| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| | |
|
| |
|
|
|
| |
libmnl now uses void pointer arithmetic, remove -Wpointer-arith from
the compiler flags.
|
| | |
|
| |
|
|
|
|
|
| |
Resizing can be triggered by userspace command only, and those
are serialized by the nfnl mutex. During resizing the set is
read-locked, so the only possible concurrent operations are
the kernel side readers. Those must be protected by proper RCU locking.
|
| |
|
|
|
|
| |
Instead of the cache friendly hashing, use the array based hashing.
According to my tests the latter uses less memory, faster at lookup and
deletion, and only slower at insertion.
|
| | |
|
| |
|
|
|
| |
Update ip_set_jhash.h with the version which was submitted for kernel
inclusion.
|
| |
|
|
| |
Separate the ipset header files from netfilter header files.
|
| | |
|
| |
|
|
|
| |
Spare some memory by moving the static prefixlen maps to the ipset core.
Thus we can get rid of include/net/pfxlen.h too.
|
| |
|
|
|
| |
Modifying a set can be performed by save/modify/restore/swap, without
adding kernel part support.
|
| | |
|
| |
|
|
| |
The command is not used yet, but better to reserve it already.
|
| |
|
|
|
| |
Cleaned up the netlink.patch part: there's no more multiple patches.
The incompatibilities against 4.x are listed in details.
|
| |
|
|
|
|
|
| |
The manpage is updated to reflect the recent modifications and
the addition of the hash:net,port type. The help text of hash:ip
is updated: adding/deleting multiple entries are supported for
IPv4 only.
|
| |
|
|
|
| |
Use the newly added parser function ipset_parse_ip4_single6 instead
of the generic ipset_parse_ip.
|
| |
|
|
|
|
| |
At present IPv6 does not support adding/deleting multiple IPv6 addresses
specified as an ip-ip range or ip/prefix block. A parser function is
added by which can enforce it at parsing the address pattern.
|
| |
|
|
|
|
|
| |
With restricting resizing so that it can be triggered by an add
from userspace only, we can modify it so that it uses read-locking
instead of write-locking. Thus the matching in the set can run parallel
with resizing.
|
| |
|
|
|
|
| |
Resizing in kernel context is simply too expensive. Drop the feature:
if a set is used as a dynamic container by a SET target, then the set
must be created with a proper size from now on.
|
| |
|
|
|
| |
Resizing functions are called without holding any lock. So we can
allocate using the flag GFP_KERNEL.
|
| | |
|
| |
|
|
|
|
| |
The listing was incorrect for large sets, when multiple messages were
required. I assume that one full hash bucket fills into one message,
but that is true for all current hash types.
|
| | |
|
| |
|
|
|
| |
Fall back to the build directory if the source directory is not specified.
Check that it looks like as a source directory.
|
| |\ |
|
| | |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
AC_CANONICAL_SYSTEM is deprecated in favor of calling one or more of
AC_CANONICAL_{BUILD,HOST,TARGET}. Since configure.ac only uses $target,
only AC_CANONICAL_TARGET is needed.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| |
| |
| |
| | |
libtool will take care of adding -fPIC as needed. In fact, static
libraries are often not desired to be compiled with -fPIC.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
libmnl installs .pc files that we can directly use and which are
preferable over AC_CHECK_LIB.
Also make sure that libipset.so is linked with libmnl, otherwise
linking errors can ensue when a program tries to link to libipset.
Furthermore, remove the now-unused LIBS variable.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| |
| |
| | |
The build directory is not necessarily the same as the source directory.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
libtoolize: Consider adding "AC_CONFIG_MACRO_DIR([m4])" to configure.ac and
libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.
libtoolize: Consider adding "-I m4" to ACLOCAL_AMFLAGS in Makefile.am.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| |
| |
| |
| | |
This is the recommended way to regenerate the GNU build system files
these days.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- More comments added to the code
- ICMP and ICMPv6 support added to the hash:ip,port, hash:ip,port,ip
and hash:ip,port,net types
- hash:net and hash:ip,port,net types are reworked
- hash:net,port type added
- Wrong direction parameters fixed in hash:ip,port
- Helps and manpage are updated
- More tests added
- Ugly macros are rewritten to functions in parse.c
(Holger Eitzenberger)
- resize related bug in hash types fixed (Holger Eitzenberger)
- autoreconf patches by Jan Engelhardt applied
- netlink patch minimalized: dumping can be initialized by a second
parsing of the message (thanks to David and Patrick for the suggestion)
- IPv4/IPv6 address attributes are introduced in order to fix the context
(suggested by David)
|
| |/
|
|
|
|
|
|
|
| |
- Use is_vmalloc_addr when freeing vmalloc or kmalloc-ed areas. Thus
we can get rid of a flag and simplify some functions.
- When checking "same" sets, ignore hash size, because resizing
changes it.
- 2.6.35 compatibility added.
- Discuss backward/forward compatibilities in the README file.
|
| |
|
|
|
|
|
| |
Makefile fixes: compiler flags
README and manpage fixes
Compatibility with newer gcc releases (4.4.x)
Compatibility with the 2.6.35 kernel tree
|
| |
|
|
|
|
|
|
| |
ipset 5 is tested on Sparc, which revealed some compatibility issues
and those are fixed. Kernels from 2.6.31 onward are supported.
The testsuite checkings are completed to run match/target checks.
The README file is updated to reflect the requirements to install
and run ipset 5.
|
| |
|
|
|
|
| |
- getting ports for family INET6 fixed
- more manpage polishing
- tests to check the iptables/ip6tables match and target added
|
| |
|
|
|
|
|
|
|
|
|
| |
- the hash types can now store protocol together port, not only port
- lots of fixes everywhere: parser, error reporting, manpage
The last bits on the todo list before announcing ipset 5:
- recheck all the error messages
- add possibly more tests
- polish manpage
|
| | |
|
| |
|
|
| |
The missing IPv6 match/target aliases added.
|
| |
|
|
|
|
| |
Use the libmnl mnl_attr_nest_star/mnl_attr_nest_end functions instead of
the private ones. Ignore possible size differences in iptree*.t compatibility
tests.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reworked protocol and internal interfaces, missing set types added,
backward compatibility verified, lots of tests added (and thanks to the tests,
bugs fixed), even the manpage is rewritten ;-). Countless changes everywhere...
The missing bits before announcing ipset 5:
- net namespace support
- new iptables/ip6tables extension library
- iptables/ip6tables match and target tests (backward/forward compatibility)
- tests on catching syntax errors
|
| |
|
|
|
| |
"tidy" must cleanup the kernel/ directory - and should not delete
kernel/Makefile.
|
| |
|
|
| |
Add new test files and toplevel files.
|
| |
|
|
| |
Update tests.
|
| |
|
|
| |
Commit changed files in kernel/...
|
| |
|
|
|
| |
Refresh existing files in kernel/ with new content and add some
new include/source files.
|
