Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | ipset: use NFPROTO_ constants | Jan Engelhardt | 2011-08-31 | 1 | -6/+6 |
| | | | | | ipset is actually using NFPROTO values rather than AF (xt_set passes that along). | ||||
* | hash:net,iface fixed to handle overlapping nets behind different interfaces | Jozsef Kadlecsik | 2011-07-08 | 1 | -8/+32 |
| | | | | | | | | | | | | | | | | | | If overlapping networks with different interfaces was added to the set, the type did not handle it properly. Example ipset create test hash:net,iface ipset add test 192.168.0.0/16,eth0 ipset add test 192.168.0.0/24,eth1 Now, if a packet was sent from 192.168.0.0/24,eth0, the type returned a match. In the patch the algorithm is fixed in order to correctly handle overlapping networks. Limitation: the same network cannot be stored with more than 64 different interfaces in a single set. | ||||
* | Whitespace and coding fixes detected by checkpatch.pl | Jozsef Kadlecsik | 2011-05-31 | 1 | -13/+13 |
| | |||||
* | hash:net,iface type introduced | Jozsef Kadlecsik | 2011-05-30 | 1 | -0/+762 |
The hash:net,iface type makes possible to store network address and interface name pairs in a set. It's mostly suitable for egress and ingress filtering. Examples: # ipset create test hash:net,iface # ipset add test 192.168.0.0/16,eth0 # ipset add test 192.168.0.0/24,eth1 |