summaryrefslogtreecommitdiffstats
path: root/kernel/include
Commit message (Collapse)AuthorAgeFilesLines
* Separate ipset errnos completely from system ones and bump protocol version.Jozsef Kadlecsik2011-01-311-3/+3
|
* Move the type specifici attribute validation to the coreJozsef Kadlecsik2011-01-272-4/+7
| | | | | | The type specific attribute validation can be moved to the ipset core. That way it's done centrally and thus can be eliminated from the individual set types (suggested by Patrick McHardy).
* Use vzalloc() instead of __vmalloc()Jozsef Kadlecsik2011-01-262-5/+3
| | | | Use vzalloc() if kernel version supports it. (Eric Dumazet, Patrick McHardy)
* Correct the error codes: use ENOENT and EMSGSIZEJozsef Kadlecsik2011-01-261-5/+7
| | | | Use correct error codes (Patrick McHardy's review)
* Fix trailing whitespaces and pr_* messagesJozsef Kadlecsik2011-01-212-15/+13
| | | | | | Some trailing whitespace slipped in, those are removed. With the deleted ip_set_kernel.h, the pr_* messages lost the trailing "\n" character. The messages were completed with it.
* Un-inline functions which are not small enoughJozsef Kadlecsik2011-01-201-7/+7
|
* Fix module loading at create/header commandsJozsef Kadlecsik2011-01-201-1/+1
| | | | | While holding the nfnl_mutex, module loading is not allowed. Bug spotted by Patrick McHardy in his reviewing.
* Fix wrong kzalloc flag in type_pf_expireJozsef Kadlecsik2011-01-201-1/+1
| | | | | The expire functions of the hash types are called while locked, so kzalloc must be called with GFP_ATOMIC.
* The get_ip*_port functions are too large to be inlined, moved into the core.Jozsef Kadlecsik2011-01-201-119/+6
|
* Enforce network-order data in the netlink protocolJozsef Kadlecsik2011-01-201-5/+17
| | | | | | Allow only network-order data, with NLA_F_NET_BYTEORDER flag. Sanity checks also added to prevent processing broken messages where mandatory attributes are missing. (Patrick McHardy's review)
* Use annotated types and fix sparse warningsJozsef Kadlecsik2011-01-203-33/+25
| | | | | | Annotated types are introduced and sparse warnings fixed. Two warnings remained in ip_set_core.c but those are false ones. (Patrick McHardy's review)
* Move ip_set_alloc, ip_set_free and ip_set_get_ipaddr* into coreJozsef Kadlecsik2011-01-201-77/+6
| | | | | | The functions are too large to be inlined, so move them into the core. Also, fix the unnecessary initializations in ip_set_get_ipaddr*. (Patrick McHardy's review)
* NETMASK*, HOSTMASK* macros are too genericJozsef Kadlecsik2011-01-201-6/+25
| | | | | NETMASK*, HOSTMASK* macros are rewritten to small inline functions ip_set_netmask* and ip_set_hostmask* (Patrick McHardy's review)
* Move NLA_PUT_NET* macros to include/net/netlink.hJozsef Kadlecsik2011-01-201-6/+0
| | | | These macros can be useful in general (Patrick McHardy's review)
* Get rid of ip_set_kernel.hJozsef Kadlecsik2011-01-201-15/+0
| | | | | The header file was useful at deep debugging only, we can get rid of now. (Patrick McHardy's review)
* Fix the placement style of boolean operators at continued linesJozsef Kadlecsik2011-01-202-12/+12
| | | | Fix "&&" and "||" continuation style (Patrick McHardy's review)
* Update copyright date and some style changes.Jozsef Kadlecsik2011-01-142-2/+3
|
* Use jhash.h accepted in kernel, with backward compatibility.Jozsef Kadlecsik2011-01-132-1/+1
|
* Separate prefixlens from ip_set core.Jozsef Kadlecsik2011-01-132-9/+16
| | | | | | Separate prefixlens from ip_set core for better readibility and honoring the independence. Also, comment that prefixlens were borrowed from Jan Engelhardt.
* Comment the possible return values of the add/del/test type-functionsJozsef Kadlecsik2010-12-231-2/+8
|
* Kernel version compatibility: support from 2.6.34Jozsef Kadlecsik2010-12-211-4/+4
| | | | | The basic kernel compatibility issues are verified back to 2.6.24. The minimal supported kernel version had to be bumped from 2.6.31 to 2.6.34.
* kernel: const annotationsJan Engelhardt2010-12-192-3/+3
|
* kernel: do not mix const and __read_mostlyJan Engelhardt2010-12-193-6/+5
| | | | | It makes no sense to mix these two. Either it is writable-plus-read-mostly, or it is constant.
* xt_set: avoid user types in exported kernel headersJan Engelhardt2010-12-191-6/+6
| | | | Within isolated code it would be ok, but not so in exported headers.
* Remove unnecessary gfp_flags argumentsJozsef Kadlecsik2010-12-162-29/+24
| | | | | Where the argument was used, the set lock was already activated, therefore the argument value was always GFP_ATOMIC.
* Mistypeing in the hbucket() macro fixed.Jozsef Kadlecsik2010-12-161-2/+6
|
* Document which elements cannot be stored in the different hash types.Jozsef Kadlecsik2010-12-141-2/+2
| | | | And enforce from kernel side as well...
* Convert last printks to pr_debug in ip_set_ahash.hJozsef Kadlecsik2010-12-131-4/+2
|
* Remove remnants of slist from ip_set_ahash.hJozsef Kadlecsik2010-12-131-3/+2
|
* Add proper RCU protection to resizingJozsef Kadlecsik2010-12-101-18/+38
| | | | | | | Resizing can be triggered by userspace command only, and those are serialized by the nfnl mutex. During resizing the set is read-locked, so the only possible concurrent operations are the kernel side readers. Those must be protected by proper RCU locking.
* Convert hash types from chash to ahash.Jozsef Kadlecsik2010-12-101-0/+1057
| | | | | | Instead of the cache friendly hashing, use the array based hashing. According to my tests the latter uses less memory, faster at lookup and deletion, and only slower at insertion.
* Strip off ip_set_ prefix from non-ipset specific header files.Jozsef Kadlecsik2010-12-083-2/+2
|
* Update ip_set_jhash.hJozsef Kadlecsik2010-12-081-33/+81
| | | | | Update ip_set_jhash.h with the version which was submitted for kernel inclusion.
* Create include/linux/netfilter/ipset/ directoryJozsef Kadlecsik2010-12-0711-4/+4
| | | | Separate the ipset header files from netfilter header files.
* Remove include/net/pfxlen.hJozsef Kadlecsik2010-12-072-302/+17
| | | | | Spare some memory by moving the static prefixlen maps to the ipset core. Thus we can get rid of include/net/pfxlen.h too.
* Remove command MODIFYJozsef Kadlecsik2010-12-071-17/+16
| | | | | Modifying a set can be performed by save/modify/restore/swap, without adding kernel part support.
* Whitespace, checkpatch.pl cleanups.Jozsef Kadlecsik2010-12-079-82/+82
|
* The protocol extended with the command MODIFY.Jozsef Kadlecsik2010-11-051-18/+19
| | | | The command is not used yet, but better to reserve it already.
* Resizing converted to run under read-locking of the setJozsef Kadlecsik2010-10-301-81/+103
| | | | | | | With restricting resizing so that it can be triggered by an add from userspace only, we can modify it so that it uses read-locking instead of write-locking. Thus the matching in the set can run parallel with resizing.
* Fix gfp_flags at resizingJozsef Kadlecsik2010-10-291-2/+2
| | | | | Resizing functions are called without holding any lock. So we can allocate using the flag GFP_KERNEL.
* Listing for hash types fixedJozsef Kadlecsik2010-10-291-2/+18
| | | | | | The listing was incorrect for large sets, when multiple messages were required. I assume that one full hash bucket fills into one message, but that is true for all current hash types.
* Fixes, cleanups, commentsv5.0-pre8Jozsef Kadlecsik2010-10-249-125/+276
| | | | | | | | | | | | | | | | | | | - More comments added to the code - ICMP and ICMPv6 support added to the hash:ip,port, hash:ip,port,ip and hash:ip,port,net types - hash:net and hash:ip,port,net types are reworked - hash:net,port type added - Wrong direction parameters fixed in hash:ip,port - Helps and manpage are updated - More tests added - Ugly macros are rewritten to functions in parse.c (Holger Eitzenberger) - resize related bug in hash types fixed (Holger Eitzenberger) - autoreconf patches by Jan Engelhardt applied - netlink patch minimalized: dumping can be initialized by a second parsing of the message (thanks to David and Patrick for the suggestion) - IPv4/IPv6 address attributes are introduced in order to fix the context (suggested by David)
* Cleanup, compatibilityv5.0-pre7Jozsef Kadlecsik2010-08-232-33/+19
| | | | | | | | | - Use is_vmalloc_addr when freeing vmalloc or kmalloc-ed areas. Thus we can get rid of a flag and simplify some functions. - When checking "same" sets, ignore hash size, because resizing changes it. - 2.6.35 compatibility added. - Discuss backward/forward compatibilities in the README file.
* ipset 5: Sparc related and compatibility fixesv5.0-pre5Jozsef Kadlecsik2010-06-292-0/+3
| | | | | | | | ipset 5 is tested on Sparc, which revealed some compatibility issues and those are fixed. Kernels from 2.6.31 onward are supported. The testsuite checkings are completed to run match/target checks. The README file is updated to reflect the requirements to install and run ipset 5.
* ipset 5: IPv6 port related and manpage fixes, more testsv5.0-pre4Jozsef Kadlecsik2010-06-251-3/+3
| | | | | | - getting ports for family INET6 fixed - more manpage polishing - tests to check the iptables/ip6tables match and target added
* ipset 5: last new feature addedv5.0-pre3Jozsef Kadlecsik2010-06-224-77/+116
| | | | | | | | | | | - the hash types can now store protocol together port, not only port - lots of fixes everywhere: parser, error reporting, manpage The last bits on the todo list before announcing ipset 5: - recheck all the error messages - add possibly more tests - polish manpage
* ipset 5 in an almost ready state - milestonev5.0-pre1Jozsef Kadlecsik2010-06-1512-265/+1503
| | | | | | | | | | | | Reworked protocol and internal interfaces, missing set types added, backward compatibility verified, lots of tests added (and thanks to the tests, bugs fixed), even the manpage is rewritten ;-). Countless changes everywhere... The missing bits before announcing ipset 5: - net namespace support - new iptables/ip6tables extension library - iptables/ip6tables match and target tests (backward/forward compatibility) - tests on catching syntax errors
* Eight stage to ipset-5Jozsef Kadlecsik2010-04-225-952/+470
| | | | Commit changed files in kernel/...
* Seventh stage to ipset-5Jozsef Kadlecsik2010-04-222-0/+398
| | | | | Refresh existing files in kernel/ with new content and add some new include/source files.
* Sixth stage to ipset-5Jozsef Kadlecsik2010-04-2215-646/+0
| | | | Remove unnecessary include files and rename some.