path: root/kernel/net/netfilter/ipset/ip_set_core.c
Commit message (Collapse)AuthorAgeFilesLines
* net: cleanup unsigned to unsigned intEric Dumazet2012-09-081-3/+3
| | | | | | | Use of "unsigned int" is preferred to bare "unsigned" in net tree. Signed-off-by: Eric Dumazet <> Signed-off-by: David S. Miller <>
* ipset: Handle properly an IPSET_CMD_NONETomasz Bursztyka2012-06-291-0/+12
| | | | | Signed-off-by: Tomasz Bursztyka <> Signed-off-by: Jozsef Kadlecsik <>
* netlink: add netlink_dump_control structure for netlink_dump_start()Pablo Neira Ayuso2012-05-101-2/+12
| | | | Backport of Pablo's patch to the ipset package.
* ipset: Stop using NLA_PUT*().David S. Miller2012-05-101-19/+24
| | | | | | | These macros contain a hidden goto, and are thus extremely error prone and make code hard to audit. Signed-off-by: David S. Miller <>
* Invert the logic to include version.h in ip_set_core.cJozsef Kadlecsik2011-09-151-1/+1
* Fix compiling ipset as external kernel modulesJozsef Kadlecsik2011-09-061-1/+1
* rtnetlink: Compute and store minimum ifinfo dump sizeGreg Rose2011-09-051-0/+4
| | | | | | | | | | | | | | | | | | [The patch changes the API of the netlink_dump_start interface: port it to the standalone ipset package.] The message size allocated for rtnl ifinfo dumps was limited to a single page. This is not enough for additional interface info available with devices that support SR-IOV and caused a bug in which VF info would not be displayed if more than approximately 40 VFs were created per interface. Implement a new function pointer for the rtnl_register service that will calculate the amount of data required for the ifinfo dump and allocate enough data to satisfy the request. Signed-off-by: Greg Rose <> Signed-off-by: Jeff Kirsher <>
* Remove redundant linux/version.h includes from net/Jesper Juhl2011-09-051-0/+2
| | | | | | | | | | | | | | | | | | | | | | It was suggested by "make versioncheck" that the follwing includes of linux/version.h are redundant: /home/jj/src/linux-2.6/net/caif/caif_dev.c: 14 linux/version.h not needed. /home/jj/src/linux-2.6/net/caif/chnl_net.c: 10 linux/version.h not needed. /home/jj/src/linux-2.6/net/ipv4/gre.c: 19 linux/version.h not needed. /home/jj/src/linux-2.6/net/netfilter/ipset/ip_set_core.c: 20 linux/version.h not needed. /home/jj/src/linux-2.6/net/netfilter/xt_set.c: 16 linux/version.h not needed. and it seems that it is right. Beyond manually inspecting the source files I also did a few build tests with various configs to confirm that including the header in those files is indeed not needed. Here's a patch to remove the pointless includes. Signed-off-by: Jesper Juhl <> Acked-by: Jozsef Kadlecsik <>
* ipset: use NFPROTO_ constantsJan Engelhardt2011-08-311-8/+8
| | | | | ipset is actually using NFPROTO values rather than AF (xt_set passes that along).
* netfilter: Remove unnecessary OOM logging messagesJoe Perches2011-08-311-3/+1
| | | | | | | | | | | Removing unnecessary messages saves code and text. Site specific OOM messages are duplications of a generic MM out of memory message and aren't really useful, so just delete them. Signed-off-by: Joe Perches <> Signed-off-by: Jozsef Kadlecsik <>
* Dumping error triggered removing references twice and lead to kernel BUGJozsef Kadlecsik2011-08-311-0/+1
| | | | | | | | If there was a dumping error in the middle, the set-specific variable was not zeroed out and thus the 'done' function of the dumping wrongly tried to release the already released reference of the set. The already released reference was caught by __ip_set_put and triggered a kernel BUG message. The issue was reported by Jean-Philippe Menil.
* Autoload set type modules safelyJozsef Kadlecsik2011-08-291-10/+26
| | | | | | Jan Engelhardt noticed when userspace requests a set type unknown to the kernel, it can lead to a loop due to the unsafe type module loading. The issue is fixed in this patch.
* Whitespace and coding fixes detected by checkpatch.plJozsef Kadlecsik2011-05-311-2/+2
* Fix return code for destroy when sets are in useJozsef Kadlecsik2011-05-281-1/+1
* Add xt_action_param to the variant level kadt functions, ipset API changeJozsef Kadlecsik2011-05-271-4/+8
| | | | | | With the change the sets can use any parameter available for the match and target extensions, like input/output interface. It's required for the hash:net,iface set type.
* ip_set_flush returned -EPROTO instead of -IPSET_ERR_PROTOCOL, fixedJozsef Kadlecsik2011-05-231-1/+1
* Set type support with multiple revisions addedJozsef Kadlecsik2011-05-111-20/+25
| | | | | A set type may have multiple revisions, for example when syntax is extended. Support continuous revision ranges in set types.
* Fix adding ranges to hash typesJozsef Kadlecsik2011-05-061-5/+6
| | | | | | When ranges are added to hash types, the elements may trigger rehashing the set. However, the last successfully added element was not kept track so the adding started again with the first element after the rehashing. Bug reported by Mr Dash Four.
* Support listing setnames and headers tooJozsef Kadlecsik2011-04-181-27/+46
| | | | | | Current listing makes possible to list sets with full content only. The patch adds support partial listings, i.e. listing just the existing setnames or listing set headers, without set members.
* Fix order of listing of setsJozsef Kadlecsik2011-04-181-8/+10
| | | | | | | | A restoreable saving of sets requires that list:set type of sets come last and the code part which should have taken into account the ordering was broken. The patch fixes the listing order. Testsuite entry added which checks the listing order.
* Options and flags support added to the kernel APIJozsef Kadlecsik2011-04-181-13/+13
| | | | | | The support makes possible to specify the timeout value for the SET target and a flag to reset the timeout for already existing entries.
* References are protected by rwlock instead of mutexJozsef Kadlecsik2011-03-251-43/+66
| | | | | | | The timeout variant of the list:set type must reference the member sets. However, its garbage collector runs at timer interrupt so the mutex protection of the references is a no go. Therefore the reference protection is converted to rwlock.
* Fix revision reportingJozsef Kadlecsik2011-03-191-1/+1
| | | | Revision reporting got broken by the revision checking patch, fixed.
* Fix checking the revision of the set type at create commandJozsef Kadlecsik2011-03-181-4/+16
| | | | | | The revision number was not checked at the create command: if the userspace sent a valid set type but with not supported revision number, it'd create a loop.
* netfilter:ipset: fix the compile warning in ip_set_createShan Wei2011-03-041-1/+1
| | | | | | | net/netfilter/ipset/ip_set_core.c:615: warning: ?clash? may be used uninitialized in this function Signed-off-by: shanw <shanw@shanw-desktop.(none)> Signed-off-by: Jozsef Kadlecsik <>
* Reorganized kernel/ subdirJozsef Kadlecsik2011-02-031-0/+1676
The kernel/ subdirectory is reorganized to follow the kernel directory structure.