summaryrefslogtreecommitdiffstats
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* Protocol-level debugging support addedJozsef Kadlecsik2011-05-243-6/+286
|
* ipset_mnl_query: in debug mode print the errno returned by the cb functionJozsef Kadlecsik2011-05-231-1/+1
|
* Support range for IPv4 at adding/deleting elements for hash:*net* typesJozsef Kadlecsik2011-05-153-3/+63
| | | | | | | | | | | | | | | | | | | The range internally is converted to the network(s) equal to the range. Example: # ipset new test hash:net # ipset add test 10.2.0.0-10.2.1.12 # ipset list test Name: test Type: hash:net Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16888 References: 0 Members: 10.2.1.12 10.2.1.0/29 10.2.0.0/24 10.2.1.8/30
* Disable type revisions which are not supported both by the kernel and ipsetJozsef Kadlecsik2011-05-131-0/+13
|
* Ignore -n flag (list just setnames) when sets are to be savedJozsef Kadlecsik2011-05-061-1/+2
|
* Get rid of the trailing empty line at listing sets.Jozsef Kadlecsik2011-04-191-11/+22
| | | | | | | Also, remove the empty "members" section when listing just the set headers. Testsuite is updated to reflect the changes in the output.
* Fix XML listing, remove broken unused "elements" tagJozsef Kadlecsik2011-04-181-1/+1
|
* Support listing setnames and headers tooJozsef Kadlecsik2011-04-181-2/+31
| | | | | | Current listing makes possible to list sets with full content only. The patch adds support partial listings, i.e. listing just the existing setnames or listing set headers, without set members.
* Fix revision reportingJozsef Kadlecsik2011-03-191-4/+3
| | | | Revision reporting got broken by the revision checking patch, fixed.
* SCTP, UDPLITE support addedJozsef Kadlecsik2011-03-183-17/+18
| | | | SCTP and UDPLITE port support added to the hash:*port* types.
* ipset: pass ipset_arg argument pointerHolger Eitzenberger2011-02-011-6/+5
| | | | Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
* Send (N)ACK at dumping only when NLM_F_ACK is setJozsef Kadlecsik2011-01-261-2/+2
| | | | | Missing check of the flag NLM_F_ACK is added to the kernel - and userspace does set it too (Patrick McHardy's review)
* Resolving IP addresses did not work at listing/saving sets, fixed.Jozsef Kadlecsik2011-01-261-2/+2
|
* ipset: fix the Netlink sequence numberHolger Eitzenberger2011-01-251-1/+2
| | | | | | | | | | Do not use time() as a Netlink sequence number for each message, as otherwise the same seq number will be used when sending another message in the same second. Instead use time() just for initialization, then increment per message. Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* ipset: turn Set name[] into a const pointerHolger Eitzenberger2011-01-251-8/+9
| | | | | | | | | | | | Also check for the name length. Note that passing errno values back is not done consistently at various place, as there are some functions which set errno manually, others pass -errno back. I use the -errno approach here, as it is slightly shorter. Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Avoid possible syntax clashing at saving hostnamesJozsef Kadlecsik2011-01-241-1/+2
| | | | | | If resolving is requested and the resolved hostname contains a dash character, print the unresolved IP address instead in order not to clash with the IP/hostname range syntax.
* Fix build with NDEBUG definedJozsef Kadlecsik2011-01-182-8/+14
| | | | | | | | | | | | | | | | The usage of the gcc option -Wunused-parameter interferes badly with the assert() macros. In case -DNDEBUG is specified build fails with: cc1: warnings being treated as errors print.c: In function 'ipset_print_family': print.c:92: error: unused parameter 'opt' print.c: In function 'ipset_print_port': print.c:413: error: unused parameter 'opt' print.c: In function 'ipset_print_proto': Fix it by taking into accout NDEBUG in the function arguments. Bug reported by Holger Eitzenberger.
* Make IPv4 and IPv6 address handling similarJozsef Kadlecsik2011-01-181-1/+10
| | | | | | | | | | | | | | | | While the following works for AF_INET: ipset add foo 192.168.1.1/32 this does not work for AF_INET6: ipset add foo6 20a1:1:2:3:4:5:6:7/128 ipset v5.2: Syntax error: plain IP address must be supplied: 20a1:1:2:3:4:5:6:7/128 Bug reported by Holger Eitzenberger. The complete fix is to handle the special host prefixes in the general IP address parser function.
* Show correct line numbers in restore output for parser errorsJozsef Kadlecsik2011-01-181-0/+13
| | | | | | | | | | | | | | | | | Parser errors are reported by a wrong lineno at restore, bug reported by Holger Eitzenberger: create foo6 hash:ip hashsize 64 family inet6 add foo6 20a1:1234:5678::/64 add foo6 20a1:1234:5679::/64 you get: ipset v5.2: Error in line 1: Syntax error: plain IP address must be supplied: 20a1:1234:5678::/64 Should be line 2 though. The solution is to set the session lineno before parsing.
* Handle internal printing errorsJozsef Kadlecsik2010-12-231-10/+25
| | | | Internal printing errors were not reported, handle them by setjmp/longjmp.
* Use cast to void * instead of memcpy as Sparc workaround at sockaddr_XXX.Jozsef Kadlecsik2010-12-231-8/+6
| | | | | | Direct cast results "cast increases required alignment of target type" on Sparc: use indirect cast to void * instead of memcpy, as Jan Engelhardt suggested.
* Listing/saving of large sets could produce broken listing, fixed.Jozsef Kadlecsik2010-12-232-9/+16
| | | | | The wrapper around getnameinfo was not snprintf-compatible and that could cause broken listing/saving for large sets.
* Restore mode did not work for IPv6 (reported by Elie Rosenblum)Jozsef Kadlecsik2010-12-222-21/+30
| | | | | | The set cache stored the default family (INET) instead of the set family, therefore restore mode for IPv6 did not work. The set cache fixed and message aggregation reworked.
* libipset: static annotationsJan Engelhardt2010-12-191-4/+4
|
* libipset: const annotationsJan Engelhardt2010-12-195-8/+8
|
* libipset: remove redundant castsJan Engelhardt2010-12-193-10/+10
|
* libipset: remove redundant indirection via union nameJan Engelhardt2010-12-191-41/+41
| | | | | There are no uses of C99 static initializers, so let's make the union anonymous and reduce accessor lengths.
* libipset: ipset_strncpy is really a strlcpy-type operationJan Engelhardt2010-12-192-11/+11
|
* Put back the Sparc specific workaround at getaddrinfo.Jozsef Kadlecsik2010-12-191-4/+8
|
* Add ipset_parse_tcpudp_port functionJozsef Kadlecsik2010-12-171-7/+27
| | | | Add new parser function to parse TCP/UDP port name, number, or range of them.
* Buffered commands are just ... buffered.Jozsef Kadlecsik2010-12-132-121/+82
| | | | | | | Calculate the free buffer size when adding the existing attributes at the buffered commands. If the buffer is full, cancel the unfinished nested attribute and commit the previously buffered commands. Then restart with the current buffered command. Thus we can get rid of the ugly maxsize parameter of the set types.
* Support case-insensitive ICMP and ICMPv6 type/code names.Jozsef Kadlecsik2010-12-102-2/+2
|
* Remove command MODIFYJozsef Kadlecsik2010-12-071-1/+1
| | | | | Modifying a set can be performed by save/modify/restore/swap, without adding kernel part support.
* The protocol extended with the command MODIFY.Jozsef Kadlecsik2010-11-051-1/+3
| | | | The command is not used yet, but better to reserve it already.
* Add parser function to handle IPv4 and IPv6 differently.Jozsef Kadlecsik2010-10-301-0/+40
| | | | | | At present IPv6 does not support adding/deleting multiple IPv6 addresses specified as an ip-ip range or ip/prefix block. A parser function is added by which can enforce it at parsing the address pattern.
* Merge branch 'ipset-5' of git://dev.medozas.de/ipset into ipset-5Jozsef Kadlecsik2010-10-251-2/+2
|\
| * build: remove manual -fPIC flagJan Engelhardt2010-10-191-1/+1
| | | | | | | | | | | | | | libtool will take care of adding -fPIC as needed. In fact, static libraries are often not desired to be compiled with -fPIC. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: use libmnl's pkgconfig filesJan Engelhardt2010-10-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | libmnl installs .pc files that we can directly use and which are preferable over AC_CHECK_LIB. Also make sure that libipset.so is linked with libmnl, otherwise linking errors can ensue when a program tries to link to libipset. Furthermore, remove the now-unused LIBS variable. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Rollback to fix commit historyJozsef Kadlecsik2010-10-251-2/+2
| |
* | Fixes, cleanups, commentsv5.0-pre8Jozsef Kadlecsik2010-10-249-204/+664
|/ | | | | | | | | | | | | | | | | | | - More comments added to the code - ICMP and ICMPv6 support added to the hash:ip,port, hash:ip,port,ip and hash:ip,port,net types - hash:net and hash:ip,port,net types are reworked - hash:net,port type added - Wrong direction parameters fixed in hash:ip,port - Helps and manpage are updated - More tests added - Ugly macros are rewritten to functions in parse.c (Holger Eitzenberger) - resize related bug in hash types fixed (Holger Eitzenberger) - autoreconf patches by Jan Engelhardt applied - netlink patch minimalized: dumping can be initialized by a second parsing of the message (thanks to David and Patrick for the suggestion) - IPv4/IPv6 address attributes are introduced in order to fix the context (suggested by David)
* Compatibility and documentation fixesv5.0-pre6Jozsef Kadlecsik2010-07-131-1/+0
| | | | | | | Makefile fixes: compiler flags README and manpage fixes Compatibility with newer gcc releases (4.4.x) Compatibility with the 2.6.35 kernel tree
* ipset 5: Sparc related and compatibility fixesv5.0-pre5Jozsef Kadlecsik2010-06-294-26/+32
| | | | | | | | ipset 5 is tested on Sparc, which revealed some compatibility issues and those are fixed. Kernels from 2.6.31 onward are supported. The testsuite checkings are completed to run match/target checks. The README file is updated to reflect the requirements to install and run ipset 5.
* ipset 5: last new feature addedv5.0-pre3Jozsef Kadlecsik2010-06-224-0/+188
| | | | | | | | | | | - the hash types can now store protocol together port, not only port - lots of fixes everywhere: parser, error reporting, manpage The last bits on the todo list before announcing ipset 5: - recheck all the error messages - add possibly more tests - polish manpage
* configure/Makefile and debug fixesJozsef Kadlecsik2010-06-162-1/+8
|
* Use libmnl nest functions and fix size differences in iptree*.tJozsef Kadlecsik2010-06-151-22/+2
| | | | | | Use the libmnl mnl_attr_nest_star/mnl_attr_nest_end functions instead of the private ones. Ignore possible size differences in iptree*.t compatibility tests.
* ipset 5 in an almost ready state - milestonev5.0-pre1Jozsef Kadlecsik2010-06-159-279/+535
| | | | | | | | | | | | Reworked protocol and internal interfaces, missing set types added, backward compatibility verified, lots of tests added (and thanks to the tests, bugs fixed), even the manpage is rewritten ;-). Countless changes everywhere... The missing bits before announcing ipset 5: - net namespace support - new iptables/ip6tables extension library - iptables/ip6tables match and target tests (backward/forward compatibility) - tests on catching syntax errors
* Fourth stage to ipset-5Jozsef Kadlecsik2010-04-229-0/+4757
Add new userspace files: include/, lib/ and plus new files in src/.