Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | netfilter: Remove unnecessary OOM logging messages | Joe Perches | 2011-08-31 | 1 | -3/+1 |
| | | | | | | | | | | | Removing unnecessary messages saves code and text. Site specific OOM messages are duplications of a generic MM out of memory message and aren't really useful, so just delete them. Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | ||||
* | Dumping error triggered removing references twice and lead to kernel BUG | Jozsef Kadlecsik | 2011-08-31 | 1 | -0/+1 |
| | | | | | | | | If there was a dumping error in the middle, the set-specific variable was not zeroed out and thus the 'done' function of the dumping wrongly tried to release the already released reference of the set. The already released reference was caught by __ip_set_put and triggered a kernel BUG message. The issue was reported by Jean-Philippe Menil. | ||||
* | Autoload set type modules safely | Jozsef Kadlecsik | 2011-08-29 | 1 | -10/+26 |
| | | | | | | Jan Engelhardt noticed when userspace requests a set type unknown to the kernel, it can lead to a loop due to the unsafe type module loading. The issue is fixed in this patch. | ||||
* | ipset 6.8 releasedv6.8 | Jozsef Kadlecsik | 2011-07-11 | 3 | -1/+12 |
| | |||||
* | Update the manpage and document the limits in hash:net,iface. | Jozsef Kadlecsik | 2011-07-11 | 1 | -1/+5 |
| | |||||
* | Fix compiler warnings "'hash_ip4_data_next' declared inline after being called" | Chris Friesen | 2011-07-09 | 1 | -1/+1 |
| | | | | | | | | Some gcc versions warn about prototypes without "inline" when the declaration includes the "inline" keyword. The fix generates a false error message "marked inline, but without a definition" with sparse below 0.4.2. Signed-off-by: Chris Friesen <chris.friesen@genband.com> | ||||
* | hash:net,iface fixed to handle overlapping nets behind different interfaces | Jozsef Kadlecsik | 2011-07-08 | 10 | -51/+198 |
| | | | | | | | | | | | | | | | | | | If overlapping networks with different interfaces was added to the set, the type did not handle it properly. Example ipset create test hash:net,iface ipset add test 192.168.0.0/16,eth0 ipset add test 192.168.0.0/24,eth1 Now, if a packet was sent from 192.168.0.0/24,eth0, the type returned a match. In the patch the algorithm is fixed in order to correctly handle overlapping networks. Limitation: the same network cannot be stored with more than 64 different interfaces in a single set. | ||||
* | Make possible to hash some part of the data element only. | Jozsef Kadlecsik | 2011-06-14 | 1 | -4/+10 |
| | |||||
* | README file corrections from Richard Lucassen | Jozsef Kadlecsik | 2011-06-08 | 1 | -3/+4 |
| | |||||
* | ipset 6.7 releasedv6.7 | Jozsef Kadlecsik | 2011-05-31 | 3 | -1/+20 |
| | |||||
* | Whitespace and coding fixes detected by checkpatch.pl | Jozsef Kadlecsik | 2011-05-31 | 49 | -675/+773 |
| | |||||
* | hash:net,iface type introduced | Jozsef Kadlecsik | 2011-05-30 | 21 | -6/+1157 |
| | | | | | | | | | | The hash:net,iface type makes possible to store network address and interface name pairs in a set. It's mostly suitable for egress and ingress filtering. Examples: # ipset create test hash:net,iface # ipset add test 192.168.0.0/16,eth0 # ipset add test 192.168.0.0/24,eth1 | ||||
* | hash:* tests may seem to fail due to the too wide grep pattern, fix them | Jozsef Kadlecsik | 2011-05-30 | 5 | -7/+7 |
| | |||||
* | Use the stored first cidr value instead of '1' | Jozsef Kadlecsik | 2011-05-28 | 3 | -8/+16 |
| | |||||
* | Fix return code for destroy when sets are in use | Jozsef Kadlecsik | 2011-05-28 | 1 | -1/+1 |
| | |||||
* | Add xt_action_param to the variant level kadt functions, ipset API change | Jozsef Kadlecsik | 2011-05-27 | 14 | -16/+43 |
| | | | | | | With the change the sets can use any parameter available for the match and target extensions, like input/output interface. It's required for the hash:net,iface set type. | ||||
* | Remove iptree tests and compatibility element parsing | Jozsef Kadlecsik | 2011-05-27 | 2 | -2/+1 |
| | |||||
* | hash:net test may seem to fail due to the too wide grep pattern, fix it | Jozsef Kadlecsik | 2011-05-27 | 1 | -1/+1 |
| | |||||
* | Fix long time uncovered bug at adding string attributes to the netlink message | Jozsef Kadlecsik | 2011-05-27 | 1 | -0/+3 |
| | | | | | Use the real string length instead of the maximum one when adding the attribute. | ||||
* | Fix warnings reported by valgrind | Jozsef Kadlecsik | 2011-05-25 | 2 | -2/+8 |
| | |||||
* | Remove supporting set types iptree and iptreemap | Jozsef Kadlecsik | 2011-05-24 | 1 | -1/+1 |
| | |||||
* | Drop supporting kernel versions below 2.6.35 | Jozsef Kadlecsik | 2011-05-24 | 1 | -83/+14 |
| | |||||
* | ipset 6.6 releasedv6.6 | Jozsef Kadlecsik | 2011-05-24 | 3 | -1/+21 |
| | |||||
* | Restore with bitmap:port and list:set types did not work, fixed | Jozsef Kadlecsik | 2011-05-24 | 5 | -2/+1075 |
| | |||||
* | Accept "\r\n" terminated COMMIT command in restore files | Jozsef Kadlecsik | 2011-05-24 | 1 | -1/+1 |
| | |||||
* | Fix the message sequence number book-keeping | Jozsef Kadlecsik | 2011-05-24 | 1 | -1/+1 |
| | | | | | | The internal messages mix with the public messages and that confused the sequence number book-keeping. Move setting/updating into ipset_mnl_query. | ||||
* | Protocol-level debugging support added | Jozsef Kadlecsik | 2011-05-24 | 4 | -6/+288 |
| | |||||
* | hash:net stress test in range notation added | Jozsef Kadlecsik | 2011-05-23 | 2 | -0/+15 |
| | |||||
* | Use unified from/to address masking and check the usage | Jozsef Kadlecsik | 2011-05-23 | 10 | -19/+17 |
| | |||||
* | ipset_mnl_query: in debug mode print the errno returned by the cb function | Jozsef Kadlecsik | 2011-05-23 | 1 | -1/+1 |
| | |||||
* | ip_set_flush returned -EPROTO instead of -IPSET_ERR_PROTOCOL, fixed | Jozsef Kadlecsik | 2011-05-23 | 1 | -1/+1 |
| | |||||
* | Take into account cidr value for the from address when creating the set | Jozsef Kadlecsik | 2011-05-22 | 1 | -0/+1 |
| | | | | | | When creating a set from a range expressed as a network like 10.1.1.172/29, the from address was taken as the IP address part and not masked with the netmask from the cidr. | ||||
* | Adding ranges to hash types with timeout could still fail, fixed | Jozsef Kadlecsik | 2011-05-21 | 1 | -1/+1 |
| | | | | | | The patch "Fix adding ranges to hash types" had got a mistypeing in the timeout variant of the hash types, which actually made the patch ineffective. Fixed! | ||||
* | Accept "\r\n" terminated lines in restore files | Jozsef Kadlecsik | 2011-05-21 | 1 | -2/+2 |
| | |||||
* | Removed old, not used hashing method ip_set_chash | Jozsef Kadlecsik | 2011-05-20 | 2 | -1253/+0 |
| | |||||
* | Remove variable 'ret' in type_pf_tdel(), which is set but not used | Jozsef Kadlecsik | 2011-05-20 | 1 | -2/+2 |
| | |||||
* | Use proper timeout parameter to jiffies conversion | Jozsef Kadlecsik | 2011-05-20 | 1 | -8/+10 |
| | |||||
* | Remove outdated checking of IPv6 support from configure.ac | Jozsef Kadlecsik | 2011-05-17 | 1 | -5/+0 |
| | | | | | | ipset can be compiled without IPv6 support since 6.0, however the outdated checking in configure.ac made it not possible. (reported by Denys Fedoryshchenko) | ||||
* | ipset 6.5 releasedv6.5 | Jozsef Kadlecsik | 2011-05-15 | 3 | -1/+13 |
| | |||||
* | Support range for IPv4 at adding/deleting elements for hash:*net* types | Jozsef Kadlecsik | 2011-05-15 | 27 | -96/+562 |
| | | | | | | | | | | | | | | | | | | | The range internally is converted to the network(s) equal to the range. Example: # ipset new test hash:net # ipset add test 10.2.0.0-10.2.1.12 # ipset list test Name: test Type: hash:net Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16888 References: 0 Members: 10.2.1.12 10.2.1.0/29 10.2.0.0/24 10.2.1.8/30 | ||||
* | Disable type revisions which are not supported both by the kernel and ipset | Jozsef Kadlecsik | 2011-05-13 | 1 | -0/+13 |
| | |||||
* | Update ipset help text to reflect SCTP and UDPLITE support | Jozsef Kadlecsik | 2011-05-12 | 1 | -3/+3 |
| | |||||
* | Set type support with multiple revisions added | Jozsef Kadlecsik | 2011-05-11 | 12 | -32/+49 |
| | | | | | A set type may have multiple revisions, for example when syntax is extended. Support continuous revision ranges in set types. | ||||
* | Fix adding ranges to hash types | Jozsef Kadlecsik | 2011-05-06 | 22 | -34/+229 |
| | | | | | | When ranges are added to hash types, the elements may trigger rehashing the set. However, the last successfully added element was not kept track so the adding started again with the first element after the rehashing. Bug reported by Mr Dash Four. | ||||
* | Ignore -n flag (list just setnames) when sets are to be saved | Jozsef Kadlecsik | 2011-05-06 | 1 | -1/+2 |
| | |||||
* | ipset 6.4 releasedv6.4 | Jozsef Kadlecsik | 2011-04-19 | 3 | -1/+13 |
| | |||||
* | Get rid of the trailing empty line at listing sets. | Jozsef Kadlecsik | 2011-04-19 | 67 | -77/+22 |
| | | | | | | | Also, remove the empty "members" section when listing just the set headers. Testsuite is updated to reflect the changes in the output. | ||||
* | Fix XML listing, remove broken unused "elements" tag | Jozsef Kadlecsik | 2011-04-18 | 1 | -1/+1 |
| | |||||
* | Support listing setnames and headers too | Jozsef Kadlecsik | 2011-04-18 | 7 | -33/+118 |
| | | | | | | Current listing makes possible to list sets with full content only. The patch adds support partial listings, i.e. listing just the existing setnames or listing set headers, without set members. | ||||
* | Fix order of listing of sets | Jozsef Kadlecsik | 2011-04-18 | 4 | -8/+51 |
| | | | | | | | | A restoreable saving of sets requires that list:set type of sets come last and the code part which should have taken into account the ordering was broken. The patch fixes the listing order. Testsuite entry added which checks the listing order. |