summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Add dynamic module support to ipset userspace toolNeutron Soutmun2012-05-101-0/+7
| | | | | | | | | | | | | The patch adds supporting dynamic modules for the set types to ipset userspace tool. The dynamic module support can be enabled by the --enable-settype-modules of "configure". The list of set types to be compiled as dynamic modules can be specified in the --with-settype-modules-list option. Example --enable-settype-modules \ --with-settype-modules-list="ipset_hash_ip ipset_hash_ipport" The keyword "all" can be used to compile all set types as dynamic modules.
* Move ipset_port_usage() into libNeutron Soutmun2012-05-061-31/+0
|
* Improve ipset help text messages (Mr Dash Four)Jozsef Kadlecsik2012-04-191-4/+4
|
* Support hostnames and service names with dashJozsef Kadlecsik2012-01-141-0/+6
| | | | | | | | The square brackets are introduced as an escape mechanism to enter hostnames or service names with dash in order to avoid mixing up the dash in the name with the range notation. Problem reported by Stephen Hemminger and Marc Guardiola.
* Exceptions support added to hash:*net* typesJozsef Kadlecsik2012-01-131-6/+23
| | | | | | | | | | | | The "nomatch" keyword and option is added to the hash:*net* types, by which one can add exception entries to sets. Example: ipset create test hash:net ipset add test 192.168.0/24 ipset add test 192.168.0/30 nomatch In this case the IP addresses from 192.168.0/24 except 192.168.0/30 match the elements of the set.
* Set types moved into libipset libraryJozsef Kadlecsik2012-01-0513-1574/+3
| | | | | The libipset library is complete by this step, and "ipset" just a CLI interface based on the lib.
* build: make distcheck work and use POSIX mode for tarball generationJan Engelhardt2011-12-231-1/+1
| | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* build: move ipset_errcode into libraryJan Engelhardt2011-08-312-201/+0
| | | | | | | | | | | | | | | | The library cannot stand on its own: 19:13 seven:../ipset/lib > ldd -r .libs/libipset.so.1 linux-vdso.so.1 => (0x00007fff9a569000) libmnl.so.0 => /usr/lib64/libmnl.so.0 (0x00007fd42ae5c000) libc.so.6 => /lib64/libc.so.6 (0x00007fd42aaef000) /lib64/ld-linux-x86-64.so.2 (0x00007fd42b28d000) undefined symbol: ipset_errcode (.libs/libipset.so.1) Resolve this by moving ipset_errcode into the library. Reported-by: Arkadiusz Miskiewicz <a.miskiewicz@gmail.com> References: http://marc.info/?l=netfilter-devel&m=131435791514602&w=2
* ipset: use NFPROTO_ constantsJan Engelhardt2011-08-3112-19/+19
| | | | | ipset is actually using NFPROTO values rather than AF (xt_set passes that along).
* Propagate "expose userspace-relevant parts in ip_set.h" to ipset sourceJozsef Kadlecsik2011-08-3111-25/+25
| | | | | | With the header file restructuring, the ipset userspace enums IPSET_DIM_* clash with the kernel ones. In this patch the userspace is converted to use the kernel part enums and thus we got rid of userspace enums IPSET_DIM_*.
* Update the manpage and document the limits in hash:net,iface.Jozsef Kadlecsik2011-07-111-1/+5
|
* Whitespace and coding fixes detected by checkpatch.plJozsef Kadlecsik2011-05-3114-178/+182
|
* hash:net,iface type introducedJozsef Kadlecsik2011-05-304-2/+192
| | | | | | | | | | The hash:net,iface type makes possible to store network address and interface name pairs in a set. It's mostly suitable for egress and ingress filtering. Examples: # ipset create test hash:net,iface # ipset add test 192.168.0.0/16,eth0 # ipset add test 192.168.0.0/24,eth1
* Remove iptree tests and compatibility element parsingJozsef Kadlecsik2011-05-271-1/+0
|
* Fix warnings reported by valgrindJozsef Kadlecsik2011-05-251-1/+7
|
* Remove supporting set types iptree and iptreemapJozsef Kadlecsik2011-05-241-1/+1
|
* Accept "\r\n" terminated COMMIT command in restore filesJozsef Kadlecsik2011-05-241-1/+1
|
* Accept "\r\n" terminated lines in restore filesJozsef Kadlecsik2011-05-211-2/+2
|
* Support range for IPv4 at adding/deleting elements for hash:*net* typesJozsef Kadlecsik2011-05-158-35/+287
| | | | | | | | | | | | | | | | | | | The range internally is converted to the network(s) equal to the range. Example: # ipset new test hash:net # ipset add test 10.2.0.0-10.2.1.12 # ipset list test Name: test Type: hash:net Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16888 References: 0 Members: 10.2.1.12 10.2.1.0/29 10.2.0.0/24 10.2.1.8/30
* Update ipset help text to reflect SCTP and UDPLITE supportJozsef Kadlecsik2011-05-121-3/+3
|
* Support listing setnames and headers tooJozsef Kadlecsik2011-04-182-4/+29
| | | | | | Current listing makes possible to list sets with full content only. The patch adds support partial listings, i.e. listing just the existing setnames or listing set headers, without set members.
* bitmap:ip,mac type requires "src" for MACJozsef Kadlecsik2011-04-081-3/+4
| | | | | | | | | Enforce that the second "src/dst" parameter of the set match and SET target must be "src", because we have access to the source MAC only in the packet. The previous behaviour, that the type required the second parameter but actually ignored the value was counter-intuitive and confusing. Manpage is updated to reflect the change.
* Manpage updateJozsef Kadlecsik2011-03-271-0/+2
|
* SCTP, UDPLITE support addedJozsef Kadlecsik2011-03-185-21/+29
| | | | SCTP and UDPLITE port support added to the hash:*port* types.
* Manpage was not installedJozsef Kadlecsik2011-03-181-0/+2
| | | | | Entry to install the manpage was missing from Makefile.am (reported by Mark A. Ziesemer)
* Print protocol version together with ipset versionJozsef Kadlecsik2011-02-031-1/+2
|
* Allow "new" as a commad alias to "create"Jozsef Kadlecsik2011-02-011-7/+7
| | | | It's too easy to mistype "n" to "new", so just allow it.
* ipset: improve command argument parsingHolger Eitzenberger2011-02-011-22/+20
| | | | | | | | | | | | | | | | | | | | | | The number of comparisons for a matching a command name can be made smaller by just checking on argv[1]. As an example consider the following 'create' arguments 'hashsize', 'family' and 'timeout'. When having the command create foo hash:ip timeout 60 family inet hashsize 64 it compares without this patch: strcmp("timeout", "hashsize") strcmp("64", "hashsize") strcmp("family", "hashsize") strcmp("inet", "hashsize") strcmp("hashsize", "hashsize") It is worse in practice, as 'create' has more arguments than this. Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
* ipset: avoid the unnecessary argv[] loopHolger Eitzenberger2011-02-011-50/+46
| | | | | | | | After stripping off the global options there simply has to follow a command name, there is no other syntax possible. Therefore the argv[] loop is unnecessary. Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
* ipset: pass ipset_arg argument pointerHolger Eitzenberger2011-02-011-8/+2
| | | | Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
* Fix the spelling error fix :-)Jozsef Kadlecsik2011-01-261-1/+1
| | | | Spelling error fixed (Ferenc Wagner)
* Correct the error codes: use ENOENT and EMSGSIZEJozsef Kadlecsik2011-01-261-1/+3
| | | | Use correct error codes (Patrick McHardy's review)
* ipset: fix spelling errorHolger Eitzenberger2011-01-251-2/+2
| | | | | Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Do session initialization onceHolger Eitzenberger2011-01-181-8/+6
| | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Show correct line numbers in restore output for parser errorsJozsef Kadlecsik2011-01-181-0/+3
| | | | | | | | | | | | | | | | | Parser errors are reported by a wrong lineno at restore, bug reported by Holger Eitzenberger: create foo6 hash:ip hashsize 64 family inet6 add foo6 20a1:1234:5678::/64 add foo6 20a1:1234:5679::/64 you get: ipset v5.2: Error in line 1: Syntax error: plain IP address must be supplied: 20a1:1234:5678::/64 Should be line 2 though. The solution is to set the session lineno before parsing.
* Should have gone to sleep: fix check_allowed. Really.Jozsef Kadlecsik2010-12-191-11/+11
| | | | | | | It's not as nice as I'd like to be: IPSET_CREATE_FLAGS and IPSET_ADT_FLAGS are required elsewhere, but to make life simpler, some flags (like IPSET_OPT_TYPENAME) are *not* added to the types full[] flags. So those must be excluded here.
* The fix of incorrect comparison in check_allowed completed.Jozsef Kadlecsik2010-12-181-22/+25
| | | | | There was still some other incorrect usage of 'enum ipset_cmd' and 'enum ipset_adt' - corrected.
* Fix incorrect comparison in check_allowedJozsef Kadlecsik2010-12-181-1/+1
| | | | Wrong enum type was used in the comparison, reported by Jan Engelhardt.
* Match command prefixesJozsef Kadlecsik2010-12-171-1/+1
| | | | | Match not only the first letter or the full command name, but an arbitrary prefix too.
* Updated manpage to reflect wider input possibilities in the ipset tool.Jozsef Kadlecsik2010-12-171-41/+45
|
* Updated help texts for the hash:ip and list:set types.Jozsef Kadlecsik2010-12-172-6/+7
|
* Support adding/deleting multiple entries, userspace part.Jozsef Kadlecsik2010-12-174-7/+34
| | | | | | Support adding/deleting multiple entries in the userspace part of the hash:ip,port, hash:ip,port,ip, hash:ip,port,net and hash:net,port types.
* Missing spaces in error strings fixed.Jozsef Kadlecsik2010-12-171-4/+4
|
* Use the 'full' flags of the types and check not allowed flags.Jozsef Kadlecsik2010-12-172-14/+113
|
* Manpage cleanups, so it's more clear and straightforward.Jozsef Kadlecsik2010-12-151-20/+20
|
* Document which elements cannot be stored in the different hash types.Jozsef Kadlecsik2010-12-141-4/+13
| | | | And enforce from kernel side as well...
* Fixing dangling empty line produced backward-incompatible exit codes, fixed.Jozsef Kadlecsik2010-12-131-2/+2
|
* Fix dangling empty line at error/warning messages emitted by ipset.Jozsef Kadlecsik2010-12-101-3/+4
|
* Manpage and help text fixes.v5.0-pre10Jozsef Kadlecsik2010-11-022-38/+110
| | | | | | | The manpage is updated to reflect the recent modifications and the addition of the hash:net,port type. The help text of hash:ip is updated: adding/deleting multiple entries are supported for IPv4 only.
* Enforce handling IPv4 and IPv6 differently for hash:ip type.Jozsef Kadlecsik2010-10-301-1/+1
| | | | | Use the newly added parser function ipset_parse_ip4_single6 instead of the generic ipset_parse_ip.