summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ipset: turn Set name[] into a const pointerHolger Eitzenberger2011-01-252-9/+10
| | | | | | | | | | | | Also check for the name length. Note that passing errno values back is not done consistently at various place, as there are some functions which set errno manually, others pass -errno back. I use the -errno approach here, as it is slightly shorter. Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Check ICMP and ICMPv6 with the set match and target in the testsuiteJozsef Kadlecsik2011-01-242-0/+44
| | | | "sendip" needs data otherwise ICMP/ICMPv6 gets truncated...
* Avoid possible syntax clashing at saving hostnamesJozsef Kadlecsik2011-01-241-1/+2
| | | | | | If resolving is requested and the resolved hostname contains a dash character, print the unresolved IP address instead in order not to clash with the IP/hostname range syntax.
* ipset 5.4.1 releasedv5.4.1Jozsef Kadlecsik2011-01-221-1/+1
|
* Add UPGRADE instructionsJozsef Kadlecsik2011-01-222-1/+22
|
* ipset 5.4 releasedv5.4Jozsef Kadlecsik2011-01-212-1/+24
|
* Fixed broken ICMP and ICMPv6 handlingJozsef Kadlecsik2011-01-211-6/+7
| | | | | | I mistyped the bitwise operator and the network-order conversion was missing too. Sigh, sendip cannot generate proper packets to check ICMP and ICMPv6 in the testsuite. :-(
* Fix trailing whitespaces and pr_* messagesJozsef Kadlecsik2011-01-2112-69/+67
| | | | | | Some trailing whitespace slipped in, those are removed. With the deleted ip_set_kernel.h, the pr_* messages lost the trailing "\n" character. The messages were completed with it.
* Un-inline functions which are not small enoughJozsef Kadlecsik2011-01-2012-161/+42
|
* Fix module loading at create/header commandsJozsef Kadlecsik2011-01-202-50/+37
| | | | | While holding the nfnl_mutex, module loading is not allowed. Bug spotted by Patrick McHardy in his reviewing.
* Fix wrong kzalloc flag in type_pf_expireJozsef Kadlecsik2011-01-201-1/+1
| | | | | The expire functions of the hash types are called while locked, so kzalloc must be called with GFP_ATOMIC.
* The get_ip*_port functions are too large to be inlined, moved into the core.Jozsef Kadlecsik2011-01-208-138/+160
|
* Add missing __GFP_HIGHMEM flag to __vmallocJozsef Kadlecsik2011-01-201-1/+2
| | | | | We may call ip_set_alloc with GFP_ATOMIC, so we cannot replace __vmalloc with vzalloc. Missing flag was noticed by Eric Dumazet.
* Enforce network-order data in the netlink protocolJozsef Kadlecsik2011-01-2012-86/+214
| | | | | | Allow only network-order data, with NLA_F_NET_BYTEORDER flag. Sanity checks also added to prevent processing broken messages where mandatory attributes are missing. (Patrick McHardy's review)
* Use annotated types and fix sparse warningsJozsef Kadlecsik2011-01-2015-123/+114
| | | | | | Annotated types are introduced and sparse warnings fixed. Two warnings remained in ip_set_core.c but those are false ones. (Patrick McHardy's review)
* Move ip_set_alloc, ip_set_free and ip_set_get_ipaddr* into coreJozsef Kadlecsik2011-01-202-77/+88
| | | | | | The functions are too large to be inlined, so move them into the core. Also, fix the unnecessary initializations in ip_set_get_ipaddr*. (Patrick McHardy's review)
* NETMASK*, HOSTMASK* macros are too genericJozsef Kadlecsik2011-01-2010-55/+74
| | | | | NETMASK*, HOSTMASK* macros are rewritten to small inline functions ip_set_netmask* and ip_set_hostmask* (Patrick McHardy's review)
* Use static LIST_HEAD() for ip_set_type_listJozsef Kadlecsik2011-01-201-3/+1
| | | | | Avoid the need for explicit initialization during runtime (Patrick McHardy's review)
* Move NLA_PUT_NET* macros to include/net/netlink.hJozsef Kadlecsik2011-01-202-7/+33
| | | | These macros can be useful in general (Patrick McHardy's review)
* The module parameter max_sets should be unsigned intJozsef Kadlecsik2011-01-201-1/+1
| | | | Negative set numbers are strange :-) (Patrick McHardy's review)
* Get rid of ip_set_kernel.hJozsef Kadlecsik2011-01-2012-26/+0
| | | | | The header file was useful at deep debugging only, we can get rid of now. (Patrick McHardy's review)
* Fix the placement style of boolean operators at continued linesJozsef Kadlecsik2011-01-2014-219/+219
| | | | Fix "&&" and "||" continuation style (Patrick McHardy's review)
* ipset 5.3 releasedv5.3Jozsef Kadlecsik2011-01-183-1/+22
|
* Set the non-debug compiling the defaultJozsef Kadlecsik2011-01-182-4/+10
| | | | | Compiling with debugging can be enabled with the "--enable-debug" option of the configure script.
* Testsuite fix of ospf replaced with vrrp.Jozsef Kadlecsik2011-01-181-1/+1
| | | | | The testsuite failed incorrectly, because the order of the elements changed.
* Fix build with NDEBUG definedJozsef Kadlecsik2011-01-183-8/+19
| | | | | | | | | | | | | | | | The usage of the gcc option -Wunused-parameter interferes badly with the assert() macros. In case -DNDEBUG is specified build fails with: cc1: warnings being treated as errors print.c: In function 'ipset_print_family': print.c:92: error: unused parameter 'opt' print.c: In function 'ipset_print_port': print.c:413: error: unused parameter 'opt' print.c: In function 'ipset_print_proto': Fix it by taking into accout NDEBUG in the function arguments. Bug reported by Holger Eitzenberger.
* Do session initialization onceHolger Eitzenberger2011-01-181-8/+6
| | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Make IPv4 and IPv6 address handling similarJozsef Kadlecsik2011-01-181-1/+10
| | | | | | | | | | | | | | | | While the following works for AF_INET: ipset add foo 192.168.1.1/32 this does not work for AF_INET6: ipset add foo6 20a1:1:2:3:4:5:6:7/128 ipset v5.2: Syntax error: plain IP address must be supplied: 20a1:1:2:3:4:5:6:7/128 Bug reported by Holger Eitzenberger. The complete fix is to handle the special host prefixes in the general IP address parser function.
* Show correct line numbers in restore output for parser errorsJozsef Kadlecsik2011-01-183-0/+17
| | | | | | | | | | | | | | | | | Parser errors are reported by a wrong lineno at restore, bug reported by Holger Eitzenberger: create foo6 hash:ip hashsize 64 family inet6 add foo6 20a1:1234:5678::/64 add foo6 20a1:1234:5679::/64 you get: ipset v5.2: Error in line 1: Syntax error: plain IP address must be supplied: 20a1:1234:5678::/64 Should be line 2 though. The solution is to set the session lineno before parsing.
* There is no need to call synchronize_net() at swapping.Jozsef Kadlecsik2011-01-141-4/+0
| | | | | | Ongoing add/del can happen to referenced sets and delete can be issued to unreferenced sets. So the bogus call to synchronize_net() can safely be removed.
* Replace strncpy with strlcpy at creating a set.Jozsef Kadlecsik2011-01-141-1/+1
| | | | Better add more safety nets against user input.
* Update copyright date and some style changes.Jozsef Kadlecsik2011-01-1414-16/+16
|
* Use jhash.h accepted in kernel, with backward compatibility.Jozsef Kadlecsik2011-01-139-9/+9
|
* Separate prefixlens from ip_set core.Jozsef Kadlecsik2011-01-1313-297/+314
| | | | | | Separate prefixlens from ip_set core for better readibility and honoring the independence. Also, comment that prefixlens were borrowed from Jan Engelhardt.
* Replace ospf with vrrp in the testsuiteJozsef Kadlecsik2011-01-132-5/+5
| | | | Some systems do not contain ospf in /etc/protocols but ospfigp only.
* Merge branch 'master' of git://dev.medozas.de/ipsetJozsef Kadlecsik2011-01-121-6/+5
|\ | | | | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
| * kernel: remove unused ctnl parameter from call_adJan Engelhardt2011-01-031-6/+5
|/ | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge branch 'master' of git://dev.medozas.de/ipsetJozsef Kadlecsik2011-01-033-902/+2
|\ | | | | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
| * build: remove autogenerated filesJan Engelhardt2010-12-312-900/+0
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: use only AC_CANONICAL_HOSTJan Engelhardt2010-12-311-2/+2
|/ | | | | | | Calculating AC_CANONICAL_TARGET is superfluous, because ipset is not a code generator. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Comment the possible return values of the add/del/test type-functionsJozsef Kadlecsik2010-12-231-2/+8
|
* ipset 5.2 releasedv5.2Jozsef Kadlecsik2010-12-233-1/+11
|
* Handle internal printing errorsJozsef Kadlecsik2010-12-231-10/+25
| | | | Internal printing errors were not reported, handle them by setjmp/longjmp.
* Use cast to void * instead of memcpy as Sparc workaround at sockaddr_XXX.Jozsef Kadlecsik2010-12-231-8/+6
| | | | | | Direct cast results "cast increases required alignment of target type" on Sparc: use indirect cast to void * instead of memcpy, as Jan Engelhardt suggested.
* Listing/saving of large sets could produce broken listing, fixed.Jozsef Kadlecsik2010-12-232-9/+16
| | | | | The wrapper around getnameinfo was not snprintf-compatible and that could cause broken listing/saving for large sets.
* Kernel version check at minimal supported version is mistyped, now fixed.Jozsef Kadlecsik2010-12-221-2/+2
|
* Support libtool < 2.2Jozsef Kadlecsik2010-12-221-1/+1
| | | | LT_INIT is not present before libtool 2.2. Revert to use AC_PROG_LIBTOOL.
* ipset 5.1 releasedv5.1Jozsef Kadlecsik2010-12-223-1/+33
|
* Test cases for IPv6 restore and more complex restore sessions added.Jozsef Kadlecsik2010-12-226-0/+65
|
* Restore mode did not work for IPv6 (reported by Elie Rosenblum)Jozsef Kadlecsik2010-12-222-21/+30
| | | | | | The set cache stored the default family (INET) instead of the set family, therefore restore mode for IPv6 did not work. The set cache fixed and message aggregation reworked.