ipset: Address a TODO, add test for netmask

This PR removes a TODO comment by adding some netmask tests. The TODO comment introduced by commit e768924a62 "validate entry in ipset". // TODO: CIDR /32 may not be valid The comment says that 32 is invalid netmask, but in reality values from 0 to 32 are valid because the result of the Linux ipset command says so. $ sudo ipset create foo hash:ip,port,net $ sudo ipset add foo 10.20.30.40,53,192.168.3.1/33 ipset v7.5: Syntax error: '33' is out of range 0-32 $ sudo ipset --version ipset v7.5, protocol version: 7 Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2025-07-31 23:37:01 +00:00 · 2020-10-19 20:19:24 +09:00 · 2020-10-19 20:19:24 +09:00 · 4d30435f24
commit 4d30435f24
parent 7b11de20a9
1 changed files with 53 additions and 2 deletions
--- a/pkg/util/ipset/ipset_test.go
+++ b/pkg/util/ipset/ipset_test.go
@ -1457,8 +1457,7 @@ func TestValidateEntry(t *testing.T) {
 				IP:       "10.20.30.40",
 				Protocol: ProtocolTCP,
 				Port:     53,
-				// TODO: CIDR /32 may not be valid
-				Net: "10.20.30.0/24",
+				Net:      "10.20.30.0/24",
 			},
 			set: &IPSet{
 				Name: "abc",
@ -1570,6 +1569,58 @@ func TestValidateEntry(t *testing.T) {
 			},
 			valid: false,
 		},
+		{ // case[30]
+			entry: &Entry{
+				SetType:  HashIPPortNet,
+				IP:       "10.20.30.40",
+				Protocol: ProtocolTCP,
+				Port:     53,
+				Net:      "192.168.3.0/0",
+			},
+			set: &IPSet{
+				Name: "net mask boundary 0",
+			},
+			valid: true,
+		},
+		{ // case[31]
+			entry: &Entry{
+				SetType:  HashIPPortNet,
+				IP:       "10.20.30.40",
+				Protocol: ProtocolTCP,
+				Port:     53,
+				Net:      "192.168.3.0/32",
+			},
+			set: &IPSet{
+				Name: "net mask boundary 32",
+			},
+			valid: true,
+		},
+		{ // case[32]
+			entry: &Entry{
+				SetType:  HashIPPortNet,
+				IP:       "10.20.30.40",
+				Protocol: ProtocolTCP,
+				Port:     53,
+				Net:      "192.168.3.1/33",
+			},
+			set: &IPSet{
+				Name: "invalid net mask",
+			},
+			valid: false,
+		},
+		{ // case[33]
+			entry: &Entry{
+				SetType:  HashIPPortNet,
+				IP:       "10.20.30.40",
+				Protocol: ProtocolTCP,
+				Port:     53,
+				Net:      "192.168.3.1/-1",
+			},
+			set: &IPSet{
+				Name: "invalid net mask",
+			},
+			valid: false,
+		},
 	}
 	for i := range testCases {
 		valid := testCases[i].entry.Validate(testCases[i].set)