| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
It makes possible to reproduce exactly the same set after a save/restore.
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
|
|
|
|
|
| |
Some new functions was not added to libipset.map at the previous
release, fix it.
|
|
|
|
|
|
|
|
|
|
|
| |
The ipset library is rewritten/extended to support embedding
ipset, so that sets can fully be managed without calling the ipset
binary. The ipset binary relies completely on the new library.
The libipset.3 manpage was written about the library functions
and usage.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
| |
|
|
|
|
|
|
| |
Parsing is attempted both for numbers and service names and
the temporary stored error message triggered to reset the state
parameters about the set. Reported by Yuri D'Elia.
|
|
|
|
|
|
|
|
|
|
|
| |
In order to make it simpler and more straightforward to express
the revisions of the set type, all keywords and their parsing
are separated from the individual set types.
All backward compatibility arguments are recognized and ignored
arguments are supported.
Recognized but ignored arguments will be removed in a later release.
|
|
|
|
|
| |
Instead ot printing "Unknown argument: foo", if foo option is
supported by a newer kernel release, report that.
|
| |
|
|
|
|
|
|
|
| |
This is bad for cross compilation.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
|
|
|
|
|
|
| |
The ipset_parse_uint16() was introduced but no lib version bumped and
no map file updated.
Bump lib version to 9:0:6. (current and age was bumped)
Signed-off-by: Neutron Soutmun <neo.neutron@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
|
| |
With introducing the skbinfo extension, the library/API versions should
have been incremented, which is fixed now.
|
|
|
|
|
|
| |
Patch "add hash:ip,mark data type to ipset" broke the API and
library release versioning with not incrementing "current",
just "age", which is fixed here. Reported by Mathieu Bridon.
|
|
|
|
|
|
|
| |
The userspace side of the forceadd changes.
Signed-off-by: Josh Hunt <johunt@akamai.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce packet mark support with new ip,mark hash set. This includes
userspace and kernelspace code, hash:ip,mark set tests and man page
updates.
The intended use of ip,mark set is similar to the ip:port type, but for
protocols which don't use a predictable port number. Instead of port
number it matches a firewall mark determined by a layer 7 filtering
program like opendpi.
As well as allowing or blocking traffic it will also be used for
accounting packets and bytes sent for each protocol.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
|
|
|
|
| |
Commit v6.20~12 caused libipset to shift from libipset.so.3 to
.so.2. That is the wrong thing to do. Set it back to 3+2, as
intended.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
|
|
|
|
|
| |
This adds support to the userspace portion of ipset for handling ipsets
with the comment extension enabled. The library revision has been raised
accordingly.
Signed-off-by: Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
| |
|
|
|
|
| |
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Sunday 2012-07-01 19:20, Jozsef Kadlecsik wrote:
>[...]
>> * therefore the patch makes a clean restart,
>> using -version-info 3:0:0, to continue using .so.3
>> starting from ipset-6.13 until the next *real*
>> incompatible change.
>
>What is still unclear for me, why a clean restart is required. Looking
>into "libtool", as I see, "-version-number 3:0:1" and "-version-info
>3:0:1" produces the same result.
They don't. The libtool manual goes on attempting to explain
"-version-number" with C:R:A, though it could have been a lot easier
to just say "it copies the values as-is to the file suffix".
---8<---
location git://git.inai.de/ipset (updated)
parent 7c7b022a18ea2bae11d889b345caef87f3bf145e (v6.13)
commit 2b145f0794de6f56eaded0a6403be995be98c93b
Author: Jan Engelhardt <jengelh@inai.de>
Date: Sat Jun 30 20:39:27 2012 +0200
build: restore -version-info
Commit v6.13~7 accidentally swapped "-version-info" with
"-version-number". Because "-version-number" takes the values
"FIRST:AGE:REV", which is different from "-version-info
CURRENT:REV:AGE", libipset.so.3 was emitted.
Restore using "-version-info" and continue to use 3 as the "FIRST"
interface (instead of 2), because it was declared that way in
ipset-6.13.
Also note that the version names in libipset.map generally are not
supposed to follow SO versions, but the program version):
IPSET_6.13 {...}.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
|
|
|
|
|
| |
Mathieu Bridon suggested that in some environments where there is no
access to a full shell with input/output redirection, it'd be useful
to read from/write to directly a file (bugzilla #788).
The patch adds the new "-file" option to specify a filename to print
into when listing/saving sets or read from when restoring sets.
|
| |
|
| |
|
|
|
|
|
| |
The libipset library is complete by this step, and "ipset" just
a CLI interface based on the lib.
|
| |
|
|
|
|
|
| |
Compiling with debugging can be enabled with the "--enable-debug" option
of the configure script.
|
|
|
|
|
| |
By checking the supported compiler warning flags, different gcc releases
are supported without the crude --disable-extra-flags option.
|
|
|
|
|
| |
libmnl now uses void pointer arithmetic, remove -Wpointer-arith from
the compiler flags.
|
|
|
|
|
|
|
| |
Makefile fixes: compiler flags
README and manpage fixes
Compatibility with newer gcc releases (4.4.x)
Compatibility with the 2.6.35 kernel tree
|
|
|
|
|
|
|
|
| |
ipset 5 is tested on Sparc, which revealed some compatibility issues
and those are fixed. Kernels from 2.6.31 onward are supported.
The testsuite checkings are completed to run match/target checks.
The README file is updated to reflect the requirements to install
and run ipset 5.
|
|
|
|
|
|
|
|
|
|
|
| |
- the hash types can now store protocol together port, not only port
- lots of fixes everywhere: parser, error reporting, manpage
The last bits on the todo list before announcing ipset 5:
- recheck all the error messages
- add possibly more tests
- polish manpage
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reworked protocol and internal interfaces, missing set types added,
backward compatibility verified, lots of tests added (and thanks to the tests,
bugs fixed), even the manpage is rewritten ;-). Countless changes everywhere...
The missing bits before announcing ipset 5:
- net namespace support
- new iptables/ip6tables extension library
- iptables/ip6tables match and target tests (backward/forward compatibility)
- tests on catching syntax errors
|
|
Add new test files and toplevel files.
|