| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
A set type may have multiple revisions, for example when syntax is extended.
Support continuous revision ranges in set types.
|
|
|
|
|
|
| |
When ranges are added to hash types, the elements may trigger rehashing the set.
However, the last successfully added element was not kept track so the adding
started again with the first element after the rehashing. Bug reported by Mr Dash Four.
|
|
|
|
|
|
| |
Current listing makes possible to list sets with full content only.
The patch adds support partial listings, i.e. listing just
the existing setnames or listing set headers, without set members.
|
|
|
|
|
|
|
|
| |
A restoreable saving of sets requires that list:set type of sets
come last and the code part which should have taken into account
the ordering was broken. The patch fixes the listing order.
Testsuite entry added which checks the listing order.
|
|
|
|
|
|
| |
The support makes possible to specify the timeout value for
the SET target and a flag to reset the timeout for already existing
entries.
|
|
|
|
|
|
|
| |
The SET target with --del-set did not work due to using wrongly
the internal dimension of --add-set instead of --del-set.
Also, the checkentries did not release the set references when
returned an error. Bugs reported by Lennert Buytenhek.
|
| |
|
|
|
|
|
|
|
|
|
| |
Enforce that the second "src/dst" parameter of the set match and SET target
must be "src", because we have access to the source MAC only in the packet.
The previous behaviour, that the type required the second parameter
but actually ignored the value was counter-intuitive and confusing.
Manpage is updated to reflect the change.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When an element to a set with timeout added, one can change the timeout
by "readding" the element with the "-exist" flag. That means the timeout
value is reset to the specified one (or to the default from the set
specification if the "timeout n" option is not used). Example
ipset add foo 1.2.3.4 timeout 10
ipset add foo 1.2.3.4 timeout 600 -exist
|
|
|
|
|
|
|
| |
The timeout variant of the list:set type must reference the member sets.
However, its garbage collector runs at timer interrupt so the mutex protection
of the references is a no go. Therefore the reference protection
is converted to rwlock.
|
|
|
|
|
|
|
| |
- the timeout value was actually not set
- the garbage collector was broken
The variant is fixed, the tests to the testsuite are added.
|
|
|
|
| |
Revision reporting got broken by the revision checking patch, fixed.
|
|
|
|
| |
SCTP and UDPLITE port support added to the hash:*port* types.
|
|
|
|
|
|
| |
The revision number was not checked at the create command: if the userspace
sent a valid set type but with not supported revision number, it'd create
a loop.
|
|
|
|
|
|
| |
The hash:ip,port* types with IPv4 silently ignored when address ranges
with non TCP/UDP were added/deleted from the set and the first address from
the range was only used.
|
|
|
|
|
|
|
| |
net/netfilter/ipset/ip_set_core.c:615: warning: ?clash? may be used uninitialized in this function
Signed-off-by: shanw <shanw@shanw-desktop.(none)>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
The kernel/ subdirectory is reorganized to follow the kernel directory
structure.
|