summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Send (N)ACK at dumping only when NLM_F_ACK is setJozsef Kadlecsik2011-01-262-3/+5
| | | | | Missing check of the flag NLM_F_ACK is added to the kernel - and userspace does set it too (Patrick McHardy's review)
* Correct the error codes: use ENOENT and EMSGSIZEJozsef Kadlecsik2011-01-267-44/+72
| | | | Use correct error codes (Patrick McHardy's review)
* Resolving IP addresses did not work at listing/saving sets, fixed.Jozsef Kadlecsik2011-01-261-2/+2
|
* ipset: fix spelling errorHolger Eitzenberger2011-01-251-2/+2
| | | | | Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* ipset: fix the Netlink sequence numberHolger Eitzenberger2011-01-251-1/+2
| | | | | | | | | | Do not use time() as a Netlink sequence number for each message, as otherwise the same seq number will be used when sending another message in the same second. Instead use time() just for initialization, then increment per message. Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* ipset: turn Set name[] into a const pointerHolger Eitzenberger2011-01-252-9/+10
| | | | | | | | | | | | Also check for the name length. Note that passing errno values back is not done consistently at various place, as there are some functions which set errno manually, others pass -errno back. I use the -errno approach here, as it is slightly shorter. Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Check ICMP and ICMPv6 with the set match and target in the testsuiteJozsef Kadlecsik2011-01-242-0/+44
| | | | "sendip" needs data otherwise ICMP/ICMPv6 gets truncated...
* Avoid possible syntax clashing at saving hostnamesJozsef Kadlecsik2011-01-241-1/+2
| | | | | | If resolving is requested and the resolved hostname contains a dash character, print the unresolved IP address instead in order not to clash with the IP/hostname range syntax.
* ipset 5.4.1 releasedv5.4.1Jozsef Kadlecsik2011-01-221-1/+1
|
* Add UPGRADE instructionsJozsef Kadlecsik2011-01-222-1/+22
|
* ipset 5.4 releasedv5.4Jozsef Kadlecsik2011-01-212-1/+24
|
* Fixed broken ICMP and ICMPv6 handlingJozsef Kadlecsik2011-01-211-6/+7
| | | | | | I mistyped the bitwise operator and the network-order conversion was missing too. Sigh, sendip cannot generate proper packets to check ICMP and ICMPv6 in the testsuite. :-(
* Fix trailing whitespaces and pr_* messagesJozsef Kadlecsik2011-01-2112-69/+67
| | | | | | Some trailing whitespace slipped in, those are removed. With the deleted ip_set_kernel.h, the pr_* messages lost the trailing "\n" character. The messages were completed with it.
* Un-inline functions which are not small enoughJozsef Kadlecsik2011-01-2012-161/+42
|
* Fix module loading at create/header commandsJozsef Kadlecsik2011-01-202-50/+37
| | | | | While holding the nfnl_mutex, module loading is not allowed. Bug spotted by Patrick McHardy in his reviewing.
* Fix wrong kzalloc flag in type_pf_expireJozsef Kadlecsik2011-01-201-1/+1
| | | | | The expire functions of the hash types are called while locked, so kzalloc must be called with GFP_ATOMIC.
* The get_ip*_port functions are too large to be inlined, moved into the core.Jozsef Kadlecsik2011-01-208-138/+160
|
* Add missing __GFP_HIGHMEM flag to __vmallocJozsef Kadlecsik2011-01-201-1/+2
| | | | | We may call ip_set_alloc with GFP_ATOMIC, so we cannot replace __vmalloc with vzalloc. Missing flag was noticed by Eric Dumazet.
* Enforce network-order data in the netlink protocolJozsef Kadlecsik2011-01-2012-86/+214
| | | | | | Allow only network-order data, with NLA_F_NET_BYTEORDER flag. Sanity checks also added to prevent processing broken messages where mandatory attributes are missing. (Patrick McHardy's review)
* Use annotated types and fix sparse warningsJozsef Kadlecsik2011-01-2015-123/+114
| | | | | | Annotated types are introduced and sparse warnings fixed. Two warnings remained in ip_set_core.c but those are false ones. (Patrick McHardy's review)
* Move ip_set_alloc, ip_set_free and ip_set_get_ipaddr* into coreJozsef Kadlecsik2011-01-202-77/+88
| | | | | | The functions are too large to be inlined, so move them into the core. Also, fix the unnecessary initializations in ip_set_get_ipaddr*. (Patrick McHardy's review)
* NETMASK*, HOSTMASK* macros are too genericJozsef Kadlecsik2011-01-2010-55/+74
| | | | | NETMASK*, HOSTMASK* macros are rewritten to small inline functions ip_set_netmask* and ip_set_hostmask* (Patrick McHardy's review)
* Use static LIST_HEAD() for ip_set_type_listJozsef Kadlecsik2011-01-201-3/+1
| | | | | Avoid the need for explicit initialization during runtime (Patrick McHardy's review)
* Move NLA_PUT_NET* macros to include/net/netlink.hJozsef Kadlecsik2011-01-202-7/+33
| | | | These macros can be useful in general (Patrick McHardy's review)
* The module parameter max_sets should be unsigned intJozsef Kadlecsik2011-01-201-1/+1
| | | | Negative set numbers are strange :-) (Patrick McHardy's review)
* Get rid of ip_set_kernel.hJozsef Kadlecsik2011-01-2012-26/+0
| | | | | The header file was useful at deep debugging only, we can get rid of now. (Patrick McHardy's review)
* Fix the placement style of boolean operators at continued linesJozsef Kadlecsik2011-01-2014-219/+219
| | | | Fix "&&" and "||" continuation style (Patrick McHardy's review)
* ipset 5.3 releasedv5.3Jozsef Kadlecsik2011-01-183-1/+22
|
* Set the non-debug compiling the defaultJozsef Kadlecsik2011-01-182-4/+10
| | | | | Compiling with debugging can be enabled with the "--enable-debug" option of the configure script.
* Testsuite fix of ospf replaced with vrrp.Jozsef Kadlecsik2011-01-181-1/+1
| | | | | The testsuite failed incorrectly, because the order of the elements changed.
* Fix build with NDEBUG definedJozsef Kadlecsik2011-01-183-8/+19
| | | | | | | | | | | | | | | | The usage of the gcc option -Wunused-parameter interferes badly with the assert() macros. In case -DNDEBUG is specified build fails with: cc1: warnings being treated as errors print.c: In function 'ipset_print_family': print.c:92: error: unused parameter 'opt' print.c: In function 'ipset_print_port': print.c:413: error: unused parameter 'opt' print.c: In function 'ipset_print_proto': Fix it by taking into accout NDEBUG in the function arguments. Bug reported by Holger Eitzenberger.
* Do session initialization onceHolger Eitzenberger2011-01-181-8/+6
| | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Make IPv4 and IPv6 address handling similarJozsef Kadlecsik2011-01-181-1/+10
| | | | | | | | | | | | | | | | While the following works for AF_INET: ipset add foo 192.168.1.1/32 this does not work for AF_INET6: ipset add foo6 20a1:1:2:3:4:5:6:7/128 ipset v5.2: Syntax error: plain IP address must be supplied: 20a1:1:2:3:4:5:6:7/128 Bug reported by Holger Eitzenberger. The complete fix is to handle the special host prefixes in the general IP address parser function.
* Show correct line numbers in restore output for parser errorsJozsef Kadlecsik2011-01-183-0/+17
| | | | | | | | | | | | | | | | | Parser errors are reported by a wrong lineno at restore, bug reported by Holger Eitzenberger: create foo6 hash:ip hashsize 64 family inet6 add foo6 20a1:1234:5678::/64 add foo6 20a1:1234:5679::/64 you get: ipset v5.2: Error in line 1: Syntax error: plain IP address must be supplied: 20a1:1234:5678::/64 Should be line 2 though. The solution is to set the session lineno before parsing.
* There is no need to call synchronize_net() at swapping.Jozsef Kadlecsik2011-01-141-4/+0
| | | | | | Ongoing add/del can happen to referenced sets and delete can be issued to unreferenced sets. So the bogus call to synchronize_net() can safely be removed.
* Replace strncpy with strlcpy at creating a set.Jozsef Kadlecsik2011-01-141-1/+1
| | | | Better add more safety nets against user input.
* Update copyright date and some style changes.Jozsef Kadlecsik2011-01-1414-16/+16
|
* Use jhash.h accepted in kernel, with backward compatibility.Jozsef Kadlecsik2011-01-139-9/+9
|
* Separate prefixlens from ip_set core.Jozsef Kadlecsik2011-01-1313-297/+314
| | | | | | Separate prefixlens from ip_set core for better readibility and honoring the independence. Also, comment that prefixlens were borrowed from Jan Engelhardt.
* Replace ospf with vrrp in the testsuiteJozsef Kadlecsik2011-01-132-5/+5
| | | | Some systems do not contain ospf in /etc/protocols but ospfigp only.
* Merge branch 'master' of git://dev.medozas.de/ipsetJozsef Kadlecsik2011-01-121-6/+5
|\ | | | | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
| * kernel: remove unused ctnl parameter from call_adJan Engelhardt2011-01-031-6/+5
|/ | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge branch 'master' of git://dev.medozas.de/ipsetJozsef Kadlecsik2011-01-033-902/+2
|\ | | | | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
| * build: remove autogenerated filesJan Engelhardt2010-12-312-900/+0
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: use only AC_CANONICAL_HOSTJan Engelhardt2010-12-311-2/+2
|/ | | | | | | Calculating AC_CANONICAL_TARGET is superfluous, because ipset is not a code generator. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Comment the possible return values of the add/del/test type-functionsJozsef Kadlecsik2010-12-231-2/+8
|
* ipset 5.2 releasedv5.2Jozsef Kadlecsik2010-12-233-1/+11
|
* Handle internal printing errorsJozsef Kadlecsik2010-12-231-10/+25
| | | | Internal printing errors were not reported, handle them by setjmp/longjmp.
* Use cast to void * instead of memcpy as Sparc workaround at sockaddr_XXX.Jozsef Kadlecsik2010-12-231-8/+6
| | | | | | Direct cast results "cast increases required alignment of target type" on Sparc: use indirect cast to void * instead of memcpy, as Jan Engelhardt suggested.
* Listing/saving of large sets could produce broken listing, fixed.Jozsef Kadlecsik2010-12-232-9/+16
| | | | | The wrapper around getnameinfo was not snprintf-compatible and that could cause broken listing/saving for large sets.