summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* libipset: remove redundant indirection via union nameJan Engelhardt2010-12-191-41/+41
| | | | | There are no uses of C99 static initializers, so let's make the union anonymous and reduce accessor lengths.
* libipset: ipset_strncpy is really a strlcpy-type operationJan Engelhardt2010-12-193-12/+12
|
* kernel: use EXPORT_SYMBOL_GPLJan Engelhardt2010-12-191-13/+13
|
* kernel: const annotationsJan Engelhardt2010-12-1913-71/+71
|
* kernel: use __read_mostly for registration-type structuresJan Engelhardt2010-12-199-10/+10
| | | | Here is where __read_mostly goes :-)
* kernel: do not mix const and __read_mostlyJan Engelhardt2010-12-1914-51/+40
| | | | | It makes no sense to mix these two. Either it is writable-plus-read-mostly, or it is constant.
* xt_set: avoid user types in exported kernel headersJan Engelhardt2010-12-191-6/+6
| | | | Within isolated code it would be ok, but not so in exported headers.
* build: enable parallel buildingJan Engelhardt2010-12-191-3/+3
| | | | | | | | | | | | | | $ make modules -j8 cd kernel; make -C /lib/modules/`uname -r`/build M=`pwd` V=0 \ IP_SET_MAX=256 \ NETLINK_DUMP_CONST=const \ NFNL_CB_CONST=const modules make[1]: Entering directory "/usr/src/linux-2.6.36-rc8-34-obj/x86_64/default" make[1]: warning: jobserver unavailable: using -j1. Add '+' to parent make rule. The "fix" here is that we have to use ${MAKE} instead of make. (NB: The extra cd is redundant and can be appended to M=.)
* Prevent calling Makefile directly in the kernel/ subdirectoryJozsef Kadlecsik2010-12-191-0/+4
|
* Put back the Sparc specific workaround at getaddrinfo.Jozsef Kadlecsik2010-12-191-4/+8
|
* Should have gone to sleep: fix check_allowed. Really.Jozsef Kadlecsik2010-12-191-11/+11
| | | | | | | It's not as nice as I'd like to be: IPSET_CREATE_FLAGS and IPSET_ADT_FLAGS are required elsewhere, but to make life simpler, some flags (like IPSET_OPT_TYPENAME) are *not* added to the types full[] flags. So those must be excluded here.
* Check old system kernel header filesJozsef Kadlecsik2010-12-181-0/+6
|
* Check from `configure` that the kernel source is patched with netlink.patchJozsef Kadlecsik2010-12-181-0/+5
|
* Use configure to detect compiler warning flagsJozsef Kadlecsik2010-12-185-52/+262
| | | | | By checking the supported compiler warning flags, different gcc releases are supported without the crude --disable-extra-flags option.
* The fix of incorrect comparison in check_allowed completed.Jozsef Kadlecsik2010-12-181-22/+25
| | | | | There was still some other incorrect usage of 'enum ipset_cmd' and 'enum ipset_adt' - corrected.
* Try to solve PKG_CHECK_MODULES issueJozsef Kadlecsik2010-12-181-0/+1
| | | | | | | | | | Rob Sterenborg reported, that on CentOs configure can fail with ./configure: line 11510: syntax error near unexpected token `[libmnl],' ./configure: line 11510: `PKG_CHECK_MODULES([libmnl], [libmnl >= 1])' Therefore I added 'aclocal -I m4' to autogen.sh, hoping that it solves the issue.
* Fix incorrect comparison in check_allowedJozsef Kadlecsik2010-12-181-1/+1
| | | | Wrong enum type was used in the comparison, reported by Jan Engelhardt.
* Fix Kbuild for me to delete backup filesJozsef Kadlecsik2010-12-171-1/+1
|
* Initialize ChangeLog for the new releasev5.0Jozsef Kadlecsik2010-12-171-0/+3
|
* Add tests to check hash:ip,port,net typeJozsef Kadlecsik2010-12-174-5/+58
|
* Match command prefixesJozsef Kadlecsik2010-12-171-1/+1
| | | | | Match not only the first letter or the full command name, but an arbitrary prefix too.
* Add more test to check adding/deleting multiple entries.Jozsef Kadlecsik2010-12-178-0/+46
|
* Updated manpage to reflect wider input possibilities in the ipset tool.Jozsef Kadlecsik2010-12-171-41/+45
|
* Updated help texts for the hash:ip and list:set types.Jozsef Kadlecsik2010-12-172-6/+7
|
* Support adding/deleting multiple entries, userspace part.Jozsef Kadlecsik2010-12-174-7/+34
| | | | | | Support adding/deleting multiple entries in the userspace part of the hash:ip,port, hash:ip,port,ip, hash:ip,port,net and hash:net,port types.
* Support adding/deleting multiple entries, kernel part.Jozsef Kadlecsik2010-12-174-16/+261
| | | | | | Support adding/deleting multiple entries in the kernel side of the hash:ip,port, hash:ip,port,ip, hash:ip,port,net and hash:net,port types.
* Add ipset_parse_tcpudp_port functionJozsef Kadlecsik2010-12-172-7/+30
| | | | Add new parser function to parse TCP/UDP port name, number, or range of them.
* Missing spaces in error strings fixed.Jozsef Kadlecsik2010-12-171-4/+4
|
* Use the 'full' flags of the types and check not allowed flags.Jozsef Kadlecsik2010-12-172-14/+113
|
* Remove unnecessary gfp_flags argumentsJozsef Kadlecsik2010-12-1610-70/+58
| | | | | Where the argument was used, the set lock was already activated, therefore the argument value was always GFP_ATOMIC.
* Add test to check multi-message listing and swapping.Jozsef Kadlecsik2010-12-162-4/+11
|
* Mistypeing in the hbucket() macro fixed.Jozsef Kadlecsik2010-12-161-2/+6
|
* Manpage cleanups, so it's more clear and straightforward.Jozsef Kadlecsik2010-12-152-21/+21
|
* Fix outdated messages in the testsJozsef Kadlecsik2010-12-148-89/+89
|
* Document which elements cannot be stored in the different hash types.Jozsef Kadlecsik2010-12-142-6/+15
| | | | And enforce from kernel side as well...
* Speed up testing a little bitJozsef Kadlecsik2010-12-1321-65/+65
| | | | Lower timeout values to max 5s, so we can lower sleep values too.
* Convert last printks to pr_debug in ip_set_ahash.hJozsef Kadlecsik2010-12-131-4/+2
|
* Remove remnants of slist from ip_set_ahash.hJozsef Kadlecsik2010-12-131-3/+2
|
* Buffered commands are just ... buffered.Jozsef Kadlecsik2010-12-133-129/+82
| | | | | | | Calculate the free buffer size when adding the existing attributes at the buffered commands. If the buffer is full, cancel the unfinished nested attribute and commit the previously buffered commands. Then restart with the current buffered command. Thus we can get rid of the ugly maxsize parameter of the set types.
* Fixing dangling empty line produced backward-incompatible exit codes, fixed.Jozsef Kadlecsik2010-12-131-2/+2
|
* Support case-insensitive ICMP and ICMPv6 type/code names.Jozsef Kadlecsik2010-12-103-2/+4
|
* Compiler flag compatibility fix with libmnlJozsef Kadlecsik2010-12-101-1/+1
| | | | | libmnl now uses void pointer arithmetic, remove -Wpointer-arith from the compiler flags.
* Fix dangling empty line at error/warning messages emitted by ipset.Jozsef Kadlecsik2010-12-101-3/+4
|
* Add proper RCU protection to resizingJozsef Kadlecsik2010-12-101-18/+38
| | | | | | | Resizing can be triggered by userspace command only, and those are serialized by the nfnl mutex. During resizing the set is read-locked, so the only possible concurrent operations are the kernel side readers. Those must be protected by proper RCU locking.
* Convert hash types from chash to ahash.Jozsef Kadlecsik2010-12-107-94/+1127
| | | | | | Instead of the cache friendly hashing, use the array based hashing. According to my tests the latter uses less memory, faster at lookup and deletion, and only slower at insertion.
* Strip off ip_set_ prefix from non-ipset specific header files.Jozsef Kadlecsik2010-12-089-8/+8
|
* Update ip_set_jhash.hJozsef Kadlecsik2010-12-081-33/+81
| | | | | Update ip_set_jhash.h with the version which was submitted for kernel inclusion.
* Create include/linux/netfilter/ipset/ directoryJozsef Kadlecsik2010-12-0723-70/+70
| | | | Separate the ipset header files from netfilter header files.
* Complete Kconfig.ipset with hash:net,port type.Jozsef Kadlecsik2010-12-071-8/+16
|
* Remove include/net/pfxlen.hJozsef Kadlecsik2010-12-0712-311/+305
| | | | | Spare some memory by moving the static prefixlen maps to the ipset core. Thus we can get rid of include/net/pfxlen.h too.