| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Backport patch from Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Nikolay Borisov reported that the detection is broken. Fix checking in the
right sctructure and wrap the call to dev_get_by_index_rcu() too.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IP addresses are often stored in netlink attributes. Add generic functions
to do that.
For nla_put_in_addr, it would be nicer to pass struct in_addr but this is
not used universally throughout the kernel, in way too many places __be32 is
used to store IPv4 address.
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Compatibility part added.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
right now we store this in the nf_bridge_info struct, accessible
via skb->nf_bridge. This patch prepares removal of this pointer from skb:
Instead of using skb->nf_bridge->x, we use helpers to obtain the in/out
device (or ifindexes).
Followup patches to netfilter will then allow nf_bridge_info to be
obtained by a call into the br_netfilter core, rather than keeping a
pointer to it in sk_buff.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
| |
|
|
|
|
|
| |
Try hard to keep the support of the 2.6.32 kernel tree and
simplify the code with self-referential macros.
|
|
|
|
| |
list_last_entry is missing on CentOS7, reported by Ricardo Klein.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
It is available since v3.15-rc5.
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Use rbtree_postorder_for_each_entry_safe() to destroy the rbtree instead
of opencoding an alternate postorder iteration that modifies the tree
Signed-off-by: Cody P Schafer <cody@linux.vnet.ibm.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
| |
|
|
|
|
| |
Reported by Jan Engelhardt
|
|
|
|
|
|
|
|
|
|
|
|
| |
When configuring the sources to build without kernel modules, the path
to the kernel sources was not set and the kernel header files were still
checked.
Now, we do not check the kernel sources for compatibility if we're not
going to build any kernel modules.
Signed-off-by: Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
| |
|
|
|
|
|
|
|
| |
Instead the kernel source code is checked to verify the different
compatibility issues for the supported kernel releases.
This way hopefully backported features will be handled properly.
|
|
|
|
|
| |
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
In Linux 3.7, nfnetlink.h moved below include/uapi/. Make configure
recognize that. Furthermore, we can drop the unnecessary indirection
via backticks and just ask grep directly if there was any result.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
| |
|
|
|
|
|
|
| |
In newer glibc, getaddrinfo issues an extra system call to kernel,
which slows down ipset. Replace getaddrinfo with gethostbyname2,
where possible.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch adds supporting dynamic modules for the set types to ipset
userspace tool. The dynamic module support can be enabled by the
--enable-settype-modules of "configure". The list of set types to
be compiled as dynamic modules can be specified in the
--with-settype-modules-list option. Example
--enable-settype-modules \
--with-settype-modules-list="ipset_hash_ip ipset_hash_ipport"
The keyword "all" can be used to compile all set types as dynamic modules.
|
| |
|
|
|
|
| |
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
| |
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
|
|
|
| |
We need to visit that directory, otherwise `make install` is
incomplete and `make distcheck` fails.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
| |
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Distributors (like Fedora) might be interested in including the ipset
tools and libs, but they often don't want to build and ship external
kernel modules, especially if those modules are already included in
their kernel packages.
This patch introduces a new --with-kmod configure option that can be
used to conditionally build the kernel module. The module is still built
by default, to preserve compatibility.
A user who wants to build only the user-space part of ipset can do so by
running the following:
$ ./autogen.sh
$ configure --with-kmod=no
$ make
# make install
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|