Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | ipset 5.4 releasedv5.4 | Jozsef Kadlecsik | 2011-01-21 | 1 | -0/+23 | |
| | ||||||
* | Fixed broken ICMP and ICMPv6 handling | Jozsef Kadlecsik | 2011-01-21 | 1 | -6/+7 | |
| | | | | | | I mistyped the bitwise operator and the network-order conversion was missing too. Sigh, sendip cannot generate proper packets to check ICMP and ICMPv6 in the testsuite. :-( | |||||
* | Fix trailing whitespaces and pr_* messages | Jozsef Kadlecsik | 2011-01-21 | 12 | -69/+67 | |
| | | | | | | Some trailing whitespace slipped in, those are removed. With the deleted ip_set_kernel.h, the pr_* messages lost the trailing "\n" character. The messages were completed with it. | |||||
* | Un-inline functions which are not small enough | Jozsef Kadlecsik | 2011-01-20 | 12 | -161/+42 | |
| | ||||||
* | Fix module loading at create/header commands | Jozsef Kadlecsik | 2011-01-20 | 2 | -50/+37 | |
| | | | | | While holding the nfnl_mutex, module loading is not allowed. Bug spotted by Patrick McHardy in his reviewing. | |||||
* | Fix wrong kzalloc flag in type_pf_expire | Jozsef Kadlecsik | 2011-01-20 | 1 | -1/+1 | |
| | | | | | The expire functions of the hash types are called while locked, so kzalloc must be called with GFP_ATOMIC. | |||||
* | The get_ip*_port functions are too large to be inlined, moved into the core. | Jozsef Kadlecsik | 2011-01-20 | 8 | -138/+160 | |
| | ||||||
* | Add missing __GFP_HIGHMEM flag to __vmalloc | Jozsef Kadlecsik | 2011-01-20 | 1 | -1/+2 | |
| | | | | | We may call ip_set_alloc with GFP_ATOMIC, so we cannot replace __vmalloc with vzalloc. Missing flag was noticed by Eric Dumazet. | |||||
* | Enforce network-order data in the netlink protocol | Jozsef Kadlecsik | 2011-01-20 | 12 | -86/+214 | |
| | | | | | | Allow only network-order data, with NLA_F_NET_BYTEORDER flag. Sanity checks also added to prevent processing broken messages where mandatory attributes are missing. (Patrick McHardy's review) | |||||
* | Use annotated types and fix sparse warnings | Jozsef Kadlecsik | 2011-01-20 | 14 | -123/+110 | |
| | | | | | | Annotated types are introduced and sparse warnings fixed. Two warnings remained in ip_set_core.c but those are false ones. (Patrick McHardy's review) | |||||
* | Move ip_set_alloc, ip_set_free and ip_set_get_ipaddr* into core | Jozsef Kadlecsik | 2011-01-20 | 2 | -77/+88 | |
| | | | | | | The functions are too large to be inlined, so move them into the core. Also, fix the unnecessary initializations in ip_set_get_ipaddr*. (Patrick McHardy's review) | |||||
* | NETMASK*, HOSTMASK* macros are too generic | Jozsef Kadlecsik | 2011-01-20 | 10 | -55/+74 | |
| | | | | | NETMASK*, HOSTMASK* macros are rewritten to small inline functions ip_set_netmask* and ip_set_hostmask* (Patrick McHardy's review) | |||||
* | Use static LIST_HEAD() for ip_set_type_list | Jozsef Kadlecsik | 2011-01-20 | 1 | -3/+1 | |
| | | | | | Avoid the need for explicit initialization during runtime (Patrick McHardy's review) | |||||
* | Move NLA_PUT_NET* macros to include/net/netlink.h | Jozsef Kadlecsik | 2011-01-20 | 1 | -6/+0 | |
| | | | | These macros can be useful in general (Patrick McHardy's review) | |||||
* | The module parameter max_sets should be unsigned int | Jozsef Kadlecsik | 2011-01-20 | 1 | -1/+1 | |
| | | | | Negative set numbers are strange :-) (Patrick McHardy's review) | |||||
* | Get rid of ip_set_kernel.h | Jozsef Kadlecsik | 2011-01-20 | 12 | -26/+0 | |
| | | | | | The header file was useful at deep debugging only, we can get rid of now. (Patrick McHardy's review) | |||||
* | Fix the placement style of boolean operators at continued lines | Jozsef Kadlecsik | 2011-01-20 | 14 | -219/+219 | |
| | | | | Fix "&&" and "||" continuation style (Patrick McHardy's review) | |||||
* | ipset 5.3 releasedv5.3 | Jozsef Kadlecsik | 2011-01-18 | 1 | -0/+9 | |
| | ||||||
* | There is no need to call synchronize_net() at swapping. | Jozsef Kadlecsik | 2011-01-14 | 1 | -4/+0 | |
| | | | | | | Ongoing add/del can happen to referenced sets and delete can be issued to unreferenced sets. So the bogus call to synchronize_net() can safely be removed. | |||||
* | Replace strncpy with strlcpy at creating a set. | Jozsef Kadlecsik | 2011-01-14 | 1 | -1/+1 | |
| | | | | Better add more safety nets against user input. | |||||
* | Update copyright date and some style changes. | Jozsef Kadlecsik | 2011-01-14 | 14 | -16/+16 | |
| | ||||||
* | Use jhash.h accepted in kernel, with backward compatibility. | Jozsef Kadlecsik | 2011-01-13 | 9 | -9/+9 | |
| | ||||||
* | Separate prefixlens from ip_set core. | Jozsef Kadlecsik | 2011-01-13 | 13 | -297/+314 | |
| | | | | | | Separate prefixlens from ip_set core for better readibility and honoring the independence. Also, comment that prefixlens were borrowed from Jan Engelhardt. | |||||
* | kernel: remove unused ctnl parameter from call_ad | Jan Engelhardt | 2011-01-03 | 1 | -6/+5 | |
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> | |||||
* | Comment the possible return values of the add/del/test type-functions | Jozsef Kadlecsik | 2010-12-23 | 1 | -2/+8 | |
| | ||||||
* | ipset 5.2 releasedv5.2 | Jozsef Kadlecsik | 2010-12-23 | 1 | -0/+3 | |
| | ||||||
* | Kernel version check at minimal supported version is mistyped, now fixed. | Jozsef Kadlecsik | 2010-12-22 | 1 | -2/+2 | |
| | ||||||
* | ipset 5.1 releasedv5.1 | Jozsef Kadlecsik | 2010-12-22 | 1 | -0/+13 | |
| | ||||||
* | Kernel version compatibility: support from 2.6.34 | Jozsef Kadlecsik | 2010-12-21 | 4 | -38/+42 | |
| | | | | | The basic kernel compatibility issues are verified back to 2.6.24. The minimal supported kernel version had to be bumped from 2.6.31 to 2.6.34. | |||||
* | kernel: use EXPORT_SYMBOL_GPL | Jan Engelhardt | 2010-12-19 | 1 | -13/+13 | |
| | ||||||
* | kernel: const annotations | Jan Engelhardt | 2010-12-19 | 13 | -71/+71 | |
| | ||||||
* | kernel: use __read_mostly for registration-type structures | Jan Engelhardt | 2010-12-19 | 9 | -10/+10 | |
| | | | | Here is where __read_mostly goes :-) | |||||
* | kernel: do not mix const and __read_mostly | Jan Engelhardt | 2010-12-19 | 14 | -51/+40 | |
| | | | | | It makes no sense to mix these two. Either it is writable-plus-read-mostly, or it is constant. | |||||
* | xt_set: avoid user types in exported kernel headers | Jan Engelhardt | 2010-12-19 | 1 | -6/+6 | |
| | | | | Within isolated code it would be ok, but not so in exported headers. | |||||
* | Prevent calling Makefile directly in the kernel/ subdirectory | Jozsef Kadlecsik | 2010-12-19 | 1 | -0/+4 | |
| | ||||||
* | Fix Kbuild for me to delete backup files | Jozsef Kadlecsik | 2010-12-17 | 1 | -1/+1 | |
| | ||||||
* | Support adding/deleting multiple entries, kernel part. | Jozsef Kadlecsik | 2010-12-17 | 4 | -16/+261 | |
| | | | | | | Support adding/deleting multiple entries in the kernel side of the hash:ip,port, hash:ip,port,ip, hash:ip,port,net and hash:net,port types. | |||||
* | Remove unnecessary gfp_flags arguments | Jozsef Kadlecsik | 2010-12-16 | 10 | -70/+58 | |
| | | | | | Where the argument was used, the set lock was already activated, therefore the argument value was always GFP_ATOMIC. | |||||
* | Mistypeing in the hbucket() macro fixed. | Jozsef Kadlecsik | 2010-12-16 | 1 | -2/+6 | |
| | ||||||
* | Document which elements cannot be stored in the different hash types. | Jozsef Kadlecsik | 2010-12-14 | 1 | -2/+2 | |
| | | | | And enforce from kernel side as well... | |||||
* | Convert last printks to pr_debug in ip_set_ahash.h | Jozsef Kadlecsik | 2010-12-13 | 1 | -4/+2 | |
| | ||||||
* | Remove remnants of slist from ip_set_ahash.h | Jozsef Kadlecsik | 2010-12-13 | 1 | -3/+2 | |
| | ||||||
* | Add proper RCU protection to resizing | Jozsef Kadlecsik | 2010-12-10 | 1 | -18/+38 | |
| | | | | | | | Resizing can be triggered by userspace command only, and those are serialized by the nfnl mutex. During resizing the set is read-locked, so the only possible concurrent operations are the kernel side readers. Those must be protected by proper RCU locking. | |||||
* | Convert hash types from chash to ahash. | Jozsef Kadlecsik | 2010-12-10 | 7 | -94/+1127 | |
| | | | | | | Instead of the cache friendly hashing, use the array based hashing. According to my tests the latter uses less memory, faster at lookup and deletion, and only slower at insertion. | |||||
* | Strip off ip_set_ prefix from non-ipset specific header files. | Jozsef Kadlecsik | 2010-12-08 | 9 | -8/+8 | |
| | ||||||
* | Update ip_set_jhash.h | Jozsef Kadlecsik | 2010-12-08 | 1 | -33/+81 | |
| | | | | | Update ip_set_jhash.h with the version which was submitted for kernel inclusion. | |||||
* | Create include/linux/netfilter/ipset/ directory | Jozsef Kadlecsik | 2010-12-07 | 22 | -69/+69 | |
| | | | | Separate the ipset header files from netfilter header files. | |||||
* | Complete Kconfig.ipset with hash:net,port type. | Jozsef Kadlecsik | 2010-12-07 | 1 | -8/+16 | |
| | ||||||
* | Remove include/net/pfxlen.h | Jozsef Kadlecsik | 2010-12-07 | 12 | -311/+305 | |
| | | | | | Spare some memory by moving the static prefixlen maps to the ipset core. Thus we can get rid of include/net/pfxlen.h too. | |||||
* | Remove command MODIFY | Jozsef Kadlecsik | 2010-12-07 | 1 | -17/+16 | |
| | | | | | Modifying a set can be performed by save/modify/restore/swap, without adding kernel part support. |