summaryrefslogtreecommitdiffstats
path: root/kernel/net/netfilter/ipset/ip_set_list_set.c
Commit message (Collapse)AuthorAgeFilesLines
* Use netlink callback dump args onlyJozsef Kadlecsik2013-10-021-5/+6
| | | | | Instead of cb->data, use callback dump args only and introduce symbolic names instead of plain numbers at accessing the argument members.
* ipset: Add net namespace for ipsetVitaly Lavrov2013-09-281-13/+18
| | | | | | | | | | | | | | | | This patch adds netns support for ipset. Major changes were made in ip_set_core.c and ip_set.h. Global variables are moved to per net namespace. Added initialization code and the destruction of the network namespace ipset subsystem. In the prototypes of public functions ip_set_* added parameter "struct net*". The remaining corrections related to the change prototypes of public functions ip_set_*. The patch for git://git.netfilter.org/ipset.git commit 6a4ec96c0b8caac5c35474e40e319704d92ca347 Signed-off-by: Vitaly Lavrov <lve@guap.ru> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Use a common function at listing the extensions of the elementsJozsef Kadlecsik2013-09-251-10/+1
|
* For set:list types, replaced elements must be zeroed outJozsef Kadlecsik2013-09-231-1/+3
| | | | | The new extensions require zero initialization for the new element to be added into a slot from where another element was pushed away.
* netfilter: ipset: Support comments in the list-type ipset.Oliver Smith2013-09-231-6/+12
| | | | | | | | This provides kernel support for creating list ipsets with the comment annotation extension. Signed-off-by: Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* list:set: make sure all elements are checked by the gcJozsef Kadlecsik2013-09-091-2/+5
| | | | | When an element timed out, the next one was skipped by the garbage collector, fixed.
* Support extensions which need a per data destroy functionJozsef Kadlecsik2013-09-091-6/+13
|
* Generalize extensions supportJozsef Kadlecsik2013-09-071-70/+11
| | | | | Get rid of the structure based extensions and introduce a blob for the extensions. Thus we can support more extension types easily.
* Move extension data to set structureJozsef Kadlecsik2013-09-071-64/+52
| | | | | | Default timeout and extension offsets are moved to struct set, because all set types supports all extensions and it makes possible to generalize extension support.
* Rename extension offset ids to extension idsJozsef Kadlecsik2013-09-061-7/+7
|
* Rename simple macro names to avoid namespace issues.Jozsef Kadlecsik2013-05-011-5/+5
| | | | Reported-by: David Laight <David.Laight@ACULAB.COM>
* Don't call ip_nest_end needlessly in the error pathJozsef Kadlecsik2013-04-271-1/+1
| | | | Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set match: add support to match the countersJozsef Kadlecsik2013-04-091-2/+6
| | | | | | | | | | The new revision of the set match supports to match the counters and to suppress updating the counters at matching too. At the set:list types, the updating of the subcounters can be suppressed as well. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* The list:set type with counter supportJozsef Kadlecsik2013-04-091-6/+67
| | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* list:set type using the extension interfaceJozsef Kadlecsik2013-04-091-246/+301
| | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* list:set: update reference counter when last element pushed offJozsef Kadlecsik2013-04-091-3/+7
| | | | | | | The last element can be replaced or pushed off and in both cases the reference counter must be updated. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Include supported revisions in module descriptionJozsef Kadlecsik2012-09-111-3/+6
|
* ipset: Stop using NLA_PUT*().David S. Miller2012-05-101-10/+13
| | | | | | | These macros contain a hidden goto, and are thus extremely error prone and make code hard to audit. Signed-off-by: David S. Miller <davem@davemloft.net>
* ipset: use NFPROTO_ constantsJan Engelhardt2011-08-311-1/+1
| | | | | ipset is actually using NFPROTO values rather than AF (xt_set passes that along).
* Add xt_action_param to the variant level kadt functions, ipset API changeJozsef Kadlecsik2011-05-271-3/+4
| | | | | | With the change the sets can use any parameter available for the match and target extensions, like input/output interface. It's required for the hash:net,iface set type.
* Set type support with multiple revisions addedJozsef Kadlecsik2011-05-111-1/+2
| | | | | A set type may have multiple revisions, for example when syntax is extended. Support continuous revision ranges in set types.
* Fix adding ranges to hash typesJozsef Kadlecsik2011-05-061-1/+1
| | | | | | When ranges are added to hash types, the elements may trigger rehashing the set. However, the last successfully added element was not kept track so the adding started again with the first element after the rehashing. Bug reported by Mr Dash Four.
* Options and flags support added to the kernel APIJozsef Kadlecsik2011-04-181-4/+4
| | | | | | The support makes possible to specify the timeout value for the SET target and a flag to reset the timeout for already existing entries.
* Whitespace fixes: some space before tab slipped in.Jozsef Kadlecsik2011-04-081-2/+2
|
* Timeout can be modified for already added elementsJozsef Kadlecsik2011-03-271-30/+62
| | | | | | | | | | When an element to a set with timeout added, one can change the timeout by "readding" the element with the "-exist" flag. That means the timeout value is reset to the specified one (or to the default from the set specification if the "timeout n" option is not used). Example ipset add foo 1.2.3.4 timeout 10 ipset add foo 1.2.3.4 timeout 600 -exist
* References are protected by rwlock instead of mutexJozsef Kadlecsik2011-03-251-4/+2
| | | | | | | The timeout variant of the list:set type must reference the member sets. However, its garbage collector runs at timer interrupt so the mutex protection of the references is a no go. Therefore the reference protection is converted to rwlock.
* list:set timeout variant fixesJozsef Kadlecsik2011-03-231-29/+24
| | | | | | | - the timeout value was actually not set - the garbage collector was broken The variant is fixed, the tests to the testsuite are added.
* Reorganized kernel/ subdirJozsef Kadlecsik2011-02-031-0/+584
The kernel/ subdirectory is reorganized to follow the kernel directory structure.