summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Whitespace and coding fixes detected by checkpatch.plJozsef Kadlecsik2011-05-3149-675/+773
|
* hash:net,iface type introducedJozsef Kadlecsik2011-05-3021-6/+1157
| | | | | | | | | | The hash:net,iface type makes possible to store network address and interface name pairs in a set. It's mostly suitable for egress and ingress filtering. Examples: # ipset create test hash:net,iface # ipset add test 192.168.0.0/16,eth0 # ipset add test 192.168.0.0/24,eth1
* hash:* tests may seem to fail due to the too wide grep pattern, fix themJozsef Kadlecsik2011-05-305-7/+7
|
* Use the stored first cidr value instead of '1'Jozsef Kadlecsik2011-05-283-8/+16
|
* Fix return code for destroy when sets are in useJozsef Kadlecsik2011-05-281-1/+1
|
* Add xt_action_param to the variant level kadt functions, ipset API changeJozsef Kadlecsik2011-05-2714-16/+43
| | | | | | With the change the sets can use any parameter available for the match and target extensions, like input/output interface. It's required for the hash:net,iface set type.
* Remove iptree tests and compatibility element parsingJozsef Kadlecsik2011-05-272-2/+1
|
* hash:net test may seem to fail due to the too wide grep pattern, fix itJozsef Kadlecsik2011-05-271-1/+1
|
* Fix long time uncovered bug at adding string attributes to the netlink messageJozsef Kadlecsik2011-05-271-0/+3
| | | | | Use the real string length instead of the maximum one when adding the attribute.
* Fix warnings reported by valgrindJozsef Kadlecsik2011-05-252-2/+8
|
* Remove supporting set types iptree and iptreemapJozsef Kadlecsik2011-05-241-1/+1
|
* Drop supporting kernel versions below 2.6.35Jozsef Kadlecsik2011-05-241-83/+14
|
* ipset 6.6 releasedv6.6Jozsef Kadlecsik2011-05-243-1/+21
|
* Restore with bitmap:port and list:set types did not work, fixedJozsef Kadlecsik2011-05-245-2/+1075
|
* Accept "\r\n" terminated COMMIT command in restore filesJozsef Kadlecsik2011-05-241-1/+1
|
* Fix the message sequence number book-keepingJozsef Kadlecsik2011-05-241-1/+1
| | | | | | The internal messages mix with the public messages and that confused the sequence number book-keeping. Move setting/updating into ipset_mnl_query.
* Protocol-level debugging support addedJozsef Kadlecsik2011-05-244-6/+288
|
* hash:net stress test in range notation addedJozsef Kadlecsik2011-05-232-0/+15
|
* Use unified from/to address masking and check the usageJozsef Kadlecsik2011-05-2310-19/+17
|
* ipset_mnl_query: in debug mode print the errno returned by the cb functionJozsef Kadlecsik2011-05-231-1/+1
|
* ip_set_flush returned -EPROTO instead of -IPSET_ERR_PROTOCOL, fixedJozsef Kadlecsik2011-05-231-1/+1
|
* Take into account cidr value for the from address when creating the setJozsef Kadlecsik2011-05-221-0/+1
| | | | | | When creating a set from a range expressed as a network like 10.1.1.172/29, the from address was taken as the IP address part and not masked with the netmask from the cidr.
* Adding ranges to hash types with timeout could still fail, fixedJozsef Kadlecsik2011-05-211-1/+1
| | | | | | The patch "Fix adding ranges to hash types" had got a mistypeing in the timeout variant of the hash types, which actually made the patch ineffective. Fixed!
* Accept "\r\n" terminated lines in restore filesJozsef Kadlecsik2011-05-211-2/+2
|
* Removed old, not used hashing method ip_set_chashJozsef Kadlecsik2011-05-202-1253/+0
|
* Remove variable 'ret' in type_pf_tdel(), which is set but not usedJozsef Kadlecsik2011-05-201-2/+2
|
* Use proper timeout parameter to jiffies conversionJozsef Kadlecsik2011-05-201-8/+10
|
* Remove outdated checking of IPv6 support from configure.acJozsef Kadlecsik2011-05-171-5/+0
| | | | | | ipset can be compiled without IPv6 support since 6.0, however the outdated checking in configure.ac made it not possible. (reported by Denys Fedoryshchenko)
* ipset 6.5 releasedv6.5Jozsef Kadlecsik2011-05-153-1/+13
|
* Support range for IPv4 at adding/deleting elements for hash:*net* typesJozsef Kadlecsik2011-05-1527-96/+562
| | | | | | | | | | | | | | | | | | | The range internally is converted to the network(s) equal to the range. Example: # ipset new test hash:net # ipset add test 10.2.0.0-10.2.1.12 # ipset list test Name: test Type: hash:net Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16888 References: 0 Members: 10.2.1.12 10.2.1.0/29 10.2.0.0/24 10.2.1.8/30
* Disable type revisions which are not supported both by the kernel and ipsetJozsef Kadlecsik2011-05-131-0/+13
|
* Update ipset help text to reflect SCTP and UDPLITE supportJozsef Kadlecsik2011-05-121-3/+3
|
* Set type support with multiple revisions addedJozsef Kadlecsik2011-05-1112-32/+49
| | | | | A set type may have multiple revisions, for example when syntax is extended. Support continuous revision ranges in set types.
* Fix adding ranges to hash typesJozsef Kadlecsik2011-05-0622-34/+229
| | | | | | When ranges are added to hash types, the elements may trigger rehashing the set. However, the last successfully added element was not kept track so the adding started again with the first element after the rehashing. Bug reported by Mr Dash Four.
* Ignore -n flag (list just setnames) when sets are to be savedJozsef Kadlecsik2011-05-061-1/+2
|
* ipset 6.4 releasedv6.4Jozsef Kadlecsik2011-04-193-1/+13
|
* Get rid of the trailing empty line at listing sets.Jozsef Kadlecsik2011-04-1967-77/+22
| | | | | | | Also, remove the empty "members" section when listing just the set headers. Testsuite is updated to reflect the changes in the output.
* Fix XML listing, remove broken unused "elements" tagJozsef Kadlecsik2011-04-181-1/+1
|
* Support listing setnames and headers tooJozsef Kadlecsik2011-04-187-33/+118
| | | | | | Current listing makes possible to list sets with full content only. The patch adds support partial listings, i.e. listing just the existing setnames or listing set headers, without set members.
* Fix order of listing of setsJozsef Kadlecsik2011-04-184-8/+51
| | | | | | | | A restoreable saving of sets requires that list:set type of sets come last and the code part which should have taken into account the ordering was broken. The patch fixes the listing order. Testsuite entry added which checks the listing order.
* Options and flags support added to the kernel APIJozsef Kadlecsik2011-04-1818-138/+241
| | | | | | The support makes possible to specify the timeout value for the SET target and a flag to reset the timeout for already existing entries.
* Sorting is dependent on the locale settings, use LC_ALL=CJozsef Kadlecsik2011-04-116-8/+12
|
* Use unified diff output in testsJozsef Kadlecsik2011-04-1124-66/+66
|
* ipset 6.3 releasedv6.3Jozsef Kadlecsik2011-04-103-1/+13
|
* Testsuite checks addedJozsef Kadlecsik2011-04-103-0/+40
| | | | | | - check iptables match/target extensions with invalid number of dir parameters - check SET target with --del-set option
* set match and SET target fixesJozsef Kadlecsik2011-04-091-2/+16
| | | | | | | The SET target with --del-set did not work due to using wrongly the internal dimension of --add-set instead of --del-set. Also, the checkentries did not release the set references when returned an error. Bugs reported by Lennert Buytenhek.
* Whitespace fixes: some space before tab slipped in.Jozsef Kadlecsik2011-04-081-2/+2
|
* bitmap:ip,mac type requires "src" for MACJozsef Kadlecsik2011-04-082-3/+8
| | | | | | | | | Enforce that the second "src/dst" parameter of the set match and SET target must be "src", because we have access to the source MAC only in the packet. The previous behaviour, that the type required the second parameter but actually ignored the value was counter-intuitive and confusing. Manpage is updated to reflect the change.
* Testsuite changes: keep temporary filesJozsef Kadlecsik2011-04-0825-68/+68
| | | | | Keep temporary files in the tests and erase them only after successfully running the testsuite. This makes simpler to analyze failed tests.
* ipset/Kconfig was a mixed up kernel config file, fixed (Michael Tokarev)Jozsef Kadlecsik2011-03-291-1029/+73
|