From 1b8c69e14d97bf5d0e973740c5802fdbf96f756d Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Tue, 13 Jul 2010 14:18:22 +0200 Subject: Compatibility and documentation fixes Makefile fixes: compiler flags README and manpage fixes Compatibility with newer gcc releases (4.4.x) Compatibility with the 2.6.35 kernel tree --- src/ipset.8 | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) (limited to 'src') diff --git a/src/ipset.8 b/src/ipset.8 index c45f39f..c4f6a6b 100644 --- a/src/ipset.8 +++ b/src/ipset.8 @@ -202,8 +202,8 @@ command follows the syntax where the current list of the methods are \fBbitmap\fR, \fBhash\fR, and \fBlist\fR and the possible data types -are \fBip\fR, \fBmac\fR and \fBport\fR. The dimension of the set type -is equal to the number of datat types in its type name. +are \fBip\fR, \fBmac\fR and \fBport\fR. The dimension of a set +is equal to the number of data types in its type name. When adding, deleting or testing entries in a set, the same comma separated data syntax must be used for the entry parameter of the commands, i.e @@ -212,9 +212,9 @@ ipset add foo ipaddr,portnum,ipaddr The \fBbitmap\fR and \fBlist\fR types use a fixed sized storage. The \fBhash\fR types use a hash to store the elements. In order to avoid clashes in the hash, -a limited number of chaining, and if that is exhausted, the doubling of the hash -is performed. The hash size is limited by the maximal number of elements parameter of -the hash. +a limited number of chaining, and if that is exhausted, the doubling of the hash size +is performed. The hash size is indirectly limited by the maximal number of elements +parameter of the hash. All set types support the optional @@ -288,8 +288,8 @@ IPv4 address range or network. The size of the range cannot exceed the limit of maximum 65536 entries. .PP The \fBbitmap:ip,mac\fR type is exceptional in the sense that the MAC part can -be left out when adding/deleting/testing entries in the set. If -we add an entry without the MAC address specified, when the first time the entry is +be left out when adding/deleting/testing entries in the set. If we add an entry +without the MAC address specified, then when the first time the entry is matched by the kernel, it will automatically fill out the missing MAC address with the source MAC address from the packet. If the entry was specified with a timeout value, the timer starts off when the IP and MAC address pair is complete. @@ -315,7 +315,7 @@ and such a set can store up to 65536 ports. .PP \fIADD\-OPTIONS\fR := [ \fBtimeout\fR \fIvalue\fR ] .PP -\fIDEL\-ENTRY\fR := {\fIport\fR | \fIfrom\-port\fR\-\fIto\-port\fR } +\fIDEL\-ENTRY\fR := { \fIport\fR | \fIfrom\-port\fR\-\fIto\-port\fR } .PP \fITEST\-ENTRY\fR := \fIport\fR .PP @@ -335,7 +335,7 @@ ipset test foo 80 The \fBhash:ip\fR set type uses a hash to store IP host addresses (default) or network addresses. .PP -\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR|\fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBnetmask\fP \fIcidr\fP ] [ \fBtimeout\fR \fIvalue\fR ] +\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBnetmask\fP \fIcidr\fP ] [ \fBtimeout\fR \fIvalue\fR ] .PP \fIADD\-ENTRY\fR := \fIipaddr\fR .PP @@ -354,7 +354,7 @@ a range or a network: .PP Optional \fBcreate\fR options: .TP -\fBfamily\fR { \fBinet\fR|\fBinet6\fR } +\fBfamily\fR { \fBinet\fR | \fBinet6\fR } The protocol family of the IP addresses to be stored in the set. The default is \fBinet\fR, i.e IPv4. .TP @@ -383,7 +383,7 @@ ipset test foo 192.168.1.2 .SS hash:net The \fBhash:net\fR set type uses a hash to store different sized IP network addresses. .PP -\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR|\fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] +\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] .PP \fIADD\-ENTRY\fR := \fIipaddr\fR[/\fIcidr\fR] .PP @@ -395,7 +395,7 @@ The \fBhash:net\fR set type uses a hash to store different sized IP network addr .PP Optional \fBcreate\fR options: .TP -\fBfamily\fR { \fBinet\fR|\fBinet6\fR } +\fBfamily\fR { \fBinet\fR | \fBinet6\fR } The protocol family of the IP addresses to be stored in the set. The default is \fBinet\fR, i.e IPv4. .TP @@ -433,7 +433,7 @@ ipset test foo 192.168.0/24 .SS hash:ip,port The \fBhash:ip,port\fR set type uses a hash to store IP address and port number pairs. .PP -\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR|\fBinet6\fR } ] | [ \fBproto\fR \fIvalue\fR ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] +\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBproto\fR \fIvalue\fR ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] .PP \fIADD\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR .PP @@ -445,7 +445,7 @@ The \fBhash:ip,port\fR set type uses a hash to store IP address and port number .PP Optional \fBcreate\fR options: .TP -\fBfamily\fR { \fBinet\fR|\fBinet6\fR } +\fBfamily\fR { \fBinet\fR | \fBinet6\fR } The protocol family of the IP addresses to be stored in the set. The default is \fBinet\fR, i.e IPv4. .TP @@ -484,7 +484,7 @@ ipset test foo 192.168.1.1,80 The \fBhash:ip,port,ip\fR set type uses a hash to store IP address, port number and a second IP address triples. .PP -\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR|\fBinet6\fR } ] | [ \fBproto\fR \fIvalue\fR ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] +\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBproto\fR \fIvalue\fR ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] .PP \fIADD\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIipaddr\fR .PP @@ -496,7 +496,7 @@ and a second IP address triples. .PP Optional \fBcreate\fR options: .TP -\fBfamily\fR { \fBinet\fR|\fBinet6\fR } +\fBfamily\fR { \fBinet\fR | \fBinet6\fR } The protocol family of the IP addresses to be stored in the set. The default is \fBinet\fR, i.e IPv4. .TP @@ -531,7 +531,7 @@ ipset test foo 192.168.1.1,udp:53,10.0.0.1 The \fBhash:ip,port,net\fR set type uses a hash to store IP address, port number and IP network address triples. .PP -\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR|\fBinet6\fR } ] | [ \fBproto\fR \fIvalue\fR ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] +\fICREATE\-OPTIONS\fR := [ \fBfamily\fR { \fBinet\fR | \fBinet6\fR } ] | [ \fBproto\fR \fIvalue\fR ] | [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] .PP \fIADD\-ENTRY\fR := \fIipaddr\fR,[\fIproto\fR:]\fIport\fR,\fIipaddr\fR[/\fIcidr\fR] .PP @@ -543,7 +543,7 @@ and IP network address triples. .PP Optional \fBcreate\fR options: .TP -\fBfamily\fR { \fBinet\fR|\fBinet6\fR } +\fBfamily\fR { \fBinet\fR | \fBinet6\fR } The protocol family of the IP addresses to be stored in the set. The default is \fBinet\fR, i.e IPv4. .TP @@ -595,13 +595,13 @@ set names. .PP \fICREATE\-OPTIONS\fR := [ \fBsize\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] .PP -\fIADD\-ENTRY\fR := \fIsetname\fR [ \fBbefore\fR|\fBafter\fR \fIsetname\fR ] +\fIADD\-ENTRY\fR := \fIsetname\fR [ { \fBbefore\fR | \fBafter\fR } \fIsetname\fR ] .PP \fIADD\-OPTIONS\fR := [ \fBtimeout\fR \fIvalue\fR ] .PP -\fIDEL\-ENTRY\fR := \fIsetname\fR [ \fBbefore\fR|\fBafter\fR \fIsetname\fR ] +\fIDEL\-ENTRY\fR := \fIsetname\fR [ { \fBbefore\fR | \fBafter\fR } \fIsetname\fR ] .PP -\fITEST\-ENTRY\fR := \fIsetname\fR [ \fBbefore\fR|\fBafter\fR \fIsetname\fR ] +\fITEST\-ENTRY\fR := \fIsetname\fR [ { \fBbefore\fR | \fBafter\fR } \fIsetname\fR ] .PP Optional \fBcreate\fR options: .TP @@ -617,16 +617,16 @@ type of set. The match will try to find a matching entry in the sets and the target will try to add an entry to the first set to which it can be added. The number of direction options of the match and target are important: sets which require more parameters than specified are skipped, while sets with equal -or less parameters are checked, elements added. For example if \fIa\fR and +or less parameters are checked, elements added/deleted. For example if \fIa\fR and \fIb\fR are \fBlist:set\fR type of sets then in the command .IP iptables \-m set \-\-match\-set a src,dst \-j SET \-\-add\-set b src,dst .PP the match and target will skip any set in \fIa\fR and \fIb\fR -which stores data triples, but will check all sets with single or double -data storage in \fIa\fR -set and add src to the first single or src,dst to the first double -data storage set in \fIb\fR. +which stores data triples, but will match all sets with single or double +data storage in \fIa\fR set and stop matching at the first successful set, +and add src to the first single or src,dst to the first double data storage set +in \fIb\fR to which the entry can be added. .PP You can imagine a setlist type of set as an ordered union of the set elements. -- cgit v1.2.3