| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
| |
Modifying a set can be performed by save/modify/restore/swap, without
adding kernel part support.
|
| |
|
|
|
|
| |
The command is not used yet, but better to reserve it already.
|
|
|
|
|
|
|
| |
With restricting resizing so that it can be triggered by an add
from userspace only, we can modify it so that it uses read-locking
instead of write-locking. Thus the matching in the set can run parallel
with resizing.
|
|
|
|
|
|
| |
Resizing in kernel context is simply too expensive. Drop the feature:
if a set is used as a dynamic container by a SET target, then the set
must be created with a proper size from now on.
|
|
|
|
|
| |
Resizing functions are called without holding any lock. So we can
allocate using the flag GFP_KERNEL.
|
|
|
|
|
|
| |
The listing was incorrect for large sets, when multiple messages were
required. I assume that one full hash bucket fills into one message,
but that is true for all current hash types.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- More comments added to the code
- ICMP and ICMPv6 support added to the hash:ip,port, hash:ip,port,ip
and hash:ip,port,net types
- hash:net and hash:ip,port,net types are reworked
- hash:net,port type added
- Wrong direction parameters fixed in hash:ip,port
- Helps and manpage are updated
- More tests added
- Ugly macros are rewritten to functions in parse.c
(Holger Eitzenberger)
- resize related bug in hash types fixed (Holger Eitzenberger)
- autoreconf patches by Jan Engelhardt applied
- netlink patch minimalized: dumping can be initialized by a second
parsing of the message (thanks to David and Patrick for the suggestion)
- IPv4/IPv6 address attributes are introduced in order to fix the context
(suggested by David)
|
|
|
|
|
|
|
|
|
| |
- Use is_vmalloc_addr when freeing vmalloc or kmalloc-ed areas. Thus
we can get rid of a flag and simplify some functions.
- When checking "same" sets, ignore hash size, because resizing
changes it.
- 2.6.35 compatibility added.
- Discuss backward/forward compatibilities in the README file.
|
|
|
|
|
|
|
| |
Makefile fixes: compiler flags
README and manpage fixes
Compatibility with newer gcc releases (4.4.x)
Compatibility with the 2.6.35 kernel tree
|
|
|
|
|
|
|
|
| |
ipset 5 is tested on Sparc, which revealed some compatibility issues
and those are fixed. Kernels from 2.6.31 onward are supported.
The testsuite checkings are completed to run match/target checks.
The README file is updated to reflect the requirements to install
and run ipset 5.
|
|
|
|
|
|
| |
- getting ports for family INET6 fixed
- more manpage polishing
- tests to check the iptables/ip6tables match and target added
|
|
|
|
|
|
|
|
|
|
|
| |
- the hash types can now store protocol together port, not only port
- lots of fixes everywhere: parser, error reporting, manpage
The last bits on the todo list before announcing ipset 5:
- recheck all the error messages
- add possibly more tests
- polish manpage
|
|
|
|
| |
The missing IPv6 match/target aliases added.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reworked protocol and internal interfaces, missing set types added,
backward compatibility verified, lots of tests added (and thanks to the tests,
bugs fixed), even the manpage is rewritten ;-). Countless changes everywhere...
The missing bits before announcing ipset 5:
- net namespace support
- new iptables/ip6tables extension library
- iptables/ip6tables match and target tests (backward/forward compatibility)
- tests on catching syntax errors
|
|
|
|
| |
Commit changed files in kernel/...
|
|
|
|
|
| |
Refresh existing files in kernel/ with new content and add some
new include/source files.
|
|
|
|
| |
Remove unnecessary include files and rename some.
|
|
|
|
| |
Rename files in kernel/ and get rid of old ones (2.4.x kernel tree support).
|
|
|
|
|
|
|
|
|
|
|
| |
kernel:
- nethash and ipportnethash types counted every entry twice
which could produce bogus entries when listing/saving these types
of sets (bug reported by Husnu Demir)
userspace:
- Checking null entries when listing/saving hash types of sets
deleted because it's unnecessary and can mask possible errors.
|
| |
|
| |
|
|
|
|
| |
See ChangeLog files
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A few minor bugs fixed and cleanups:
- Nonexistent sets were reported as existing sets when testing
from userspace in setlist type of sets (bug reported by Victor A.
Safronov)
- When saving sets, setlist type of sets must come last in order
to satisfy the dependency from the elements (bug reported by Marty B.)
- Sparse insists that the flags argument to kmalloc() is gfp_t
(Stephen Hemminger)
- Correct format specifiers and change %i to %d (Jan Engelhardt)
- Fix the definition of 'bool' for kernels <= 2.6.18 (Jan Engelhardt)
|
|
|
|
|
| |
The main change is full bigendian and 64/32bit enviroment support - in
consequence the kernel-userspace protocol version was bumped.
|
| |
|
| |
|
|
|
|
|
| |
References to the old include file replaced with new one in order to
really use the new Jenkins' hash function.
|
|
|
|
| |
Kernel changelog on Jenkins' hash update added.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old lookup2() Jenkins' hash is outdated, there is a new version called
lookup3() which
- mixes better than lookup2(): passes the check that every input bit changes
every output bit 50% of the time - lookup2() failed it.
- performs better: compiled with -O2 on Core2 Duo, lookup3() 20-40% faster
than lookup2() depending on the key length.
The patch replaces the lookup2() implementation of 'jhash*' with that of
lookup3().
|
|
|
|
|
|
| |
Bug fixed: after elements are added and deleted from a hash, an element
can successfully be added in spite it's already in the hash and thus
duplicates can occur. Bug spotted by Shih-Yi Chen.
|
|
|
|
| |
Compatibility with old gcc without 'bool' added.
|
|
|
|
| |
Typo which broke compilation with kernels < 2.6.28 fixed.
|
|
|
|
| |
Compatibility fix for kernels >= 2.6.28
|
|
|
|
|
|
| |
- setlist type does not work properly together with swapping
sets, bug reported by Thomas Jacob.
- Include linux/capability.h explicitly in ip_set.c (Jan Engelhardt)
|
|
|
|
|
|
|
|
| |
- Premature checking prevents to add valid elements to hash
types, fixed (bug reported by JC Janos).
- Local variable shadows another variable, fixed (reported
by Jan Engelhardt).
- More compiler warning options added and warnings fixed.
|
|
|
|
|
| |
- Include file <limits.h> was missing from userspace set type
modules.
|
|
|
|
|
|
|
|
| |
- When flushing a nethash/ipportnethash type of set, it can
lead to a kernel crash due to a wrong type declaration,
bug reported by Krzysztof Oledzki.
- iptree and iptreemap types require the header file linux/timer.h,
also reported by Krzysztof Oledzki.
|
|
|
|
| |
hash type of sets. Enforce the restriction.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
userspace changes:
- Added KBUILD_OUTPUT support (Sven Wegener)
- Fix memory leak in ipset_iptreemap (Sven Wegener)
- Fix multiple compiler warnings (Sven Wegener)
- ipportiphash, ipportnethash and setlist types added
- binding marked as deprecated functionality
- element separator token changed to ',' in anticipating
IPv6 addresses, old separator tokens are still supported
- unnecessary includes removed
- ipset does not try to resolve IP addresses when listing
the content of sets (default changed)
- manpage updated
- ChangeLog forked for kernel part
kernel part changes:
- ipportiphash, ipportnethash and setlist types added
- set type modules reworked to avoid code duplication
as much as possible, code unification macros
- expand_macros Makefile target added to help debugging
code unification macros
- ip_set_addip_kernel and ip_set_delip_kernel
changed from void to int, __ip_set_get_byname and
__ip_set_put_byid added for the sake of setlist type
- unnecessary includes removed
- compatibility fix for kernels >= 2.6.27:
semaphore.h was moved from asm/ to linux/ (James King)
- ChangeLog forked for kernel part
|
| |
|
| |
|
| |
|
| |
|
|
|