| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
Support adding/deleting multiple entries in the userspace part
of the hash:ip,port, hash:ip,port,ip, hash:ip,port,net and
hash:net,port types.
|
|
|
|
|
|
| |
Support adding/deleting multiple entries in the kernel side
of the hash:ip,port, hash:ip,port,ip, hash:ip,port,net and
hash:net,port types.
|
|
|
|
| |
Add new parser function to parse TCP/UDP port name, number, or range of them.
|
| |
|
| |
|
|
|
|
|
| |
Where the argument was used, the set lock was already activated, therefore
the argument value was always GFP_ATOMIC.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
And enforce from kernel side as well...
|
|
|
|
| |
Lower timeout values to max 5s, so we can lower sleep values too.
|
| |
|
| |
|
|
|
|
|
|
|
| |
Calculate the free buffer size when adding the existing attributes at the buffered
commands. If the buffer is full, cancel the unfinished nested attribute and commit
the previously buffered commands. Then restart with the current buffered command.
Thus we can get rid of the ugly maxsize parameter of the set types.
|
| |
|
| |
|
|
|
|
|
| |
libmnl now uses void pointer arithmetic, remove -Wpointer-arith from
the compiler flags.
|
| |
|
|
|
|
|
|
|
| |
Resizing can be triggered by userspace command only, and those
are serialized by the nfnl mutex. During resizing the set is
read-locked, so the only possible concurrent operations are
the kernel side readers. Those must be protected by proper RCU locking.
|
|
|
|
|
|
| |
Instead of the cache friendly hashing, use the array based hashing.
According to my tests the latter uses less memory, faster at lookup and
deletion, and only slower at insertion.
|
| |
|
|
|
|
|
| |
Update ip_set_jhash.h with the version which was submitted for kernel
inclusion.
|
|
|
|
| |
Separate the ipset header files from netfilter header files.
|
| |
|
|
|
|
|
| |
Spare some memory by moving the static prefixlen maps to the ipset core.
Thus we can get rid of include/net/pfxlen.h too.
|
|
|
|
|
| |
Modifying a set can be performed by save/modify/restore/swap, without
adding kernel part support.
|
| |
|
|
|
|
| |
The command is not used yet, but better to reserve it already.
|
|
|
|
|
| |
Cleaned up the netlink.patch part: there's no more multiple patches.
The incompatibilities against 4.x are listed in details.
|
|
|
|
|
|
|
| |
The manpage is updated to reflect the recent modifications and
the addition of the hash:net,port type. The help text of hash:ip
is updated: adding/deleting multiple entries are supported for
IPv4 only.
|
|
|
|
|
| |
Use the newly added parser function ipset_parse_ip4_single6 instead
of the generic ipset_parse_ip.
|
|
|
|
|
|
| |
At present IPv6 does not support adding/deleting multiple IPv6 addresses
specified as an ip-ip range or ip/prefix block. A parser function is
added by which can enforce it at parsing the address pattern.
|
|
|
|
|
|
|
| |
With restricting resizing so that it can be triggered by an add
from userspace only, we can modify it so that it uses read-locking
instead of write-locking. Thus the matching in the set can run parallel
with resizing.
|
|
|
|
|
|
| |
Resizing in kernel context is simply too expensive. Drop the feature:
if a set is used as a dynamic container by a SET target, then the set
must be created with a proper size from now on.
|
|
|
|
|
| |
Resizing functions are called without holding any lock. So we can
allocate using the flag GFP_KERNEL.
|
| |
|
|
|
|
|
|
| |
The listing was incorrect for large sets, when multiple messages were
required. I assume that one full hash bucket fills into one message,
but that is true for all current hash types.
|
| |
|
|
|
|
|
| |
Fall back to the build directory if the source directory is not specified.
Check that it looks like as a source directory.
|
|\ |
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| |
| | |
AC_CANONICAL_SYSTEM is deprecated in favor of calling one or more of
AC_CANONICAL_{BUILD,HOST,TARGET}. Since configure.ac only uses $target,
only AC_CANONICAL_TARGET is needed.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| | |
libtool will take care of adding -fPIC as needed. In fact, static
libraries are often not desired to be compiled with -fPIC.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
libmnl installs .pc files that we can directly use and which are
preferable over AC_CHECK_LIB.
Also make sure that libipset.so is linked with libmnl, otherwise
linking errors can ensue when a program tries to link to libipset.
Furthermore, remove the now-unused LIBS variable.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| | |
The build directory is not necessarily the same as the source directory.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| |
| | |
libtoolize: Consider adding "AC_CONFIG_MACRO_DIR([m4])" to configure.ac and
libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.
libtoolize: Consider adding "-I m4" to ACLOCAL_AMFLAGS in Makefile.am.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| | |
This is the recommended way to regenerate the GNU build system files
these days.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|