summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Testsuite compatibility with debugging enabledJozsef Kadlecsik2011-02-011-1/+1
| | | | | The error line checking would fail when debugging is enabled (and spit out junk lines), fixed.
* Allow "new" as a commad alias to "create"Jozsef Kadlecsik2011-02-011-7/+7
| | | | It's too easy to mistype "n" to "new", so just allow it.
* ipset: improve command argument parsingHolger Eitzenberger2011-02-011-22/+20
| | | | | | | | | | | | | | | | | | | | | | The number of comparisons for a matching a command name can be made smaller by just checking on argv[1]. As an example consider the following 'create' arguments 'hashsize', 'family' and 'timeout'. When having the command create foo hash:ip timeout 60 family inet hashsize 64 it compares without this patch: strcmp("timeout", "hashsize") strcmp("64", "hashsize") strcmp("family", "hashsize") strcmp("inet", "hashsize") strcmp("hashsize", "hashsize") It is worse in practice, as 'create' has more arguments than this. Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
* ipset: avoid the unnecessary argv[] loopHolger Eitzenberger2011-02-011-50/+46
| | | | | | | | After stripping off the global options there simply has to follow a command name, there is no other syntax possible. Therefore the argv[] loop is unnecessary. Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
* ipset: pass ipset_arg argument pointerHolger Eitzenberger2011-02-013-16/+10
| | | | Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
* Separate ipset errnos completely from system ones and bump protocol version.Jozsef Kadlecsik2011-01-312-7/+7
|
* Use better error codes in xt_set.cJozsef Kadlecsik2011-01-311-12/+12
|
* Fix sparse warning about shadowed definitionJozsef Kadlecsik2011-01-271-1/+1
|
* bitmap:ip type: flavour specific adt functionsJozsef Kadlecsik2011-01-271-301/+168
| | | | | Use flavour-specific ADT functions and use shared ones for all other type functions (Patrick McHardy's review)
* bitmap:port type: flavour specific adt functionsJozsef Kadlecsik2011-01-271-278/+159
| | | | | Use flavour-specific ADT functions and use shared ones for all other type functions (Patrick McHardy's review)
* Move the type specifici attribute validation to the coreJozsef Kadlecsik2011-01-2713-392/+254
| | | | | | The type specific attribute validation can be moved to the ipset core. That way it's done centrally and thus can be eliminated from the individual set types (suggested by Patrick McHardy).
* Fix the spelling error fix :-)Jozsef Kadlecsik2011-01-261-1/+1
| | | | Spelling error fixed (Ferenc Wagner)
* Use vzalloc() instead of __vmalloc()Jozsef Kadlecsik2011-01-2612-24/+20
| | | | Use vzalloc() if kernel version supports it. (Eric Dumazet, Patrick McHardy)
* Use meaningful error messages in xt_set.cJozsef Kadlecsik2011-01-261-8/+12
| | | | Old cryptic error messages are not useful (Patrick McHardy's review)
* Constified attribute cannot be writtenJozsef Kadlecsik2011-01-262-1/+13
| | | | | | Attribute is const so a little bit more work is needed to return the error line number. A test is also added in order to check the functionality. (Patrick McHardy's review)
* Send (N)ACK at dumping only when NLM_F_ACK is setJozsef Kadlecsik2011-01-262-3/+5
| | | | | Missing check of the flag NLM_F_ACK is added to the kernel - and userspace does set it too (Patrick McHardy's review)
* Correct the error codes: use ENOENT and EMSGSIZEJozsef Kadlecsik2011-01-267-44/+72
| | | | Use correct error codes (Patrick McHardy's review)
* Resolving IP addresses did not work at listing/saving sets, fixed.Jozsef Kadlecsik2011-01-261-2/+2
|
* ipset: fix spelling errorHolger Eitzenberger2011-01-251-2/+2
| | | | | Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* ipset: fix the Netlink sequence numberHolger Eitzenberger2011-01-251-1/+2
| | | | | | | | | | Do not use time() as a Netlink sequence number for each message, as otherwise the same seq number will be used when sending another message in the same second. Instead use time() just for initialization, then increment per message. Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* ipset: turn Set name[] into a const pointerHolger Eitzenberger2011-01-252-9/+10
| | | | | | | | | | | | Also check for the name length. Note that passing errno values back is not done consistently at various place, as there are some functions which set errno manually, others pass -errno back. I use the -errno approach here, as it is slightly shorter. Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Check ICMP and ICMPv6 with the set match and target in the testsuiteJozsef Kadlecsik2011-01-242-0/+44
| | | | "sendip" needs data otherwise ICMP/ICMPv6 gets truncated...
* Avoid possible syntax clashing at saving hostnamesJozsef Kadlecsik2011-01-241-1/+2
| | | | | | If resolving is requested and the resolved hostname contains a dash character, print the unresolved IP address instead in order not to clash with the IP/hostname range syntax.
* ipset 5.4.1 releasedv5.4.1Jozsef Kadlecsik2011-01-221-1/+1
|
* Add UPGRADE instructionsJozsef Kadlecsik2011-01-222-1/+22
|
* ipset 5.4 releasedv5.4Jozsef Kadlecsik2011-01-212-1/+24
|
* Fixed broken ICMP and ICMPv6 handlingJozsef Kadlecsik2011-01-211-6/+7
| | | | | | I mistyped the bitwise operator and the network-order conversion was missing too. Sigh, sendip cannot generate proper packets to check ICMP and ICMPv6 in the testsuite. :-(
* Fix trailing whitespaces and pr_* messagesJozsef Kadlecsik2011-01-2112-69/+67
| | | | | | Some trailing whitespace slipped in, those are removed. With the deleted ip_set_kernel.h, the pr_* messages lost the trailing "\n" character. The messages were completed with it.
* Un-inline functions which are not small enoughJozsef Kadlecsik2011-01-2012-161/+42
|
* Fix module loading at create/header commandsJozsef Kadlecsik2011-01-202-50/+37
| | | | | While holding the nfnl_mutex, module loading is not allowed. Bug spotted by Patrick McHardy in his reviewing.
* Fix wrong kzalloc flag in type_pf_expireJozsef Kadlecsik2011-01-201-1/+1
| | | | | The expire functions of the hash types are called while locked, so kzalloc must be called with GFP_ATOMIC.
* The get_ip*_port functions are too large to be inlined, moved into the core.Jozsef Kadlecsik2011-01-208-138/+160
|
* Add missing __GFP_HIGHMEM flag to __vmallocJozsef Kadlecsik2011-01-201-1/+2
| | | | | We may call ip_set_alloc with GFP_ATOMIC, so we cannot replace __vmalloc with vzalloc. Missing flag was noticed by Eric Dumazet.
* Enforce network-order data in the netlink protocolJozsef Kadlecsik2011-01-2012-86/+214
| | | | | | Allow only network-order data, with NLA_F_NET_BYTEORDER flag. Sanity checks also added to prevent processing broken messages where mandatory attributes are missing. (Patrick McHardy's review)
* Use annotated types and fix sparse warningsJozsef Kadlecsik2011-01-2015-123/+114
| | | | | | Annotated types are introduced and sparse warnings fixed. Two warnings remained in ip_set_core.c but those are false ones. (Patrick McHardy's review)
* Move ip_set_alloc, ip_set_free and ip_set_get_ipaddr* into coreJozsef Kadlecsik2011-01-202-77/+88
| | | | | | The functions are too large to be inlined, so move them into the core. Also, fix the unnecessary initializations in ip_set_get_ipaddr*. (Patrick McHardy's review)
* NETMASK*, HOSTMASK* macros are too genericJozsef Kadlecsik2011-01-2010-55/+74
| | | | | NETMASK*, HOSTMASK* macros are rewritten to small inline functions ip_set_netmask* and ip_set_hostmask* (Patrick McHardy's review)
* Use static LIST_HEAD() for ip_set_type_listJozsef Kadlecsik2011-01-201-3/+1
| | | | | Avoid the need for explicit initialization during runtime (Patrick McHardy's review)
* Move NLA_PUT_NET* macros to include/net/netlink.hJozsef Kadlecsik2011-01-202-7/+33
| | | | These macros can be useful in general (Patrick McHardy's review)
* The module parameter max_sets should be unsigned intJozsef Kadlecsik2011-01-201-1/+1
| | | | Negative set numbers are strange :-) (Patrick McHardy's review)
* Get rid of ip_set_kernel.hJozsef Kadlecsik2011-01-2012-26/+0
| | | | | The header file was useful at deep debugging only, we can get rid of now. (Patrick McHardy's review)
* Fix the placement style of boolean operators at continued linesJozsef Kadlecsik2011-01-2014-219/+219
| | | | Fix "&&" and "||" continuation style (Patrick McHardy's review)
* ipset 5.3 releasedv5.3Jozsef Kadlecsik2011-01-183-1/+22
|
* Set the non-debug compiling the defaultJozsef Kadlecsik2011-01-182-4/+10
| | | | | Compiling with debugging can be enabled with the "--enable-debug" option of the configure script.
* Testsuite fix of ospf replaced with vrrp.Jozsef Kadlecsik2011-01-181-1/+1
| | | | | The testsuite failed incorrectly, because the order of the elements changed.
* Fix build with NDEBUG definedJozsef Kadlecsik2011-01-183-8/+19
| | | | | | | | | | | | | | | | The usage of the gcc option -Wunused-parameter interferes badly with the assert() macros. In case -DNDEBUG is specified build fails with: cc1: warnings being treated as errors print.c: In function 'ipset_print_family': print.c:92: error: unused parameter 'opt' print.c: In function 'ipset_print_port': print.c:413: error: unused parameter 'opt' print.c: In function 'ipset_print_proto': Fix it by taking into accout NDEBUG in the function arguments. Bug reported by Holger Eitzenberger.
* Do session initialization onceHolger Eitzenberger2011-01-181-8/+6
| | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Make IPv4 and IPv6 address handling similarJozsef Kadlecsik2011-01-181-1/+10
| | | | | | | | | | | | | | | | While the following works for AF_INET: ipset add foo 192.168.1.1/32 this does not work for AF_INET6: ipset add foo6 20a1:1:2:3:4:5:6:7/128 ipset v5.2: Syntax error: plain IP address must be supplied: 20a1:1:2:3:4:5:6:7/128 Bug reported by Holger Eitzenberger. The complete fix is to handle the special host prefixes in the general IP address parser function.
* Show correct line numbers in restore output for parser errorsJozsef Kadlecsik2011-01-183-0/+17
| | | | | | | | | | | | | | | | | Parser errors are reported by a wrong lineno at restore, bug reported by Holger Eitzenberger: create foo6 hash:ip hashsize 64 family inet6 add foo6 20a1:1234:5678::/64 add foo6 20a1:1234:5679::/64 you get: ipset v5.2: Error in line 1: Syntax error: plain IP address must be supplied: 20a1:1234:5678::/64 Should be line 2 though. The solution is to set the session lineno before parsing.
* There is no need to call synchronize_net() at swapping.Jozsef Kadlecsik2011-01-141-4/+0
| | | | | | Ongoing add/del can happen to referenced sets and delete can be issued to unreferenced sets. So the bogus call to synchronize_net() can safely be removed.