -d 10.255.255.254 -j DROP
+       ;;
 stop)
        $cmd -F
        $cmd -X

diff --git a/tests/match_target.t b/tests/match_target.t
index 02a0ea380cfaca56f62fe728a8e3e6da878c07bb..59e164391209e8f2567c4410328cf0a01243b7ec 100644 (file)
--- a/tests/match_target.t
+++ b/tests/match_target.t
@@ -104,4 +104,12 @@
 0 ipset t test 10.255.255.0/24
 # Destroy sets and rules
 0 ./iptables.sh inet stop
+# Create set and rules for 0.0.0.0/0 check in hash:net,iface
+0 ./iptables.sh inet netiface
+# Send probe packet
+0 sendip -p ipv4 -id 10.255.255.254 -is 10.255.255.64 -p udp -ud 80 -us 1025 10.255.255.254 >/dev/null 2>&1
+# Check kernel log that the packet matched the set
+0 ./check_klog.sh 10.255.255.64 udp 1025 netiface
+# Destroy sets and rules
+0 ./iptables.sh inet stop
 # eof