| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Some trailing whitespace slipped in, those are removed. With the deleted
ip_set_kernel.h, the pr_* messages lost the trailing "\n" character.
The messages were completed with it.
|
| | |
|
| |
|
|
|
| |
While holding the nfnl_mutex, module loading is not allowed.
Bug spotted by Patrick McHardy in his reviewing.
|
| |
|
|
|
| |
The expire functions of the hash types are called while locked, so
kzalloc must be called with GFP_ATOMIC.
|
| | |
|
| |
|
|
|
|
| |
Allow only network-order data, with NLA_F_NET_BYTEORDER flag.
Sanity checks also added to prevent processing broken messages
where mandatory attributes are missing. (Patrick McHardy's review)
|
| |
|
|
|
|
| |
Annotated types are introduced and sparse warnings fixed.
Two warnings remained in ip_set_core.c but those are false ones.
(Patrick McHardy's review)
|
| |
|
|
|
|
| |
The functions are too large to be inlined, so move them into the core.
Also, fix the unnecessary initializations in ip_set_get_ipaddr*.
(Patrick McHardy's review)
|
| |
|
|
|
| |
NETMASK*, HOSTMASK* macros are rewritten to small inline functions
ip_set_netmask* and ip_set_hostmask* (Patrick McHardy's review)
|
| |
|
|
| |
These macros can be useful in general (Patrick McHardy's review)
|
| |
|
|
|
| |
The header file was useful at deep debugging only, we can get rid of now.
(Patrick McHardy's review)
|
| |
|
|
| |
Fix "&&" and "||" continuation style (Patrick McHardy's review)
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Separate prefixlens from ip_set core for better readibility and honoring
the independence.
Also, comment that prefixlens were borrowed from Jan Engelhardt.
|
| | |
|
| |
|
|
|
| |
The basic kernel compatibility issues are verified back to 2.6.24.
The minimal supported kernel version had to be bumped from 2.6.31 to 2.6.34.
|
| | |
|
| |
|
|
|
| |
It makes no sense to mix these two. Either it is
writable-plus-read-mostly, or it is constant.
|
| |
|
|
| |
Within isolated code it would be ok, but not so in exported headers.
|
| |
|
|
|
| |
Where the argument was used, the set lock was already activated, therefore
the argument value was always GFP_ATOMIC.
|
| | |
|
| |
|
|
| |
And enforce from kernel side as well...
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Resizing can be triggered by userspace command only, and those
are serialized by the nfnl mutex. During resizing the set is
read-locked, so the only possible concurrent operations are
the kernel side readers. Those must be protected by proper RCU locking.
|
| |
|
|
|
|
| |
Instead of the cache friendly hashing, use the array based hashing.
According to my tests the latter uses less memory, faster at lookup and
deletion, and only slower at insertion.
|
| | |
|
| |
|
|
|
| |
Update ip_set_jhash.h with the version which was submitted for kernel
inclusion.
|
| |
|
|
| |
Separate the ipset header files from netfilter header files.
|
| |
|
|
|
| |
Spare some memory by moving the static prefixlen maps to the ipset core.
Thus we can get rid of include/net/pfxlen.h too.
|
| |
|
|
|
| |
Modifying a set can be performed by save/modify/restore/swap, without
adding kernel part support.
|
| | |
|
| |
|
|
| |
The command is not used yet, but better to reserve it already.
|
| |
|
|
|
|
|
| |
With restricting resizing so that it can be triggered by an add
from userspace only, we can modify it so that it uses read-locking
instead of write-locking. Thus the matching in the set can run parallel
with resizing.
|
| |
|
|
|
| |
Resizing functions are called without holding any lock. So we can
allocate using the flag GFP_KERNEL.
|
| |
|
|
|
|
| |
The listing was incorrect for large sets, when multiple messages were
required. I assume that one full hash bucket fills into one message,
but that is true for all current hash types.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- More comments added to the code
- ICMP and ICMPv6 support added to the hash:ip,port, hash:ip,port,ip
and hash:ip,port,net types
- hash:net and hash:ip,port,net types are reworked
- hash:net,port type added
- Wrong direction parameters fixed in hash:ip,port
- Helps and manpage are updated
- More tests added
- Ugly macros are rewritten to functions in parse.c
(Holger Eitzenberger)
- resize related bug in hash types fixed (Holger Eitzenberger)
- autoreconf patches by Jan Engelhardt applied
- netlink patch minimalized: dumping can be initialized by a second
parsing of the message (thanks to David and Patrick for the suggestion)
- IPv4/IPv6 address attributes are introduced in order to fix the context
(suggested by David)
|
| |
|
|
|
|
|
|
|
| |
- Use is_vmalloc_addr when freeing vmalloc or kmalloc-ed areas. Thus
we can get rid of a flag and simplify some functions.
- When checking "same" sets, ignore hash size, because resizing
changes it.
- 2.6.35 compatibility added.
- Discuss backward/forward compatibilities in the README file.
|
| |
|
|
|
|
|
|
| |
ipset 5 is tested on Sparc, which revealed some compatibility issues
and those are fixed. Kernels from 2.6.31 onward are supported.
The testsuite checkings are completed to run match/target checks.
The README file is updated to reflect the requirements to install
and run ipset 5.
|
| |
|
|
|
|
| |
- getting ports for family INET6 fixed
- more manpage polishing
- tests to check the iptables/ip6tables match and target added
|
| |
|
|
|
|
|
|
|
|
|
| |
- the hash types can now store protocol together port, not only port
- lots of fixes everywhere: parser, error reporting, manpage
The last bits on the todo list before announcing ipset 5:
- recheck all the error messages
- add possibly more tests
- polish manpage
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reworked protocol and internal interfaces, missing set types added,
backward compatibility verified, lots of tests added (and thanks to the tests,
bugs fixed), even the manpage is rewritten ;-). Countless changes everywhere...
The missing bits before announcing ipset 5:
- net namespace support
- new iptables/ip6tables extension library
- iptables/ip6tables match and target tests (backward/forward compatibility)
- tests on catching syntax errors
|
| |
|
|
| |
Commit changed files in kernel/...
|
| |
|
|
|
| |
Refresh existing files in kernel/ with new content and add some
new include/source files.
|
| |
|
|
| |
Remove unnecessary include files and rename some.
|
| |
|
|
| |
Rename files in kernel/ and get rid of old ones (2.4.x kernel tree support).
|
| | |
|
| |
|
|
| |
See ChangeLog files
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A few minor bugs fixed and cleanups:
- Nonexistent sets were reported as existing sets when testing
from userspace in setlist type of sets (bug reported by Victor A.
Safronov)
- When saving sets, setlist type of sets must come last in order
to satisfy the dependency from the elements (bug reported by Marty B.)
- Sparse insists that the flags argument to kmalloc() is gfp_t
(Stephen Hemminger)
- Correct format specifiers and change %i to %d (Jan Engelhardt)
- Fix the definition of 'bool' for kernels <= 2.6.18 (Jan Engelhardt)
|
