| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Use correct error codes (Patrick McHardy's review)
|
|
|
|
|
|
| |
Some trailing whitespace slipped in, those are removed. With the deleted
ip_set_kernel.h, the pr_* messages lost the trailing "\n" character.
The messages were completed with it.
|
| |
|
|
|
|
|
| |
While holding the nfnl_mutex, module loading is not allowed.
Bug spotted by Patrick McHardy in his reviewing.
|
|
|
|
|
| |
The expire functions of the hash types are called while locked, so
kzalloc must be called with GFP_ATOMIC.
|
| |
|
|
|
|
|
|
| |
Allow only network-order data, with NLA_F_NET_BYTEORDER flag.
Sanity checks also added to prevent processing broken messages
where mandatory attributes are missing. (Patrick McHardy's review)
|
|
|
|
|
|
| |
Annotated types are introduced and sparse warnings fixed.
Two warnings remained in ip_set_core.c but those are false ones.
(Patrick McHardy's review)
|
|
|
|
|
|
| |
The functions are too large to be inlined, so move them into the core.
Also, fix the unnecessary initializations in ip_set_get_ipaddr*.
(Patrick McHardy's review)
|
|
|
|
|
| |
NETMASK*, HOSTMASK* macros are rewritten to small inline functions
ip_set_netmask* and ip_set_hostmask* (Patrick McHardy's review)
|
|
|
|
| |
These macros can be useful in general (Patrick McHardy's review)
|
|
|
|
|
| |
The header file was useful at deep debugging only, we can get rid of now.
(Patrick McHardy's review)
|
|
|
|
| |
Fix "&&" and "||" continuation style (Patrick McHardy's review)
|
| |
|
| |
|
|
|
|
|
|
| |
Separate prefixlens from ip_set core for better readibility and honoring
the independence.
Also, comment that prefixlens were borrowed from Jan Engelhardt.
|
| |
|
|
|
|
|
| |
The basic kernel compatibility issues are verified back to 2.6.24.
The minimal supported kernel version had to be bumped from 2.6.31 to 2.6.34.
|
| |
|
|
|
|
|
| |
It makes no sense to mix these two. Either it is
writable-plus-read-mostly, or it is constant.
|
|
|
|
|
| |
Where the argument was used, the set lock was already activated, therefore
the argument value was always GFP_ATOMIC.
|
| |
|
|
|
|
| |
And enforce from kernel side as well...
|
| |
|
| |
|
|
|
|
|
|
|
| |
Resizing can be triggered by userspace command only, and those
are serialized by the nfnl mutex. During resizing the set is
read-locked, so the only possible concurrent operations are
the kernel side readers. Those must be protected by proper RCU locking.
|
|
|
|
|
|
| |
Instead of the cache friendly hashing, use the array based hashing.
According to my tests the latter uses less memory, faster at lookup and
deletion, and only slower at insertion.
|
| |
|
|
|
|
|
| |
Update ip_set_jhash.h with the version which was submitted for kernel
inclusion.
|
|
Separate the ipset header files from netfilter header files.
|