summaryrefslogtreecommitdiffstats
path: root/kernel
Commit message (Collapse)AuthorAgeFilesLines
* Kernel version compatibility: support from 2.6.34Jozsef Kadlecsik2010-12-214-38/+42
| | | | | The basic kernel compatibility issues are verified back to 2.6.24. The minimal supported kernel version had to be bumped from 2.6.31 to 2.6.34.
* kernel: use EXPORT_SYMBOL_GPLJan Engelhardt2010-12-191-13/+13
|
* kernel: const annotationsJan Engelhardt2010-12-1913-71/+71
|
* kernel: use __read_mostly for registration-type structuresJan Engelhardt2010-12-199-10/+10
| | | | Here is where __read_mostly goes :-)
* kernel: do not mix const and __read_mostlyJan Engelhardt2010-12-1914-51/+40
| | | | | It makes no sense to mix these two. Either it is writable-plus-read-mostly, or it is constant.
* xt_set: avoid user types in exported kernel headersJan Engelhardt2010-12-191-6/+6
| | | | Within isolated code it would be ok, but not so in exported headers.
* Prevent calling Makefile directly in the kernel/ subdirectoryJozsef Kadlecsik2010-12-191-0/+4
|
* Fix Kbuild for me to delete backup filesJozsef Kadlecsik2010-12-171-1/+1
|
* Support adding/deleting multiple entries, kernel part.Jozsef Kadlecsik2010-12-174-16/+261
| | | | | | Support adding/deleting multiple entries in the kernel side of the hash:ip,port, hash:ip,port,ip, hash:ip,port,net and hash:net,port types.
* Remove unnecessary gfp_flags argumentsJozsef Kadlecsik2010-12-1610-70/+58
| | | | | Where the argument was used, the set lock was already activated, therefore the argument value was always GFP_ATOMIC.
* Mistypeing in the hbucket() macro fixed.Jozsef Kadlecsik2010-12-161-2/+6
|
* Document which elements cannot be stored in the different hash types.Jozsef Kadlecsik2010-12-141-2/+2
| | | | And enforce from kernel side as well...
* Convert last printks to pr_debug in ip_set_ahash.hJozsef Kadlecsik2010-12-131-4/+2
|
* Remove remnants of slist from ip_set_ahash.hJozsef Kadlecsik2010-12-131-3/+2
|
* Add proper RCU protection to resizingJozsef Kadlecsik2010-12-101-18/+38
| | | | | | | Resizing can be triggered by userspace command only, and those are serialized by the nfnl mutex. During resizing the set is read-locked, so the only possible concurrent operations are the kernel side readers. Those must be protected by proper RCU locking.
* Convert hash types from chash to ahash.Jozsef Kadlecsik2010-12-107-94/+1127
| | | | | | Instead of the cache friendly hashing, use the array based hashing. According to my tests the latter uses less memory, faster at lookup and deletion, and only slower at insertion.
* Strip off ip_set_ prefix from non-ipset specific header files.Jozsef Kadlecsik2010-12-089-8/+8
|
* Update ip_set_jhash.hJozsef Kadlecsik2010-12-081-33/+81
| | | | | Update ip_set_jhash.h with the version which was submitted for kernel inclusion.
* Create include/linux/netfilter/ipset/ directoryJozsef Kadlecsik2010-12-0722-69/+69
| | | | Separate the ipset header files from netfilter header files.
* Complete Kconfig.ipset with hash:net,port type.Jozsef Kadlecsik2010-12-071-8/+16
|
* Remove include/net/pfxlen.hJozsef Kadlecsik2010-12-0712-311/+305
| | | | | Spare some memory by moving the static prefixlen maps to the ipset core. Thus we can get rid of include/net/pfxlen.h too.
* Remove command MODIFYJozsef Kadlecsik2010-12-071-17/+16
| | | | | Modifying a set can be performed by save/modify/restore/swap, without adding kernel part support.
* Whitespace, checkpatch.pl cleanups.Jozsef Kadlecsik2010-12-0720-375/+376
|
* The protocol extended with the command MODIFY.Jozsef Kadlecsik2010-11-051-18/+19
| | | | The command is not used yet, but better to reserve it already.
* Resizing converted to run under read-locking of the setJozsef Kadlecsik2010-10-307-118/+157
| | | | | | | With restricting resizing so that it can be triggered by an add from userspace only, we can modify it so that it uses read-locking instead of write-locking. Thus the matching in the set can run parallel with resizing.
* Remove to support resizing from kernel context.Jozsef Kadlecsik2010-10-291-8/+1
| | | | | | Resizing in kernel context is simply too expensive. Drop the feature: if a set is used as a dynamic container by a SET target, then the set must be created with a proper size from now on.
* Fix gfp_flags at resizingJozsef Kadlecsik2010-10-292-3/+3
| | | | | Resizing functions are called without holding any lock. So we can allocate using the flag GFP_KERNEL.
* Listing for hash types fixedJozsef Kadlecsik2010-10-291-2/+18
| | | | | | The listing was incorrect for large sets, when multiple messages were required. I assume that one full hash bucket fills into one message, but that is true for all current hash types.
* Fixes, cleanups, commentsv5.0-pre8Jozsef Kadlecsik2010-10-2421-503/+1154
| | | | | | | | | | | | | | | | | | | - More comments added to the code - ICMP and ICMPv6 support added to the hash:ip,port, hash:ip,port,ip and hash:ip,port,net types - hash:net and hash:ip,port,net types are reworked - hash:net,port type added - Wrong direction parameters fixed in hash:ip,port - Helps and manpage are updated - More tests added - Ugly macros are rewritten to functions in parse.c (Holger Eitzenberger) - resize related bug in hash types fixed (Holger Eitzenberger) - autoreconf patches by Jan Engelhardt applied - netlink patch minimalized: dumping can be initialized by a second parsing of the message (thanks to David and Patrick for the suggestion) - IPv4/IPv6 address attributes are introduced in order to fix the context (suggested by David)
* Cleanup, compatibilityv5.0-pre7Jozsef Kadlecsik2010-08-2311-66/+60
| | | | | | | | | - Use is_vmalloc_addr when freeing vmalloc or kmalloc-ed areas. Thus we can get rid of a flag and simplify some functions. - When checking "same" sets, ignore hash size, because resizing changes it. - 2.6.35 compatibility added. - Discuss backward/forward compatibilities in the README file.
* Compatibility and documentation fixesv5.0-pre6Jozsef Kadlecsik2010-07-131-0/+40
| | | | | | | Makefile fixes: compiler flags README and manpage fixes Compatibility with newer gcc releases (4.4.x) Compatibility with the 2.6.35 kernel tree
* ipset 5: Sparc related and compatibility fixesv5.0-pre5Jozsef Kadlecsik2010-06-2915-104/+100
| | | | | | | | ipset 5 is tested on Sparc, which revealed some compatibility issues and those are fixed. Kernels from 2.6.31 onward are supported. The testsuite checkings are completed to run match/target checks. The README file is updated to reflect the requirements to install and run ipset 5.
* ipset 5: IPv6 port related and manpage fixes, more testsv5.0-pre4Jozsef Kadlecsik2010-06-251-3/+3
| | | | | | - getting ports for family INET6 fixed - more manpage polishing - tests to check the iptables/ip6tables match and target added
* ipset 5: last new feature addedv5.0-pre3Jozsef Kadlecsik2010-06-2214-226/+504
| | | | | | | | | | | - the hash types can now store protocol together port, not only port - lots of fixes everywhere: parser, error reporting, manpage The last bits on the todo list before announcing ipset 5: - recheck all the error messages - add possibly more tests - polish manpage
* IPv6 match/target module aliases addedv5.0-pre2Jozsef Kadlecsik2010-06-161-0/+2
| | | | The missing IPv6 match/target aliases added.
* ipset 5 in an almost ready state - milestonev5.0-pre1Jozsef Kadlecsik2010-06-1529-4188/+5328
| | | | | | | | | | | | Reworked protocol and internal interfaces, missing set types added, backward compatibility verified, lots of tests added (and thanks to the tests, bugs fixed), even the manpage is rewritten ;-). Countless changes everywhere... The missing bits before announcing ipset 5: - net namespace support - new iptables/ip6tables extension library - iptables/ip6tables match and target tests (backward/forward compatibility) - tests on catching syntax errors
* Eight stage to ipset-5Jozsef Kadlecsik2010-04-2214-2535/+3590
| | | | Commit changed files in kernel/...
* Seventh stage to ipset-5Jozsef Kadlecsik2010-04-223-0/+871
| | | | | Refresh existing files in kernel/ with new content and add some new include/source files.
* Sixth stage to ipset-5Jozsef Kadlecsik2010-04-2215-646/+0
| | | | Remove unnecessary include files and rename some.
* Fifth stage to ipset-5Jozsef Kadlecsik2010-04-2234-125/+0
| | | | Rename files in kernel/ and get rid of old ones (2.4.x kernel tree support).
* New version 4.2 released:v4.2Jozsef Kadlecsik2010-01-243-2/+5
| | | | | | | | | | | kernel: - nethash and ipportnethash types counted every entry twice which could produce bogus entries when listing/saving these types of sets (bug reported by Husnu Demir) userspace: - Checking null entries when listing/saving hash types of sets deleted because it's unnecessary and can mask possible errors.
* 4.1 version releasedv4.1Jozsef Kadlecsik2009-11-115-11/+25
|
* Corrected kernel/ChangeLog entryJozsef Kadlecsik2009-11-101-1/+1
|
* ipset 4.0 releasedv4.0Jozsef Kadlecsik2009-11-1029-1030/+507
| | | | See ChangeLog files
* Include linux/jiffies.h for kernel 2.6.20 (Jan Engelhardt)Jozsef Kadlecsik2009-09-112-0/+4
|
* New release again, to fix a mistyping of me and get rid of bool.v3.2Jozsef Kadlecsik2009-08-213-8/+7
|
* ipset 3.1 releasev3.1Jozsef Kadlecsik2009-08-188-32/+52
| | | | | | | | | | | | | | A few minor bugs fixed and cleanups: - Nonexistent sets were reported as existing sets when testing from userspace in setlist type of sets (bug reported by Victor A. Safronov) - When saving sets, setlist type of sets must come last in order to satisfy the dependency from the elements (bug reported by Marty B.) - Sparse insists that the flags argument to kmalloc() is gfp_t (Stephen Hemminger) - Correct format specifiers and change %i to %d (Jan Engelhardt) - Fix the definition of 'bool' for kernels <= 2.6.18 (Jan Engelhardt)
* ipset 3.0 releasev3.0Jozsef Kadlecsik2009-05-1615-87/+95
| | | | | The main change is full bigendian and 64/32bit enviroment support - in consequence the kernel-userspace protocol version was bumped.
* Release v2.5.0.v2.5.0Jozsef Kadlecsik2009-03-061-0/+3
|
* Use spinlock initiator instead of setting the locks directly (Jan Engelhardt).Jozsef Kadlecsik2009-03-061-1/+1
|