summaryrefslogtreecommitdiffstats
path: root/kernel
Commit message (Collapse)AuthorAgeFilesLines
* ipset 5.4 releasedv5.4Jozsef Kadlecsik2011-01-211-0/+23
|
* Fixed broken ICMP and ICMPv6 handlingJozsef Kadlecsik2011-01-211-6/+7
| | | | | | I mistyped the bitwise operator and the network-order conversion was missing too. Sigh, sendip cannot generate proper packets to check ICMP and ICMPv6 in the testsuite. :-(
* Fix trailing whitespaces and pr_* messagesJozsef Kadlecsik2011-01-2112-69/+67
| | | | | | Some trailing whitespace slipped in, those are removed. With the deleted ip_set_kernel.h, the pr_* messages lost the trailing "\n" character. The messages were completed with it.
* Un-inline functions which are not small enoughJozsef Kadlecsik2011-01-2012-161/+42
|
* Fix module loading at create/header commandsJozsef Kadlecsik2011-01-202-50/+37
| | | | | While holding the nfnl_mutex, module loading is not allowed. Bug spotted by Patrick McHardy in his reviewing.
* Fix wrong kzalloc flag in type_pf_expireJozsef Kadlecsik2011-01-201-1/+1
| | | | | The expire functions of the hash types are called while locked, so kzalloc must be called with GFP_ATOMIC.
* The get_ip*_port functions are too large to be inlined, moved into the core.Jozsef Kadlecsik2011-01-208-138/+160
|
* Add missing __GFP_HIGHMEM flag to __vmallocJozsef Kadlecsik2011-01-201-1/+2
| | | | | We may call ip_set_alloc with GFP_ATOMIC, so we cannot replace __vmalloc with vzalloc. Missing flag was noticed by Eric Dumazet.
* Enforce network-order data in the netlink protocolJozsef Kadlecsik2011-01-2012-86/+214
| | | | | | Allow only network-order data, with NLA_F_NET_BYTEORDER flag. Sanity checks also added to prevent processing broken messages where mandatory attributes are missing. (Patrick McHardy's review)
* Use annotated types and fix sparse warningsJozsef Kadlecsik2011-01-2014-123/+110
| | | | | | Annotated types are introduced and sparse warnings fixed. Two warnings remained in ip_set_core.c but those are false ones. (Patrick McHardy's review)
* Move ip_set_alloc, ip_set_free and ip_set_get_ipaddr* into coreJozsef Kadlecsik2011-01-202-77/+88
| | | | | | The functions are too large to be inlined, so move them into the core. Also, fix the unnecessary initializations in ip_set_get_ipaddr*. (Patrick McHardy's review)
* NETMASK*, HOSTMASK* macros are too genericJozsef Kadlecsik2011-01-2010-55/+74
| | | | | NETMASK*, HOSTMASK* macros are rewritten to small inline functions ip_set_netmask* and ip_set_hostmask* (Patrick McHardy's review)
* Use static LIST_HEAD() for ip_set_type_listJozsef Kadlecsik2011-01-201-3/+1
| | | | | Avoid the need for explicit initialization during runtime (Patrick McHardy's review)
* Move NLA_PUT_NET* macros to include/net/netlink.hJozsef Kadlecsik2011-01-201-6/+0
| | | | These macros can be useful in general (Patrick McHardy's review)
* The module parameter max_sets should be unsigned intJozsef Kadlecsik2011-01-201-1/+1
| | | | Negative set numbers are strange :-) (Patrick McHardy's review)
* Get rid of ip_set_kernel.hJozsef Kadlecsik2011-01-2012-26/+0
| | | | | The header file was useful at deep debugging only, we can get rid of now. (Patrick McHardy's review)
* Fix the placement style of boolean operators at continued linesJozsef Kadlecsik2011-01-2014-219/+219
| | | | Fix "&&" and "||" continuation style (Patrick McHardy's review)
* ipset 5.3 releasedv5.3Jozsef Kadlecsik2011-01-181-0/+9
|
* There is no need to call synchronize_net() at swapping.Jozsef Kadlecsik2011-01-141-4/+0
| | | | | | Ongoing add/del can happen to referenced sets and delete can be issued to unreferenced sets. So the bogus call to synchronize_net() can safely be removed.
* Replace strncpy with strlcpy at creating a set.Jozsef Kadlecsik2011-01-141-1/+1
| | | | Better add more safety nets against user input.
* Update copyright date and some style changes.Jozsef Kadlecsik2011-01-1414-16/+16
|
* Use jhash.h accepted in kernel, with backward compatibility.Jozsef Kadlecsik2011-01-139-9/+9
|
* Separate prefixlens from ip_set core.Jozsef Kadlecsik2011-01-1313-297/+314
| | | | | | Separate prefixlens from ip_set core for better readibility and honoring the independence. Also, comment that prefixlens were borrowed from Jan Engelhardt.
* kernel: remove unused ctnl parameter from call_adJan Engelhardt2011-01-031-6/+5
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Comment the possible return values of the add/del/test type-functionsJozsef Kadlecsik2010-12-231-2/+8
|
* ipset 5.2 releasedv5.2Jozsef Kadlecsik2010-12-231-0/+3
|
* Kernel version check at minimal supported version is mistyped, now fixed.Jozsef Kadlecsik2010-12-221-2/+2
|
* ipset 5.1 releasedv5.1Jozsef Kadlecsik2010-12-221-0/+13
|
* Kernel version compatibility: support from 2.6.34Jozsef Kadlecsik2010-12-214-38/+42
| | | | | The basic kernel compatibility issues are verified back to 2.6.24. The minimal supported kernel version had to be bumped from 2.6.31 to 2.6.34.
* kernel: use EXPORT_SYMBOL_GPLJan Engelhardt2010-12-191-13/+13
|
* kernel: const annotationsJan Engelhardt2010-12-1913-71/+71
|
* kernel: use __read_mostly for registration-type structuresJan Engelhardt2010-12-199-10/+10
| | | | Here is where __read_mostly goes :-)
* kernel: do not mix const and __read_mostlyJan Engelhardt2010-12-1914-51/+40
| | | | | It makes no sense to mix these two. Either it is writable-plus-read-mostly, or it is constant.
* xt_set: avoid user types in exported kernel headersJan Engelhardt2010-12-191-6/+6
| | | | Within isolated code it would be ok, but not so in exported headers.
* Prevent calling Makefile directly in the kernel/ subdirectoryJozsef Kadlecsik2010-12-191-0/+4
|
* Fix Kbuild for me to delete backup filesJozsef Kadlecsik2010-12-171-1/+1
|
* Support adding/deleting multiple entries, kernel part.Jozsef Kadlecsik2010-12-174-16/+261
| | | | | | Support adding/deleting multiple entries in the kernel side of the hash:ip,port, hash:ip,port,ip, hash:ip,port,net and hash:net,port types.
* Remove unnecessary gfp_flags argumentsJozsef Kadlecsik2010-12-1610-70/+58
| | | | | Where the argument was used, the set lock was already activated, therefore the argument value was always GFP_ATOMIC.
* Mistypeing in the hbucket() macro fixed.Jozsef Kadlecsik2010-12-161-2/+6
|
* Document which elements cannot be stored in the different hash types.Jozsef Kadlecsik2010-12-141-2/+2
| | | | And enforce from kernel side as well...
* Convert last printks to pr_debug in ip_set_ahash.hJozsef Kadlecsik2010-12-131-4/+2
|
* Remove remnants of slist from ip_set_ahash.hJozsef Kadlecsik2010-12-131-3/+2
|
* Add proper RCU protection to resizingJozsef Kadlecsik2010-12-101-18/+38
| | | | | | | Resizing can be triggered by userspace command only, and those are serialized by the nfnl mutex. During resizing the set is read-locked, so the only possible concurrent operations are the kernel side readers. Those must be protected by proper RCU locking.
* Convert hash types from chash to ahash.Jozsef Kadlecsik2010-12-107-94/+1127
| | | | | | Instead of the cache friendly hashing, use the array based hashing. According to my tests the latter uses less memory, faster at lookup and deletion, and only slower at insertion.
* Strip off ip_set_ prefix from non-ipset specific header files.Jozsef Kadlecsik2010-12-089-8/+8
|
* Update ip_set_jhash.hJozsef Kadlecsik2010-12-081-33/+81
| | | | | Update ip_set_jhash.h with the version which was submitted for kernel inclusion.
* Create include/linux/netfilter/ipset/ directoryJozsef Kadlecsik2010-12-0722-69/+69
| | | | Separate the ipset header files from netfilter header files.
* Complete Kconfig.ipset with hash:net,port type.Jozsef Kadlecsik2010-12-071-8/+16
|
* Remove include/net/pfxlen.hJozsef Kadlecsik2010-12-0712-311/+305
| | | | | Spare some memory by moving the static prefixlen maps to the ipset core. Thus we can get rid of include/net/pfxlen.h too.
* Remove command MODIFYJozsef Kadlecsik2010-12-071-17/+16
| | | | | Modifying a set can be performed by save/modify/restore/swap, without adding kernel part support.