Home Verkennen Help
Inloggen
tzeneto
/
custom-kube-scheduler
Volgen 1
Ster 0
Vork 0
Bestanden Kwesties 0 Pull-aanvragen 0 Wiki
Boom: 00784d0d8d
Aftakkingen Labels
custom-kube-...
/
kubernetes-v1.15.4
/
pkg
/
util
/
ipset
/
ipset_test.go

ipset_test.go 39 KB
Geschiedenis Ruwe

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648 
  1. /*
    2. 

  2. Copyright 2017 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package ipset
    18. 

  18. 

  19. import (
    20. 

  20. 	"reflect"
    21. 

  21. 	"testing"
    22. 

  22. 

  23. 	"k8s.io/apimachinery/pkg/util/sets"
    24. 

  24. 	"k8s.io/utils/exec"
    25. 

  25. 	fakeexec "k8s.io/utils/exec/testing"
    26. 

  26. )
    27. 

  27. 

  28. func TestCheckIPSetVersion(t *testing.T) {
    29. 

  29. 	testCases := []struct {
    30. 

  30. 		vstring string
    31. 

  31. 		Expect  string
    32. 

  32. 		Err     bool
    33. 

  33. 	}{
    34. 

  34. 		{"ipset v4.0, protocol version: 4", "v4.0", false},
    35. 

  35. 		{"ipset v5.1, protocol version: 5", "v5.1", false},
    36. 

  36. 		{"ipset v6.0, protocol version: 6", "v6.0", false},
    37. 

  37. 		{"ipset v6.1, protocol version: 6", "v6.1", false},
    38. 

  38. 		{"ipset v6.19, protocol version: 6", "v6.19", false},
    39. 

  39. 		{"total junk", "", true},
    40. 

  40. 	}
    41. 

  41. 

  42. 	for i := range testCases {
    43. 

  43. 		fcmd := fakeexec.FakeCmd{
    44. 

  44. 			CombinedOutputScript: []fakeexec.FakeCombinedOutputAction{
    45. 

  45. 				// ipset version response
    46. 

  46. 				func() ([]byte, error) { return []byte(testCases[i].vstring), nil },
    47. 

  47. 			},
    48. 

  48. 		}
    49. 

  49. 

  50. 		fexec := fakeexec.FakeExec{
    51. 

  51. 			CommandScript: []fakeexec.FakeCommandAction{
    52. 

  52. 				func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
    53. 

  53. 			},
    54. 

  54. 		}
    55. 

  55. 

  56. 		gotVersion, err := getIPSetVersionString(&fexec)
    57. 

  57. 		if (err != nil) != testCases[i].Err {
    58. 

  58. 			t.Errorf("Expected error: %v, Got error: %v", testCases[i].Err, err)
    59. 

  59. 		}
    60. 

  60. 		if err == nil {
    61. 

  61. 			if testCases[i].Expect != gotVersion {
    62. 

  62. 				t.Errorf("Expected result: %v, Got result: %v", testCases[i].Expect, gotVersion)
    63. 

  63. 			}
    64. 

  64. 		}
    65. 

  65. 	}
    66. 

  66. }
    67. 

  67. 

  68. func TestFlushSet(t *testing.T) {
    69. 

  69. 	fcmd := fakeexec.FakeCmd{
    70. 

  70. 		CombinedOutputScript: []fakeexec.FakeCombinedOutputAction{
    71. 

  71. 			// Success
    72. 

  72. 			func() ([]byte, error) { return []byte{}, nil },
    73. 

  73. 			// Success
    74. 

  74. 			func() ([]byte, error) { return []byte{}, nil },
    75. 

  75. 		},
    76. 

  76. 	}
    77. 

  77. 	fexec := fakeexec.FakeExec{
    78. 

  78. 		CommandScript: []fakeexec.FakeCommandAction{
    79. 

  79. 			func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
    80. 

  80. 			func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
    81. 

  81. 		},
    82. 

  82. 	}
    83. 

  83. 	runner := New(&fexec)
    84. 

  84. 	// Success.
    85. 

  85. 	err := runner.FlushSet("FOOBAR")
    86. 

  86. 	if err != nil {
    87. 

  87. 		t.Errorf("expected success, got %v", err)
    88. 

  88. 	}
    89. 

  89. 	if fcmd.CombinedOutputCalls != 1 {
    90. 

  90. 		t.Errorf("expected 1 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
    91. 

  91. 	}
    92. 

  92. 	if !sets.NewString(fcmd.CombinedOutputLog[0]...).HasAll("ipset", "flush", "FOOBAR") {
    93. 

  93. 		t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[0])
    94. 

  94. 	}
    95. 

  95. 	// Flush again
    96. 

  96. 	err = runner.FlushSet("FOOBAR")
    97. 

  97. 	if err != nil {
    98. 

  98. 		t.Errorf("expected success, got %v", err)
    99. 

  99. 	}
    100. 

  100. }
    101. 

  101. 

  102. func TestDestroySet(t *testing.T) {
    103. 

  103. 	fcmd := fakeexec.FakeCmd{
    104. 

  104. 		CombinedOutputScript: []fakeexec.FakeCombinedOutputAction{
    105. 

  105. 			// Success
    106. 

  106. 			func() ([]byte, error) { return []byte{}, nil },
    107. 

  107. 			// Failure
    108. 

  108. 			func() ([]byte, error) {
    109. 

  109. 				return []byte("ipset v6.19: The set with the given name does not exist"), &fakeexec.FakeExitError{Status: 1}
    110. 

  110. 			},
    111. 

  111. 		},
    112. 

  112. 	}
    113. 

  113. 	fexec := fakeexec.FakeExec{
    114. 

  114. 		CommandScript: []fakeexec.FakeCommandAction{
    115. 

  115. 			func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
    116. 

  116. 			func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
    117. 

  117. 		},
    118. 

  118. 	}
    119. 

  119. 	runner := New(&fexec)
    120. 

  120. 	// Success
    121. 

  121. 	err := runner.DestroySet("FOOBAR")
    122. 

  122. 	if err != nil {
    123. 

  123. 		t.Errorf("expected success, got %v", err)
    124. 

  124. 	}
    125. 

  125. 	if fcmd.CombinedOutputCalls != 1 {
    126. 

  126. 		t.Errorf("expected 1 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
    127. 

  127. 	}
    128. 

  128. 	if !sets.NewString(fcmd.CombinedOutputLog[0]...).HasAll("ipset", "destroy", "FOOBAR") {
    129. 

  129. 		t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[0])
    130. 

  130. 	}
    131. 

  131. 	// Failure
    132. 

  132. 	err = runner.DestroySet("FOOBAR")
    133. 

  133. 	if err == nil {
    134. 

  134. 		t.Errorf("expected failure, got nil")
    135. 

  135. 	}
    136. 

  136. }
    137. 

  137. 

  138. func TestDestroyAllSets(t *testing.T) {
    139. 

  139. 	fcmd := fakeexec.FakeCmd{
    140. 

  140. 		CombinedOutputScript: []fakeexec.FakeCombinedOutputAction{
    141. 

  141. 			// Success
    142. 

  142. 			func() ([]byte, error) { return []byte{}, nil },
    143. 

  143. 			// Success
    144. 

  144. 			func() ([]byte, error) { return []byte{}, nil },
    145. 

  145. 		},
    146. 

  146. 	}
    147. 

  147. 	fexec := fakeexec.FakeExec{
    148. 

  148. 		CommandScript: []fakeexec.FakeCommandAction{
    149. 

  149. 			func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
    150. 

  150. 			func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
    151. 

  151. 		},
    152. 

  152. 	}
    153. 

  153. 	runner := New(&fexec)
    154. 

  154. 	// Success
    155. 

  155. 	err := runner.DestroyAllSets()
    156. 

  156. 	if err != nil {
    157. 

  157. 		t.Errorf("expected success, got %v", err)
    158. 

  158. 	}
    159. 

  159. 	if fcmd.CombinedOutputCalls != 1 {
    160. 

  160. 		t.Errorf("expected 1 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
    161. 

  161. 	}
    162. 

  162. 	if !sets.NewString(fcmd.CombinedOutputLog[0]...).HasAll("ipset", "destroy") {
    163. 

  163. 		t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[0])
    164. 

  164. 	}
    165. 

  165. 	// Success
    166. 

  166. 	err = runner.DestroyAllSets()
    167. 

  167. 	if err != nil {
    168. 

  168. 		t.Errorf("Unexpected failure: %v", err)
    169. 

  169. 	}
    170. 

  170. }
    171. 

  171. 

  172. func TestCreateSet(t *testing.T) {
    173. 

  173. 	testSet := IPSet{
    174. 

  174. 		Name:       "FOOBAR",
    175. 

  175. 		SetType:    HashIPPort,
    176. 

  176. 		HashFamily: ProtocolFamilyIPV4,
    177. 

  177. 	}
    178. 

  178. 

  179. 	fcmd := fakeexec.FakeCmd{
    180. 

  180. 		CombinedOutputScript: []fakeexec.FakeCombinedOutputAction{
    181. 

  181. 			// Success
    182. 

  182. 			func() ([]byte, error) { return []byte{}, nil },
    183. 

  183. 			// Success
    184. 

  184. 			func() ([]byte, error) { return []byte{}, nil },
    185. 

  185. 			// Failure
    186. 

  186. 			func() ([]byte, error) {
    187. 

  187. 				return []byte("ipset v6.19: Set cannot be created: set with the same name already exists"), &fakeexec.FakeExitError{Status: 1}
    188. 

  188. 			},
    189. 

  189. 		},
    190. 

  190. 	}
    191. 

  191. 	fexec := fakeexec.FakeExec{
    192. 

  192. 		CommandScript: []fakeexec.FakeCommandAction{
    193. 

  193. 			func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
    194. 

  194. 			func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
    195. 

  195. 			func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
    196. 

  196. 		},
    197. 

  197. 	}
    198. 

  198. 	runner := New(&fexec)
    199. 

  199. 	// Create with ignoreExistErr = false, expect success
    200. 

  200. 	err := runner.CreateSet(&testSet, false)
    201. 

  201. 	if err != nil {
    202. 

  202. 		t.Errorf("expected success, got %v", err)
    203. 

  203. 	}
    204. 

  204. 	if fcmd.CombinedOutputCalls != 1 {
    205. 

  205. 		t.Errorf("expected 1 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
    206. 

  206. 	}
    207. 

  207. 	if !sets.NewString(fcmd.CombinedOutputLog[0]...).HasAll("ipset", "create", "FOOBAR", "hash:ip,port", "family", "inet", "hashsize", "1024", "maxelem", "65536") {
    208. 

  208. 		t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[0])
    209. 

  209. 	}
    210. 

  210. 	// Create with ignoreExistErr = true, expect success
    211. 

  211. 	err = runner.CreateSet(&testSet, true)
    212. 

  212. 	if err != nil {
    213. 

  213. 		t.Errorf("expected success, got %v", err)
    214. 

  214. 	}
    215. 

  215. 	if fcmd.CombinedOutputCalls != 2 {
    216. 

  216. 		t.Errorf("expected 2 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
    217. 

  217. 	}
    218. 

  218. 	if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll("ipset", "create", "FOOBAR", "hash:ip,port", "family", "inet", "hashsize", "1024", "maxelem", "65536", "-exist") {
    219. 

  219. 		t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[1])
    220. 

  220. 	}
    221. 

  221. 	// Create with ignoreExistErr = false, expect failure
    222. 

  222. 	err = runner.CreateSet(&testSet, false)
    223. 

  223. 	if err == nil {
    224. 

  224. 		t.Errorf("expected failure, got nil")
    225. 

  225. 	}
    226. 

  226. }
    227. 

  227. 

  228. var testCases = []struct {
    229. 

  229. 	entry                *Entry
    230. 

  230. 	set                  *IPSet
    231. 

  231. 	addCombinedOutputLog [][]string
    232. 

  232. 	delCombinedOutputLog []string
    233. 

  233. }{
    234. 

  234. 	{ // case 0
    235. 

  235. 		entry: &Entry{
    236. 

  236. 			IP:       "192.168.1.1",
    237. 

  237. 			Port:     53,
    238. 

  238. 			Protocol: ProtocolUDP,
    239. 

  239. 			SetType:  HashIPPort,
    240. 

  240. 		},
    241. 

  241. 		set: &IPSet{
    242. 

  242. 			Name: "ZERO",
    243. 

  243. 		},
    244. 

  244. 		addCombinedOutputLog: [][]string{
    245. 

  245. 			{"ipset", "add", "ZERO", "192.168.1.1,udp:53"},
    246. 

  246. 			{"ipset", "add", "ZERO", "192.168.1.1,udp:53", "-exist"},
    247. 

  247. 		},
    248. 

  248. 		delCombinedOutputLog: []string{"ipset", "del", "ZERO", "192.168.1.1,udp:53"},
    249. 

  249. 	},
    250. 

  250. 	{ // case 1
    251. 

  251. 		entry: &Entry{
    252. 

  252. 			IP:       "192.168.1.2",
    253. 

  253. 			Port:     80,
    254. 

  254. 			Protocol: ProtocolTCP,
    255. 

  255. 			SetType:  HashIPPort,
    256. 

  256. 		},
    257. 

  257. 		set: &IPSet{
    258. 

  258. 			Name: "UN",
    259. 

  259. 		},
    260. 

  260. 		addCombinedOutputLog: [][]string{
    261. 

  261. 			{"ipset", "add", "UN", "192.168.1.2,tcp:80"},
    262. 

  262. 			{"ipset", "add", "UN", "192.168.1.2,tcp:80", "-exist"},
    263. 

  263. 		},
    264. 

  264. 		delCombinedOutputLog: []string{"ipset", "del", "UN", "192.168.1.2,tcp:80"},
    265. 

  265. 	},
    266. 

  266. 	{ // case 2
    267. 

  267. 		entry: &Entry{
    268. 

  268. 			IP:       "192.168.1.3",
    269. 

  269. 			Port:     53,
    270. 

  270. 			Protocol: ProtocolUDP,
    271. 

  271. 			SetType:  HashIPPortIP,
    272. 

  272. 			IP2:      "10.20.30.1",
    273. 

  273. 		},
    274. 

  274. 		set: &IPSet{
    275. 

  275. 			Name: "DEUX",
    276. 

  276. 		},
    277. 

  277. 		addCombinedOutputLog: [][]string{
    278. 

  278. 			{"ipset", "add", "DEUX", "192.168.1.3,udp:53,10.20.30.1"},
    279. 

  279. 			{"ipset", "add", "DEUX", "192.168.1.3,udp:53,10.20.30.1", "-exist"},
    280. 

  280. 		},
    281. 

  281. 		delCombinedOutputLog: []string{"ipset", "del", "DEUX", "192.168.1.3,udp:53,10.20.30.1"},
    282. 

  282. 	},
    283. 

  283. 	{ // case 3
    284. 

  284. 		entry: &Entry{
    285. 

  285. 			IP:       "192.168.1.4",
    286. 

  286. 			Port:     80,
    287. 

  287. 			Protocol: ProtocolTCP,
    288. 

  288. 			SetType:  HashIPPortIP,
    289. 

  289. 			IP2:      "10.20.30.2",
    290. 

  290. 		},
    291. 

  291. 		set: &IPSet{
    292. 

  292. 			Name: "TROIS",
    293. 

  293. 		},
    294. 

  294. 		addCombinedOutputLog: [][]string{
    295. 

  295. 			{"ipset", "add", "TROIS", "192.168.1.4,tcp:80,10.20.30.2"},
    296. 

  296. 			{"ipset", "add", "TROIS", "192.168.1.4,tcp:80,10.20.30.2", "-exist"},
    297. 

  297. 		},
    298. 

  298. 		delCombinedOutputLog: []string{"ipset", "del", "TROIS", "192.168.1.4,tcp:80,10.20.30.2"},
    299. 

  299. 	},
    300. 

  300. 	{ // case 4
    301. 

  301. 		entry: &Entry{
    302. 

  302. 			IP:       "192.168.1.5",
    303. 

  303. 			Port:     53,
    304. 

  304. 			Protocol: ProtocolUDP,
    305. 

  305. 			SetType:  HashIPPortNet,
    306. 

  306. 			Net:      "10.20.30.0/24",
    307. 

  307. 		},
    308. 

  308. 		set: &IPSet{
    309. 

  309. 			Name: "QUATRE",
    310. 

  310. 		},
    311. 

  311. 		addCombinedOutputLog: [][]string{
    312. 

  312. 			{"ipset", "add", "QUATRE", "192.168.1.5,udp:53,10.20.30.0/24"},
    313. 

  313. 			{"ipset", "add", "QUATRE", "192.168.1.5,udp:53,10.20.30.0/24", "-exist"},
    314. 

  314. 		},
    315. 

  315. 		delCombinedOutputLog: []string{"ipset", "del", "QUATRE", "192.168.1.5,udp:53,10.20.30.0/24"},
    316. 

  316. 	},
    317. 

  317. 	{ // case 5
    318. 

  318. 		entry: &Entry{
    319. 

  319. 			IP:       "192.168.1.6",
    320. 

  320. 			Port:     80,
    321. 

  321. 			Protocol: ProtocolTCP,
    322. 

  322. 			SetType:  HashIPPortNet,
    323. 

  323. 			Net:      "10.20.40.0/24",
    324. 

  324. 		},
    325. 

  325. 		set: &IPSet{
    326. 

  326. 			Name: "CINQ",
    327. 

  327. 		},
    328. 

  328. 		addCombinedOutputLog: [][]string{
    329. 

  329. 			{"ipset", "add", "CINQ", "192.168.1.6,tcp:80,10.20.40.0/24"},
    330. 

  330. 			{"ipset", "add", "CINQ", "192.168.1.6,tcp:80,10.20.40.0/24", "-exist"},
    331. 

  331. 		},
    332. 

  332. 		delCombinedOutputLog: []string{"ipset", "del", "CINQ", "192.168.1.6,tcp:80,10.20.40.0/24"},
    333. 

  333. 	},
    334. 

  334. 	{ // case 6
    335. 

  335. 		entry: &Entry{
    336. 

  336. 			Port:     80,
    337. 

  337. 			Protocol: ProtocolTCP,
    338. 

  338. 			SetType:  BitmapPort,
    339. 

  339. 		},
    340. 

  340. 		set: &IPSet{
    341. 

  341. 			Name: "SIX",
    342. 

  342. 		},
    343. 

  343. 		addCombinedOutputLog: [][]string{
    344. 

  344. 			{"ipset", "add", "SIX", "80"},
    345. 

  345. 			{"ipset", "add", "SIX", "80", "-exist"},
    346. 

  346. 		},
    347. 

  347. 		delCombinedOutputLog: []string{"ipset", "del", "SIX", "80"},
    348. 

  348. 	},
    349. 

  349. 	{ // case 7
    350. 

  350. 		entry: &Entry{
    351. 

  351. 			IP:       "192.168.1.2",
    352. 

  352. 			Port:     80,
    353. 

  353. 			Protocol: ProtocolSCTP,
    354. 

  354. 			SetType:  HashIPPort,
    355. 

  355. 		},
    356. 

  356. 		set: &IPSet{
    357. 

  357. 			Name: "SETTE",
    358. 

  358. 		},
    359. 

  359. 		addCombinedOutputLog: [][]string{
    360. 

  360. 			{"ipset", "add", "SETTE", "192.168.1.2,sctp:80"},
    361. 

  361. 			{"ipset", "add", "SETTE", "192.168.1.2,sctp:80", "-exist"},
    362. 

  362. 		},
    363. 

  363. 		delCombinedOutputLog: []string{"ipset", "del", "SETTE", "192.168.1.2,sctp:80"},
    364. 

  364. 	},
    365. 

  365. }
    366. 

  366. 

  367. func TestAddEntry(t *testing.T) {
    368. 

  368. 	for i := range testCases {
    369. 

  369. 		fcmd := fakeexec.FakeCmd{
    370. 

  370. 			CombinedOutputScript: []fakeexec.FakeCombinedOutputAction{
    371. 

  371. 				// Success
    372. 

  372. 				func() ([]byte, error) { return []byte{}, nil },
    373. 

  373. 				// Success
    374. 

  374. 				func() ([]byte, error) { return []byte{}, nil },
    375. 

  375. 				// Failure
    376. 

  376. 				func() ([]byte, error) {
    377. 

  377. 					return []byte("ipset v6.19: Set cannot be created: set with the same name already exists"), &fakeexec.FakeExitError{Status: 1}
    378. 

  378. 				},
    379. 

  379. 			},
    380. 

  380. 		}
    381. 

  381. 		fexec := fakeexec.FakeExec{
    382. 

  382. 			CommandScript: []fakeexec.FakeCommandAction{
    383. 

  383. 				func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
    384. 

  384. 				func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
    385. 

  385. 				func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
    386. 

  386. 			},
    387. 

  387. 		}
    388. 

  388. 		runner := New(&fexec)
    389. 

  389. 		// Create with ignoreExistErr = false, expect success
    390. 

  390. 		err := runner.AddEntry(testCases[i].entry.String(), testCases[i].set, false)
    391. 

  391. 		if err != nil {
    392. 

  392. 			t.Errorf("expected success, got %v", err)
    393. 

  393. 		}
    394. 

  394. 		if fcmd.CombinedOutputCalls != 1 {
    395. 

  395. 			t.Errorf("expected 1 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
    396. 

  396. 		}
    397. 

  397. 		if !sets.NewString(fcmd.CombinedOutputLog[0]...).HasAll(testCases[i].addCombinedOutputLog[0]...) {
    398. 

  398. 			t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[0])
    399. 

  399. 		}
    400. 

  400. 		// Create with ignoreExistErr = true, expect success
    401. 

  401. 		err = runner.AddEntry(testCases[i].entry.String(), testCases[i].set, true)
    402. 

  402. 		if err != nil {
    403. 

  403. 			t.Errorf("expected success, got %v", err)
    404. 

  404. 		}
    405. 

  405. 		if fcmd.CombinedOutputCalls != 2 {
    406. 

  406. 			t.Errorf("expected 3 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
    407. 

  407. 		}
    408. 

  408. 		if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll(testCases[i].addCombinedOutputLog[1]...) {
    409. 

  409. 			t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[1])
    410. 

  410. 		}
    411. 

  411. 		// Create with ignoreExistErr = false, expect failure
    412. 

  412. 		err = runner.AddEntry(testCases[i].entry.String(), testCases[i].set, false)
    413. 

  413. 		if err == nil {
    414. 

  414. 			t.Errorf("expected failure, got nil")
    415. 

  415. 		}
    416. 

  416. 	}
    417. 

  417. }
    418. 

  418. 

  419. func TestDelEntry(t *testing.T) {
    420. 

  420. 	for i := range testCases {
    421. 

  421. 		fcmd := fakeexec.FakeCmd{
    422. 

  422. 			CombinedOutputScript: []fakeexec.FakeCombinedOutputAction{
    423. 

  423. 				// Success
    424. 

  424. 				func() ([]byte, error) { return []byte{}, nil },
    425. 

  425. 				// Failure
    426. 

  426. 				func() ([]byte, error) {
    427. 

  427. 					return []byte("ipset v6.19: Element cannot be deleted from the set: it's not added"), &fakeexec.FakeExitError{Status: 1}
    428. 

  428. 				},
    429. 

  429. 			},
    430. 

  430. 		}
    431. 

  431. 		fexec := fakeexec.FakeExec{
    432. 

  432. 			CommandScript: []fakeexec.FakeCommandAction{
    433. 

  433. 				func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
    434. 

  434. 				func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
    435. 

  435. 			},
    436. 

  436. 		}
    437. 

  437. 		runner := New(&fexec)
    438. 

  438. 

  439. 		err := runner.DelEntry(testCases[i].entry.String(), testCases[i].set.Name)
    440. 

  440. 		if err != nil {
    441. 

  441. 			t.Errorf("expected success, got %v", err)
    442. 

  442. 		}
    443. 

  443. 		if fcmd.CombinedOutputCalls != 1 {
    444. 

  444. 			t.Errorf("expected 1 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
    445. 

  445. 		}
    446. 

  446. 		if !sets.NewString(fcmd.CombinedOutputLog[0]...).HasAll(testCases[i].delCombinedOutputLog...) {
    447. 

  447. 			t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[0])
    448. 

  448. 		}
    449. 

  449. 		err = runner.DelEntry(testCases[i].entry.String(), testCases[i].set.Name)
    450. 

  450. 		if err == nil {
    451. 

  451. 			t.Errorf("expected failure, got nil")
    452. 

  452. 		}
    453. 

  453. 	}
    454. 

  454. }
    455. 

  455. 

  456. func TestTestEntry(t *testing.T) {
    457. 

  457. 	// TODO: IPv6?
    458. 

  458. 	testEntry := &Entry{
    459. 

  459. 		IP:       "10.120.7.100",
    460. 

  460. 		Port:     8080,
    461. 

  461. 		Protocol: ProtocolTCP,
    462. 

  462. 		SetType:  HashIPPort,
    463. 

  463. 	}
    464. 

  464. 	setName := "NOT"
    465. 

  465. 	fcmd := fakeexec.FakeCmd{
    466. 

  466. 		CombinedOutputScript: []fakeexec.FakeCombinedOutputAction{
    467. 

  467. 			// Success
    468. 

  468. 			func() ([]byte, error) { return []byte("10.120.7.100,tcp:8080 is in set " + setName + "."), nil },
    469. 

  469. 			// Failure
    470. 

  470. 			func() ([]byte, error) {
    471. 

  471. 				return []byte("192.168.1.3,tcp:8080 is NOT in set " + setName + "."), &fakeexec.FakeExitError{Status: 1}
    472. 

  472. 			},
    473. 

  473. 		},
    474. 

  474. 	}
    475. 

  475. 	fexec := fakeexec.FakeExec{
    476. 

  476. 		CommandScript: []fakeexec.FakeCommandAction{
    477. 

  477. 			func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
    478. 

  478. 			func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
    479. 

  479. 		},
    480. 

  480. 	}
    481. 

  481. 	runner := New(&fexec)
    482. 

  482. 	// Success
    483. 

  483. 	ok, err := runner.TestEntry(testEntry.String(), setName)
    484. 

  484. 	if err != nil {
    485. 

  485. 		t.Errorf("expected success, got %v", err)
    486. 

  486. 	}
    487. 

  487. 	if fcmd.CombinedOutputCalls != 1 {
    488. 

  488. 		t.Errorf("expected 2 CombinedOutput() calls, got %d", fcmd.CombinedOutputCalls)
    489. 

  489. 	}
    490. 

  490. 	if !sets.NewString(fcmd.CombinedOutputLog[0]...).HasAll("ipset", "test", setName, "10.120.7.100,tcp:8080") {
    491. 

  491. 		t.Errorf("wrong CombinedOutput() log, got %s", fcmd.CombinedOutputLog[0])
    492. 

  492. 	}
    493. 

  493. 	if !ok {
    494. 

  494. 		t.Errorf("expect entry exists in test set, got not")
    495. 

  495. 	}
    496. 

  496. 	// Failure
    497. 

  497. 	ok, err = runner.TestEntry(testEntry.String(), "FOOBAR")
    498. 

  498. 	if err == nil || ok {
    499. 

  499. 		t.Errorf("expect entry doesn't exist in test set")
    500. 

  500. 	}
    501. 

  501. }
    502. 

  502. 

  503. func TestListEntries(t *testing.T) {
    504. 

  504. 

  505. 	output := `Name: foobar
    506. 

  506. Type: hash:ip,port
    507. 

  507. Revision: 2
    508. 

  508. Header: family inet hashsize 1024 maxelem 65536
    509. 

  509. Size in memory: 16592
    510. 

  510. References: 0
    511. 

  511. Members:
    512. 

  512. 192.168.1.2,tcp:8080
    513. 

  513. 192.168.1.1,udp:53`
    514. 

  514. 

  515. 	emptyOutput := `Name: KUBE-NODE-PORT
    516. 

  516. Type: bitmap:port
    517. 

  517. Revision: 1
    518. 

  518. Header: range 0-65535
    519. 

  519. Size in memory: 524432
    520. 

  520. References: 1
    521. 

  521. Members:
    522. 

  522. 

  523. `
    524. 

  524. 

  525. 	testCases := []struct {
    526. 

  526. 		output   string
    527. 

  527. 		expected []string
    528. 

  528. 	}{
    529. 

  529. 		{
    530. 

  530. 			output:   output,
    531. 

  531. 			expected: []string{"192.168.1.2,tcp:8080", "192.168.1.1,udp:53"},
    532. 

  532. 		},
    533. 

  533. 		{
    534. 

  534. 			output:   emptyOutput,
    535. 

  535. 			expected: []string{},
    536. 

  536. 		},
    537. 

  537. 	}
    538. 

  538. 

  539. 	for i := range testCases {
    540. 

  540. 		fcmd := fakeexec.FakeCmd{
    541. 

  541. 			CombinedOutputScript: []fakeexec.FakeCombinedOutputAction{
    542. 

  542. 				// Success
    543. 

  543. 				func() ([]byte, error) {
    544. 

  544. 					return []byte(testCases[i].output), nil
    545. 

  545. 				},
    546. 

  546. 			},
    547. 

  547. 		}
    548. 

  548. 		fexec := fakeexec.FakeExec{
    549. 

  549. 			CommandScript: []fakeexec.FakeCommandAction{
    550. 

  550. 				func(cmd string, args ...string) exec.Cmd {
    551. 

  551. 					return fakeexec.InitFakeCmd(&fcmd, cmd, args...)
    552. 

  552. 				},
    553. 

  553. 			},
    554. 

  554. 		}
    555. 

  555. 		runner := New(&fexec)
    556. 

  556. 		// Success
    557. 

  557. 		entries, err := runner.ListEntries("foobar")
    558. 

  558. 		if err != nil {
    559. 

  559. 			t.Errorf("expected success, got: %v", err)
    560. 

  560. 		}
    561. 

  561. 		if fcmd.CombinedOutputCalls != 1 {
    562. 

  562. 			t.Errorf("expected 1 CombinedOutput() calls, got: %d", fcmd.CombinedOutputCalls)
    563. 

  563. 		}
    564. 

  564. 		if !sets.NewString(fcmd.CombinedOutputLog[0]...).HasAll("ipset", "list", "foobar") {
    565. 

  565. 			t.Errorf("wrong CombinedOutput() log, got: %s", fcmd.CombinedOutputLog[0])
    566. 

  566. 		}
    567. 

  567. 		if len(entries) != len(testCases[i].expected) {
    568. 

  568. 			t.Errorf("expected %d ipset entries, got: %d", len(testCases[i].expected), len(entries))
    569. 

  569. 		}
    570. 

  570. 		if !reflect.DeepEqual(entries, testCases[i].expected) {
    571. 

  571. 			t.Errorf("expected entries: %v, got: %v", testCases[i].expected, entries)
    572. 

  572. 		}
    573. 

  573. 	}
    574. 

  574. }
    575. 

  575. 

  576. func TestListSets(t *testing.T) {
    577. 

  577. 	output := `foo
    578. 

  578. bar
    579. 

  579. baz`
    580. 

  580. 

  581. 	expected := []string{"foo", "bar", "baz"}
    582. 

  582. 

  583. 	fcmd := fakeexec.FakeCmd{
    584. 

  584. 		CombinedOutputScript: []fakeexec.FakeCombinedOutputAction{
    585. 

  585. 			// Success
    586. 

  586. 			func() ([]byte, error) { return []byte(output), nil },
    587. 

  587. 		},
    588. 

  588. 	}
    589. 

  589. 	fexec := fakeexec.FakeExec{
    590. 

  590. 		CommandScript: []fakeexec.FakeCommandAction{
    591. 

  591. 			func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) },
    592. 

  592. 		},
    593. 

  593. 	}
    594. 

  594. 	runner := New(&fexec)
    595. 

  595. 	// Success
    596. 

  596. 	list, err := runner.ListSets()
    597. 

  597. 	if err != nil {
    598. 

  598. 		t.Errorf("expected success, got: %v", err)
    599. 

  599. 	}
    600. 

  600. 	if fcmd.CombinedOutputCalls != 1 {
    601. 

  601. 		t.Errorf("expected 1 CombinedOutput() calls, got: %d", fcmd.CombinedOutputCalls)
    602. 

  602. 	}
    603. 

  603. 	if !sets.NewString(fcmd.CombinedOutputLog[0]...).HasAll("ipset", "list", "-n") {
    604. 

  604. 		t.Errorf("wrong CombinedOutput() log, got: %s", fcmd.CombinedOutputLog[0])
    605. 

  605. 	}
    606. 

  606. 	if len(list) != len(expected) {
    607. 

  607. 		t.Errorf("expected %d sets, got: %d", len(expected), len(list))
    608. 

  608. 	}
    609. 

  609. 	if !reflect.DeepEqual(list, expected) {
    610. 

  610. 		t.Errorf("expected sets: %v, got: %v", expected, list)
    611. 

  611. 	}
    612. 

  612. }
    613. 

  613. 

  614. func Test_validIPSetType(t *testing.T) {
    615. 

  615. 	testCases := []struct {
    616. 

  616. 		setType Type
    617. 

  617. 		valid   bool
    618. 

  618. 	}{
    619. 

  619. 		{ // case[0]
    620. 

  620. 			setType: Type("foo"),
    621. 

  621. 			valid:   false,
    622. 

  622. 		},
    623. 

  623. 		{ // case[1]
    624. 

  624. 			setType: HashIPPortNet,
    625. 

  625. 			valid:   true,
    626. 

  626. 		},
    627. 

  627. 		{ // case[2]
    628. 

  628. 			setType: HashIPPort,
    629. 

  629. 			valid:   true,
    630. 

  630. 		},
    631. 

  631. 		{ // case[3]
    632. 

  632. 			setType: HashIPPortIP,
    633. 

  633. 			valid:   true,
    634. 

  634. 		},
    635. 

  635. 		{ // case[4]
    636. 

  636. 			setType: BitmapPort,
    637. 

  637. 			valid:   true,
    638. 

  638. 		},
    639. 

  639. 		{ // case[5]
    640. 

  640. 			setType: Type(""),
    641. 

  641. 			valid:   false,
    642. 

  642. 		},
    643. 

  643. 	}
    644. 

  644. 	for i := range testCases {
    645. 

  645. 		valid := validateIPSetType(testCases[i].setType)
    646. 

  646. 		if valid != testCases[i].valid {
    647. 

  647. 			t.Errorf("case [%d]: unexpected mismatch, expect valid[%v], got valid[%v]", i, testCases[i].valid, valid)
    648. 

  648. 		}
    649. 

  649. 	}
    650. 

  650. }
    651. 

  651. 

  652. func Test_validatePortRange(t *testing.T) {
    653. 

  653. 	testCases := []struct {
    654. 

  654. 		portRange string
    655. 

  655. 		valid     bool
    656. 

  656. 		desc      string
    657. 

  657. 	}{
    658. 

  658. 		{ // case[0]
    659. 

  659. 			portRange: "a-b",
    660. 

  660. 			valid:     false,
    661. 

  661. 			desc:      "invalid port number",
    662. 

  662. 		},
    663. 

  663. 		{ // case[1]
    664. 

  664. 			portRange: "1-2",
    665. 

  665. 			valid:     true,
    666. 

  666. 			desc:      "valid",
    667. 

  667. 		},
    668. 

  668. 		{ // case[2]
    669. 

  669. 			portRange: "90-1",
    670. 

  670. 			valid:     true,
    671. 

  671. 			desc:      "ipset util can accept the input of begin port number can be less than end port number",
    672. 

  672. 		},
    673. 

  673. 		{ // case[3]
    674. 

  674. 			portRange: DefaultPortRange,
    675. 

  675. 			valid:     true,
    676. 

  676. 			desc:      "default port range is valid, of course",
    677. 

  677. 		},
    678. 

  678. 		{ // case[4]
    679. 

  679. 			portRange: "12",
    680. 

  680. 			valid:     false,
    681. 

  681. 			desc:      "a single number is invalid",
    682. 

  682. 		},
    683. 

  683. 		{ // case[5]
    684. 

  684. 			portRange: "1-",
    685. 

  685. 			valid:     false,
    686. 

  686. 			desc:      "should specify end port",
    687. 

  687. 		},
    688. 

  688. 		{ // case[6]
    689. 

  689. 			portRange: "-100",
    690. 

  690. 			valid:     false,
    691. 

  691. 			desc:      "should specify begin port",
    692. 

  692. 		},
    693. 

  693. 		{ // case[7]
    694. 

  694. 			portRange: "1:100",
    695. 

  695. 			valid:     false,
    696. 

  696. 			desc:      "delimiter should be -",
    697. 

  697. 		},
    698. 

  698. 		{ // case[8]
    699. 

  699. 			portRange: "1~100",
    700. 

  700. 			valid:     false,
    701. 

  701. 			desc:      "delimiter should be -",
    702. 

  702. 		},
    703. 

  703. 		{ // case[9]
    704. 

  704. 			portRange: "1,100",
    705. 

  705. 			valid:     false,
    706. 

  706. 			desc:      "delimiter should be -",
    707. 

  707. 		},
    708. 

  708. 		{ // case[10]
    709. 

  709. 			portRange: "100-100",
    710. 

  710. 			valid:     true,
    711. 

  711. 			desc:      "begin port number can be equal to end port number",
    712. 

  712. 		},
    713. 

  713. 		{ // case[11]
    714. 

  714. 			portRange: "",
    715. 

  715. 			valid:     false,
    716. 

  716. 			desc:      "empty string is invalid",
    717. 

  717. 		},
    718. 

  718. 		{ // case[12]
    719. 

  719. 			portRange: "-1-12",
    720. 

  720. 			valid:     false,
    721. 

  721. 			desc:      "port number can not be negative value",
    722. 

  722. 		},
    723. 

  723. 		{ // case[13]
    724. 

  724. 			portRange: "-1--8",
    725. 

  725. 			valid:     false,
    726. 

  726. 			desc:      "port number can not be negative value",
    727. 

  727. 		},
    728. 

  728. 	}
    729. 

  729. 	for i := range testCases {
    730. 

  730. 		valid := validatePortRange(testCases[i].portRange)
    731. 

  731. 		if valid != testCases[i].valid {
    732. 

  732. 			t.Errorf("case [%d]: unexpected mismatch, expect valid[%v], got valid[%v], desc: %s", i, testCases[i].valid, valid, testCases[i].desc)
    733. 

  733. 		}
    734. 

  734. 	}
    735. 

  735. }
    736. 

  736. 

  737. func Test_validateFamily(t *testing.T) {
    738. 

  738. 	testCases := []struct {
    739. 

  739. 		family string
    740. 

  740. 		valid  bool
    741. 

  741. 	}{
    742. 

  742. 		{ // case[0]
    743. 

  743. 			family: "foo",
    744. 

  744. 			valid:  false,
    745. 

  745. 		},
    746. 

  746. 		{ // case[1]
    747. 

  747. 			family: ProtocolFamilyIPV4,
    748. 

  748. 			valid:  true,
    749. 

  749. 		},
    750. 

  750. 		{ // case[2]
    751. 

  751. 			family: ProtocolFamilyIPV6,
    752. 

  752. 			valid:  true,
    753. 

  753. 		},
    754. 

  754. 		{ // case[3]
    755. 

  755. 			family: "ipv4",
    756. 

  756. 			valid:  false,
    757. 

  757. 		},
    758. 

  758. 		{ // case[4]
    759. 

  759. 			family: "ipv6",
    760. 

  760. 			valid:  false,
    761. 

  761. 		},
    762. 

  762. 		{ // case[5]
    763. 

  763. 			family: "tcp",
    764. 

  764. 			valid:  false,
    765. 

  765. 		},
    766. 

  766. 		{ // case[6]
    767. 

  767. 			family: "udp",
    768. 

  768. 			valid:  false,
    769. 

  769. 		},
    770. 

  770. 		{ // case[7]
    771. 

  771. 			family: "",
    772. 

  772. 			valid:  false,
    773. 

  773. 		},
    774. 

  774. 		{ // case[8]
    775. 

  775. 			family: "sctp",
    776. 

  776. 			valid:  false,
    777. 

  777. 		},
    778. 

  778. 	}
    779. 

  779. 	for i := range testCases {
    780. 

  780. 		valid := validateHashFamily(testCases[i].family)
    781. 

  781. 		if valid != testCases[i].valid {
    782. 

  782. 			t.Errorf("case [%d]: unexpected mismatch, expect valid[%v], got valid[%v]", i, testCases[i].valid, valid)
    783. 

  783. 		}
    784. 

  784. 	}
    785. 

  785. }
    786. 

  786. 

  787. func Test_validateProtocol(t *testing.T) {
    788. 

  788. 	testCases := []struct {
    789. 

  789. 		protocol string
    790. 

  790. 		valid    bool
    791. 

  791. 		desc     string
    792. 

  792. 	}{
    793. 

  793. 		{ // case[0]
    794. 

  794. 			protocol: "foo",
    795. 

  795. 			valid:    false,
    796. 

  796. 		},
    797. 

  797. 		{ // case[1]
    798. 

  798. 			protocol: ProtocolTCP,
    799. 

  799. 			valid:    true,
    800. 

  800. 		},
    801. 

  801. 		{ // case[2]
    802. 

  802. 			protocol: ProtocolUDP,
    803. 

  803. 			valid:    true,
    804. 

  804. 		},
    805. 

  805. 		{ // case[3]
    806. 

  806. 			protocol: "ipv4",
    807. 

  807. 			valid:    false,
    808. 

  808. 		},
    809. 

  809. 		{ // case[4]
    810. 

  810. 			protocol: "ipv6",
    811. 

  811. 			valid:    false,
    812. 

  812. 		},
    813. 

  813. 		{ // case[5]
    814. 

  814. 			protocol: "TCP",
    815. 

  815. 			valid:    false,
    816. 

  816. 			desc:     "should be low case",
    817. 

  817. 		},
    818. 

  818. 		{ // case[6]
    819. 

  819. 			protocol: "UDP",
    820. 

  820. 			valid:    false,
    821. 

  821. 			desc:     "should be low case",
    822. 

  822. 		},
    823. 

  823. 		{ // case[7]
    824. 

  824. 			protocol: "",
    825. 

  825. 			valid:    false,
    826. 

  826. 		},
    827. 

  827. 		{ // case[8]
    828. 

  828. 			protocol: ProtocolSCTP,
    829. 

  829. 			valid:    true,
    830. 

  830. 		},
    831. 

  831. 	}
    832. 

  832. 	for i := range testCases {
    833. 

  833. 		valid := validateProtocol(testCases[i].protocol)
    834. 

  834. 		if valid != testCases[i].valid {
    835. 

  835. 			t.Errorf("case [%d]: unexpected mismatch, expect valid[%v], got valid[%v], desc: %s", i, testCases[i].valid, valid, testCases[i].desc)
    836. 

  836. 		}
    837. 

  837. 	}
    838. 

  838. }
    839. 

  839. 

  840. func TestValidateIPSet(t *testing.T) {
    841. 

  841. 	testCases := []struct {
    842. 

  842. 		ipset *IPSet
    843. 

  843. 		valid bool
    844. 

  844. 		desc  string
    845. 

  845. 	}{
    846. 

  846. 		{ // case[0]
    847. 

  847. 			ipset: &IPSet{
    848. 

  848. 				Name:       "test",
    849. 

  849. 				SetType:    HashIPPort,
    850. 

  850. 				HashFamily: ProtocolFamilyIPV4,
    851. 

  851. 				HashSize:   1024,
    852. 

  852. 				MaxElem:    1024,
    853. 

  853. 			},
    854. 

  854. 			valid: true,
    855. 

  855. 		},
    856. 

  856. 		{ // case[1]
    857. 

  857. 			ipset: &IPSet{
    858. 

  858. 				Name:       "SET",
    859. 

  859. 				SetType:    BitmapPort,
    860. 

  860. 				HashFamily: ProtocolFamilyIPV6,
    861. 

  861. 				HashSize:   65535,
    862. 

  862. 				MaxElem:    2048,
    863. 

  863. 				PortRange:  DefaultPortRange,
    864. 

  864. 			},
    865. 

  865. 			valid: true,
    866. 

  866. 		},
    867. 

  867. 		{ // case[2]
    868. 

  868. 			ipset: &IPSet{
    869. 

  869. 				Name:       "foo",
    870. 

  870. 				SetType:    BitmapPort,
    871. 

  871. 				HashFamily: ProtocolFamilyIPV6,
    872. 

  872. 				HashSize:   65535,
    873. 

  873. 				MaxElem:    2048,
    874. 

  874. 			},
    875. 

  875. 			valid: false,
    876. 

  876. 			desc:  "should specify right port range for bitmap type set",
    877. 

  877. 		},
    878. 

  878. 		{ // case[3]
    879. 

  879. 			ipset: &IPSet{
    880. 

  880. 				Name:       "bar",
    881. 

  881. 				SetType:    BitmapPort,
    882. 

  882. 				HashFamily: ProtocolFamilyIPV6,
    883. 

  883. 				HashSize:   0,
    884. 

  884. 				MaxElem:    2048,
    885. 

  885. 			},
    886. 

  886. 			valid: false,
    887. 

  887. 			desc:  "wrong hash size number",
    888. 

  888. 		},
    889. 

  889. 		{ // case[4]
    890. 

  890. 			ipset: &IPSet{
    891. 

  891. 				Name:       "baz",
    892. 

  892. 				SetType:    BitmapPort,
    893. 

  893. 				HashFamily: ProtocolFamilyIPV6,
    894. 

  894. 				HashSize:   1024,
    895. 

  895. 				MaxElem:    -1,
    896. 

  896. 			},
    897. 

  897. 			valid: false,
    898. 

  898. 			desc:  "wrong hash max elem number",
    899. 

  899. 		},
    900. 

  900. 		{ // case[5]
    901. 

  901. 			ipset: &IPSet{
    902. 

  902. 				Name:       "baz",
    903. 

  903. 				SetType:    HashIPPortNet,
    904. 

  904. 				HashFamily: "ip",
    905. 

  905. 				HashSize:   1024,
    906. 

  906. 				MaxElem:    1024,
    907. 

  907. 			},
    908. 

  908. 			valid: false,
    909. 

  909. 			desc:  "wrong protocol",
    910. 

  910. 		},
    911. 

  911. 		{ // case[6]
    912. 

  912. 			ipset: &IPSet{
    913. 

  913. 				Name:       "foo-bar",
    914. 

  914. 				SetType:    "xxx",
    915. 

  915. 				HashFamily: ProtocolFamilyIPV4,
    916. 

  916. 				HashSize:   1024,
    917. 

  917. 				MaxElem:    1024,
    918. 

  918. 			},
    919. 

  919. 			valid: false,
    920. 

  920. 			desc:  "wrong set type",
    921. 

  921. 		},
    922. 

  922. 	}
    923. 

  923. 	for i := range testCases {
    924. 

  924. 		valid := testCases[i].ipset.Validate()
    925. 

  925. 		if valid != testCases[i].valid {
    926. 

  926. 			t.Errorf("case [%d]: unexpected mismatch, expect valid[%v], got valid[%v], desc: %s", i, testCases[i].valid, valid, testCases[i].desc)
    927. 

  927. 		}
    928. 

  928. 	}
    929. 

  929. }
    930. 

  930. 

  931. func Test_setIPSetDefaults(t *testing.T) {
    932. 

  932. 	testCases := []struct {
    933. 

  933. 		name   string
    934. 

  934. 		set    *IPSet
    935. 

  935. 		expect *IPSet
    936. 

  936. 	}{
    937. 

  937. 		{
    938. 

  938. 			name: "test all the IPSet fields not present",
    939. 

  939. 			set: &IPSet{
    940. 

  940. 				Name: "test1",
    941. 

  941. 			},
    942. 

  942. 			expect: &IPSet{
    943. 

  943. 				Name:       "test1",
    944. 

  944. 				SetType:    HashIPPort,
    945. 

  945. 				HashFamily: ProtocolFamilyIPV4,
    946. 

  946. 				HashSize:   1024,
    947. 

  947. 				MaxElem:    65536,
    948. 

  948. 				PortRange:  DefaultPortRange,
    949. 

  949. 			},
    950. 

  950. 		},
    951. 

  951. 		{
    952. 

  952. 			name: "test all the IPSet fields present",
    953. 

  953. 			set: &IPSet{
    954. 

  954. 				Name:       "test2",
    955. 

  955. 				SetType:    BitmapPort,
    956. 

  956. 				HashFamily: ProtocolFamilyIPV6,
    957. 

  957. 				HashSize:   65535,
    958. 

  958. 				MaxElem:    2048,
    959. 

  959. 				PortRange:  DefaultPortRange,
    960. 

  960. 			},
    961. 

  961. 			expect: &IPSet{
    962. 

  962. 				Name:       "test2",
    963. 

  963. 				SetType:    BitmapPort,
    964. 

  964. 				HashFamily: ProtocolFamilyIPV6,
    965. 

  965. 				HashSize:   65535,
    966. 

  966. 				MaxElem:    2048,
    967. 

  967. 				PortRange:  DefaultPortRange,
    968. 

  968. 			},
    969. 

  969. 		},
    970. 

  970. 		{
    971. 

  971. 			name: "test part of the IPSet fields present",
    972. 

  972. 			set: &IPSet{
    973. 

  973. 				Name:       "test3",
    974. 

  974. 				SetType:    BitmapPort,
    975. 

  975. 				HashFamily: ProtocolFamilyIPV6,
    976. 

  976. 				HashSize:   65535,
    977. 

  977. 			},
    978. 

  978. 			expect: &IPSet{
    979. 

  979. 				Name:       "test3",
    980. 

  980. 				SetType:    BitmapPort,
    981. 

  981. 				HashFamily: ProtocolFamilyIPV6,
    982. 

  982. 				HashSize:   65535,
    983. 

  983. 				MaxElem:    65536,
    984. 

  984. 				PortRange:  DefaultPortRange,
    985. 

  985. 			},
    986. 

  986. 		},
    987. 

  987. 	}
    988. 

  988. 

  989. 	for _, test := range testCases {
    990. 

  990. 		t.Run(test.name, func(t *testing.T) {
    991. 

  991. 			test.set.setIPSetDefaults()
    992. 

  992. 			if !reflect.DeepEqual(test.set, test.expect) {
    993. 

  993. 				t.Errorf("expected ipset struct: %v, got ipset struct: %v", test.expect, test.set)
    994. 

  994. 			}
    995. 

  995. 		})
    996. 

  996. 	}
    997. 

  997. }
    998. 

  998. 

  999. func Test_checkIPandProtocol(t *testing.T) {
    1000. 

  1000. 	testset := &IPSet{
    1001. 

  1001. 		Name:       "test1",
    1002. 

  1002. 		SetType:    HashIPPort,
    1003. 

  1003. 		HashFamily: ProtocolFamilyIPV4,
    1004. 

  1004. 		HashSize:   1024,
    1005. 

  1005. 		MaxElem:    65536,
    1006. 

  1006. 		PortRange:  DefaultPortRange,
    1007. 

  1007. 	}
    1008. 

  1008. 

  1009. 	testCases := []struct {
    1010. 

  1010. 		name  string
    1011. 

  1011. 		entry *Entry
    1012. 

  1012. 		valid bool
    1013. 

  1013. 	}{
    1014. 

  1014. 		{
    1015. 

  1015. 			name: "valid IP with ProtocolTCP",
    1016. 

  1016. 			entry: &Entry{
    1017. 

  1017. 				SetType:  HashIPPort,
    1018. 

  1018. 				IP:       "1.2.3.4",
    1019. 

  1019. 				Protocol: ProtocolTCP,
    1020. 

  1020. 				Port:     8080,
    1021. 

  1021. 			},
    1022. 

  1022. 			valid: true,
    1023. 

  1023. 		},
    1024. 

  1024. 		{
    1025. 

  1025. 			name: "valid IP with ProtocolUDP",
    1026. 

  1026. 			entry: &Entry{
    1027. 

  1027. 				SetType:  HashIPPort,
    1028. 

  1028. 				IP:       "1.2.3.4",
    1029. 

  1029. 				Protocol: ProtocolUDP,
    1030. 

  1030. 				Port:     8080,
    1031. 

  1031. 			},
    1032. 

  1032. 			valid: true,
    1033. 

  1033. 		},
    1034. 

  1034. 		{
    1035. 

  1035. 			name: "valid IP with nil Protocol",
    1036. 

  1036. 			entry: &Entry{
    1037. 

  1037. 				SetType: HashIPPort,
    1038. 

  1038. 				IP:      "1.2.3.4",
    1039. 

  1039. 				Port:    8080,
    1040. 

  1040. 			},
    1041. 

  1041. 			valid: true,
    1042. 

  1042. 		},
    1043. 

  1043. 		{
    1044. 

  1044. 			name: "valid IP with invalid Protocol",
    1045. 

  1045. 			entry: &Entry{
    1046. 

  1046. 				SetType:  HashIPPort,
    1047. 

  1047. 				IP:       "1.2.3.4",
    1048. 

  1048. 				Protocol: "invalidProtocol",
    1049. 

  1049. 				Port:     8080,
    1050. 

  1050. 			},
    1051. 

  1051. 			valid: false,
    1052. 

  1052. 		},
    1053. 

  1053. 		{
    1054. 

  1054. 			name: "invalid IP with ProtocolTCP",
    1055. 

  1055. 			entry: &Entry{
    1056. 

  1056. 				SetType:  HashIPPort,
    1057. 

  1057. 				IP:       "1.2.3.423",
    1058. 

  1058. 				Protocol: ProtocolTCP,
    1059. 

  1059. 				Port:     8080,
    1060. 

  1060. 			},
    1061. 

  1061. 			valid: false,
    1062. 

  1062. 		},
    1063. 

  1063. 	}
    1064. 

  1064. 

  1065. 	for _, test := range testCases {
    1066. 

  1066. 		t.Run(test.name, func(t *testing.T) {
    1067. 

  1067. 			result := test.entry.checkIPandProtocol(testset)
    1068. 

  1068. 			if result != test.valid {
    1069. 

  1069. 				t.Errorf("expected valid: %v, got valid: %v", test.valid, result)
    1070. 

  1070. 			}
    1071. 

  1071. 		})
    1072. 

  1072. 	}
    1073. 

  1073. }
    1074. 

  1074. 

  1075. func Test_parsePortRange(t *testing.T) {
    1076. 

  1076. 	testCases := []struct {
    1077. 

  1077. 		portRange string
    1078. 

  1078. 		expectErr bool
    1079. 

  1079. 		beginPort int
    1080. 

  1080. 		endPort   int
    1081. 

  1081. 		desc      string
    1082. 

  1082. 	}{
    1083. 

  1083. 		{ // case[0]
    1084. 

  1084. 			portRange: "1-100",
    1085. 

  1085. 			expectErr: false,
    1086. 

  1086. 			beginPort: 1,
    1087. 

  1087. 			endPort:   100,
    1088. 

  1088. 		},
    1089. 

  1089. 		{ // case[1]
    1090. 

  1090. 			portRange: "0-0",
    1091. 

  1091. 			expectErr: false,
    1092. 

  1092. 			beginPort: 0,
    1093. 

  1093. 			endPort:   0,
    1094. 

  1094. 		},
    1095. 

  1095. 		{ // case[2]
    1096. 

  1096. 			portRange: "100-10",
    1097. 

  1097. 			expectErr: false,
    1098. 

  1098. 			beginPort: 10,
    1099. 

  1099. 			endPort:   100,
    1100. 

  1100. 		},
    1101. 

  1101. 		{ // case[3]
    1102. 

  1102. 			portRange: "1024",
    1103. 

  1103. 			expectErr: true,
    1104. 

  1104. 			desc:      "single port number is not allowed",
    1105. 

  1105. 		},
    1106. 

  1106. 		{ // case[4]
    1107. 

  1107. 			portRange: DefaultPortRange,
    1108. 

  1108. 			expectErr: false,
    1109. 

  1109. 			beginPort: 0,
    1110. 

  1110. 			endPort:   65535,
    1111. 

  1111. 		},
    1112. 

  1112. 		{ // case[5]
    1113. 

  1113. 			portRange: "1-",
    1114. 

  1114. 			expectErr: true,
    1115. 

  1115. 			desc:      "should specify end port",
    1116. 

  1116. 		},
    1117. 

  1117. 		{ // case[6]
    1118. 

  1118. 			portRange: "-100",
    1119. 

  1119. 			expectErr: true,
    1120. 

  1120. 			desc:      "should specify begin port",
    1121. 

  1121. 		},
    1122. 

  1122. 		{ // case[7]
    1123. 

  1123. 			portRange: "1:100",
    1124. 

  1124. 			expectErr: true,
    1125. 

  1125. 			desc:      "delimiter should be -",
    1126. 

  1126. 		},
    1127. 

  1127. 		{ // case[8]
    1128. 

  1128. 			portRange: "1~100",
    1129. 

  1129. 			expectErr: true,
    1130. 

  1130. 			desc:      "delimiter should be -",
    1131. 

  1131. 		},
    1132. 

  1132. 		{ // case[9]
    1133. 

  1133. 			portRange: "1,100",
    1134. 

  1134. 			expectErr: true,
    1135. 

  1135. 			desc:      "delimiter should be -",
    1136. 

  1136. 		},
    1137. 

  1137. 		{ // case[10]
    1138. 

  1138. 			portRange: "100-100",
    1139. 

  1139. 			expectErr: false,
    1140. 

  1140. 			desc:      "begin port number can be equal to end port number",
    1141. 

  1141. 			beginPort: 100,
    1142. 

  1142. 			endPort:   100,
    1143. 

  1143. 		},
    1144. 

  1144. 		{ // case[11]
    1145. 

  1145. 			portRange: "",
    1146. 

  1146. 			expectErr: false,
    1147. 

  1147. 			desc:      "empty string indicates default port range",
    1148. 

  1148. 			beginPort: 0,
    1149. 

  1149. 			endPort:   65535,
    1150. 

  1150. 		},
    1151. 

  1151. 		{ // case[12]
    1152. 

  1152. 			portRange: "-1-12",
    1153. 

  1153. 			expectErr: true,
    1154. 

  1154. 			desc:      "port number can not be negative value",
    1155. 

  1155. 		},
    1156. 

  1156. 		{ // case[13]
    1157. 

  1157. 			portRange: "-1--8",
    1158. 

  1158. 			expectErr: true,
    1159. 

  1159. 			desc:      "port number can not be negative value",
    1160. 

  1160. 		},
    1161. 

  1161. 	}
    1162. 

  1162. 	for i := range testCases {
    1163. 

  1163. 		begin, end, err := parsePortRange(testCases[i].portRange)
    1164. 

  1164. 		if err != nil {
    1165. 

  1165. 			if !testCases[i].expectErr {
    1166. 

  1166. 				t.Errorf("case [%d]: unexpected err: %v, desc: %s", i, err, testCases[i].desc)
    1167. 

  1167. 			}
    1168. 

  1168. 			continue
    1169. 

  1169. 		}
    1170. 

  1170. 		if begin != testCases[i].beginPort || end != testCases[i].endPort {
    1171. 

  1171. 			t.Errorf("case [%d]: unexpected mismatch [beginPort, endPort] pair, expect [%d, %d], got [%d, %d], desc: %s", i, testCases[i].beginPort, testCases[i].endPort, begin, end, testCases[i].desc)
    1172. 

  1172. 		}
    1173. 

  1173. 	}
    1174. 

  1174. }
    1175. 

  1175. 

  1176. // This is a coarse test, but it offers some modicum of confidence as the code is evolved.
    1177. 

  1177. func TestValidateEntry(t *testing.T) {
    1178. 

  1178. 	testCases := []struct {
    1179. 

  1179. 		entry *Entry
    1180. 

  1180. 		set   *IPSet
    1181. 

  1181. 		valid bool
    1182. 

  1182. 		desc  string
    1183. 

  1183. 	}{
    1184. 

  1184. 		{ // case[0]
    1185. 

  1185. 			entry: &Entry{
    1186. 

  1186. 				SetType: BitmapPort,
    1187. 

  1187. 			},
    1188. 

  1188. 			set: &IPSet{
    1189. 

  1189. 				PortRange: DefaultPortRange,
    1190. 

  1190. 			},
    1191. 

  1191. 			valid: true,
    1192. 

  1192. 			desc:  "port number can be empty, default is 0. And port number is in the range of its ipset's port range",
    1193. 

  1193. 		},
    1194. 

  1194. 		{ // case[1]
    1195. 

  1195. 			entry: &Entry{
    1196. 

  1196. 				SetType: BitmapPort,
    1197. 

  1197. 				Port:    0,
    1198. 

  1198. 			},
    1199. 

  1199. 			set: &IPSet{
    1200. 

  1200. 				PortRange: DefaultPortRange,
    1201. 

  1201. 			},
    1202. 

  1202. 			valid: true,
    1203. 

  1203. 			desc:  "port number can be 0. And port number is in the range of its ipset's port range",
    1204. 

  1204. 		},
    1205. 

  1205. 		{ // case[2]
    1206. 

  1206. 			entry: &Entry{
    1207. 

  1207. 				SetType: BitmapPort,
    1208. 

  1208. 				Port:    -1,
    1209. 

  1209. 			},
    1210. 

  1210. 			valid: false,
    1211. 

  1211. 			desc:  "port number can not be negative value",
    1212. 

  1212. 		},
    1213. 

  1213. 		{ // case[3]
    1214. 

  1214. 			entry: &Entry{
    1215. 

  1215. 				SetType: BitmapPort,
    1216. 

  1216. 				Port:    1080,
    1217. 

  1217. 			},
    1218. 

  1218. 			set: &IPSet{
    1219. 

  1219. 				Name:      "baz",
    1220. 

  1220. 				PortRange: DefaultPortRange,
    1221. 

  1221. 			},
    1222. 

  1222. 			desc:  "port number is in the range of its ipset's port range",
    1223. 

  1223. 			valid: true,
    1224. 

  1224. 		},
    1225. 

  1225. 		{ // case[4]
    1226. 

  1226. 			entry: &Entry{
    1227. 

  1227. 				SetType: BitmapPort,
    1228. 

  1228. 				Port:    1080,
    1229. 

  1229. 			},
    1230. 

  1230. 			set: &IPSet{
    1231. 

  1231. 				Name:      "foo",
    1232. 

  1232. 				PortRange: "0-1079",
    1233. 

  1233. 			},
    1234. 

  1234. 			desc:  "port number is NOT in the range of its ipset's port range",
    1235. 

  1235. 			valid: false,
    1236. 

  1236. 		},
    1237. 

  1237. 		{ // case[5]
    1238. 

  1238. 			entry: &Entry{
    1239. 

  1239. 				SetType:  HashIPPort,
    1240. 

  1240. 				IP:       "1.2.3.4",
    1241. 

  1241. 				Protocol: ProtocolTCP,
    1242. 

  1242. 				Port:     8080,
    1243. 

  1243. 			},
    1244. 

  1244. 			set: &IPSet{
    1245. 

  1245. 				Name: "bar",
    1246. 

  1246. 			},
    1247. 

  1247. 			valid: true,
    1248. 

  1248. 		},
    1249. 

  1249. 		{ // case[6]
    1250. 

  1250. 			entry: &Entry{
    1251. 

  1251. 				SetType:  HashIPPort,
    1252. 

  1252. 				IP:       "1.2.3.4",
    1253. 

  1253. 				Protocol: ProtocolUDP,
    1254. 

  1254. 				Port:     0,
    1255. 

  1255. 			},
    1256. 

  1256. 			set: &IPSet{
    1257. 

  1257. 				Name: "bar",
    1258. 

  1258. 			},
    1259. 

  1259. 			valid: true,
    1260. 

  1260. 		},
    1261. 

  1261. 		{ // case[7]
    1262. 

  1262. 			entry: &Entry{
    1263. 

  1263. 				SetType:  HashIPPort,
    1264. 

  1264. 				IP:       "FE80:0000:0000:0000:0202:B3FF:FE1E:8329",
    1265. 

  1265. 				Protocol: ProtocolTCP,
    1266. 

  1266. 				Port:     1111,
    1267. 

  1267. 			},
    1268. 

  1268. 			set: &IPSet{
    1269. 

  1269. 				Name: "ipv6",
    1270. 

  1270. 			},
    1271. 

  1271. 			valid: true,
    1272. 

  1272. 		},
    1273. 

  1273. 		{ // case[8]
    1274. 

  1274. 			entry: &Entry{
    1275. 

  1275. 				SetType:  HashIPPort,
    1276. 

  1276. 				IP:       "",
    1277. 

  1277. 				Protocol: ProtocolTCP,
    1278. 

  1278. 				Port:     1234,
    1279. 

  1279. 			},
    1280. 

  1280. 			set: &IPSet{
    1281. 

  1281. 				Name: "empty-ip",
    1282. 

  1282. 			},
    1283. 

  1283. 			valid: false,
    1284. 

  1284. 		},
    1285. 

  1285. 		{ // case[9]
    1286. 

  1286. 			entry: &Entry{
    1287. 

  1287. 				SetType:  HashIPPort,
    1288. 

  1288. 				IP:       "1-2-3-4",
    1289. 

  1289. 				Protocol: ProtocolTCP,
    1290. 

  1290. 				Port:     8900,
    1291. 

  1291. 			},
    1292. 

  1292. 			set: &IPSet{
    1293. 

  1293. 				Name: "bad-ip",
    1294. 

  1294. 			},
    1295. 

  1295. 			valid: false,
    1296. 

  1296. 		},
    1297. 

  1297. 		{ // case[10]
    1298. 

  1298. 			entry: &Entry{
    1299. 

  1299. 				SetType:  HashIPPort,
    1300. 

  1300. 				IP:       "10.20.30.40",
    1301. 

  1301. 				Protocol: "",
    1302. 

  1302. 				Port:     8090,
    1303. 

  1303. 			},
    1304. 

  1304. 			set: &IPSet{
    1305. 

  1305. 				Name: "empty-protocol",
    1306. 

  1306. 			},
    1307. 

  1307. 			valid: true,
    1308. 

  1308. 		},
    1309. 

  1309. 		{ // case[11]
    1310. 

  1310. 			entry: &Entry{
    1311. 

  1311. 				SetType:  HashIPPort,
    1312. 

  1312. 				IP:       "10.20.30.40",
    1313. 

  1313. 				Protocol: "ICMP",
    1314. 

  1314. 				Port:     8090,
    1315. 

  1315. 			},
    1316. 

  1316. 			set: &IPSet{
    1317. 

  1317. 				Name: "unsupported-protocol",
    1318. 

  1318. 			},
    1319. 

  1319. 			valid: false,
    1320. 

  1320. 		},
    1321. 

  1321. 		{ // case[11]
    1322. 

  1322. 			entry: &Entry{
    1323. 

  1323. 				SetType:  HashIPPort,
    1324. 

  1324. 				IP:       "10.20.30.40",
    1325. 

  1325. 				Protocol: "ICMP",
    1326. 

  1326. 				Port:     -1,
    1327. 

  1327. 			},
    1328. 

  1328. 			set: &IPSet{
    1329. 

  1329. 				// TODO: set name string with white space?
    1330. 

  1330. 				Name: "negative-port-number",
    1331. 

  1331. 			},
    1332. 

  1332. 			valid: false,
    1333. 

  1333. 		},
    1334. 

  1334. 		{ // case[12]
    1335. 

  1335. 			entry: &Entry{
    1336. 

  1336. 				SetType:  HashIPPortIP,
    1337. 

  1337. 				IP:       "10.20.30.40",
    1338. 

  1338. 				Protocol: ProtocolUDP,
    1339. 

  1339. 				Port:     53,
    1340. 

  1340. 				IP2:      "10.20.30.40",
    1341. 

  1341. 			},
    1342. 

  1342. 			set: &IPSet{
    1343. 

  1343. 				Name: "LOOP-BACK",
    1344. 

  1344. 			},
    1345. 

  1345. 			valid: true,
    1346. 

  1346. 		},
    1347. 

  1347. 		{ // case[13]
    1348. 

  1348. 			entry: &Entry{
    1349. 

  1349. 				SetType:  HashIPPortIP,
    1350. 

  1350. 				IP:       "10.20.30.40",
    1351. 

  1351. 				Protocol: ProtocolUDP,
    1352. 

  1352. 				Port:     53,
    1353. 

  1353. 				IP2:      "",
    1354. 

  1354. 			},
    1355. 

  1355. 			set: &IPSet{
    1356. 

  1356. 				Name: "empty IP2",
    1357. 

  1357. 			},
    1358. 

  1358. 			valid: false,
    1359. 

  1359. 		},
    1360. 

  1360. 		{ // case[14]
    1361. 

  1361. 			entry: &Entry{
    1362. 

  1362. 				SetType:  HashIPPortIP,
    1363. 

  1363. 				IP:       "10.20.30.40",
    1364. 

  1364. 				Protocol: ProtocolUDP,
    1365. 

  1365. 				Port:     53,
    1366. 

  1366. 				IP2:      "foo",
    1367. 

  1367. 			},
    1368. 

  1368. 			set: &IPSet{
    1369. 

  1369. 				Name: "invalid IP2",
    1370. 

  1370. 			},
    1371. 

  1371. 			valid: false,
    1372. 

  1372. 		},
    1373. 

  1373. 		{ // case[15]
    1374. 

  1374. 			entry: &Entry{
    1375. 

  1375. 				SetType:  HashIPPortIP,
    1376. 

  1376. 				IP:       "10.20.30.40",
    1377. 

  1377. 				Protocol: ProtocolTCP,
    1378. 

  1378. 				Port:     0,
    1379. 

  1379. 				IP2:      "1.2.3.4",
    1380. 

  1380. 			},
    1381. 

  1381. 			set: &IPSet{
    1382. 

  1382. 				Name: "zero port",
    1383. 

  1383. 			},
    1384. 

  1384. 			valid: true,
    1385. 

  1385. 		},
    1386. 

  1386. 		{ // case[16]
    1387. 

  1387. 			entry: &Entry{
    1388. 

  1388. 				SetType:  HashIPPortIP,
    1389. 

  1389. 				IP:       "10::40",
    1390. 

  1390. 				Protocol: ProtocolTCP,
    1391. 

  1391. 				Port:     10000,
    1392. 

  1392. 				IP2:      "1::4",
    1393. 

  1393. 			},
    1394. 

  1394. 			set: &IPSet{
    1395. 

  1395. 				Name: "IPV6",
    1396. 

  1396. 				// TODO: check set's hash family
    1397. 

  1397. 			},
    1398. 

  1398. 			valid: true,
    1399. 

  1399. 		},
    1400. 

  1400. 		{ // case[17]
    1401. 

  1401. 			entry: &Entry{
    1402. 

  1402. 				SetType:  HashIPPortIP,
    1403. 

  1403. 				IP:       "",
    1404. 

  1404. 				Protocol: ProtocolTCP,
    1405. 

  1405. 				Port:     1234,
    1406. 

  1406. 				IP2:      "1.2.3.4",
    1407. 

  1407. 			},
    1408. 

  1408. 			set: &IPSet{
    1409. 

  1409. 				Name: "empty-ip",
    1410. 

  1410. 			},
    1411. 

  1411. 			valid: false,
    1412. 

  1412. 		},
    1413. 

  1413. 		{ // case[18]
    1414. 

  1414. 			entry: &Entry{
    1415. 

  1415. 				SetType:  HashIPPortIP,
    1416. 

  1416. 				IP:       "1-2-3-4",
    1417. 

  1417. 				Protocol: ProtocolTCP,
    1418. 

  1418. 				Port:     8900,
    1419. 

  1419. 				IP2:      "10.20.30.41",
    1420. 

  1420. 			},
    1421. 

  1421. 			set: &IPSet{
    1422. 

  1422. 				Name: "bad-ip",
    1423. 

  1423. 			},
    1424. 

  1424. 			valid: false,
    1425. 

  1425. 		},
    1426. 

  1426. 		{ // case[19]
    1427. 

  1427. 			entry: &Entry{
    1428. 

  1428. 				SetType:  HashIPPortIP,
    1429. 

  1429. 				IP:       "10.20.30.40",
    1430. 

  1430. 				Protocol: ProtocolSCTP,
    1431. 

  1431. 				Port:     8090,
    1432. 

  1432. 				IP2:      "10.20.30.41",
    1433. 

  1433. 			},
    1434. 

  1434. 			set: &IPSet{
    1435. 

  1435. 				Name: "sctp",
    1436. 

  1436. 			},
    1437. 

  1437. 			valid: true,
    1438. 

  1438. 		},
    1439. 

  1439. 		{ // case[20]
    1440. 

  1440. 			entry: &Entry{
    1441. 

  1441. 				SetType:  HashIPPortIP,
    1442. 

  1442. 				IP:       "10.20.30.40",
    1443. 

  1443. 				Protocol: "ICMP",
    1444. 

  1444. 				Port:     -1,
    1445. 

  1445. 				IP2:      "100.200.30.41",
    1446. 

  1446. 			},
    1447. 

  1447. 			set: &IPSet{
    1448. 

  1448. 				Name: "negative-port-number",
    1449. 

  1449. 			},
    1450. 

  1450. 			valid: false,
    1451. 

  1451. 		},
    1452. 

  1452. 		{ // case[21]
    1453. 

  1453. 			entry: &Entry{
    1454. 

  1454. 				SetType:  HashIPPortNet,
    1455. 

  1455. 				IP:       "10.20.30.40",
    1456. 

  1456. 				Protocol: ProtocolTCP,
    1457. 

  1457. 				Port:     53,
    1458. 

  1458. 				// TODO: CIDR /32 may not be valid
    1459. 

  1459. 				Net: "10.20.30.0/24",
    1460. 

  1460. 			},
    1461. 

  1461. 			set: &IPSet{
    1462. 

  1462. 				Name: "abc",
    1463. 

  1463. 			},
    1464. 

  1464. 			valid: true,
    1465. 

  1465. 		},
    1466. 

  1466. 		{ // case[22]
    1467. 

  1467. 			entry: &Entry{
    1468. 

  1468. 				SetType:  HashIPPortNet,
    1469. 

  1469. 				IP:       "11.21.31.41",
    1470. 

  1470. 				Protocol: ProtocolUDP,
    1471. 

  1471. 				Port:     1122,
    1472. 

  1472. 				Net:      "",
    1473. 

  1473. 			},
    1474. 

  1474. 			set: &IPSet{
    1475. 

  1475. 				Name: "empty Net",
    1476. 

  1476. 			},
    1477. 

  1477. 			valid: false,
    1478. 

  1478. 		},
    1479. 

  1479. 		{ // case[23]
    1480. 

  1480. 			entry: &Entry{
    1481. 

  1481. 				SetType:  HashIPPortNet,
    1482. 

  1482. 				IP:       "10.20.30.40",
    1483. 

  1483. 				Protocol: ProtocolUDP,
    1484. 

  1484. 				Port:     8080,
    1485. 

  1485. 				Net:      "x-y-z-w",
    1486. 

  1486. 			},
    1487. 

  1487. 			set: &IPSet{
    1488. 

  1488. 				Name: "invalid Net",
    1489. 

  1489. 			},
    1490. 

  1490. 			valid: false,
    1491. 

  1491. 		},
    1492. 

  1492. 		{ // case[24]
    1493. 

  1493. 			entry: &Entry{
    1494. 

  1494. 				SetType:  HashIPPortNet,
    1495. 

  1495. 				IP:       "10.20.30.40",
    1496. 

  1496. 				Protocol: ProtocolTCP,
    1497. 

  1497. 				Port:     0,
    1498. 

  1498. 				Net:      "10.1.0.0/16",
    1499. 

  1499. 			},
    1500. 

  1500. 			set: &IPSet{
    1501. 

  1501. 				Name: "zero port",
    1502. 

  1502. 			},
    1503. 

  1503. 			valid: true,
    1504. 

  1504. 		},
    1505. 

  1505. 		{ // case[25]
    1506. 

  1506. 			entry: &Entry{
    1507. 

  1507. 				SetType:  HashIPPortNet,
    1508. 

  1508. 				IP:       "10::40",
    1509. 

  1509. 				Protocol: ProtocolTCP,
    1510. 

  1510. 				Port:     80,
    1511. 

  1511. 				Net:      "2001:db8::/32",
    1512. 

  1512. 			},
    1513. 

  1513. 			set: &IPSet{
    1514. 

  1514. 				Name: "IPV6",
    1515. 

  1515. 				// TODO: check set's hash family
    1516. 

  1516. 			},
    1517. 

  1517. 			valid: true,
    1518. 

  1518. 		},
    1519. 

  1519. 		{ // case[26]
    1520. 

  1520. 			entry: &Entry{
    1521. 

  1521. 				SetType:  HashIPPortNet,
    1522. 

  1522. 				IP:       "",
    1523. 

  1523. 				Protocol: ProtocolTCP,
    1524. 

  1524. 				Port:     1234,
    1525. 

  1525. 				Net:      "1.2.3.4/22",
    1526. 

  1526. 			},
    1527. 

  1527. 			set: &IPSet{
    1528. 

  1528. 				Name: "empty-ip",
    1529. 

  1529. 			},
    1530. 

  1530. 			valid: false,
    1531. 

  1531. 		},
    1532. 

  1532. 		{ // case[27]
    1533. 

  1533. 			entry: &Entry{
    1534. 

  1534. 				SetType:  HashIPPortNet,
    1535. 

  1535. 				IP:       "1-2-3-4",
    1536. 

  1536. 				Protocol: ProtocolTCP,
    1537. 

  1537. 				Port:     8900,
    1538. 

  1538. 				Net:      "10.20.30.41/31",
    1539. 

  1539. 			},
    1540. 

  1540. 			set: &IPSet{
    1541. 

  1541. 				Name: "bad-ip",
    1542. 

  1542. 			},
    1543. 

  1543. 			valid: false,
    1544. 

  1544. 		},
    1545. 

  1545. 		{ // case[28]
    1546. 

  1546. 			entry: &Entry{
    1547. 

  1547. 				SetType:  HashIPPortIP,
    1548. 

  1548. 				IP:       "10.20.30.40",
    1549. 

  1549. 				Protocol: "FOO",
    1550. 

  1550. 				Port:     8090,
    1551. 

  1551. 				IP2:      "10.20.30.0/10",
    1552. 

  1552. 			},
    1553. 

  1553. 			set: &IPSet{
    1554. 

  1554. 				Name: "unsupported-protocol",
    1555. 

  1555. 			},
    1556. 

  1556. 			valid: false,
    1557. 

  1557. 		},
    1558. 

  1558. 		{ // case[29]
    1559. 

  1559. 			entry: &Entry{
    1560. 

  1560. 				SetType:  HashIPPortIP,
    1561. 

  1561. 				IP:       "10.20.30.40",
    1562. 

  1562. 				Protocol: ProtocolUDP,
    1563. 

  1563. 				Port:     -1,
    1564. 

  1564. 				IP2:      "100.200.30.0/12",
    1565. 

  1565. 			},
    1566. 

  1566. 			set: &IPSet{
    1567. 

  1567. 				Name: "negative-port-number",
    1568. 

  1568. 			},
    1569. 

  1569. 			valid: false,
    1570. 

  1570. 		},
    1571. 

  1571. 	}
    1572. 

  1572. 	for i := range testCases {
    1573. 

  1573. 		valid := testCases[i].entry.Validate(testCases[i].set)
    1574. 

  1574. 		if valid != testCases[i].valid {
    1575. 

  1575. 			t.Errorf("case [%d]: unexpected mismatch, expect valid[%v], got valid[%v], desc: %s", i, testCases[i].valid, valid, testCases[i].entry)
    1576. 

  1576. 		}
    1577. 

  1577. 	}
    1578. 

  1578. }
    1579. 

  1579. 

  1580. func TestEntryString(t *testing.T) {
    1581. 

  1581. 	testCases := []struct {
    1582. 

  1582. 		name   string
    1583. 

  1583. 		entry  *Entry
    1584. 

  1584. 		expect string
    1585. 

  1585. 	}{
    1586. 

  1586. 		{
    1587. 

  1587. 			name: "test when SetType is HashIPPort",
    1588. 

  1588. 			entry: &Entry{
    1589. 

  1589. 				SetType:  HashIPPort,
    1590. 

  1590. 				IP:       "1.2.3.4",
    1591. 

  1591. 				Protocol: ProtocolTCP,
    1592. 

  1592. 				Port:     8080,
    1593. 

  1593. 			},
    1594. 

  1594. 			expect: "1.2.3.4,tcp:8080",
    1595. 

  1595. 		},
    1596. 

  1596. 		{
    1597. 

  1597. 			name: "test when SetType is HashIPPortIP",
    1598. 

  1598. 			entry: &Entry{
    1599. 

  1599. 				SetType:  HashIPPortIP,
    1600. 

  1600. 				IP:       "1.2.3.8",
    1601. 

  1601. 				Protocol: ProtocolUDP,
    1602. 

  1602. 				Port:     8081,
    1603. 

  1603. 				IP2:      "1.2.3.8",
    1604. 

  1604. 			},
    1605. 

  1605. 			expect: "1.2.3.8,udp:8081,1.2.3.8",
    1606. 

  1606. 		},
    1607. 

  1607. 		{
    1608. 

  1608. 			name: "test when SetType is HashIPPortNet",
    1609. 

  1609. 			entry: &Entry{
    1610. 

  1610. 				SetType:  HashIPPortNet,
    1611. 

  1611. 				IP:       "192.168.1.2",
    1612. 

  1612. 				Protocol: ProtocolUDP,
    1613. 

  1613. 				Port:     80,
    1614. 

  1614. 				Net:      "10.0.1.0/24",
    1615. 

  1615. 			},
    1616. 

  1616. 			expect: "192.168.1.2,udp:80,10.0.1.0/24",
    1617. 

  1617. 		},
    1618. 

  1618. 		{
    1619. 

  1619. 			name: "test when SetType is BitmapPort",
    1620. 

  1620. 			entry: &Entry{
    1621. 

  1621. 				SetType: BitmapPort,
    1622. 

  1622. 				Port:    80,
    1623. 

  1623. 			},
    1624. 

  1624. 			expect: "80",
    1625. 

  1625. 		},
    1626. 

  1626. 		{
    1627. 

  1627. 			name: "test when SetType is unknown",
    1628. 

  1628. 			entry: &Entry{
    1629. 

  1629. 				SetType:  "unknown",
    1630. 

  1630. 				IP:       "192.168.1.2",
    1631. 

  1631. 				Protocol: ProtocolUDP,
    1632. 

  1632. 				Port:     80,
    1633. 

  1633. 				Net:      "10.0.1.0/24",
    1634. 

  1634. 			},
    1635. 

  1635. 			expect: "",
    1636. 

  1636. 		},
    1637. 

  1637. 	}
    1638. 

  1638. 

  1639. 	for _, test := range testCases {
    1640. 

  1640. 		t.Run(test.name, func(t *testing.T) {
    1641. 

  1641. 			result := test.entry.String()
    1642. 

  1642. 			if result != test.expect {
    1643. 

  1643. 				t.Errorf("Unexpected mismatch, expected: %s, got: %s", test.expect, result)
    1644. 

  1644. 			}
    1645. 

  1645. 		})
    1646. 

  1646. 	}
    1647. 

  1647. }
    1648. 

  1648.