summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Speed up testing a little bitJozsef Kadlecsik2010-12-1321-65/+65
| | | | Lower timeout values to max 5s, so we can lower sleep values too.
* Convert last printks to pr_debug in ip_set_ahash.hJozsef Kadlecsik2010-12-131-4/+2
|
* Remove remnants of slist from ip_set_ahash.hJozsef Kadlecsik2010-12-131-3/+2
|
* Buffered commands are just ... buffered.Jozsef Kadlecsik2010-12-133-129/+82
| | | | | | | Calculate the free buffer size when adding the existing attributes at the buffered commands. If the buffer is full, cancel the unfinished nested attribute and commit the previously buffered commands. Then restart with the current buffered command. Thus we can get rid of the ugly maxsize parameter of the set types.
* Fixing dangling empty line produced backward-incompatible exit codes, fixed.Jozsef Kadlecsik2010-12-131-2/+2
|
* Support case-insensitive ICMP and ICMPv6 type/code names.Jozsef Kadlecsik2010-12-103-2/+4
|
* Compiler flag compatibility fix with libmnlJozsef Kadlecsik2010-12-101-1/+1
| | | | | libmnl now uses void pointer arithmetic, remove -Wpointer-arith from the compiler flags.
* Fix dangling empty line at error/warning messages emitted by ipset.Jozsef Kadlecsik2010-12-101-3/+4
|
* Add proper RCU protection to resizingJozsef Kadlecsik2010-12-101-18/+38
| | | | | | | Resizing can be triggered by userspace command only, and those are serialized by the nfnl mutex. During resizing the set is read-locked, so the only possible concurrent operations are the kernel side readers. Those must be protected by proper RCU locking.
* Convert hash types from chash to ahash.Jozsef Kadlecsik2010-12-107-94/+1127
| | | | | | Instead of the cache friendly hashing, use the array based hashing. According to my tests the latter uses less memory, faster at lookup and deletion, and only slower at insertion.
* Strip off ip_set_ prefix from non-ipset specific header files.Jozsef Kadlecsik2010-12-089-8/+8
|
* Update ip_set_jhash.hJozsef Kadlecsik2010-12-081-33/+81
| | | | | Update ip_set_jhash.h with the version which was submitted for kernel inclusion.
* Create include/linux/netfilter/ipset/ directoryJozsef Kadlecsik2010-12-0723-70/+70
| | | | Separate the ipset header files from netfilter header files.
* Complete Kconfig.ipset with hash:net,port type.Jozsef Kadlecsik2010-12-071-8/+16
|
* Remove include/net/pfxlen.hJozsef Kadlecsik2010-12-0712-311/+305
| | | | | Spare some memory by moving the static prefixlen maps to the ipset core. Thus we can get rid of include/net/pfxlen.h too.
* Remove command MODIFYJozsef Kadlecsik2010-12-073-37/+35
| | | | | Modifying a set can be performed by save/modify/restore/swap, without adding kernel part support.
* Whitespace, checkpatch.pl cleanups.Jozsef Kadlecsik2010-12-0720-375/+376
|
* The protocol extended with the command MODIFY.Jozsef Kadlecsik2010-11-053-37/+41
| | | | The command is not used yet, but better to reserve it already.
* Update README fileJozsef Kadlecsik2010-11-051-6/+23
| | | | | Cleaned up the netlink.patch part: there's no more multiple patches. The incompatibilities against 4.x are listed in details.
* Manpage and help text fixes.v5.0-pre10Jozsef Kadlecsik2010-11-022-38/+110
| | | | | | | The manpage is updated to reflect the recent modifications and the addition of the hash:net,port type. The help text of hash:ip is updated: adding/deleting multiple entries are supported for IPv4 only.
* Enforce handling IPv4 and IPv6 differently for hash:ip type.Jozsef Kadlecsik2010-10-301-1/+1
| | | | | Use the newly added parser function ipset_parse_ip4_single6 instead of the generic ipset_parse_ip.
* Add parser function to handle IPv4 and IPv6 differently.Jozsef Kadlecsik2010-10-302-0/+42
| | | | | | At present IPv6 does not support adding/deleting multiple IPv6 addresses specified as an ip-ip range or ip/prefix block. A parser function is added by which can enforce it at parsing the address pattern.
* Resizing converted to run under read-locking of the setJozsef Kadlecsik2010-10-307-118/+157
| | | | | | | With restricting resizing so that it can be triggered by an add from userspace only, we can modify it so that it uses read-locking instead of write-locking. Thus the matching in the set can run parallel with resizing.
* Remove to support resizing from kernel context.Jozsef Kadlecsik2010-10-291-8/+1
| | | | | | Resizing in kernel context is simply too expensive. Drop the feature: if a set is used as a dynamic container by a SET target, then the set must be created with a proper size from now on.
* Fix gfp_flags at resizingJozsef Kadlecsik2010-10-292-3/+3
| | | | | Resizing functions are called without holding any lock. So we can allocate using the flag GFP_KERNEL.
* Test to list large hash sets added.Jozsef Kadlecsik2010-10-292-0/+1065
|
* Listing for hash types fixedJozsef Kadlecsik2010-10-291-2/+18
| | | | | | The listing was incorrect for large sets, when multiple messages were required. I assume that one full hash bucket fills into one message, but that is true for all current hash types.
* Kernel compile-time files are added to .gitignoreJozsef Kadlecsik2010-10-291-0/+9
|
* Build and source kernel directoriesv5.0-pre9Jozsef Kadlecsik2010-10-251-1/+7
| | | | | Fall back to the build directory if the source directory is not specified. Check that it looks like as a source directory.
* Merge branch 'ipset-5' of git://dev.medozas.de/ipset into ipset-5Jozsef Kadlecsik2010-10-257-34/+49
|\
| * Add .gitignore filesJan Engelhardt2010-10-192-0/+21
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: run autoupdateJan Engelhardt2010-10-191-2/+2
| | | | | | | | | | | | | | | | AC_CANONICAL_SYSTEM is deprecated in favor of calling one or more of AC_CANONICAL_{BUILD,HOST,TARGET}. Since configure.ac only uses $target, only AC_CANONICAL_TARGET is needed. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: use subdir-objects and CC_C_OJan Engelhardt2010-10-191-1/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: remove manual -fPIC flagJan Engelhardt2010-10-191-1/+1
| | | | | | | | | | | | | | libtool will take care of adding -fPIC as needed. In fact, static libraries are often not desired to be compiled with -fPIC. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: use libmnl's pkgconfig filesJan Engelhardt2010-10-192-6/+3
| | | | | | | | | | | | | | | | | | | | | | | | libmnl installs .pc files that we can directly use and which are preferable over AC_CHECK_LIB. Also make sure that libipset.so is linked with libmnl, otherwise linking errors can ensue when a program tries to link to libipset. Furthermore, remove the now-unused LIBS variable. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: add separate option for kernel source directoryJan Engelhardt2010-10-191-9/+14
| | | | | | | | | | | | The build directory is not necessarily the same as the source directory. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: resolve autoreconf/libtoolize suggestionsJan Engelhardt2010-10-193-0/+5
| | | | | | | | | | | | | | | | libtoolize: Consider adding "AC_CONFIG_MACRO_DIR([m4])" to configure.ac and libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree. libtoolize: Consider adding "-I m4" to ACLOCAL_AMFLAGS in Makefile.am. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: just use autoreconfJan Engelhardt2010-10-191-16/+2
| | | | | | | | | | | | | | This is the recommended way to regenerate the GNU build system files these days. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Rollback to fix commit historyJozsef Kadlecsik2010-10-256-53/+33
| |
* | Fixes, cleanups, commentsv5.0-pre8Jozsef Kadlecsik2010-10-2488-1086/+2487
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - More comments added to the code - ICMP and ICMPv6 support added to the hash:ip,port, hash:ip,port,ip and hash:ip,port,net types - hash:net and hash:ip,port,net types are reworked - hash:net,port type added - Wrong direction parameters fixed in hash:ip,port - Helps and manpage are updated - More tests added - Ugly macros are rewritten to functions in parse.c (Holger Eitzenberger) - resize related bug in hash types fixed (Holger Eitzenberger) - autoreconf patches by Jan Engelhardt applied - netlink patch minimalized: dumping can be initialized by a second parsing of the message (thanks to David and Patrick for the suggestion) - IPv4/IPv6 address attributes are introduced in order to fix the context (suggested by David)
* | Cleanup, compatibilityv5.0-pre7Jozsef Kadlecsik2010-08-2312-66/+71
|/ | | | | | | | | - Use is_vmalloc_addr when freeing vmalloc or kmalloc-ed areas. Thus we can get rid of a flag and simplify some functions. - When checking "same" sets, ignore hash size, because resizing changes it. - 2.6.35 compatibility added. - Discuss backward/forward compatibilities in the README file.
* Compatibility and documentation fixesv5.0-pre6Jozsef Kadlecsik2010-07-137-39/+94
| | | | | | | Makefile fixes: compiler flags README and manpage fixes Compatibility with newer gcc releases (4.4.x) Compatibility with the 2.6.35 kernel tree
* ipset 5: Sparc related and compatibility fixesv5.0-pre5Jozsef Kadlecsik2010-06-2932-165/+306
| | | | | | | | ipset 5 is tested on Sparc, which revealed some compatibility issues and those are fixed. Kernels from 2.6.31 onward are supported. The testsuite checkings are completed to run match/target checks. The README file is updated to reflect the requirements to install and run ipset 5.
* ipset 5: IPv6 port related and manpage fixes, more testsv5.0-pre4Jozsef Kadlecsik2010-06-257-35/+231
| | | | | | - getting ports for family INET6 fixed - more manpage polishing - tests to check the iptables/ip6tables match and target added
* ipset 5: last new feature addedv5.0-pre3Jozsef Kadlecsik2010-06-2244-577/+1181
| | | | | | | | | | | - the hash types can now store protocol together port, not only port - lots of fixes everywhere: parser, error reporting, manpage The last bits on the todo list before announcing ipset 5: - recheck all the error messages - add possibly more tests - polish manpage
* configure/Makefile and debug fixesJozsef Kadlecsik2010-06-165-4/+26
|
* IPv6 match/target module aliases addedv5.0-pre2Jozsef Kadlecsik2010-06-161-0/+2
| | | | The missing IPv6 match/target aliases added.
* Use libmnl nest functions and fix size differences in iptree*.tJozsef Kadlecsik2010-06-153-24/+4
| | | | | | Use the libmnl mnl_attr_nest_star/mnl_attr_nest_end functions instead of the private ones. Ignore possible size differences in iptree*.t compatibility tests.
* ipset 5 in an almost ready state - milestonev5.0-pre1Jozsef Kadlecsik2010-06-15145-5846/+9165
| | | | | | | | | | | | Reworked protocol and internal interfaces, missing set types added, backward compatibility verified, lots of tests added (and thanks to the tests, bugs fixed), even the manpage is rewritten ;-). Countless changes everywhere... The missing bits before announcing ipset 5: - net namespace support - new iptables/ip6tables extension library - iptables/ip6tables match and target tests (backward/forward compatibility) - tests on catching syntax errors
* Fix Makefile.amv5.0-pre0Jozsef Kadlecsik2010-04-221-2/+2
| | | | | "tidy" must cleanup the kernel/ directory - and should not delete kernel/Makefile.