summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* netfilter: Remove unnecessary OOM logging messagesJoe Perches2011-08-311-3/+1
| | | | | | | | | | | Removing unnecessary messages saves code and text. Site specific OOM messages are duplications of a generic MM out of memory message and aren't really useful, so just delete them. Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Dumping error triggered removing references twice and lead to kernel BUGJozsef Kadlecsik2011-08-311-0/+1
| | | | | | | | If there was a dumping error in the middle, the set-specific variable was not zeroed out and thus the 'done' function of the dumping wrongly tried to release the already released reference of the set. The already released reference was caught by __ip_set_put and triggered a kernel BUG message. The issue was reported by Jean-Philippe Menil.
* Autoload set type modules safelyJozsef Kadlecsik2011-08-291-10/+26
| | | | | | Jan Engelhardt noticed when userspace requests a set type unknown to the kernel, it can lead to a loop due to the unsafe type module loading. The issue is fixed in this patch.
* ipset 6.8 releasedv6.8Jozsef Kadlecsik2011-07-113-1/+12
|
* Update the manpage and document the limits in hash:net,iface.Jozsef Kadlecsik2011-07-111-1/+5
|
* Fix compiler warnings "'hash_ip4_data_next' declared inline after being called"Chris Friesen2011-07-091-1/+1
| | | | | | | | Some gcc versions warn about prototypes without "inline" when the declaration includes the "inline" keyword. The fix generates a false error message "marked inline, but without a definition" with sparse below 0.4.2. Signed-off-by: Chris Friesen <chris.friesen@genband.com>
* hash:net,iface fixed to handle overlapping nets behind different interfacesJozsef Kadlecsik2011-07-0810-51/+198
| | | | | | | | | | | | | | | | | | If overlapping networks with different interfaces was added to the set, the type did not handle it properly. Example ipset create test hash:net,iface ipset add test 192.168.0.0/16,eth0 ipset add test 192.168.0.0/24,eth1 Now, if a packet was sent from 192.168.0.0/24,eth0, the type returned a match. In the patch the algorithm is fixed in order to correctly handle overlapping networks. Limitation: the same network cannot be stored with more than 64 different interfaces in a single set.
* Make possible to hash some part of the data element only.Jozsef Kadlecsik2011-06-141-4/+10
|
* README file corrections from Richard LucassenJozsef Kadlecsik2011-06-081-3/+4
|
* ipset 6.7 releasedv6.7Jozsef Kadlecsik2011-05-313-1/+20
|
* Whitespace and coding fixes detected by checkpatch.plJozsef Kadlecsik2011-05-3149-675/+773
|
* hash:net,iface type introducedJozsef Kadlecsik2011-05-3021-6/+1157
| | | | | | | | | | The hash:net,iface type makes possible to store network address and interface name pairs in a set. It's mostly suitable for egress and ingress filtering. Examples: # ipset create test hash:net,iface # ipset add test 192.168.0.0/16,eth0 # ipset add test 192.168.0.0/24,eth1
* hash:* tests may seem to fail due to the too wide grep pattern, fix themJozsef Kadlecsik2011-05-305-7/+7
|
* Use the stored first cidr value instead of '1'Jozsef Kadlecsik2011-05-283-8/+16
|
* Fix return code for destroy when sets are in useJozsef Kadlecsik2011-05-281-1/+1
|
* Add xt_action_param to the variant level kadt functions, ipset API changeJozsef Kadlecsik2011-05-2714-16/+43
| | | | | | With the change the sets can use any parameter available for the match and target extensions, like input/output interface. It's required for the hash:net,iface set type.
* Remove iptree tests and compatibility element parsingJozsef Kadlecsik2011-05-272-2/+1
|
* hash:net test may seem to fail due to the too wide grep pattern, fix itJozsef Kadlecsik2011-05-271-1/+1
|
* Fix long time uncovered bug at adding string attributes to the netlink messageJozsef Kadlecsik2011-05-271-0/+3
| | | | | Use the real string length instead of the maximum one when adding the attribute.
* Fix warnings reported by valgrindJozsef Kadlecsik2011-05-252-2/+8
|
* Remove supporting set types iptree and iptreemapJozsef Kadlecsik2011-05-241-1/+1
|
* Drop supporting kernel versions below 2.6.35Jozsef Kadlecsik2011-05-241-83/+14
|
* ipset 6.6 releasedv6.6Jozsef Kadlecsik2011-05-243-1/+21
|
* Restore with bitmap:port and list:set types did not work, fixedJozsef Kadlecsik2011-05-245-2/+1075
|
* Accept "\r\n" terminated COMMIT command in restore filesJozsef Kadlecsik2011-05-241-1/+1
|
* Fix the message sequence number book-keepingJozsef Kadlecsik2011-05-241-1/+1
| | | | | | The internal messages mix with the public messages and that confused the sequence number book-keeping. Move setting/updating into ipset_mnl_query.
* Protocol-level debugging support addedJozsef Kadlecsik2011-05-244-6/+288
|
* hash:net stress test in range notation addedJozsef Kadlecsik2011-05-232-0/+15
|
* Use unified from/to address masking and check the usageJozsef Kadlecsik2011-05-2310-19/+17
|
* ipset_mnl_query: in debug mode print the errno returned by the cb functionJozsef Kadlecsik2011-05-231-1/+1
|
* ip_set_flush returned -EPROTO instead of -IPSET_ERR_PROTOCOL, fixedJozsef Kadlecsik2011-05-231-1/+1
|
* Take into account cidr value for the from address when creating the setJozsef Kadlecsik2011-05-221-0/+1
| | | | | | When creating a set from a range expressed as a network like 10.1.1.172/29, the from address was taken as the IP address part and not masked with the netmask from the cidr.
* Adding ranges to hash types with timeout could still fail, fixedJozsef Kadlecsik2011-05-211-1/+1
| | | | | | The patch "Fix adding ranges to hash types" had got a mistypeing in the timeout variant of the hash types, which actually made the patch ineffective. Fixed!
* Accept "\r\n" terminated lines in restore filesJozsef Kadlecsik2011-05-211-2/+2
|
* Removed old, not used hashing method ip_set_chashJozsef Kadlecsik2011-05-202-1253/+0
|
* Remove variable 'ret' in type_pf_tdel(), which is set but not usedJozsef Kadlecsik2011-05-201-2/+2
|
* Use proper timeout parameter to jiffies conversionJozsef Kadlecsik2011-05-201-8/+10
|
* Remove outdated checking of IPv6 support from configure.acJozsef Kadlecsik2011-05-171-5/+0
| | | | | | ipset can be compiled without IPv6 support since 6.0, however the outdated checking in configure.ac made it not possible. (reported by Denys Fedoryshchenko)
* ipset 6.5 releasedv6.5Jozsef Kadlecsik2011-05-153-1/+13
|
* Support range for IPv4 at adding/deleting elements for hash:*net* typesJozsef Kadlecsik2011-05-1527-96/+562
| | | | | | | | | | | | | | | | | | | The range internally is converted to the network(s) equal to the range. Example: # ipset new test hash:net # ipset add test 10.2.0.0-10.2.1.12 # ipset list test Name: test Type: hash:net Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16888 References: 0 Members: 10.2.1.12 10.2.1.0/29 10.2.0.0/24 10.2.1.8/30
* Disable type revisions which are not supported both by the kernel and ipsetJozsef Kadlecsik2011-05-131-0/+13
|
* Update ipset help text to reflect SCTP and UDPLITE supportJozsef Kadlecsik2011-05-121-3/+3
|
* Set type support with multiple revisions addedJozsef Kadlecsik2011-05-1112-32/+49
| | | | | A set type may have multiple revisions, for example when syntax is extended. Support continuous revision ranges in set types.
* Fix adding ranges to hash typesJozsef Kadlecsik2011-05-0622-34/+229
| | | | | | When ranges are added to hash types, the elements may trigger rehashing the set. However, the last successfully added element was not kept track so the adding started again with the first element after the rehashing. Bug reported by Mr Dash Four.
* Ignore -n flag (list just setnames) when sets are to be savedJozsef Kadlecsik2011-05-061-1/+2
|
* ipset 6.4 releasedv6.4Jozsef Kadlecsik2011-04-193-1/+13
|
* Get rid of the trailing empty line at listing sets.Jozsef Kadlecsik2011-04-1967-77/+22
| | | | | | | Also, remove the empty "members" section when listing just the set headers. Testsuite is updated to reflect the changes in the output.
* Fix XML listing, remove broken unused "elements" tagJozsef Kadlecsik2011-04-181-1/+1
|
* Support listing setnames and headers tooJozsef Kadlecsik2011-04-187-33/+118
| | | | | | Current listing makes possible to list sets with full content only. The patch adds support partial listings, i.e. listing just the existing setnames or listing set headers, without set members.
* Fix order of listing of setsJozsef Kadlecsik2011-04-184-8/+51
| | | | | | | | A restoreable saving of sets requires that list:set type of sets come last and the code part which should have taken into account the ordering was broken. The patch fixes the listing order. Testsuite entry added which checks the listing order.