| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
ipset is actually using NFPROTO values rather than AF (xt_set passes
that along).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If overlapping networks with different interfaces was added to
the set, the type did not handle it properly. Example
ipset create test hash:net,iface
ipset add test 192.168.0.0/16,eth0
ipset add test 192.168.0.0/24,eth1
Now, if a packet was sent from 192.168.0.0/24,eth0, the type returned
a match.
In the patch the algorithm is fixed in order to correctly handle
overlapping networks.
Limitation: the same network cannot be stored with more than 64 different
interfaces in a single set.
|
| |
|
|
|
|
| |
With the change the sets can use any parameter available for the match
and target extensions, like input/output interface. It's required for
the hash:net,iface set type.
|
| | |
|
| |
|
|
|
| |
A set type may have multiple revisions, for example when syntax is extended.
Support continuous revision ranges in set types.
|
| |
|
|
|
|
| |
When ranges are added to hash types, the elements may trigger rehashing the set.
However, the last successfully added element was not kept track so the adding
started again with the first element after the rehashing. Bug reported by Mr Dash Four.
|
| |
|
|
|
|
| |
The support makes possible to specify the timeout value for
the SET target and a flag to reset the timeout for already existing
entries.
|
| |
|
|
|
|
|
|
|
|
| |
When an element to a set with timeout added, one can change the timeout
by "readding" the element with the "-exist" flag. That means the timeout
value is reset to the specified one (or to the default from the set
specification if the "timeout n" option is not used). Example
ipset add foo 1.2.3.4 timeout 10
ipset add foo 1.2.3.4 timeout 600 -exist
|
|
|
The kernel/ subdirectory is reorganized to follow the kernel directory
structure.
|
