mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-08 11:38:15 +00:00
ipset: Address a TODO, add test for netmask
This PR removes a TODO comment by adding some netmask tests. The TODO comment
introduced by commit e768924a62 "validate entry in ipset".
// TODO: CIDR /32 may not be valid
The comment says that 32 is invalid netmask, but in reality values from 0 to
32 are valid because the result of the Linux ipset command says so.
$ sudo ipset create foo hash:ip,port,net
$ sudo ipset add foo 10.20.30.40,53,192.168.3.1/33
ipset v7.5: Syntax error: '33' is out of range 0-32
$ sudo ipset --version
ipset v7.5, protocol version: 7
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This commit is contained in:
Masashi Honma
parent
7b11de20a9
commit
4d30435f24
@ -1457,8 +1457,7 @@ func TestValidateEntry(t *testing.T) {
|
|||||||
IP: "10.20.30.40",
|
IP: "10.20.30.40",
|
||||||
Protocol: ProtocolTCP,
|
Protocol: ProtocolTCP,
|
||||||
Port: 53,
|
Port: 53,
|
||||||
// TODO: CIDR /32 may not be valid
|
Net: "10.20.30.0/24",
|
||||||
Net: "10.20.30.0/24",
|
|
||||||
},
|
},
|
||||||
set: &IPSet{
|
set: &IPSet{
|
||||||
Name: "abc",
|
Name: "abc",
|
||||||
@ -1570,6 +1569,58 @@ func TestValidateEntry(t *testing.T) {
|
|||||||
},
|
},
|
||||||
valid: false,
|
valid: false,
|
||||||
},
|
},
|
||||||
|
{ // case[30]
|
||||||
|
entry: &Entry{
|
||||||
|
SetType: HashIPPortNet,
|
||||||
|
IP: "10.20.30.40",
|
||||||
|
Protocol: ProtocolTCP,
|
||||||
|
Port: 53,
|
||||||
|
Net: "192.168.3.0/0",
|
||||||
|
},
|
||||||
|
set: &IPSet{
|
||||||
|
Name: "net mask boundary 0",
|
||||||
|
},
|
||||||
|
valid: true,
|
||||||
|
},
|
||||||
|
{ // case[31]
|
||||||
|
entry: &Entry{
|
||||||
|
SetType: HashIPPortNet,
|
||||||
|
IP: "10.20.30.40",
|
||||||
|
Protocol: ProtocolTCP,
|
||||||
|
Port: 53,
|
||||||
|
Net: "192.168.3.0/32",
|
||||||
|
},
|
||||||
|
set: &IPSet{
|
||||||
|
Name: "net mask boundary 32",
|
||||||
|
},
|
||||||
|
valid: true,
|
||||||
|
},
|
||||||
|
{ // case[32]
|
||||||
|
entry: &Entry{
|
||||||
|
SetType: HashIPPortNet,
|
||||||
|
IP: "10.20.30.40",
|
||||||
|
Protocol: ProtocolTCP,
|
||||||
|
Port: 53,
|
||||||
|
Net: "192.168.3.1/33",
|
||||||
|
},
|
||||||
|
set: &IPSet{
|
||||||
|
Name: "invalid net mask",
|
||||||
|
},
|
||||||
|
valid: false,
|
||||||
|
},
|
||||||
|
{ // case[33]
|
||||||
|
entry: &Entry{
|
||||||
|
SetType: HashIPPortNet,
|
||||||
|
IP: "10.20.30.40",
|
||||||
|
Protocol: ProtocolTCP,
|
||||||
|
Port: 53,
|
||||||
|
Net: "192.168.3.1/-1",
|
||||||
|
},
|
||||||
|
set: &IPSet{
|
||||||
|
Name: "invalid net mask",
|
||||||
|
},
|
||||||
|
valid: false,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
for i := range testCases {
|
for i := range testCases {
|
||||||
valid := testCases[i].entry.Validate(testCases[i].set)
|
valid := testCases[i].entry.Validate(testCases[i].set)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user