summaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* Whitespace and coding fixes detected by checkpatch.plJozsef Kadlecsik2011-05-3115-79/+84
|
* hash:net,iface type introducedJozsef Kadlecsik2011-05-304-3/+15
| | | | | | | | | | The hash:net,iface type makes possible to store network address and interface name pairs in a set. It's mostly suitable for egress and ingress filtering. Examples: # ipset create test hash:net,iface # ipset add test 192.168.0.0/16,eth0 # ipset add test 192.168.0.0/24,eth1
* Protocol-level debugging support addedJozsef Kadlecsik2011-05-241-0/+2
|
* Support range for IPv4 at adding/deleting elements for hash:*net* typesJozsef Kadlecsik2011-05-154-1/+9
| | | | | | | | | | | | | | | | | | | The range internally is converted to the network(s) equal to the range. Example: # ipset new test hash:net # ipset add test 10.2.0.0-10.2.1.12 # ipset list test Name: test Type: hash:net Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16888 References: 0 Members: 10.2.1.12 10.2.1.0/29 10.2.0.0/24 10.2.1.8/30
* Support listing setnames and headers tooJozsef Kadlecsik2011-04-182-0/+8
| | | | | | Current listing makes possible to list sets with full content only. The patch adds support partial listings, i.e. listing just the existing setnames or listing set headers, without set members.
* ipset: pass ipset_arg argument pointerHolger Eitzenberger2011-02-011-2/+3
| | | | Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
* Separate ipset errnos completely from system ones and bump protocol version.Jozsef Kadlecsik2011-01-311-4/+4
|
* ipset: turn Set name[] into a const pointerHolger Eitzenberger2011-01-251-1/+1
| | | | | | | | | | | | Also check for the name length. Note that passing errno values back is not done consistently at various place, as there are some functions which set errno manually, others pass -errno back. I use the -errno approach here, as it is slightly shorter. Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Fix build with NDEBUG definedJozsef Kadlecsik2011-01-181-0/+5
| | | | | | | | | | | | | | | | The usage of the gcc option -Wunused-parameter interferes badly with the assert() macros. In case -DNDEBUG is specified build fails with: cc1: warnings being treated as errors print.c: In function 'ipset_print_family': print.c:92: error: unused parameter 'opt' print.c: In function 'ipset_print_port': print.c:413: error: unused parameter 'opt' print.c: In function 'ipset_print_proto': Fix it by taking into accout NDEBUG in the function arguments. Bug reported by Holger Eitzenberger.
* Show correct line numbers in restore output for parser errorsJozsef Kadlecsik2011-01-181-0/+1
| | | | | | | | | | | | | | | | | Parser errors are reported by a wrong lineno at restore, bug reported by Holger Eitzenberger: create foo6 hash:ip hashsize 64 family inet6 add foo6 20a1:1234:5678::/64 add foo6 20a1:1234:5679::/64 you get: ipset v5.2: Error in line 1: Syntax error: plain IP address must be supplied: 20a1:1234:5678::/64 Should be line 2 though. The solution is to set the session lineno before parsing.
* libipset: ipset_strncpy is really a strlcpy-type operationJan Engelhardt2010-12-191-1/+1
|
* Add ipset_parse_tcpudp_port functionJozsef Kadlecsik2010-12-171-0/+3
| | | | Add new parser function to parse TCP/UDP port name, number, or range of them.
* Buffered commands are just ... buffered.Jozsef Kadlecsik2010-12-131-8/+0
| | | | | | | Calculate the free buffer size when adding the existing attributes at the buffered commands. If the buffer is full, cancel the unfinished nested attribute and commit the previously buffered commands. Then restart with the current buffered command. Thus we can get rid of the ugly maxsize parameter of the set types.
* Support case-insensitive ICMP and ICMPv6 type/code names.Jozsef Kadlecsik2010-12-101-0/+2
|
* Remove command MODIFYJozsef Kadlecsik2010-12-071-19/+18
| | | | | Modifying a set can be performed by save/modify/restore/swap, without adding kernel part support.
* The protocol extended with the command MODIFY.Jozsef Kadlecsik2010-11-051-18/+19
| | | | The command is not used yet, but better to reserve it already.
* Add parser function to handle IPv4 and IPv6 differently.Jozsef Kadlecsik2010-10-301-0/+2
| | | | | | At present IPv6 does not support adding/deleting multiple IPv6 addresses specified as an ip-ip range or ip/prefix block. A parser function is added by which can enforce it at parsing the address pattern.
* Fixes, cleanups, commentsv5.0-pre8Jozsef Kadlecsik2010-10-2413-53/+128
| | | | | | | | | | | | | | | | | | | - More comments added to the code - ICMP and ICMPv6 support added to the hash:ip,port, hash:ip,port,ip and hash:ip,port,net types - hash:net and hash:ip,port,net types are reworked - hash:net,port type added - Wrong direction parameters fixed in hash:ip,port - Helps and manpage are updated - More tests added - Ugly macros are rewritten to functions in parse.c (Holger Eitzenberger) - resize related bug in hash types fixed (Holger Eitzenberger) - autoreconf patches by Jan Engelhardt applied - netlink patch minimalized: dumping can be initialized by a second parsing of the message (thanks to David and Patrick for the suggestion) - IPv4/IPv6 address attributes are introduced in order to fix the context (suggested by David)
* Compatibility and documentation fixesv5.0-pre6Jozsef Kadlecsik2010-07-131-0/+1
| | | | | | | Makefile fixes: compiler flags README and manpage fixes Compatibility with newer gcc releases (4.4.x) Compatibility with the 2.6.35 kernel tree
* ipset 5: last new feature addedv5.0-pre3Jozsef Kadlecsik2010-06-226-35/+55
| | | | | | | | | | | - the hash types can now store protocol together port, not only port - lots of fixes everywhere: parser, error reporting, manpage The last bits on the todo list before announcing ipset 5: - recheck all the error messages - add possibly more tests - polish manpage
* configure/Makefile and debug fixesJozsef Kadlecsik2010-06-161-2/+0
|
* ipset 5 in an almost ready state - milestonev5.0-pre1Jozsef Kadlecsik2010-06-1510-90/+139
| | | | | | | | | | | | Reworked protocol and internal interfaces, missing set types added, backward compatibility verified, lots of tests added (and thanks to the tests, bugs fixed), even the manpage is rewritten ;-). Countless changes everywhere... The missing bits before announcing ipset 5: - net namespace support - new iptables/ip6tables extension library - iptables/ip6tables match and target tests (backward/forward compatibility) - tests on catching syntax errors
* Fourth stage to ipset-5Jozsef Kadlecsik2010-04-2217-0/+998
Add new userspace files: include/, lib/ and plus new files in src/.