| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Lower timeout values to max 5s, so we can lower sleep values too.
|
| |
|
| |
|
|
|
|
|
|
|
| |
Calculate the free buffer size when adding the existing attributes at the buffered
commands. If the buffer is full, cancel the unfinished nested attribute and commit
the previously buffered commands. Then restart with the current buffered command.
Thus we can get rid of the ugly maxsize parameter of the set types.
|
| |
|
| |
|
|
|
|
|
| |
libmnl now uses void pointer arithmetic, remove -Wpointer-arith from
the compiler flags.
|
| |
|
|
|
|
|
|
|
| |
Resizing can be triggered by userspace command only, and those
are serialized by the nfnl mutex. During resizing the set is
read-locked, so the only possible concurrent operations are
the kernel side readers. Those must be protected by proper RCU locking.
|
|
|
|
|
|
| |
Instead of the cache friendly hashing, use the array based hashing.
According to my tests the latter uses less memory, faster at lookup and
deletion, and only slower at insertion.
|
| |
|
|
|
|
|
| |
Update ip_set_jhash.h with the version which was submitted for kernel
inclusion.
|
|
|
|
| |
Separate the ipset header files from netfilter header files.
|
| |
|
|
|
|
|
| |
Spare some memory by moving the static prefixlen maps to the ipset core.
Thus we can get rid of include/net/pfxlen.h too.
|
|
|
|
|
| |
Modifying a set can be performed by save/modify/restore/swap, without
adding kernel part support.
|
| |
|
|
|
|
| |
The command is not used yet, but better to reserve it already.
|
|
|
|
|
| |
Cleaned up the netlink.patch part: there's no more multiple patches.
The incompatibilities against 4.x are listed in details.
|
|
|
|
|
|
|
| |
The manpage is updated to reflect the recent modifications and
the addition of the hash:net,port type. The help text of hash:ip
is updated: adding/deleting multiple entries are supported for
IPv4 only.
|
|
|
|
|
| |
Use the newly added parser function ipset_parse_ip4_single6 instead
of the generic ipset_parse_ip.
|
|
|
|
|
|
| |
At present IPv6 does not support adding/deleting multiple IPv6 addresses
specified as an ip-ip range or ip/prefix block. A parser function is
added by which can enforce it at parsing the address pattern.
|
|
|
|
|
|
|
| |
With restricting resizing so that it can be triggered by an add
from userspace only, we can modify it so that it uses read-locking
instead of write-locking. Thus the matching in the set can run parallel
with resizing.
|
|
|
|
|
|
| |
Resizing in kernel context is simply too expensive. Drop the feature:
if a set is used as a dynamic container by a SET target, then the set
must be created with a proper size from now on.
|
|
|
|
|
| |
Resizing functions are called without holding any lock. So we can
allocate using the flag GFP_KERNEL.
|
| |
|
|
|
|
|
|
| |
The listing was incorrect for large sets, when multiple messages were
required. I assume that one full hash bucket fills into one message,
but that is true for all current hash types.
|
| |
|
|
|
|
|
| |
Fall back to the build directory if the source directory is not specified.
Check that it looks like as a source directory.
|
|\ |
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| |
| | |
AC_CANONICAL_SYSTEM is deprecated in favor of calling one or more of
AC_CANONICAL_{BUILD,HOST,TARGET}. Since configure.ac only uses $target,
only AC_CANONICAL_TARGET is needed.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| | |
libtool will take care of adding -fPIC as needed. In fact, static
libraries are often not desired to be compiled with -fPIC.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
libmnl installs .pc files that we can directly use and which are
preferable over AC_CHECK_LIB.
Also make sure that libipset.so is linked with libmnl, otherwise
linking errors can ensue when a program tries to link to libipset.
Furthermore, remove the now-unused LIBS variable.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| | |
The build directory is not necessarily the same as the source directory.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| |
| | |
libtoolize: Consider adding "AC_CONFIG_MACRO_DIR([m4])" to configure.ac and
libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.
libtoolize: Consider adding "-I m4" to ACLOCAL_AMFLAGS in Makefile.am.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| | |
This is the recommended way to regenerate the GNU build system files
these days.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- More comments added to the code
- ICMP and ICMPv6 support added to the hash:ip,port, hash:ip,port,ip
and hash:ip,port,net types
- hash:net and hash:ip,port,net types are reworked
- hash:net,port type added
- Wrong direction parameters fixed in hash:ip,port
- Helps and manpage are updated
- More tests added
- Ugly macros are rewritten to functions in parse.c
(Holger Eitzenberger)
- resize related bug in hash types fixed (Holger Eitzenberger)
- autoreconf patches by Jan Engelhardt applied
- netlink patch minimalized: dumping can be initialized by a second
parsing of the message (thanks to David and Patrick for the suggestion)
- IPv4/IPv6 address attributes are introduced in order to fix the context
(suggested by David)
|
|/
|
|
|
|
|
|
|
| |
- Use is_vmalloc_addr when freeing vmalloc or kmalloc-ed areas. Thus
we can get rid of a flag and simplify some functions.
- When checking "same" sets, ignore hash size, because resizing
changes it.
- 2.6.35 compatibility added.
- Discuss backward/forward compatibilities in the README file.
|
|
|
|
|
|
|
| |
Makefile fixes: compiler flags
README and manpage fixes
Compatibility with newer gcc releases (4.4.x)
Compatibility with the 2.6.35 kernel tree
|
|
|
|
|
|
|
|
| |
ipset 5 is tested on Sparc, which revealed some compatibility issues
and those are fixed. Kernels from 2.6.31 onward are supported.
The testsuite checkings are completed to run match/target checks.
The README file is updated to reflect the requirements to install
and run ipset 5.
|
|
|
|
|
|
| |
- getting ports for family INET6 fixed
- more manpage polishing
- tests to check the iptables/ip6tables match and target added
|
|
|
|
|
|
|
|
|
|
|
| |
- the hash types can now store protocol together port, not only port
- lots of fixes everywhere: parser, error reporting, manpage
The last bits on the todo list before announcing ipset 5:
- recheck all the error messages
- add possibly more tests
- polish manpage
|
| |
|
|
|
|
| |
The missing IPv6 match/target aliases added.
|
|
|
|
|
|
| |
Use the libmnl mnl_attr_nest_star/mnl_attr_nest_end functions instead of
the private ones. Ignore possible size differences in iptree*.t compatibility
tests.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reworked protocol and internal interfaces, missing set types added,
backward compatibility verified, lots of tests added (and thanks to the tests,
bugs fixed), even the manpage is rewritten ;-). Countless changes everywhere...
The missing bits before announcing ipset 5:
- net namespace support
- new iptables/ip6tables extension library
- iptables/ip6tables match and target tests (backward/forward compatibility)
- tests on catching syntax errors
|
|
|
|
|
| |
"tidy" must cleanup the kernel/ directory - and should not delete
kernel/Makefile.
|