diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-02-03 13:40:23 +0100 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-02-03 13:40:23 +0100 |
commit | d6ee5bb4e5346b84efa33858091ba4add2b26de2 (patch) | |
tree | 33393efd16497674fdb5786dd71d502a7f0af4e6 | |
parent | 8d3ea3476cec69b31423e34bc5b7576198c37668 (diff) |
ipset 6.0 releasedv6.0
-rw-r--r-- | ChangeLog | 17 | ||||
-rw-r--r-- | README | 18 | ||||
-rw-r--r-- | UPGRADE | 10 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | kernel/ChangeLog | 26 |
5 files changed, 59 insertions, 14 deletions
@@ -1,3 +1,20 @@ +6.0 + - Print protocol version together with ipset version + - Testsuite compatibility with debugging enabled + - Allow "new" as a commad alias to "create" + - ipset: improve command argument parsing (Holger Eitzenberger) + - ipset: avoid the unnecessary argv[] loop (Holger Eitzenberger) + - ipset: pass ipset_arg argument pointer (Holger Eitzenberger) + - Separate ipset errnos completely from system ones and bump protocol + version + - Fix the spelling error fix :-) (Ferenc Wagner) + - Resolving IP addresses did not work at listing/saving sets, fixed + - ipset: fix spelling error (Holger Eitzenberger) + - ipset: fix the Netlink sequence number (Holger Eitzenberger) + - ipset: turn Set name[] into a const pointer (Holger Eitzenberger) + - Check ICMP and ICMPv6 with the set match and target in the testsuite + - Avoid possible syntax clashing at saving hostnames + 5.3 - Set the non-debug compiling the default - Testsuite fix of ospf replaced with vrrp. @@ -61,16 +61,18 @@ ipset and its match and target from iptables. Compatibilities and incompatibilities: -- The ipset 5.x userspace utility contains a backward compatibility +- The ipset 6.x userspace utility contains a backward compatibility interface to support the commandline syntax of ipset 4.x. -- The ipset 5.x userspace utility can't talk to the kernel part of ipset 4.x. -- The ipset 5.x kernel part can't talk to the userspace utility from - ipset 4.x. -- The ipset 5.x kernel part can work together with the set match and SET + The commandline syntax of ipset 6.x is fully compatible with 5.x. +- The ipset 6.x userspace utility can't talk to the kernel part of ipset 5.x + or 4.x. +- The ipset 6.x kernel part can't talk to the userspace utility from + ipset 5.x or 4.x. +- The ipset 6.x kernel part can work together with the set match and SET target from iptables 1.4.7 and below, however if you need the IPv6 support - from ipset 5.x, then you have to use iptables 1.4.8 or above. + from ipset 6.x, then you have to use iptables 1.4.8 or above. -The ipset 5.x can interpret the commandline syntax of ipset 4.x, however +The ipset 6.x can interpret the commandline syntax of ipset 4.x, however some internal changes mean different behaviour: - The "--matchunset" flag for the macipmap type is ignored and not used @@ -82,5 +84,5 @@ some internal changes mean different behaviour: - The hash types are not resized when new entries are added by the SET target. If you use a set together with the SET target, create it with the proper size because it won't be resized automatically. -- The iptree, iptreemap types are not implemented in ipset 5.x. The types +- The iptree, iptreemap types are not implemented in ipset 6.x. The types are automatically substituted with the hash:ip type. @@ -1,19 +1,19 @@ -ipset 5.x upgrade notices +ipset 6.x, 5.x upgrade notices -- From ipset 5.0-5.3 to 5.4: +- From ipset 5.0-5.3 to 5.4 or above: Due to the source code reorganization, some macros were moved to the netlink.patch. Therefore when upgrading, you have two choices: a. force the application of the new netlink.patch - kernel-source-dir # patch -p1 -f < ipset-5.4-dir/netlink.patch + kernel-source-dir # patch -p1 -f < ipset-curr-dir/netlink.patch b. remove the earlier netlink.patch and apply the new one: kernel-source-dir # patch -p1 -R < ipset-before-5.4-dir/netlink.patch - kernel-source-dir # patch -p1 < ipset-5.4-dir/netlink.patch + kernel-source-dir # patch -p1 < ipset-curr-dir/netlink.patch You do not need to recompile your kernel. - Of course the kernel modules in ipset-5.4 must be compiled and installed. + Of course the kernel modules in ipset must be compiled and installed. diff --git a/configure.ac b/configure.ac index 6273c79..fe31a22 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ dnl Boilerplate -AC_INIT([ipset], [5.4.1], [kadlec@blackhole.kfki.hu]) +AC_INIT([ipset], [6.0], [kadlec@blackhole.kfki.hu]) AC_CANONICAL_HOST AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADER([config.h]) diff --git a/kernel/ChangeLog b/kernel/ChangeLog index 8a5b307..086fe43 100644 --- a/kernel/ChangeLog +++ b/kernel/ChangeLog @@ -1,3 +1,29 @@ +6.0 + - Reorganized kernel/ subdir + - netfilter: ipset: fix linking with CONFIG_IPV6=n (Patrick McHardy) + - netfilter: ipset: send error message manually + - netfilter: ipset: add missing break statemtns in + ip_set_get_ip_port() (Patrick McHardy) + - netfilter: ipset: add missing include to xt_set.h (Patrick McHardy) + - netfilter: ipset: remove unnecessary includes (Patrick McHardy) + - netfilter: ipset: use nla_parse_nested() (Patrick McHardy) + - Separate ipset errnos completely from system ones and bump protocol + version + - Use better error codes in xt_set.c + - Fix sparse warning about shadowed definition + - bitmap:ip type: flavour specific adt functions (Patrick McHardy's review) + - bitmap:port type: flavour specific adt functions (Patrick McHardy's + review) + - Move the type specifici attribute validation to the core + (suggested by Patrick McHardy) + - Use vzalloc() instead of __vmalloc() (Eric Dumazet, Patrick McHardy) + - Use meaningful error messages in xt_set.c (Patrick McHardy's review) + - Constified attribute cannot be written (Patrick McHardy's review) + - Send (N)ACK at dumping only when NLM_F_ACK is set + (Patrick McHardy's review) + - Correct the error codes: use ENOENT and EMSGSIZE (Patrick McHardy's + review) + 5.4 - Fixed broken ICMP and ICMPv6 handling - Fix trailing whitespaces and pr_* messages |