summaryrefslogtreecommitdiffstats
path: root/lib/session.c
Commit message (Collapse)AuthorAgeFilesLines
* Support glibc < 2.9 (fixes bugzilla id #891)Jozsef Kadlecsik2014-09-231-0/+1
|
* Retry printing when sprintf fails (reported by Stig Thormodsrud)Jozsef Kadlecsik2014-09-221-14/+2
| | | | | | Instead of returning the length of the string which would have been printed, sprintf sometimes simply returns an error code. Handle the case and flush the printing buffer and retry.
* ipset: remove extran newline on debug outputHolger Eitzenberger2014-09-141-1/+1
| | | | | | | | | [ The following text is in the "utf-8" character set. ] [ Your display is set for the "ISO-8859-2" character set. ] [ Some characters may be displayed incorrectly. ] Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Remove a duplicate debug printHolger Eitzenberger2014-09-141-2/+1
| | | | | | | | | [ The following text is in the "utf-8" character set. ] [ Your display is set for the "ISO-8859-2" character set. ] [ Some characters may be displayed incorrectly. ] Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* libipset: Add userspace code for the skbinfo extension support.Anton Danilov2014-09-141-0/+12
| | | | | | | | | Add userspace code to support of the skbinfo extension independly of set types. Defines constants, flag and function for print/parse/send/recieve of skbinfo parameters. Signed-off-by: Anton Danilov <littlesmilingcloud@gmail.com> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* add markmask for hash:ip,mark data typeVytas Dauksa2014-01-231-0/+4
| | | | | | | | | Introduce packet mark mask for hash:ip,mark data type. This allows to set mark bit filter for the ip set. Change-Id: Id8dd9ca7e64477c4f7b022a1d9c1a5b187f1c96e Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* add hash:ip,mark data type to ipsetVytas Dauksa2014-01-081-0/+4
| | | | | | | | | | | | | | | | Introduce packet mark support with new ip,mark hash set. This includes userspace and kernelspace code, hash:ip,mark set tests and man page updates. The intended use of ip,mark set is similar to the ip:port type, but for protocols which don't use a predictable port number. Instead of port number it matches a firewall mark determined by a layer 7 filtering program like opendpi. As well as allowing or blocking traffic it will also be used for accounting packets and bytes sent for each protocol. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* ipset: Support comments in the userspace library.Oliver Smith2013-09-231-1/+6
| | | | | | | | | This adds support to the userspace portion of ipset for handling ipsets with the comment extension enabled. The library revision has been raised accordingly. Signed-off-by: Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Improve XML output: add element tag and root element (suggested by Lucas Hamie)Jozsef Kadlecsik2013-05-011-33/+38
|
* Support counters in the ipset libraryJozsef Kadlecsik2013-04-091-2/+28
| | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Fix revision printing in XML mode (reported by Mart Frauenlob)Jozsef Kadlecsik2013-01-091-1/+1
|
* Coding style fixesJozsef Kadlecsik2012-09-111-3/+4
|
* The set type revision number is added to the header part of listingJozsef Kadlecsik2012-09-111-3/+4
| | | | | | | | | Incompatibility: if your script rely on the number of lines in the header of set listings, then the new line Revision: number can break your script.
* Allow saving to/restoring from a file without shell redirectionJozsef Kadlecsik2012-05-231-0/+13
| | | | | | | | | Mathieu Bridon suggested that in some environments where there is no access to a full shell with input/output redirection, it'd be useful to read from/write to directly a file (bugzilla #788). The patch adds the new "-file" option to specify a filename to print into when listing/saving sets or read from when restoring sets.
* Fix invalid assignment to const void pointerJozsef Kadlecsik2012-05-061-7/+7
| | | | | gcc 4.7 and above ignore such assignments which leads to a broken ipset binary (bug reported by Seblu).
* Remove unused variables (warnings fixed)Jozsef Kadlecsik2012-05-041-2/+0
|
* Exceptions support added to hash:*net* typesJozsef Kadlecsik2012-01-131-11/+10
| | | | | | | | | | | | The "nomatch" keyword and option is added to the hash:*net* types, by which one can add exception entries to sets. Example: ipset create test hash:net ipset add test 192.168.0/24 ipset add test 192.168.0/30 nomatch In this case the IP addresses from 192.168.0/24 except 192.168.0/30 match the elements of the set.
* ipset: use NFPROTO_ constantsJan Engelhardt2011-08-311-17/+17
| | | | | ipset is actually using NFPROTO values rather than AF (xt_set passes that along).
* Whitespace and coding fixes detected by checkpatch.plJozsef Kadlecsik2011-05-311-118/+136
|
* hash:net,iface type introducedJozsef Kadlecsik2011-05-301-0/+6
| | | | | | | | | | The hash:net,iface type makes possible to store network address and interface name pairs in a set. It's mostly suitable for egress and ingress filtering. Examples: # ipset create test hash:net,iface # ipset add test 192.168.0.0/16,eth0 # ipset add test 192.168.0.0/24,eth1
* Fix long time uncovered bug at adding string attributes to the netlink messageJozsef Kadlecsik2011-05-271-0/+3
| | | | | Use the real string length instead of the maximum one when adding the attribute.
* Fix warnings reported by valgrindJozsef Kadlecsik2011-05-251-1/+1
|
* Restore with bitmap:port and list:set types did not work, fixedJozsef Kadlecsik2011-05-241-1/+6
|
* Protocol-level debugging support addedJozsef Kadlecsik2011-05-241-4/+12
|
* Support range for IPv4 at adding/deleting elements for hash:*net* typesJozsef Kadlecsik2011-05-151-0/+4
| | | | | | | | | | | | | | | | | | | The range internally is converted to the network(s) equal to the range. Example: # ipset new test hash:net # ipset add test 10.2.0.0-10.2.1.12 # ipset list test Name: test Type: hash:net Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16888 References: 0 Members: 10.2.1.12 10.2.1.0/29 10.2.0.0/24 10.2.1.8/30
* Ignore -n flag (list just setnames) when sets are to be savedJozsef Kadlecsik2011-05-061-1/+2
|
* Get rid of the trailing empty line at listing sets.Jozsef Kadlecsik2011-04-191-11/+22
| | | | | | | Also, remove the empty "members" section when listing just the set headers. Testsuite is updated to reflect the changes in the output.
* Fix XML listing, remove broken unused "elements" tagJozsef Kadlecsik2011-04-181-1/+1
|
* Support listing setnames and headers tooJozsef Kadlecsik2011-04-181-2/+31
| | | | | | Current listing makes possible to list sets with full content only. The patch adds support partial listings, i.e. listing just the existing setnames or listing set headers, without set members.
* Show correct line numbers in restore output for parser errorsJozsef Kadlecsik2011-01-181-0/+13
| | | | | | | | | | | | | | | | | Parser errors are reported by a wrong lineno at restore, bug reported by Holger Eitzenberger: create foo6 hash:ip hashsize 64 family inet6 add foo6 20a1:1234:5678::/64 add foo6 20a1:1234:5679::/64 you get: ipset v5.2: Error in line 1: Syntax error: plain IP address must be supplied: 20a1:1234:5678::/64 Should be line 2 though. The solution is to set the session lineno before parsing.
* Handle internal printing errorsJozsef Kadlecsik2010-12-231-10/+25
| | | | Internal printing errors were not reported, handle them by setjmp/longjmp.
* Listing/saving of large sets could produce broken listing, fixed.Jozsef Kadlecsik2010-12-231-8/+12
| | | | | The wrapper around getnameinfo was not snprintf-compatible and that could cause broken listing/saving for large sets.
* Restore mode did not work for IPv6 (reported by Elie Rosenblum)Jozsef Kadlecsik2010-12-221-13/+23
| | | | | | The set cache stored the default family (INET) instead of the set family, therefore restore mode for IPv6 did not work. The set cache fixed and message aggregation reworked.
* libipset: static annotationsJan Engelhardt2010-12-191-4/+4
|
* libipset: const annotationsJan Engelhardt2010-12-191-4/+4
|
* libipset: remove redundant castsJan Engelhardt2010-12-191-4/+4
|
* Buffered commands are just ... buffered.Jozsef Kadlecsik2010-12-131-75/+82
| | | | | | | Calculate the free buffer size when adding the existing attributes at the buffered commands. If the buffer is full, cancel the unfinished nested attribute and commit the previously buffered commands. Then restart with the current buffered command. Thus we can get rid of the ugly maxsize parameter of the set types.
* Fixes, cleanups, commentsv5.0-pre8Jozsef Kadlecsik2010-10-241-53/+108
| | | | | | | | | | | | | | | | | | | - More comments added to the code - ICMP and ICMPv6 support added to the hash:ip,port, hash:ip,port,ip and hash:ip,port,net types - hash:net and hash:ip,port,net types are reworked - hash:net,port type added - Wrong direction parameters fixed in hash:ip,port - Helps and manpage are updated - More tests added - Ugly macros are rewritten to functions in parse.c (Holger Eitzenberger) - resize related bug in hash types fixed (Holger Eitzenberger) - autoreconf patches by Jan Engelhardt applied - netlink patch minimalized: dumping can be initialized by a second parsing of the message (thanks to David and Patrick for the suggestion) - IPv4/IPv6 address attributes are introduced in order to fix the context (suggested by David)
* ipset 5: Sparc related and compatibility fixesv5.0-pre5Jozsef Kadlecsik2010-06-291-11/+15
| | | | | | | | ipset 5 is tested on Sparc, which revealed some compatibility issues and those are fixed. Kernels from 2.6.31 onward are supported. The testsuite checkings are completed to run match/target checks. The README file is updated to reflect the requirements to install and run ipset 5.
* ipset 5: last new feature addedv5.0-pre3Jozsef Kadlecsik2010-06-221-0/+25
| | | | | | | | | | | - the hash types can now store protocol together port, not only port - lots of fixes everywhere: parser, error reporting, manpage The last bits on the todo list before announcing ipset 5: - recheck all the error messages - add possibly more tests - polish manpage
* configure/Makefile and debug fixesJozsef Kadlecsik2010-06-161-1/+4
|
* Use libmnl nest functions and fix size differences in iptree*.tJozsef Kadlecsik2010-06-151-22/+2
| | | | | | Use the libmnl mnl_attr_nest_star/mnl_attr_nest_end functions instead of the private ones. Ignore possible size differences in iptree*.t compatibility tests.
* ipset 5 in an almost ready state - milestonev5.0-pre1Jozsef Kadlecsik2010-06-151-35/+63
| | | | | | | | | | | | Reworked protocol and internal interfaces, missing set types added, backward compatibility verified, lots of tests added (and thanks to the tests, bugs fixed), even the manpage is rewritten ;-). Countless changes everywhere... The missing bits before announcing ipset 5: - net namespace support - new iptables/ip6tables extension library - iptables/ip6tables match and target tests (backward/forward compatibility) - tests on catching syntax errors
* Fourth stage to ipset-5Jozsef Kadlecsik2010-04-221-0/+1782
Add new userspace files: include/, lib/ and plus new files in src/.